Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/f3c5d8-5ea5-482e-931f-29c023f94781/1/oBChBHssUzYUcBfM7zouya2w7Xs.roa
File:                     oBChBHssUzYUcBfM7zouya2w7Xs.roa (raw, json)
Hash identifier:          672YmL+cLtseSafY7vPPp2vT+ULtUH/ebbvzsneaNTo=
Subject key identifier:   A0:10:A1:04:7B:2C:53:36:14:70:17:CC:EF:3A:2E:C9:AD:B0:ED:7B
Certificate issuer:       /CN=ba8dad2c4a0e117a6868c8d67be10308a64974ad
Certificate serial:       019B7E3858560A028D1DBC8794D14660C567
Authority key identifier: BA:8D:AD:2C:4A:0E:11:7A:68:68:C8:D6:7B:E1:03:08:A6:49:74:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uo2tLEoOEXpoaMjWe-EDCKZJdK0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/f3c5d8-5ea5-482e-931f-29c023f94781/1/oBChBHssUzYUcBfM7zouya2w7Xs.roa
Signing time:             Fri 02 Jan 2026 10:19:40 +0000
ROA not before:           Fri 02 Jan 2026 10:19:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214840
IP address blocks:        2001:67c:2eb0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/f3c5d8-5ea5-482e-931f-29c023f94781/1/uo2tLEoOEXpoaMjWe-EDCKZJdK0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/f3c5d8-5ea5-482e-931f-29c023f94781/1/uo2tLEoOEXpoaMjWe-EDCKZJdK0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uo2tLEoOEXpoaMjWe-EDCKZJdK0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:58:56:0a:02:8d:1d:bc:87:94:d1:46:60:c5:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba8dad2c4a0e117a6868c8d67be10308a64974ad
        Validity
            Not Before: Jan  2 10:19:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a010a1047b2c5336147017ccef3a2ec9adb0ed7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:f3:fc:ea:33:aa:dc:07:8d:bb:49:e6:94:b3:
                    f2:97:90:32:ab:18:3b:f9:56:79:c8:25:ca:76:b4:
                    d4:7b:1d:3c:2f:89:00:aa:89:64:a0:a0:00:60:83:
                    2a:bd:8a:f6:fb:91:79:a1:11:5c:7d:7a:02:90:28:
                    ff:9f:bd:46:ce:3a:97:70:e4:8a:d2:6d:5c:80:db:
                    bd:7c:97:9f:6f:01:27:bd:77:be:a9:2a:07:07:f7:
                    ae:dc:4a:c7:82:07:dc:88:fa:0f:d9:c2:c6:cd:7f:
                    11:d5:58:bd:5e:ca:e7:c7:b9:43:75:97:f5:56:93:
                    0c:ca:b1:dc:06:99:cb:7f:e1:e0:7f:4f:73:70:0a:
                    6d:d3:4c:76:19:c6:35:a7:02:a2:d8:6c:2c:63:b0:
                    86:5e:a5:5c:33:a8:0b:d4:7d:d2:e6:d1:b9:91:b4:
                    3d:7a:ed:d1:d7:e1:5e:83:88:92:a1:a6:af:22:84:
                    4a:0a:6a:0b:19:26:91:54:62:2a:16:c2:3c:8f:c3:
                    38:c5:a0:91:9c:8b:3a:7f:44:18:11:da:03:f5:d0:
                    62:e1:3a:18:df:7f:69:9f:1a:b0:70:0f:0f:32:78:
                    01:c7:0e:df:86:9f:75:90:bf:bf:f4:7f:37:92:17:
                    46:56:93:17:35:62:0b:72:a3:66:57:3f:6a:34:98:
                    36:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:10:A1:04:7B:2C:53:36:14:70:17:CC:EF:3A:2E:C9:AD:B0:ED:7B
            X509v3 Authority Key Identifier:
                keyid:BA:8D:AD:2C:4A:0E:11:7A:68:68:C8:D6:7B:E1:03:08:A6:49:74:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uo2tLEoOEXpoaMjWe-EDCKZJdK0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/f3c5d8-5ea5-482e-931f-29c023f94781/1/oBChBHssUzYUcBfM7zouya2w7Xs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/f3c5d8-5ea5-482e-931f-29c023f94781/1/uo2tLEoOEXpoaMjWe-EDCKZJdK0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2eb0::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:37:40:e2:72:61:9a:25:e1:82:15:91:ce:6d:c2:6f:52:28:
         a3:ea:5e:0a:8a:32:ae:3a:a0:d0:74:31:cd:ec:04:7f:83:eb:
         d0:63:36:11:cd:22:15:6e:cc:c0:61:2d:3d:16:7f:02:13:c3:
         1f:11:8a:c0:ce:ff:df:1e:ce:1d:6c:45:2f:c4:03:a9:20:ad:
         40:9c:f6:81:f6:a4:12:03:18:74:f9:37:6e:78:92:e8:6e:61:
         69:8c:f4:d0:7d:99:11:5c:eb:98:bb:7f:fa:f7:53:2b:57:f1:
         29:5f:8f:96:9f:42:43:89:5c:21:de:db:d8:50:0d:45:8a:9f:
         d8:f0:df:8d:22:bb:c2:45:ba:b3:f8:3f:4d:39:2a:19:40:b4:
         4a:cb:07:cf:91:3f:69:a2:d6:8b:fc:b9:24:16:d4:93:81:33:
         2e:a4:46:dc:aa:8b:a6:b5:b2:6e:a4:9f:40:98:24:da:e2:35:
         57:49:51:93:14:c5:0a:13:e0:b0:00:28:cb:2f:45:5d:db:25:
         a9:03:da:6d:fa:9b:8f:7a:a9:2c:da:ac:54:6d:9e:77:ea:57:
         a2:1d:7a:42:ff:7f:c4:68:1a:2d:89:5f:96:42:cd:99:f6:a0:
         34:a8:2a:5a:b2:ce:4f:64:42:63:ab:37:92:2f:c0:b9:32:d3:
         de:90:e5:08
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt+OFhWCgKNHbyHlNFGYMVnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOGRhZDJjNGEwZTExN2E2ODY4YzhkNjdiZTEwMzA4YTY0
OTc0YWQwHhcNMjYwMTAyMTAxOTQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDEwYTEwNDdiMmM1MzM2MTQ3MDE3Y2NlZjNhMmVjOWFkYjBlZDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvP86jOq3AeNu0nmlLPyl5Ayqxg7
+VZ5yCXKdrTUex08L4kAqolkoKAAYIMqvYr2+5F5oRFcfXoCkCj/n71GzjqXcOSK
0m1cgNu9fJefbwEnvXe+qSoHB/eu3ErHggfciPoP2cLGzX8R1Vi9Xsrnx7lDdZf1
VpMMyrHcBpnLf+Hgf09zcApt00x2GcY1pwKi2GwsY7CGXqVcM6gL1H3S5tG5kbQ9
eu3R1+Feg4iSoaavIoRKCmoLGSaRVGIqFsI8j8M4xaCRnIs6f0QYEdoD9dBi4ToY
339pnxqwcA8PMngBxw7fhp91kL+/9H83khdGVpMXNWILcqNmVz9qNJg2bwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKAQoQR7LFM2FHAXzO86LsmtsO17MB8GA1UdIwQY
MBaAFLqNrSxKDhF6aGjI1nvhAwimSXStMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW8ydExFb09FWHBvYU1qV2UtRURDS1pKZEswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi9mM2M1ZDgtNWVhNS00ODJlLTkzMWYt
MjljMDIzZjk0NzgxLzEvb0JDaEJIc3NVellVY0JmTTd6b3V5YTJ3N1hzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi9mM2M1ZDgtNWVhNS00ODJlLTkzMWYtMjljMDIzZjk0Nzgx
LzEvdW8ydExFb09FWHBvYU1qV2UtRURDS1pKZEswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC6w
MA0GCSqGSIb3DQEBCwUAA4IBAQA6N0DicmGaJeGCFZHObcJvUiij6l4KijKuOqDQ
dDHN7AR/g+vQYzYRzSIVbszAYS09Fn8CE8MfEYrAzv/fHs4dbEUvxAOpIK1AnPaB
9qQSAxh0+TdueJLobmFpjPTQfZkRXOuYu3/691MrV/EpX4+Wn0JDiVwh3tvYUA1F
ip/Y8N+NIrvCRbqz+D9NOSoZQLRKywfPkT9potaL/LkkFtSTgTMupEbcqoumtbJu
pJ9AmCTa4jVXSVGTFMUKE+CwACjLL0Vd2yWpA9pt+puPeqks2qxUbZ536leiHXpC
/3/EaBotiV+WQs2Z9qA0qCpass5PZEJjqzeSL8C5MtPekOUI
-----END CERTIFICATE-----