Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/40658e-c1a5-4858-8912-00ceeb6a414f/1/IAnS6bEzch3TIofLALz1ygB0iyo.roa
File:                     IAnS6bEzch3TIofLALz1ygB0iyo.roa (raw, json)
Hash identifier:          lyXUvYyQfJt4aH/SJqViQQv03gKvKKB5vsWtq0xG3Ro=
Subject key identifier:   20:09:D2:E9:B1:33:72:1D:D3:22:87:CB:00:BC:F5:CA:00:74:8B:2A
Certificate issuer:       /CN=665e17c08acdc77e944b2839508f1fd711e8e97b
Certificate serial:       019D6735170F4EE3033C73D23683A2E6FFF5
Authority key identifier: 66:5E:17:C0:8A:CD:C7:7E:94:4B:28:39:50:8F:1F:D7:11:E8:E9:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Zl4XwIrNx36USyg5UI8f1xHo6Xs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/40658e-c1a5-4858-8912-00ceeb6a414f/1/IAnS6bEzch3TIofLALz1ygB0iyo.roa
Signing time:             Tue 07 Apr 2026 09:10:25 +0000
ROA not before:           Tue 07 Apr 2026 09:10:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6079
IP address blocks:        212.108.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/40658e-c1a5-4858-8912-00ceeb6a414f/1/Zl4XwIrNx36USyg5UI8f1xHo6Xs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/40658e-c1a5-4858-8912-00ceeb6a414f/1/Zl4XwIrNx36USyg5UI8f1xHo6Xs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Zl4XwIrNx36USyg5UI8f1xHo6Xs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 03:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:67:35:17:0f:4e:e3:03:3c:73:d2:36:83:a2:e6:ff:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=665e17c08acdc77e944b2839508f1fd711e8e97b
        Validity
            Not Before: Apr  7 09:10:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2009d2e9b133721dd32287cb00bcf5ca00748b2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:ce:45:e8:69:df:ff:0d:f6:41:58:24:8b:bf:
                    60:aa:a5:04:b6:3e:b7:0d:6e:54:7e:2f:c4:3a:b2:
                    31:0c:a9:1d:6a:44:7a:fa:8c:95:5e:17:71:47:c9:
                    c4:1f:18:bc:3e:f5:be:e2:6f:1a:de:0d:26:29:b1:
                    93:36:7e:44:43:4d:ce:aa:cf:38:4d:e0:e3:0d:be:
                    24:ac:ac:11:64:6a:33:29:a8:1b:9f:5d:34:f3:a8:
                    a3:9a:84:d4:f1:88:53:f5:57:56:59:c2:62:df:83:
                    e4:2b:cb:e7:8d:5a:6f:a2:82:1b:47:d5:42:40:5c:
                    ca:9f:27:a2:53:5d:37:a7:b4:05:24:0e:00:ef:fa:
                    d2:08:2d:46:e1:d2:79:0d:fc:28:25:15:82:eb:1b:
                    a5:da:64:f1:e7:6c:60:51:9f:54:d4:4c:15:e1:fd:
                    ef:0e:b3:3a:cc:30:e5:08:27:fe:20:95:34:c9:82:
                    a6:33:9f:90:bc:ed:4e:f7:e1:6e:ea:64:0a:6b:80:
                    d4:a3:2f:92:3b:dd:4e:b9:57:f1:0b:4b:84:79:4e:
                    06:f0:05:88:ac:b5:e6:a4:cf:46:33:8c:32:ce:9f:
                    79:65:c2:99:3e:d0:d1:ce:b6:7d:c2:e4:cb:c3:63:
                    1f:bf:26:9d:c1:9d:ec:17:21:ab:54:1c:3a:91:c1:
                    d6:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:09:D2:E9:B1:33:72:1D:D3:22:87:CB:00:BC:F5:CA:00:74:8B:2A
            X509v3 Authority Key Identifier:
                keyid:66:5E:17:C0:8A:CD:C7:7E:94:4B:28:39:50:8F:1F:D7:11:E8:E9:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Zl4XwIrNx36USyg5UI8f1xHo6Xs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/40658e-c1a5-4858-8912-00ceeb6a414f/1/IAnS6bEzch3TIofLALz1ygB0iyo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/40658e-c1a5-4858-8912-00ceeb6a414f/1/Zl4XwIrNx36USyg5UI8f1xHo6Xs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.108.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:94:90:54:39:e2:4d:0a:25:1a:0a:73:28:c9:95:ab:ee:23:
         40:eb:66:cd:d5:aa:5c:a5:66:f3:b5:f9:d2:1b:ca:26:f8:cf:
         03:49:ff:11:50:0d:8e:bd:1b:96:81:7a:ba:05:ab:4c:73:41:
         50:c6:5d:5b:b8:57:91:8d:6f:8d:ad:9f:7f:0b:0d:ef:53:b4:
         9c:4d:f2:eb:0f:76:a2:56:fd:bb:3b:73:1e:06:06:c0:d5:5b:
         0d:a7:9a:a2:2c:9c:15:4c:0b:14:b4:60:01:95:f2:71:2c:07:
         0d:4a:7a:3b:aa:27:a6:c1:28:a3:0d:97:76:85:52:d6:b3:64:
         df:7a:a1:c7:13:77:89:a7:53:de:fa:6b:a2:c5:14:10:28:24:
         78:92:20:20:0b:80:76:59:ef:ac:15:a8:65:48:4e:98:e4:94:
         b9:00:2c:5a:fc:22:f2:4c:40:4a:a3:40:7a:74:0a:e3:d3:38:
         14:82:52:ea:2e:44:3e:dd:82:d3:d8:ac:b6:d4:47:8d:ef:33:
         b0:07:47:c5:ac:95:95:84:fc:84:9b:cb:a4:58:81:ed:98:80:
         02:fb:7c:cc:e7:d9:0c:ef:0b:03:07:16:bb:8f:92:d9:ce:b1:
         7c:0b:76:85:ca:cf:0c:69:46:9d:29:dd:e5:84:ce:0d:d2:5d:
         30:4f:78:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1nNRcPTuMDPHPSNoOi5v/1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NWUxN2MwOGFjZGM3N2U5NDRiMjgzOTUwOGYxZmQ3MTFl
OGU5N2IwHhcNMjYwNDA3MDkxMDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDA5ZDJlOWIxMzM3MjFkZDMyMjg3Y2IwMGJjZjVjYTAwNzQ4YjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwM5F6Gnf/w32QVgki79gqqUEtj63
DW5Ufi/EOrIxDKkdakR6+oyVXhdxR8nEHxi8PvW+4m8a3g0mKbGTNn5EQ03Oqs84
TeDjDb4krKwRZGozKagbn10086ijmoTU8YhT9VdWWcJi34PkK8vnjVpvooIbR9VC
QFzKnyeiU103p7QFJA4A7/rSCC1G4dJ5DfwoJRWC6xul2mTx52xgUZ9U1EwV4f3v
DrM6zDDlCCf+IJU0yYKmM5+QvO1O9+Fu6mQKa4DUoy+SO91OuVfxC0uEeU4G8AWI
rLXmpM9GM4wyzp95ZcKZPtDRzrZ9wuTLw2MfvyadwZ3sFyGrVBw6kcHWqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCAJ0umxM3Id0yKHywC89coAdIsqMB8GA1UdIwQY
MBaAFGZeF8CKzcd+lEsoOVCPH9cR6Ol7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmw0WHdJck54MzZVU3lnNVVJOGYxeEhvNlhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80MDY1OGUtYzFhNS00ODU4LTg5MTIt
MDBjZWViNmE0MTRmLzEvSUFuUzZiRXpjaDNUSW9mTEFMejF5Z0IwaXlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80MDY1OGUtYzFhNS00ODU4LTg5MTItMDBjZWViNmE0MTRm
LzEvWmw0WHdJck54MzZVU3lnNVVJOGYxeEhvNlhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GxwMA0G
CSqGSIb3DQEBCwUAA4IBAQAalJBUOeJNCiUaCnMoyZWr7iNA62bN1apcpWbztfnS
G8om+M8DSf8RUA2OvRuWgXq6BatMc0FQxl1buFeRjW+NrZ9/Cw3vU7ScTfLrD3ai
Vv27O3MeBgbA1VsNp5qiLJwVTAsUtGABlfJxLAcNSno7qiemwSijDZd2hVLWs2Tf
eqHHE3eJp1Pe+muixRQQKCR4kiAgC4B2We+sFahlSE6Y5JS5ACxa/CLyTEBKo0B6
dArj0zgUglLqLkQ+3YLT2Ky21EeN7zOwB0fFrJWVhPyEm8ukWIHtmIAC+3zM59kM
7wsDBxa7j5LZzrF8C3aFys8MaUadKd3lhM4N0l0wT3ht
-----END CERTIFICATE-----