Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/419d9d-7cb9-420c-b4e1-84212513b444/1/hEKwHInqxZDxOY8_VK9ITgxyWvo.roa
File:                     hEKwHInqxZDxOY8_VK9ITgxyWvo.roa (raw, json)
Hash identifier:          WX9el2WK55TcavpbwykK6PxtP2KUMIWkih57BuNbQZc=
Subject key identifier:   84:42:B0:1C:89:EA:C5:90:F1:39:8F:3F:54:AF:48:4E:0C:72:5A:FA
Certificate issuer:       /CN=31bc391f81f3cab1ec9a4734dd1393f3570c7d29
Certificate serial:       019D6D947928BBD674E05A98EAA178DDB30C
Authority key identifier: 31:BC:39:1F:81:F3:CA:B1:EC:9A:47:34:DD:13:93:F3:57:0C:7D:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mbw5H4HzyrHsmkc03ROT81cMfSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/419d9d-7cb9-420c-b4e1-84212513b444/1/hEKwHInqxZDxOY8_VK9ITgxyWvo.roa
Signing time:             Wed 08 Apr 2026 14:52:20 +0000
ROA not before:           Wed 08 Apr 2026 14:52:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206621
IP address blocks:        2001:67c:fe0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/419d9d-7cb9-420c-b4e1-84212513b444/1/Mbw5H4HzyrHsmkc03ROT81cMfSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/419d9d-7cb9-420c-b4e1-84212513b444/1/Mbw5H4HzyrHsmkc03ROT81cMfSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mbw5H4HzyrHsmkc03ROT81cMfSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 14:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:6d:94:79:28:bb:d6:74:e0:5a:98:ea:a1:78:dd:b3:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31bc391f81f3cab1ec9a4734dd1393f3570c7d29
        Validity
            Not Before: Apr  8 14:52:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8442b01c89eac590f1398f3f54af484e0c725afa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:6f:f2:fb:c6:95:da:c3:86:b0:26:69:6e:8e:
                    de:b7:bf:71:fb:4a:c3:1e:e0:50:e5:00:c7:ec:61:
                    19:59:2b:41:3a:56:bd:de:cc:e7:4c:ea:10:0a:88:
                    6b:ee:23:32:a3:b6:09:22:78:1a:e4:38:8f:5d:a1:
                    96:df:22:40:c0:97:66:84:2e:51:e9:8c:47:d0:6f:
                    4b:92:89:4b:6e:a5:e7:09:0e:fc:2d:ab:12:97:2e:
                    35:9a:ed:75:75:a6:f3:a8:43:35:cb:87:a5:5f:af:
                    cb:ff:f9:52:b0:6b:6c:3a:58:13:62:7b:73:63:ae:
                    70:8e:d8:e4:e1:c9:8b:03:8f:74:24:ec:61:45:70:
                    23:a5:ab:e0:04:01:ad:45:7a:10:2c:78:7e:0c:f5:
                    ff:27:70:31:28:fb:a3:ff:1b:d5:cc:9c:5f:54:ad:
                    ca:c6:ef:4a:b3:28:e7:b8:62:da:8d:bb:14:3d:e2:
                    b1:12:24:95:61:b3:e0:20:02:28:7b:dc:f4:7d:60:
                    44:27:d8:56:07:3b:71:ba:ca:45:1b:8e:86:05:78:
                    50:d1:7b:ba:96:bb:9f:19:65:e0:4e:b1:22:69:66:
                    1b:72:ec:84:d2:c9:40:0a:8f:9c:24:ce:f0:08:43:
                    b3:de:02:70:db:dc:22:6d:5e:75:b0:aa:3b:7d:cf:
                    9c:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:42:B0:1C:89:EA:C5:90:F1:39:8F:3F:54:AF:48:4E:0C:72:5A:FA
            X509v3 Authority Key Identifier:
                keyid:31:BC:39:1F:81:F3:CA:B1:EC:9A:47:34:DD:13:93:F3:57:0C:7D:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mbw5H4HzyrHsmkc03ROT81cMfSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/419d9d-7cb9-420c-b4e1-84212513b444/1/hEKwHInqxZDxOY8_VK9ITgxyWvo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/419d9d-7cb9-420c-b4e1-84212513b444/1/Mbw5H4HzyrHsmkc03ROT81cMfSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:fe0::/48

    Signature Algorithm: sha256WithRSAEncryption
         08:24:b7:10:62:32:99:54:32:6e:b2:b9:08:11:98:be:26:02:
         98:1b:65:53:34:15:ca:f4:1b:93:43:a4:95:94:ae:2a:7c:47:
         0e:70:82:60:58:53:91:a4:85:03:84:ab:ec:0c:e9:5b:5d:c7:
         5f:bb:82:d5:0d:cf:66:f5:11:39:63:a7:6d:d8:73:55:58:1d:
         2f:1d:b4:9d:26:0f:18:fc:b7:0c:9f:74:05:a1:da:ae:2e:ae:
         1a:0f:18:0f:18:88:12:cf:f6:bf:4a:5d:d9:d5:e7:f2:0a:14:
         fb:99:4c:14:f0:0d:36:f7:ec:f8:17:9d:16:c7:7f:1e:56:97:
         6e:17:93:39:d5:cd:92:45:40:96:f2:2a:9d:79:3b:0c:d2:88:
         f4:fc:e5:1c:aa:1d:f7:93:55:67:7f:d1:e4:a7:bf:77:c4:7c:
         22:8e:46:df:f9:c5:07:da:3a:1e:f0:b8:4c:82:f7:c9:60:50:
         2b:1b:c0:02:94:ff:b7:0a:aa:84:ed:1a:85:9e:d8:da:50:2d:
         6d:92:6a:3c:fc:e3:5b:1d:72:f1:84:37:0e:00:aa:36:84:9a:
         89:98:c7:d4:5f:22:fc:3c:86:51:51:63:93:09:94:70:cc:a6:
         ee:42:70:a1:3f:3a:94:f2:47:dc:a5:0f:23:8b:5e:12:64:01:
         d8:66:a5:29
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ1tlHkou9Z04FqY6qF43bMMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxYmMzOTFmODFmM2NhYjFlYzlhNDczNGRkMTM5M2YzNTcw
YzdkMjkwHhcNMjYwNDA4MTQ1MjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDQyYjAxYzg5ZWFjNTkwZjEzOThmM2Y1NGFmNDg0ZTBjNzI1YWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9W/y+8aV2sOGsCZpbo7et79x+0rD
HuBQ5QDH7GEZWStBOla93sznTOoQCohr7iMyo7YJInga5DiPXaGW3yJAwJdmhC5R
6YxH0G9LkolLbqXnCQ78LasSly41mu11dabzqEM1y4elX6/L//lSsGtsOlgTYntz
Y65wjtjk4cmLA490JOxhRXAjpavgBAGtRXoQLHh+DPX/J3AxKPuj/xvVzJxfVK3K
xu9KsyjnuGLajbsUPeKxEiSVYbPgIAIoe9z0fWBEJ9hWBztxuspFG46GBXhQ0Xu6
lrufGWXgTrEiaWYbcuyE0slACo+cJM7wCEOz3gJw29wibV51sKo7fc+cpQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIRCsByJ6sWQ8TmPP1SvSE4Mclr6MB8GA1UdIwQY
MBaAFDG8OR+B88qx7JpHNN0Tk/NXDH0pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWJ3NUg0SHp5ckhzbWtjMDNST1Q4MWNNZlNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS80MTlkOWQtN2NiOS00MjBjLWI0ZTEt
ODQyMTI1MTNiNDQ0LzEvaEVLd0hJbnF4WkR4T1k4X1ZLOUlUZ3h5V3ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS80MTlkOWQtN2NiOS00MjBjLWI0ZTEtODQyMTI1MTNiNDQ0
LzEvTWJ3NUg0SHp5ckhzbWtjMDNST1Q4MWNNZlNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA/g
MA0GCSqGSIb3DQEBCwUAA4IBAQAIJLcQYjKZVDJusrkIEZi+JgKYG2VTNBXK9BuT
Q6SVlK4qfEcOcIJgWFORpIUDhKvsDOlbXcdfu4LVDc9m9RE5Y6dt2HNVWB0vHbSd
Jg8Y/LcMn3QFodquLq4aDxgPGIgSz/a/Sl3Z1efyChT7mUwU8A029+z4F50Wx38e
VpduF5M51c2SRUCW8iqdeTsM0oj0/OUcqh33k1Vnf9Hkp793xHwijkbf+cUH2joe
8LhMgvfJYFArG8AClP+3CqqE7RqFntjaUC1tkmo8/ONbHXLxhDcOAKo2hJqJmMfU
XyL8PIZRUWOTCZRwzKbuQnChPzqU8kfcpQ8ji14SZAHYZqUp
-----END CERTIFICATE-----