Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/O4Vq_xlW3nGROeYvrgBkEOCRN54.roa
File:                     O4Vq_xlW3nGROeYvrgBkEOCRN54.roa (raw, json)
Hash identifier:          z/P/DL4G9r588rrcgNyViWX2CS9SlPl5NwFw6XC0inA=
Subject key identifier:   3B:85:6A:FF:19:56:DE:71:91:39:E6:2F:AE:00:64:10:E0:91:37:9E
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019D48EB87F1D0A55614D89FC7D83A42A50D
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/O4Vq_xlW3nGROeYvrgBkEOCRN54.roa
Signing time:             Wed 01 Apr 2026 12:01:28 +0000
ROA not before:           Wed 01 Apr 2026 12:01:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199504
IP address blocks:        2a0c:b641:360::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 03:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:48:eb:87:f1:d0:a5:56:14:d8:9f:c7:d8:3a:42:a5:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Apr  1 12:01:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3b856aff1956de719139e62fae006410e091379e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:79:20:fd:ab:b7:40:8d:c2:ba:35:b7:83:fa:
                    66:e4:f9:e2:d8:4c:20:48:e2:94:d0:eb:ab:dc:5f:
                    b7:a0:95:f3:f5:49:96:ae:12:d7:ec:90:0e:a6:c7:
                    c0:2d:7b:3c:b8:c6:b8:80:10:0a:e1:32:24:b9:ed:
                    9a:05:4b:a2:4c:7f:93:0b:0f:ed:df:e6:09:58:12:
                    ec:c0:37:ba:41:e3:36:9d:59:e0:9d:b5:2e:35:12:
                    d2:1c:98:bd:53:62:ca:81:f4:59:67:5b:76:5a:6d:
                    c6:93:86:af:60:be:9e:d6:e5:d8:c7:5c:71:98:3f:
                    9a:42:a6:b0:13:e9:d4:c3:a1:d6:a9:dd:06:c9:d3:
                    8c:cf:04:e9:3b:40:95:c0:98:f1:2e:2c:28:93:3c:
                    02:b9:9f:a8:5b:0e:34:08:5e:60:dd:ef:a1:5b:f3:
                    32:f3:d1:8c:ce:85:db:5a:c3:53:a9:7c:fd:4d:4b:
                    99:52:c5:2f:a2:ec:45:27:f0:eb:76:7a:b7:00:3d:
                    06:19:34:6f:c0:ce:74:4a:ba:46:77:2b:ed:09:f3:
                    23:00:16:ba:9b:35:b0:90:77:05:6b:37:d6:42:d8:
                    bd:24:51:a4:2a:a0:50:ef:b3:6c:9a:b9:ff:cc:e3:
                    b0:5f:82:89:e9:85:3f:83:fb:9d:c4:ff:ff:3f:d4:
                    53:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:85:6A:FF:19:56:DE:71:91:39:E6:2F:AE:00:64:10:E0:91:37:9E
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/O4Vq_xlW3nGROeYvrgBkEOCRN54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:360::/44

    Signature Algorithm: sha256WithRSAEncryption
         11:2d:47:f7:07:ab:56:f2:23:3b:38:cd:6c:9b:6c:54:32:82:
         1e:21:e9:ca:0d:50:82:52:ee:c8:f7:62:d3:2b:73:fa:a6:08:
         ff:09:34:cc:84:7a:14:2b:0b:25:6e:92:56:5d:da:e3:3c:21:
         a8:e3:f0:bb:be:e7:9a:cf:46:01:f7:b2:a8:de:d4:13:51:24:
         cb:a7:99:45:82:f9:46:02:2a:33:03:63:4c:b8:0e:ef:41:f8:
         93:ba:36:89:67:0e:06:39:fa:10:c3:90:fc:b8:88:3d:19:96:
         3c:c5:f9:b5:40:dd:e9:ed:80:cc:d5:46:ec:45:cd:af:d2:b0:
         af:65:d7:ef:1b:20:d6:eb:a2:3d:39:14:2d:6e:a0:11:d2:82:
         88:f1:88:c6:34:e3:b3:c3:71:87:ce:25:30:60:1b:e1:8e:ba:
         f5:c5:12:83:cb:a7:db:e8:43:40:08:bd:de:df:b2:6b:96:ec:
         75:56:c4:94:ce:fc:ac:20:79:1b:ec:a5:c4:b8:4a:74:28:d6:
         35:0f:4f:f5:36:11:55:e5:47:0a:49:ec:08:7f:3f:50:97:7f:
         3f:7e:62:a0:bc:d2:d3:42:78:2f:b4:ec:60:be:28:1f:f1:36:
         06:c0:31:01:95:02:37:af:b5:0f:21:d1:84:37:6a:6d:30:c0:
         24:3d:4b:55
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ1I64fx0KVWFNifx9g6QqUNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwNDAxMTIwMTI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjg1NmFmZjE5NTZkZTcxOTEzOWU2MmZhZTAwNjQxMGUwOTEzNzllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunkg/au3QI3CujW3g/pm5Pni2Ewg
SOKU0Our3F+3oJXz9UmWrhLX7JAOpsfALXs8uMa4gBAK4TIkue2aBUuiTH+TCw/t
3+YJWBLswDe6QeM2nVngnbUuNRLSHJi9U2LKgfRZZ1t2Wm3Gk4avYL6e1uXYx1xx
mD+aQqawE+nUw6HWqd0GydOMzwTpO0CVwJjxLiwokzwCuZ+oWw40CF5g3e+hW/My
89GMzoXbWsNTqXz9TUuZUsUvouxFJ/Drdnq3AD0GGTRvwM50SrpGdyvtCfMjABa6
mzWwkHcFazfWQti9JFGkKqBQ77Nsmrn/zOOwX4KJ6YU/g/udxP//P9RTiwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDuFav8ZVt5xkTnmL64AZBDgkTeeMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvTzRWcV94bFczbkdST2VZdnJnQmtFT0NSTjU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQNg
MA0GCSqGSIb3DQEBCwUAA4IBAQARLUf3B6tW8iM7OM1sm2xUMoIeIenKDVCCUu7I
92LTK3P6pgj/CTTMhHoUKwslbpJWXdrjPCGo4/C7vueaz0YB97Ko3tQTUSTLp5lF
gvlGAiozA2NMuA7vQfiTujaJZw4GOfoQw5D8uIg9GZY8xfm1QN3p7YDM1UbsRc2v
0rCvZdfvGyDW66I9ORQtbqAR0oKI8YjGNOOzw3GHziUwYBvhjrr1xRKDy6fb6ENA
CL3e37Jrlux1VsSUzvysIHkb7KXEuEp0KNY1D0/1NhFV5UcKSewIfz9Ql38/fmKg
vNLTQngvtOxgvigf8TYGwDEBlQI3r7UPIdGEN2ptMMAkPUtV
-----END CERTIFICATE-----