Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/3b72c0-5de9-46a4-abd4-31b60311c315/1/9bJWHvsD-dqBntAB20zO9CBt_Wc.roa
File:                     9bJWHvsD-dqBntAB20zO9CBt_Wc.roa (raw, json)
Hash identifier:          0W6NRPv1Nxc5Zsqyro6dwCeLDZh0yMAr5QQPzv2LCsU=
Subject key identifier:   F5:B2:56:1E:FB:03:F9:DA:81:9E:D0:01:DB:4C:CE:F4:20:6D:FD:67
Certificate issuer:       /CN=165fad4109283b33b6f3ba53fae83a145d1934e2
Certificate serial:       019B7A59A47D1AAED6D8024E6E484AE747FF
Authority key identifier: 16:5F:AD:41:09:28:3B:33:B6:F3:BA:53:FA:E8:3A:14:5D:19:34:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fl-tQQkoOzO287pT-ug6FF0ZNOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/3b72c0-5de9-46a4-abd4-31b60311c315/1/9bJWHvsD-dqBntAB20zO9CBt_Wc.roa
Signing time:             Thu 01 Jan 2026 16:17:33 +0000
ROA not before:           Thu 01 Jan 2026 16:17:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39880
IP address blocks:        2001:67c:2174::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/3b72c0-5de9-46a4-abd4-31b60311c315/1/Fl-tQQkoOzO287pT-ug6FF0ZNOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/3b72c0-5de9-46a4-abd4-31b60311c315/1/Fl-tQQkoOzO287pT-ug6FF0ZNOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fl-tQQkoOzO287pT-ug6FF0ZNOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:59:a4:7d:1a:ae:d6:d8:02:4e:6e:48:4a:e7:47:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=165fad4109283b33b6f3ba53fae83a145d1934e2
        Validity
            Not Before: Jan  1 16:17:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f5b2561efb03f9da819ed001db4ccef4206dfd67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:b0:f6:86:de:e6:1e:0b:80:eb:67:5c:5f:ab:
                    64:c9:b3:c4:18:7f:af:6b:fb:65:1b:4f:fc:24:c2:
                    e6:62:d8:43:17:f9:1c:9c:74:d8:65:02:31:d7:1a:
                    d0:b1:fe:6b:a0:b6:dc:c3:0f:77:0d:fc:b4:61:10:
                    0e:f9:bc:f1:70:e5:38:7a:66:3c:cb:0f:c3:0c:da:
                    85:7c:cc:d4:2f:9f:a7:02:20:94:dd:4f:b1:29:91:
                    fc:89:ed:45:e4:0c:64:06:f9:f8:10:9a:00:09:7a:
                    be:55:fa:91:94:58:4c:85:11:97:58:30:9d:8e:df:
                    ad:76:db:9d:a3:d0:1e:21:4b:4e:02:0c:59:7a:54:
                    5d:2b:63:f8:8c:cf:c4:17:b7:0f:7a:c4:be:42:15:
                    1d:19:62:6a:0d:22:48:f9:03:8f:52:de:73:63:fc:
                    4d:6d:24:84:5f:e8:cc:1a:00:a2:5d:a7:c9:b9:ce:
                    de:53:ed:e5:02:c9:97:0a:f2:e3:da:a2:b5:cb:a9:
                    30:18:b6:93:d9:1c:d2:77:67:85:f1:1d:b6:83:7c:
                    82:45:80:9e:72:37:bf:05:ce:65:31:13:64:a3:d6:
                    56:4b:59:32:16:7e:99:ba:8c:e1:8e:39:bd:87:e1:
                    70:74:3e:81:04:ec:22:8a:3d:54:ec:24:ef:31:f5:
                    eb:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:B2:56:1E:FB:03:F9:DA:81:9E:D0:01:DB:4C:CE:F4:20:6D:FD:67
            X509v3 Authority Key Identifier:
                keyid:16:5F:AD:41:09:28:3B:33:B6:F3:BA:53:FA:E8:3A:14:5D:19:34:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fl-tQQkoOzO287pT-ug6FF0ZNOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/3b72c0-5de9-46a4-abd4-31b60311c315/1/9bJWHvsD-dqBntAB20zO9CBt_Wc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/3b72c0-5de9-46a4-abd4-31b60311c315/1/Fl-tQQkoOzO287pT-ug6FF0ZNOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2174::/48

    Signature Algorithm: sha256WithRSAEncryption
         58:af:f8:09:42:f8:e6:27:b3:3b:92:f2:14:31:c7:92:24:8a:
         e5:e8:a2:0c:af:7b:70:dd:cd:2e:95:23:96:d3:70:d8:24:47:
         14:24:6f:22:77:07:63:d2:b0:87:30:37:5f:6f:4c:4a:35:00:
         e1:25:23:46:39:47:35:70:59:bb:1a:9b:72:a9:8f:6c:f1:ca:
         a7:2a:ba:f7:43:94:da:0b:6e:c3:b7:82:2f:de:40:fe:9a:92:
         c7:a8:88:98:dc:ac:47:58:ca:84:c3:dc:02:f5:57:05:8f:3b:
         59:d6:5b:2d:eb:f8:45:5e:b5:c0:01:a6:5a:c5:f4:52:0c:1c:
         5b:66:c8:ea:8e:2c:88:b3:79:85:4b:8a:1d:b5:63:a6:e9:91:
         58:a3:7c:6d:95:e2:2a:7c:12:e4:b5:84:77:9a:ef:e8:9d:76:
         9d:37:2c:c6:c2:bd:26:45:29:28:34:10:e7:68:7d:59:39:eb:
         2f:c3:08:e2:a3:13:b1:49:4f:68:f6:0f:84:98:88:98:10:d3:
         b1:00:9a:78:d5:86:2c:ef:6b:92:47:59:9f:d7:56:e4:2e:fc:
         90:82:e1:e6:ff:fc:81:db:17:2a:1d:42:6a:e9:5f:28:fb:ed:
         65:be:ad:80:b4:31:da:b8:67:4d:34:b5:18:da:56:fc:78:ce:
         61:4f:79:a1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt6WaR9Gq7W2AJObkhK50f/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2NWZhZDQxMDkyODNiMzNiNmYzYmE1M2ZhZTgzYTE0NWQx
OTM0ZTIwHhcNMjYwMTAxMTYxNzMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWIyNTYxZWZiMDNmOWRhODE5ZWQwMDFkYjRjY2VmNDIwNmRmZDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4bD2ht7mHguA62dcX6tkybPEGH+v
a/tlG0/8JMLmYthDF/kcnHTYZQIx1xrQsf5roLbcww93Dfy0YRAO+bzxcOU4emY8
yw/DDNqFfMzUL5+nAiCU3U+xKZH8ie1F5AxkBvn4EJoACXq+VfqRlFhMhRGXWDCd
jt+tdtudo9AeIUtOAgxZelRdK2P4jM/EF7cPesS+QhUdGWJqDSJI+QOPUt5zY/xN
bSSEX+jMGgCiXafJuc7eU+3lAsmXCvLj2qK1y6kwGLaT2RzSd2eF8R22g3yCRYCe
cje/Bc5lMRNko9ZWS1kyFn6Zuozhjjm9h+FwdD6BBOwiij1U7CTvMfXrAQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPWyVh77A/nagZ7QAdtMzvQgbf1nMB8GA1UdIwQY
MBaAFBZfrUEJKDsztvO6U/roOhRdGTTiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmwtdFFRa29Pek8yODdwVC11ZzZGRjBaTk9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8zYjcyYzAtNWRlOS00NmE0LWFiZDQt
MzFiNjAzMTFjMzE1LzEvOWJKV0h2c0QtZHFCbnRBQjIwek85Q0J0X1djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8zYjcyYzAtNWRlOS00NmE0LWFiZDQtMzFiNjAzMTFjMzE1
LzEvRmwtdFFRa29Pek8yODdwVC11ZzZGRjBaTk9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCF0
MA0GCSqGSIb3DQEBCwUAA4IBAQBYr/gJQvjmJ7M7kvIUMceSJIrl6KIMr3tw3c0u
lSOW03DYJEcUJG8idwdj0rCHMDdfb0xKNQDhJSNGOUc1cFm7GptyqY9s8cqnKrr3
Q5TaC27Dt4Iv3kD+mpLHqIiY3KxHWMqEw9wC9VcFjztZ1lst6/hFXrXAAaZaxfRS
DBxbZsjqjiyIs3mFS4odtWOm6ZFYo3xtleIqfBLktYR3mu/onXadNyzGwr0mRSko
NBDnaH1ZOesvwwjioxOxSU9o9g+EmIiYENOxAJp41YYs72uSR1mf11bkLvyQguHm
//yB2xcqHUJq6V8o++1lvq2AtDHauGdNNLUY2lb8eM5hT3mh
-----END CERTIFICATE-----