Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/c229d8-738a-4117-af59-1093d4973091/1/QyZsEO3bLQ3YXF28rvX5z3mE5oo.roa
File:                     QyZsEO3bLQ3YXF28rvX5z3mE5oo.roa (raw, json)
Hash identifier:          4EvUaJPraxAe7s9f0hydZpLjgIHAJ4GNcSXocUv5gQM=
Subject key identifier:   43:26:6C:10:ED:DB:2D:0D:D8:5C:5D:BC:AE:F5:F9:CF:79:84:E6:8A
Certificate issuer:       /CN=b6491a9d4772fd2df5dc093d4e20d3ed81072957
Certificate serial:       019D6DC992864BD4B3E4C6CBDEE624BEEFAD
Authority key identifier: B6:49:1A:9D:47:72:FD:2D:F5:DC:09:3D:4E:20:D3:ED:81:07:29:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tkkanUdy_S313Ak9TiDT7YEHKVc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/c229d8-738a-4117-af59-1093d4973091/1/QyZsEO3bLQ3YXF28rvX5z3mE5oo.roa
Signing time:             Wed 08 Apr 2026 15:50:19 +0000
ROA not before:           Wed 08 Apr 2026 15:50:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6730
IP address blocks:        208.64.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/c229d8-738a-4117-af59-1093d4973091/1/tkkanUdy_S313Ak9TiDT7YEHKVc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/c229d8-738a-4117-af59-1093d4973091/1/tkkanUdy_S313Ak9TiDT7YEHKVc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tkkanUdy_S313Ak9TiDT7YEHKVc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:6d:c9:92:86:4b:d4:b3:e4:c6:cb:de:e6:24:be:ef:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6491a9d4772fd2df5dc093d4e20d3ed81072957
        Validity
            Not Before: Apr  8 15:50:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=43266c10eddb2d0dd85c5dbcaef5f9cf7984e68a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:7c:4d:ca:2f:57:1d:6b:5c:3a:43:9d:61:62:
                    12:f7:e9:30:9c:c2:1a:31:31:db:96:38:69:9a:c0:
                    6e:09:66:72:09:21:be:70:c3:8f:7d:6a:2e:69:a7:
                    ca:43:18:26:86:e6:83:3b:63:b0:ae:af:1c:a6:37:
                    02:50:4d:fb:77:4c:d6:11:95:07:e3:ce:5c:3d:d0:
                    8c:14:5b:c9:27:2a:07:f0:c3:12:97:96:f3:2b:ee:
                    61:cf:8b:fc:f3:60:52:2d:df:c9:85:b2:07:06:45:
                    74:91:04:18:cc:30:f6:05:bf:2a:cc:b0:f7:67:c2:
                    80:da:67:6d:be:43:8e:d9:52:da:df:1d:cb:b0:a7:
                    2e:5b:a8:4c:49:58:2d:cf:87:b5:30:00:36:a2:f4:
                    a8:75:be:23:9f:b4:59:c1:bc:22:12:16:4f:10:44:
                    dc:fc:d8:20:f2:c3:ab:3b:df:02:f3:73:71:75:b3:
                    37:a9:df:46:43:f2:46:47:a4:da:36:e7:84:20:48:
                    af:db:3c:bd:7f:f8:c1:2e:20:6e:1b:46:03:29:a5:
                    12:a7:8d:36:f3:71:77:d7:13:d0:5d:3f:b3:39:94:
                    f9:21:2e:23:e8:f9:53:71:86:1f:b8:2d:62:81:7d:
                    2c:65:21:15:0f:48:1b:6b:02:6e:3a:a0:2a:91:18:
                    bf:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:26:6C:10:ED:DB:2D:0D:D8:5C:5D:BC:AE:F5:F9:CF:79:84:E6:8A
            X509v3 Authority Key Identifier:
                keyid:B6:49:1A:9D:47:72:FD:2D:F5:DC:09:3D:4E:20:D3:ED:81:07:29:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tkkanUdy_S313Ak9TiDT7YEHKVc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/c229d8-738a-4117-af59-1093d4973091/1/QyZsEO3bLQ3YXF28rvX5z3mE5oo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/c229d8-738a-4117-af59-1093d4973091/1/tkkanUdy_S313Ak9TiDT7YEHKVc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  208.64.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:a8:cd:87:28:3b:95:89:d4:a0:0f:fa:b8:16:47:0a:f8:96:
         f5:9f:d1:3a:c9:1e:27:79:b9:d9:22:25:20:18:8e:0a:f6:3c:
         1b:8c:a6:cb:62:3e:b8:77:77:79:ee:01:e4:0b:7a:38:e6:5d:
         33:0e:44:34:4f:3a:0e:cb:03:1b:dc:d5:42:9f:6d:49:99:c2:
         e4:5b:86:98:cd:8a:e0:91:bf:72:79:b7:75:d6:5b:45:9c:2a:
         a3:82:3c:8e:bc:13:c1:43:74:9a:38:4f:ca:18:1b:15:dd:2b:
         cf:ea:21:b5:ba:f9:af:c8:ea:90:86:d1:dd:f8:bb:99:0d:e1:
         2e:90:12:a1:09:a3:95:e8:5d:05:32:b8:b0:ac:a5:5a:bd:f0:
         e9:02:d7:78:3d:37:2a:5d:f8:c3:16:ca:7d:80:50:bc:c0:f2:
         c7:98:85:83:d6:5a:a2:e1:df:8b:cb:1c:b1:b7:67:7c:36:20:
         bc:67:80:89:d0:0c:17:20:24:c4:96:ac:b2:84:54:e6:1a:85:
         ae:78:f5:3b:2e:7c:35:47:58:3e:23:d8:42:4f:1d:5e:b4:a8:
         71:d2:82:52:38:3e:1c:82:8e:70:a5:41:b4:e2:9a:0a:bd:56:
         90:9b:30:77:ef:49:b4:8b:1f:07:3a:d7:fc:5f:3b:80:ff:1d:
         7b:41:ec:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1tyZKGS9Sz5MbL3uYkvu+tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2NDkxYTlkNDc3MmZkMmRmNWRjMDkzZDRlMjBkM2VkODEw
NzI5NTcwHhcNMjYwNDA4MTU1MDE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzI2NmMxMGVkZGIyZDBkZDg1YzVkYmNhZWY1ZjljZjc5ODRlNjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuXxNyi9XHWtcOkOdYWIS9+kwnMIa
MTHbljhpmsBuCWZyCSG+cMOPfWouaafKQxgmhuaDO2Owrq8cpjcCUE37d0zWEZUH
485cPdCMFFvJJyoH8MMSl5bzK+5hz4v882BSLd/JhbIHBkV0kQQYzDD2Bb8qzLD3
Z8KA2mdtvkOO2VLa3x3LsKcuW6hMSVgtz4e1MAA2ovSodb4jn7RZwbwiEhZPEETc
/Ngg8sOrO98C83NxdbM3qd9GQ/JGR6TaNueEIEiv2zy9f/jBLiBuG0YDKaUSp402
83F31xPQXT+zOZT5IS4j6PlTcYYfuC1igX0sZSEVD0gbawJuOqAqkRi/1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEMmbBDt2y0N2FxdvK71+c95hOaKMB8GA1UdIwQY
MBaAFLZJGp1Hcv0t9dwJPU4g0+2BBylXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGtrYW5VZHlfUzMxM0FrOVRpRFQ3WUVIS1ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9jMjI5ZDgtNzM4YS00MTE3LWFmNTkt
MTA5M2Q0OTczMDkxLzEvUXlac0VPM2JMUTNZWEYyOHJ2WDV6M21FNW9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9jMjI5ZDgtNzM4YS00MTE3LWFmNTktMTA5M2Q0OTczMDkx
LzEvdGtrYW5VZHlfUzMxM0FrOVRpRFQ3WUVIS1ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA0EA2MA0G
CSqGSIb3DQEBCwUAA4IBAQBiqM2HKDuVidSgD/q4FkcK+Jb1n9E6yR4nebnZIiUg
GI4K9jwbjKbLYj64d3d57gHkC3o45l0zDkQ0TzoOywMb3NVCn21JmcLkW4aYzYrg
kb9yebd11ltFnCqjgjyOvBPBQ3SaOE/KGBsV3SvP6iG1uvmvyOqQhtHd+LuZDeEu
kBKhCaOV6F0FMriwrKVavfDpAtd4PTcqXfjDFsp9gFC8wPLHmIWD1lqi4d+Lyxyx
t2d8NiC8Z4CJ0AwXICTElqyyhFTmGoWuePU7Lnw1R1g+I9hCTx1etKhx0oJSOD4c
go5wpUG04poKvVaQmzB370m0ix8HOtf8XzuA/x17Qexw
-----END CERTIFICATE-----