Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/ff34bb-10f9-4593-9caf-1d8b9a1aa4ad/1/pwN-2lFR66jS8tzjgg4a5hQ9SZc.roa
File:                     pwN-2lFR66jS8tzjgg4a5hQ9SZc.roa (raw, json)
Hash identifier:          vx5holsz8fk1dc3w+YKiWzzSNZ1ZzCCUAaCQLnUJmIY=
Subject key identifier:   A7:03:7E:DA:51:51:EB:A8:D2:F2:DC:E3:82:0E:1A:E6:14:3D:49:97
Certificate issuer:       /CN=7b69efe6016f72d4592f1b0bab9186476ff3a29d
Certificate serial:       019D4713DF391EA20B7997F689A295A92CD8
Authority key identifier: 7B:69:EF:E6:01:6F:72:D4:59:2F:1B:0B:AB:91:86:47:6F:F3:A2:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e2nv5gFvctRZLxsLq5GGR2_zop0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/ff34bb-10f9-4593-9caf-1d8b9a1aa4ad/1/pwN-2lFR66jS8tzjgg4a5hQ9SZc.roa
Signing time:             Wed 01 Apr 2026 03:26:17 +0000
ROA not before:           Wed 01 Apr 2026 03:26:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16509
IP address blocks:        2a0b:71c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/ff34bb-10f9-4593-9caf-1d8b9a1aa4ad/1/e2nv5gFvctRZLxsLq5GGR2_zop0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/ff34bb-10f9-4593-9caf-1d8b9a1aa4ad/1/e2nv5gFvctRZLxsLq5GGR2_zop0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e2nv5gFvctRZLxsLq5GGR2_zop0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 06:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:47:13:df:39:1e:a2:0b:79:97:f6:89:a2:95:a9:2c:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b69efe6016f72d4592f1b0bab9186476ff3a29d
        Validity
            Not Before: Apr  1 03:26:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a7037eda5151eba8d2f2dce3820e1ae6143d4997
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:8f:e6:36:6d:86:a2:ac:72:94:d3:f5:93:37:
                    37:ce:a8:ea:42:dc:3b:fe:d2:be:69:b3:41:2e:3f:
                    84:a0:8a:87:0c:be:6c:35:f3:14:d0:9c:4a:9e:01:
                    1a:25:1a:7c:34:4f:61:1b:f3:e3:c0:5d:07:00:ac:
                    99:cd:ae:7e:85:8f:49:8d:66:97:83:81:3a:9e:16:
                    67:9b:16:73:52:1c:f6:51:5e:67:27:b9:37:8b:26:
                    ed:01:ce:8f:c4:f6:38:2c:61:31:9c:25:a3:be:27:
                    97:f6:34:25:aa:b3:9c:61:7d:60:38:87:f5:fd:b4:
                    ae:ef:2d:bf:09:2d:84:e4:69:85:75:29:77:ae:d4:
                    7b:38:9b:df:55:9f:41:5a:f1:b8:07:ec:56:8a:81:
                    75:44:87:32:ae:d5:e9:52:ff:5f:eb:d9:90:64:60:
                    ee:33:bf:44:44:46:26:d7:76:bd:c5:d0:bb:14:88:
                    92:24:ff:b0:ea:4a:64:76:ee:a0:b9:b8:60:8f:28:
                    85:dc:50:5c:66:c2:8b:6b:4a:df:b4:1f:71:31:9e:
                    57:82:a4:c2:9c:c8:b1:58:56:bc:bf:84:50:bf:ed:
                    5f:98:58:1b:5e:67:34:5c:15:11:26:fc:c8:37:96:
                    59:20:f4:98:ff:21:c1:9f:34:75:ad:d5:08:d9:e1:
                    d7:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:03:7E:DA:51:51:EB:A8:D2:F2:DC:E3:82:0E:1A:E6:14:3D:49:97
            X509v3 Authority Key Identifier:
                keyid:7B:69:EF:E6:01:6F:72:D4:59:2F:1B:0B:AB:91:86:47:6F:F3:A2:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2nv5gFvctRZLxsLq5GGR2_zop0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/ff34bb-10f9-4593-9caf-1d8b9a1aa4ad/1/pwN-2lFR66jS8tzjgg4a5hQ9SZc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/ff34bb-10f9-4593-9caf-1d8b9a1aa4ad/1/e2nv5gFvctRZLxsLq5GGR2_zop0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:71c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         9c:4b:9e:df:2b:e0:1b:e9:d4:a0:1f:b5:82:5c:33:73:5d:57:
         eb:6a:c5:09:ca:13:2a:35:ff:d3:48:a4:e7:ac:ab:e6:a7:d3:
         ed:1a:52:eb:ad:92:d2:96:32:71:8a:5a:7d:5e:c1:4f:be:93:
         45:5f:42:11:4f:13:01:51:8b:e5:b9:83:b6:01:2c:24:bf:b8:
         f0:52:f7:4a:b6:93:0a:d7:33:a0:63:61:f5:ad:ea:98:44:33:
         5b:a4:bb:f8:e6:a1:a2:b6:06:17:67:ce:94:7b:4a:f4:72:46:
         df:8d:42:69:95:d4:ef:23:c0:37:71:ff:25:ef:5b:e4:07:f8:
         fb:46:87:34:6c:4f:bc:4e:01:10:88:6b:c2:fe:b9:1c:70:b9:
         c4:89:df:af:f5:ef:79:ed:d0:22:8a:71:6b:2c:66:78:f6:ba:
         82:c8:fb:fe:5c:c0:ea:22:c1:1a:1a:22:cf:16:88:04:b3:e9:
         e4:8d:cf:00:89:17:fb:62:97:3c:3b:03:56:7e:6b:b1:cc:5e:
         d3:e9:bd:de:fa:19:a4:f7:3e:47:3f:ba:07:17:fc:14:06:99:
         2a:17:28:3b:42:f6:0d:95:8d:02:29:3b:7e:5c:bb:fa:44:5b:
         0b:dd:4e:b7:83:4d:ad:0e:15:91:df:57:ef:0d:e9:41:1c:9f:
         b8:dc:40:d7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ1HE985HqILeZf2iaKVqSzYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNjllZmU2MDE2ZjcyZDQ1OTJmMWIwYmFiOTE4NjQ3NmZm
M2EyOWQwHhcNMjYwNDAxMDMyNjE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzAzN2VkYTUxNTFlYmE4ZDJmMmRjZTM4MjBlMWFlNjE0M2Q0OTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAto/mNm2GoqxylNP1kzc3zqjqQtw7
/tK+abNBLj+EoIqHDL5sNfMU0JxKngEaJRp8NE9hG/PjwF0HAKyZza5+hY9JjWaX
g4E6nhZnmxZzUhz2UV5nJ7k3iybtAc6PxPY4LGExnCWjvieX9jQlqrOcYX1gOIf1
/bSu7y2/CS2E5GmFdSl3rtR7OJvfVZ9BWvG4B+xWioF1RIcyrtXpUv9f69mQZGDu
M79EREYm13a9xdC7FIiSJP+w6kpkdu6gubhgjyiF3FBcZsKLa0rftB9xMZ5XgqTC
nMixWFa8v4RQv+1fmFgbXmc0XBURJvzIN5ZZIPSY/yHBnzR1rdUI2eHXwwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKcDftpRUeuo0vLc44IOGuYUPUmXMB8GA1UdIwQY
MBaAFHtp7+YBb3LUWS8bC6uRhkdv86KdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTJudjVnRnZjdFJaTHhzTHE1R0dSMl96b3AwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9mZjM0YmItMTBmOS00NTkzLTljYWYt
MWQ4YjlhMWFhNGFkLzEvcHdOLTJsRlI2NmpTOHR6amdnNGE1aFE5U1pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9mZjM0YmItMTBmOS00NTkzLTljYWYtMWQ4YjlhMWFhNGFk
LzEvZTJudjVnRnZjdFJaTHhzTHE1R0dSMl96b3AwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgtxwDAN
BgkqhkiG9w0BAQsFAAOCAQEAnEue3yvgG+nUoB+1glwzc11X62rFCcoTKjX/00ik
56yr5qfT7RpS662S0pYycYpafV7BT76TRV9CEU8TAVGL5bmDtgEsJL+48FL3SraT
CtczoGNh9a3qmEQzW6S7+OahorYGF2fOlHtK9HJG341CaZXU7yPAN3H/Je9b5Af4
+0aHNGxPvE4BEIhrwv65HHC5xInfr/Xvee3QIopxayxmePa6gsj7/lzA6iLBGhoi
zxaIBLPp5I3PAIkX+2KXPDsDVn5rscxe0+m93voZpPc+Rz+6Bxf8FAaZKhcoO0L2
DZWNAik7fly7+kRbC91Ot4NNrQ4Vkd9X7w3pQRyfuNxA1w==
-----END CERTIFICATE-----