Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/62237d-4d6e-4128-904a-ceee5fa94c71/1/SEe-2AwpWxyhA8wpX0OFfyueB0g.roa
File:                     SEe-2AwpWxyhA8wpX0OFfyueB0g.roa (raw, json)
Hash identifier:          72dQDYzN0PU1eohO/GnZ1Ibf20jsAONiNZ9ARQF0EEo=
Subject key identifier:   48:47:BE:D8:0C:29:5B:1C:A1:03:CC:29:5F:43:85:7F:2B:9E:07:48
Certificate issuer:       /CN=76f743297eb682a8e4e86aac0379039103f8a825
Certificate serial:       019E5F071000CC0F230FDCF4777E5D903A4A
Authority key identifier: 76:F7:43:29:7E:B6:82:A8:E4:E8:6A:AC:03:79:03:91:03:F8:A8:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dvdDKX62gqjk6GqsA3kDkQP4qCU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/62237d-4d6e-4128-904a-ceee5fa94c71/1/SEe-2AwpWxyhA8wpX0OFfyueB0g.roa
Signing time:             Mon 25 May 2026 12:05:58 +0000
ROA not before:           Mon 25 May 2026 12:05:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198636
IP address blocks:        2001:67c:c94::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/62237d-4d6e-4128-904a-ceee5fa94c71/1/dvdDKX62gqjk6GqsA3kDkQP4qCU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/62237d-4d6e-4128-904a-ceee5fa94c71/1/dvdDKX62gqjk6GqsA3kDkQP4qCU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dvdDKX62gqjk6GqsA3kDkQP4qCU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 18 Jun 2026 08:33:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5f:07:10:00:cc:0f:23:0f:dc:f4:77:7e:5d:90:3a:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76f743297eb682a8e4e86aac0379039103f8a825
        Validity
            Not Before: May 25 12:05:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4847bed80c295b1ca103cc295f43857f2b9e0748
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:4f:4d:94:82:24:e1:64:4d:2f:1d:f5:e8:65:
                    82:bf:c8:33:2c:f8:2b:a1:ce:01:0f:88:75:dd:52:
                    32:ce:af:55:8e:2c:f3:23:ea:c6:46:55:4e:eb:ca:
                    c8:41:96:3f:b8:68:01:2d:e9:63:f9:2c:df:0f:ce:
                    bd:ea:65:ad:a7:aa:48:1f:71:f7:ac:f5:be:b0:7a:
                    c2:58:e8:5f:52:cd:61:35:ce:a3:fe:63:93:78:6c:
                    ff:f7:9a:dc:eb:6f:b5:df:0e:59:d9:b0:77:57:c7:
                    35:49:be:ff:f7:2a:58:f2:72:75:9c:92:91:a6:84:
                    d9:ad:e9:64:75:28:46:a2:75:e7:92:87:41:32:25:
                    28:65:a5:f8:4e:91:0f:70:05:ab:ee:2c:72:ee:c8:
                    73:7f:3f:a7:af:1f:55:f7:9c:9e:6a:e1:57:12:63:
                    05:da:7e:55:de:ac:75:b1:d7:b4:bc:69:69:a3:44:
                    57:8c:57:a3:4d:18:7d:0e:72:12:3c:f1:f3:d7:fb:
                    bc:42:b8:4d:e4:f3:f2:df:59:c2:8d:59:2d:ae:82:
                    30:5f:88:fb:0c:86:ac:a5:b9:d7:8d:3f:bd:bb:29:
                    51:2a:2b:e7:6e:9e:9d:e0:ae:9a:0b:3e:5b:37:5a:
                    9f:fb:98:19:cf:1c:a7:e9:13:27:1d:61:27:35:75:
                    c0:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:47:BE:D8:0C:29:5B:1C:A1:03:CC:29:5F:43:85:7F:2B:9E:07:48
            X509v3 Authority Key Identifier:
                keyid:76:F7:43:29:7E:B6:82:A8:E4:E8:6A:AC:03:79:03:91:03:F8:A8:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dvdDKX62gqjk6GqsA3kDkQP4qCU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/62237d-4d6e-4128-904a-ceee5fa94c71/1/SEe-2AwpWxyhA8wpX0OFfyueB0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/62237d-4d6e-4128-904a-ceee5fa94c71/1/dvdDKX62gqjk6GqsA3kDkQP4qCU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:c94::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:12:98:65:2c:56:64:3a:72:1b:51:7b:38:94:d3:0c:c0:ae:
         72:b7:08:e7:ef:63:85:dc:88:33:7b:34:63:06:98:97:c6:fd:
         56:cb:e0:81:5a:c0:23:c8:c4:ee:91:04:99:4a:60:4e:33:bf:
         21:f1:ad:1c:1d:0c:47:27:fc:73:09:b0:be:b1:88:41:a0:2b:
         25:24:f1:8d:f6:57:f3:64:08:a2:fd:ed:bf:cf:2f:57:49:7b:
         0c:d5:ff:1b:9e:4d:ab:80:70:da:93:2f:c8:be:7f:c3:94:7e:
         b3:73:cb:79:7a:8e:6b:19:47:ee:8e:82:e4:b7:c2:37:69:b3:
         d5:e7:f9:23:69:9d:42:65:83:7a:88:e6:27:e7:27:ce:63:0b:
         73:83:bc:76:4c:f5:a0:09:23:b3:f6:64:d8:a7:24:b1:29:18:
         a4:42:c2:c7:8b:d7:55:2a:9e:82:78:b1:58:b5:c9:f7:2e:db:
         3b:35:49:12:e5:88:85:46:f9:03:96:6c:0c:1e:13:a0:05:ad:
         ee:7d:8a:81:ea:6f:b7:af:b7:33:62:d3:d3:1b:d7:5c:b0:c5:
         4a:21:ec:f0:c3:b3:b8:2d:b2:27:11:5c:9c:3f:77:41:91:1d:
         eb:4a:41:4e:67:ae:91:88:85:dd:31:7a:b1:b7:fd:c6:19:a0:
         c1:6e:02:a6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ5fBxAAzA8jD9z0d35dkDpKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2Zjc0MzI5N2ViNjgyYThlNGU4NmFhYzAzNzkwMzkxMDNm
OGE4MjUwHhcNMjYwNTI1MTIwNTU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODQ3YmVkODBjMjk1YjFjYTEwM2NjMjk1ZjQzODU3ZjJiOWUwNzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwU9NlIIk4WRNLx316GWCv8gzLPgr
oc4BD4h13VIyzq9VjizzI+rGRlVO68rIQZY/uGgBLelj+SzfD8696mWtp6pIH3H3
rPW+sHrCWOhfUs1hNc6j/mOTeGz/95rc62+13w5Z2bB3V8c1Sb7/9ypY8nJ1nJKR
poTZrelkdShGonXnkodBMiUoZaX4TpEPcAWr7ixy7shzfz+nrx9V95yeauFXEmMF
2n5V3qx1sde0vGlpo0RXjFejTRh9DnISPPHz1/u8QrhN5PPy31nCjVktroIwX4j7
DIaspbnXjT+9uylRKivnbp6d4K6aCz5bN1qf+5gZzxyn6RMnHWEnNXXA7wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEhHvtgMKVscoQPMKV9DhX8rngdIMB8GA1UdIwQY
MBaAFHb3Qyl+toKo5OhqrAN5A5ED+KglMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHZkREtYNjJncWprNkdxc0Eza0RrUVA0cUNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS82MjIzN2QtNGQ2ZS00MTI4LTkwNGEt
Y2VlZTVmYTk0YzcxLzEvU0VlLTJBd3BXeHloQTh3cFgwT0ZmeXVlQjBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS82MjIzN2QtNGQ2ZS00MTI4LTkwNGEtY2VlZTVmYTk0Yzcx
LzEvZHZkREtYNjJncWprNkdxc0Eza0RrUVA0cUNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAyU
MA0GCSqGSIb3DQEBCwUAA4IBAQCOEphlLFZkOnIbUXs4lNMMwK5ytwjn72OF3Igz
ezRjBpiXxv1Wy+CBWsAjyMTukQSZSmBOM78h8a0cHQxHJ/xzCbC+sYhBoCslJPGN
9lfzZAii/e2/zy9XSXsM1f8bnk2rgHDaky/Ivn/DlH6zc8t5eo5rGUfujoLkt8I3
abPV5/kjaZ1CZYN6iOYn5yfOYwtzg7x2TPWgCSOz9mTYpySxKRikQsLHi9dVKp6C
eLFYtcn3Lts7NUkS5YiFRvkDlmwMHhOgBa3ufYqB6m+3r7czYtPTG9dcsMVKIezw
w7O4LbInEVycP3dBkR3rSkFOZ66RiIXdMXqxt/3GGaDBbgKm
-----END CERTIFICATE-----