Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/oaZumtYBqB2DBSwMpqnmqOIkGm0.roa
File:                     oaZumtYBqB2DBSwMpqnmqOIkGm0.roa (raw, json)
Hash identifier:          9YqR7q1fJK+xrhMWwkV3smWMIV3JZ5y1OxTGOkJ6aPk=
Subject key identifier:   A1:A6:6E:9A:D6:01:A8:1D:83:05:2C:0C:A6:A9:E6:A8:E2:24:1A:6D
Certificate issuer:       /CN=ff698eeb2e49fcb5f9c65a99857af29ce06641d9
Certificate serial:       019EB07311C231B83D549A51436D5EF234F8
Authority key identifier: FF:69:8E:EB:2E:49:FC:B5:F9:C6:5A:99:85:7A:F2:9C:E0:66:41:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_2mO6y5J_LX5xlqZhXrynOBmQdk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/oaZumtYBqB2DBSwMpqnmqOIkGm0.roa
Signing time:             Wed 10 Jun 2026 07:33:11 +0000
ROA not before:           Wed 10 Jun 2026 07:33:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47352
IP address blocks:        2001:7f8:126::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/_2mO6y5J_LX5xlqZhXrynOBmQdk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/_2mO6y5J_LX5xlqZhXrynOBmQdk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_2mO6y5J_LX5xlqZhXrynOBmQdk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b0:73:11:c2:31:b8:3d:54:9a:51:43:6d:5e:f2:34:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff698eeb2e49fcb5f9c65a99857af29ce06641d9
        Validity
            Not Before: Jun 10 07:33:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a1a66e9ad601a81d83052c0ca6a9e6a8e2241a6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:64:1f:d5:d6:b3:85:ed:a3:93:5a:a3:72:08:
                    2b:2b:4e:10:7b:ba:85:e1:f3:44:dd:bf:94:89:4a:
                    ff:58:79:ab:23:53:f9:5c:9e:2b:58:c1:1c:26:78:
                    e3:3c:85:3b:04:e1:c3:eb:96:c2:b7:21:59:03:fe:
                    f1:0a:39:9e:16:c6:e6:ee:d8:b0:4f:34:b0:bc:18:
                    67:ce:2a:cd:b6:c9:87:c5:8d:02:54:70:09:ad:3b:
                    88:c8:a2:86:fb:56:7b:51:12:ff:74:82:33:df:3f:
                    1f:f4:3c:b3:4c:7c:3c:96:f3:a9:31:ee:e2:18:02:
                    f8:7a:3e:7f:59:74:ba:35:d1:1c:17:2d:c6:00:0f:
                    24:0f:5b:6b:75:03:2c:9e:a7:2e:00:c9:c2:f5:66:
                    34:8e:03:2b:7c:98:9f:93:dd:31:be:d0:e3:f1:83:
                    fe:c9:0a:b3:15:c6:20:0b:e7:15:52:ad:7b:6e:42:
                    b3:fd:50:5a:f6:d8:70:b4:54:84:51:f3:db:d0:4e:
                    6c:0d:f3:fe:6e:a1:a3:b7:51:a7:99:76:5c:41:21:
                    fd:0f:02:76:9d:45:86:9f:66:e0:1b:43:09:6f:bb:
                    19:11:d9:54:e7:8b:09:7b:41:d7:fc:b0:25:f9:f4:
                    7c:c7:3c:94:78:07:8c:39:55:60:4f:6c:04:a9:d8:
                    24:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:A6:6E:9A:D6:01:A8:1D:83:05:2C:0C:A6:A9:E6:A8:E2:24:1A:6D
            X509v3 Authority Key Identifier:
                keyid:FF:69:8E:EB:2E:49:FC:B5:F9:C6:5A:99:85:7A:F2:9C:E0:66:41:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_2mO6y5J_LX5xlqZhXrynOBmQdk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/oaZumtYBqB2DBSwMpqnmqOIkGm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b4d75d-953a-4036-9839-57cd68d9cb4e/1/_2mO6y5J_LX5xlqZhXrynOBmQdk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:7f8:126::/48

    Signature Algorithm: sha256WithRSAEncryption
         8f:c6:75:34:33:0f:c4:5f:55:d9:1c:2f:9d:75:36:28:c3:1e:
         73:e8:5a:89:58:df:db:8d:fa:79:79:c0:3b:3c:fb:98:db:97:
         82:c5:2d:07:af:de:67:97:ea:82:ef:da:39:cb:c8:97:d5:60:
         0e:c1:a6:bb:09:9c:24:cf:fe:6b:76:bb:3d:2e:ac:8f:83:a4:
         34:69:18:a6:a1:1e:ac:7c:73:a7:c2:c4:d6:d6:5d:57:d0:57:
         7a:fd:ef:5c:a1:dc:0d:11:cf:f7:7f:08:da:df:01:08:2b:d3:
         4a:f5:4a:0b:64:66:78:2c:cc:5b:c0:07:90:1d:95:89:b8:58:
         24:0c:3c:28:2f:d4:65:ac:d4:fa:07:b0:47:d4:af:de:36:8b:
         33:9e:9e:0b:85:cc:2d:bc:98:f0:ad:83:98:d4:93:ba:e4:42:
         d3:ad:c0:00:2a:7b:5a:bf:96:74:10:45:4a:b3:a8:f0:c0:70:
         ec:cb:6a:38:c5:e3:7d:28:87:53:7a:c1:39:b0:62:cc:7a:b5:
         e7:e5:f2:1a:81:c0:f0:b4:91:63:3c:90:d8:e5:60:7b:85:26:
         3a:6b:9c:e0:32:de:f3:ab:16:de:56:36:56:45:53:64:23:7e:
         23:4d:32:7a:8a:ad:1c:3a:21:6b:5b:85:0c:7d:c7:ee:1d:a2:
         77:09:fe:09
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ6wcxHCMbg9VJpRQ21e8jT4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNjk4ZWViMmU0OWZjYjVmOWM2NWE5OTg1N2FmMjljZTA2
NjQxZDkwHhcNMjYwNjEwMDczMzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWE2NmU5YWQ2MDFhODFkODMwNTJjMGNhNmE5ZTZhOGUyMjQxYTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwWQf1dazhe2jk1qjcggrK04Qe7qF
4fNE3b+UiUr/WHmrI1P5XJ4rWMEcJnjjPIU7BOHD65bCtyFZA/7xCjmeFsbm7tiw
TzSwvBhnzirNtsmHxY0CVHAJrTuIyKKG+1Z7URL/dIIz3z8f9DyzTHw8lvOpMe7i
GAL4ej5/WXS6NdEcFy3GAA8kD1trdQMsnqcuAMnC9WY0jgMrfJifk90xvtDj8YP+
yQqzFcYgC+cVUq17bkKz/VBa9thwtFSEUfPb0E5sDfP+bqGjt1GnmXZcQSH9DwJ2
nUWGn2bgG0MJb7sZEdlU54sJe0HX/LAl+fR8xzyUeAeMOVVgT2wEqdgkVQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKGmbprWAagdgwUsDKap5qjiJBptMB8GA1UdIwQY
MBaAFP9pjusuSfy1+cZamYV68pzgZkHZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzJtTzZ5NUpfTFg1eGxxWmhYcnluT0JtUWRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNGQ3NWQtOTUzYS00MDM2LTk4Mzkt
NTdjZDY4ZDljYjRlLzEvb2FadW10WUJxQjJEQlN3TXBxbm1xT0lrR20wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNGQ3NWQtOTUzYS00MDM2LTk4MzktNTdjZDY4ZDljYjRl
LzEvXzJtTzZ5NUpfTFg1eGxxWmhYcnluT0JtUWRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEH+AEm
MA0GCSqGSIb3DQEBCwUAA4IBAQCPxnU0Mw/EX1XZHC+ddTYowx5z6FqJWN/bjfp5
ecA7PPuY25eCxS0Hr95nl+qC79o5y8iX1WAOwaa7CZwkz/5rdrs9LqyPg6Q0aRim
oR6sfHOnwsTW1l1X0Fd6/e9codwNEc/3fwja3wEIK9NK9UoLZGZ4LMxbwAeQHZWJ
uFgkDDwoL9RlrNT6B7BH1K/eNosznp4LhcwtvJjwrYOY1JO65ELTrcAAKntav5Z0
EEVKs6jwwHDsy2o4xeN9KIdTesE5sGLMerXn5fIagcDwtJFjPJDY5WB7hSY6a5zg
Mt7zqxbeVjZWRVNkI34jTTJ6iq0cOiFrW4UMfcfuHaJ3Cf4J
-----END CERTIFICATE-----