Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/5d68a2-95d3-4ddf-85f6-805170ac9c0e/1/R53abRTy3nsePVXZ6FXqbP844c0.roa
File:                     R53abRTy3nsePVXZ6FXqbP844c0.roa (raw, json)
Hash identifier:          roRhMTyLNIYOGvT9vt5IgOR5P+5/7DtKqsBJYyp8XnI=
Subject key identifier:   47:9D:DA:6D:14:F2:DE:7B:1E:3D:55:D9:E8:55:EA:6C:FF:38:E1:CD
Certificate issuer:       /CN=b6b2333f066573f5316e075a01ce2490b58c6ae1
Certificate serial:       019D3BDDB16D06ADFD8606D6F0C72D4C5344
Authority key identifier: B6:B2:33:3F:06:65:73:F5:31:6E:07:5A:01:CE:24:90:B5:8C:6A:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/trIzPwZlc_UxbgdaAc4kkLWMauE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/5d68a2-95d3-4ddf-85f6-805170ac9c0e/1/R53abRTy3nsePVXZ6FXqbP844c0.roa
Signing time:             Sun 29 Mar 2026 23:11:17 +0000
ROA not before:           Sun 29 Mar 2026 23:11:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402334
IP address blocks:        2001:678:1184::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/5d68a2-95d3-4ddf-85f6-805170ac9c0e/1/trIzPwZlc_UxbgdaAc4kkLWMauE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/5d68a2-95d3-4ddf-85f6-805170ac9c0e/1/trIzPwZlc_UxbgdaAc4kkLWMauE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/trIzPwZlc_UxbgdaAc4kkLWMauE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3b:dd:b1:6d:06:ad:fd:86:06:d6:f0:c7:2d:4c:53:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6b2333f066573f5316e075a01ce2490b58c6ae1
        Validity
            Not Before: Mar 29 23:11:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=479dda6d14f2de7b1e3d55d9e855ea6cff38e1cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:59:de:8e:45:24:1c:17:2d:ec:47:d1:0b:14:
                    d8:6a:b7:90:37:b9:af:3f:62:e2:22:c2:94:69:c6:
                    84:e3:5d:dc:6a:18:02:b3:e9:06:23:f2:e1:ac:f4:
                    3d:8e:c2:e7:0a:dd:ac:70:08:75:cd:32:61:3c:c1:
                    b9:20:c5:e8:a8:ad:47:9b:3c:5e:da:07:8a:e3:24:
                    26:32:a1:a6:3c:68:5a:99:81:a1:ee:95:70:01:c1:
                    da:c1:27:c8:d9:26:c9:85:a0:4a:7a:e6:58:0b:fc:
                    bc:e4:7b:dd:3d:31:3e:cf:c0:11:24:10:e1:bf:30:
                    af:4a:88:55:c0:86:52:2f:78:8f:8b:3f:cb:d9:4e:
                    87:83:82:c3:65:9d:8e:a1:f8:76:a7:f6:61:bb:32:
                    3c:b8:4b:79:11:39:ae:e0:02:71:4c:e4:23:aa:47:
                    35:6f:e3:80:90:ce:d7:0e:7a:d4:34:3c:d5:7e:93:
                    47:34:b3:bf:c8:93:c0:1c:e7:90:cf:4f:fc:a9:6c:
                    38:df:25:54:ae:5a:58:e3:9e:2d:bd:96:70:0d:ab:
                    38:b6:1b:8d:7d:1e:26:c4:38:c8:72:a9:9f:f5:b3:
                    60:1d:ca:65:33:64:c1:62:01:24:32:34:80:28:90:
                    00:ee:cf:d2:7f:e6:41:a8:fb:93:4d:1b:f0:ee:f2:
                    5a:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:9D:DA:6D:14:F2:DE:7B:1E:3D:55:D9:E8:55:EA:6C:FF:38:E1:CD
            X509v3 Authority Key Identifier:
                keyid:B6:B2:33:3F:06:65:73:F5:31:6E:07:5A:01:CE:24:90:B5:8C:6A:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/trIzPwZlc_UxbgdaAc4kkLWMauE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/5d68a2-95d3-4ddf-85f6-805170ac9c0e/1/R53abRTy3nsePVXZ6FXqbP844c0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/5d68a2-95d3-4ddf-85f6-805170ac9c0e/1/trIzPwZlc_UxbgdaAc4kkLWMauE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:1184::/48

    Signature Algorithm: sha256WithRSAEncryption
         a5:83:ec:89:08:1f:be:50:84:4e:6c:83:87:ce:05:5b:0a:4d:
         48:0b:54:b6:ce:c1:ba:cc:43:2a:52:dd:1c:54:bf:65:8b:3a:
         e5:c6:71:c9:62:9e:9f:0c:9a:f4:40:c7:e9:79:64:56:63:50:
         55:22:41:b9:4a:3c:86:ff:eb:49:de:4b:71:c8:a6:08:b1:2b:
         36:3d:42:e4:1f:a8:d1:24:80:ff:e9:f2:4c:5c:d4:3d:be:5d:
         31:f6:6b:6d:39:42:ac:ae:c1:30:3c:83:9a:b5:73:04:c9:28:
         af:65:c8:aa:a2:1c:ca:f9:2b:4a:4a:e7:4d:8a:e9:73:0a:07:
         08:48:bd:c2:5f:97:ca:70:cf:08:d2:7d:4b:d3:02:00:50:ec:
         19:90:a4:62:12:34:5f:d4:aa:5b:69:f1:2e:69:24:43:79:da:
         b8:75:67:c1:1e:f0:19:d7:fd:07:dd:b0:e1:20:0c:d0:33:f4:
         de:2f:5d:4d:a9:1c:b1:b4:4a:cd:a4:73:55:09:68:53:be:91:
         7f:c7:1f:42:68:b8:7e:43:54:16:68:be:e1:74:ff:0e:c7:21:
         16:7b:8b:6c:da:ac:2c:7c:ac:02:8c:9a:b9:d5:d0:c7:22:df:
         02:43:4c:71:42:f7:4a:25:a5:1c:fd:d1:02:14:53:58:2b:d8:
         9c:55:1b:b4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ073bFtBq39hgbW8MctTFNEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2YjIzMzNmMDY2NTczZjUzMTZlMDc1YTAxY2UyNDkwYjU4
YzZhZTEwHhcNMjYwMzI5MjMxMTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzlkZGE2ZDE0ZjJkZTdiMWUzZDU1ZDllODU1ZWE2Y2ZmMzhlMWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFnejkUkHBct7EfRCxTYareQN7mv
P2LiIsKUacaE413cahgCs+kGI/LhrPQ9jsLnCt2scAh1zTJhPMG5IMXoqK1Hmzxe
2geK4yQmMqGmPGhamYGh7pVwAcHawSfI2SbJhaBKeuZYC/y85HvdPTE+z8ARJBDh
vzCvSohVwIZSL3iPiz/L2U6Hg4LDZZ2Oofh2p/ZhuzI8uEt5ETmu4AJxTOQjqkc1
b+OAkM7XDnrUNDzVfpNHNLO/yJPAHOeQz0/8qWw43yVUrlpY454tvZZwDas4thuN
fR4mxDjIcqmf9bNgHcplM2TBYgEkMjSAKJAA7s/Sf+ZBqPuTTRvw7vJaRwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEed2m0U8t57Hj1V2ehV6mz/OOHNMB8GA1UdIwQY
MBaAFLayMz8GZXP1MW4HWgHOJJC1jGrhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHJJelB3WmxjX1V4YmdkYUFjNGtrTFdNYXVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi81ZDY4YTItOTVkMy00ZGRmLTg1ZjYt
ODA1MTcwYWM5YzBlLzEvUjUzYWJSVHkzbnNlUFZYWjZGWHFiUDg0NGMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi81ZDY4YTItOTVkMy00ZGRmLTg1ZjYtODA1MTcwYWM5YzBl
LzEvdHJJelB3WmxjX1V4YmdkYUFjNGtrTFdNYXVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBGE
MA0GCSqGSIb3DQEBCwUAA4IBAQClg+yJCB++UIRObIOHzgVbCk1IC1S2zsG6zEMq
Ut0cVL9lizrlxnHJYp6fDJr0QMfpeWRWY1BVIkG5SjyG/+tJ3ktxyKYIsSs2PULk
H6jRJID/6fJMXNQ9vl0x9mttOUKsrsEwPIOatXMEySivZciqohzK+StKSudNiulz
CgcISL3CX5fKcM8I0n1L0wIAUOwZkKRiEjRf1KpbafEuaSRDedq4dWfBHvAZ1/0H
3bDhIAzQM/TeL11NqRyxtErNpHNVCWhTvpF/xx9CaLh+Q1QWaL7hdP8OxyEWe4ts
2qwsfKwCjJq51dDHIt8CQ0xxQvdKJaUc/dECFFNYK9icVRu0
-----END CERTIFICATE-----