Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/77096f-bb89-411e-90e0-30c7f39d8e1c/1/aCIF0y6GgNB-cFThvL2Lyh2n-lo.roa
File:                     aCIF0y6GgNB-cFThvL2Lyh2n-lo.roa (raw, json)
Hash identifier:          4v0QjBWtq34mt9U2KXhSobzZ+OQkjLySDEHBqMX2FRM=
Subject key identifier:   68:22:05:D3:2E:86:80:D0:7E:70:54:E1:BC:BD:8B:CA:1D:A7:FA:5A
Certificate issuer:       /CN=5b0329066138bb5564571fc3c29ee953e5c1c7a3
Certificate serial:       019CA548A381FDCA8CA722F2F39DD87EC15F
Authority key identifier: 5B:03:29:06:61:38:BB:55:64:57:1F:C3:C2:9E:E9:53:E5:C1:C7:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WwMpBmE4u1VkVx_Dwp7pU-XBx6M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/77096f-bb89-411e-90e0-30c7f39d8e1c/1/aCIF0y6GgNB-cFThvL2Lyh2n-lo.roa
Signing time:             Sat 28 Feb 2026 17:25:26 +0000
ROA not before:           Sat 28 Feb 2026 17:25:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51396
IP address blocks:        2a0a:7740::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/77096f-bb89-411e-90e0-30c7f39d8e1c/1/WwMpBmE4u1VkVx_Dwp7pU-XBx6M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/77096f-bb89-411e-90e0-30c7f39d8e1c/1/WwMpBmE4u1VkVx_Dwp7pU-XBx6M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WwMpBmE4u1VkVx_Dwp7pU-XBx6M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:a5:48:a3:81:fd:ca:8c:a7:22:f2:f3:9d:d8:7e:c1:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5b0329066138bb5564571fc3c29ee953e5c1c7a3
        Validity
            Not Before: Feb 28 17:25:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=682205d32e8680d07e7054e1bcbd8bca1da7fa5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:28:91:98:62:90:e4:2c:7b:e2:d1:03:85:fb:
                    be:54:57:15:a3:6a:9a:68:ad:c0:86:1e:5f:6e:17:
                    cf:86:8c:7c:c9:53:73:b6:a8:03:3e:6c:69:58:e1:
                    f6:82:91:bd:98:36:4e:c9:cf:3f:d4:4d:fb:5c:32:
                    c8:7b:dc:43:69:86:ed:f6:7a:fe:7f:46:3f:63:cb:
                    2c:45:79:a3:6b:79:a0:12:c3:10:01:d4:76:46:c3:
                    80:19:fc:89:9d:06:91:f6:5a:00:a7:29:9c:84:2a:
                    34:48:e0:e6:3b:e2:41:a9:f3:fd:c8:a7:66:7d:90:
                    ae:b2:88:54:37:f2:5c:e3:b3:5d:4e:12:a4:11:9d:
                    d3:85:e8:ee:f1:e3:db:dc:16:0d:fa:68:df:23:ba:
                    ba:5f:44:a6:d6:25:02:d8:a9:00:49:17:9a:1c:b7:
                    c0:c4:37:ba:71:ba:0e:bd:ce:ee:ac:43:56:2b:25:
                    26:6a:6f:67:c1:2c:dc:0f:d9:db:02:c0:2d:1f:39:
                    7d:74:b8:71:14:36:aa:1b:39:e1:6e:da:04:06:0d:
                    bb:d7:80:90:9c:26:c9:9f:c7:7f:38:14:07:97:4e:
                    3d:b3:bd:c3:31:f0:17:cb:c9:11:a3:95:b7:53:4b:
                    e7:b6:d3:37:3a:8f:55:ec:20:02:fe:54:96:cb:bb:
                    84:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:22:05:D3:2E:86:80:D0:7E:70:54:E1:BC:BD:8B:CA:1D:A7:FA:5A
            X509v3 Authority Key Identifier:
                keyid:5B:03:29:06:61:38:BB:55:64:57:1F:C3:C2:9E:E9:53:E5:C1:C7:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WwMpBmE4u1VkVx_Dwp7pU-XBx6M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/77096f-bb89-411e-90e0-30c7f39d8e1c/1/aCIF0y6GgNB-cFThvL2Lyh2n-lo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/77096f-bb89-411e-90e0-30c7f39d8e1c/1/WwMpBmE4u1VkVx_Dwp7pU-XBx6M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:7740::/48

    Signature Algorithm: sha256WithRSAEncryption
         9b:17:33:47:fd:e2:7d:6a:af:2d:da:e9:53:e2:e4:6b:9b:b5:
         51:27:9b:07:79:1b:19:63:25:88:e8:37:5f:57:da:ff:78:43:
         7f:7c:e4:ac:d2:d0:74:5a:bd:cc:5f:ab:f9:72:7f:b2:8a:cc:
         82:31:b1:b3:cc:2e:21:e3:79:35:ac:6c:f2:b4:dd:59:74:c3:
         f0:3a:c5:e6:0f:44:5c:09:b4:8a:58:eb:3c:d8:52:86:cf:bc:
         bf:ca:15:4a:5d:1a:7f:cd:b6:0d:ef:9b:cd:89:a4:d5:ae:f0:
         b4:a4:36:e8:18:31:a5:20:e8:60:8f:78:b5:4a:03:e5:56:7b:
         58:cd:76:63:f5:3b:0f:73:b8:a2:44:a5:90:22:f0:da:c5:99:
         0b:26:67:8a:3b:65:38:b1:a9:6f:c2:b1:72:cd:1b:6c:2a:9f:
         86:dd:51:7c:f7:8f:74:26:85:a0:7b:c2:fe:b1:45:5d:e1:7c:
         62:fe:4d:db:57:72:8c:2b:56:a3:ae:3a:f2:b3:eb:31:5a:b5:
         3a:cd:51:45:42:40:e6:52:52:11:27:f9:1b:a9:7e:47:91:be:
         d3:ad:27:62:30:05:9d:67:4e:4d:6f:6b:de:7c:62:de:32:f3:
         48:c9:08:87:4a:9a:0e:21:fd:4a:88:59:fb:2f:8d:a1:12:f5:
         10:7c:e7:3b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZylSKOB/cqMpyLy853YfsFfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViMDMyOTA2NjEzOGJiNTU2NDU3MWZjM2MyOWVlOTUzZTVj
MWM3YTMwHhcNMjYwMjI4MTcyNTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODIyMDVkMzJlODY4MGQwN2U3MDU0ZTFiY2JkOGJjYTFkYTdmYTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1yiRmGKQ5Cx74tEDhfu+VFcVo2qa
aK3Ahh5fbhfPhox8yVNztqgDPmxpWOH2gpG9mDZOyc8/1E37XDLIe9xDaYbt9nr+
f0Y/Y8ssRXmja3mgEsMQAdR2RsOAGfyJnQaR9loApymchCo0SODmO+JBqfP9yKdm
fZCusohUN/Jc47NdThKkEZ3Theju8ePb3BYN+mjfI7q6X0Sm1iUC2KkASReaHLfA
xDe6cboOvc7urENWKyUmam9nwSzcD9nbAsAtHzl9dLhxFDaqGznhbtoEBg2714CQ
nCbJn8d/OBQHl049s73DMfAXy8kRo5W3U0vnttM3Oo9V7CAC/lSWy7uEcwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGgiBdMuhoDQfnBU4by9i8odp/paMB8GA1UdIwQY
MBaAFFsDKQZhOLtVZFcfw8Ke6VPlwcejMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3dNcEJtRTR1MVZrVnhfRHdwN3BVLVhCeDZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC83NzA5NmYtYmI4OS00MTFlLTkwZTAt
MzBjN2YzOWQ4ZTFjLzEvYUNJRjB5NkdnTkItY0ZUaHZMMkx5aDJuLWxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC83NzA5NmYtYmI4OS00MTFlLTkwZTAtMzBjN2YzOWQ4ZTFj
LzEvV3dNcEJtRTR1MVZrVnhfRHdwN3BVLVhCeDZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgp3QAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQCbFzNH/eJ9aq8t2ulT4uRrm7VRJ5sHeRsZYyWI
6DdfV9r/eEN/fOSs0tB0Wr3MX6v5cn+yisyCMbGzzC4h43k1rGzytN1ZdMPwOsXm
D0RcCbSKWOs82FKGz7y/yhVKXRp/zbYN75vNiaTVrvC0pDboGDGlIOhgj3i1SgPl
VntYzXZj9TsPc7iiRKWQIvDaxZkLJmeKO2U4salvwrFyzRtsKp+G3VF89490JoWg
e8L+sUVd4Xxi/k3bV3KMK1ajrjrys+sxWrU6zVFFQkDmUlIRJ/kbqX5Hkb7TrSdi
MAWdZ05Nb2vefGLeMvNIyQiHSpoOIf1KiFn7L42hEvUQfOc7
-----END CERTIFICATE-----