Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/TMGy79dW2pXkye7BEHy8CMyor_w.roa
File:                     TMGy79dW2pXkye7BEHy8CMyor_w.roa (raw, json)
Hash identifier:          1GLCODVONP48lg8Ky3uS0bIOpPD9LaSttQUDyZyBj78=
Subject key identifier:   4C:C1:B2:EF:D7:56:DA:95:E4:C9:EE:C1:10:7C:BC:08:CC:A8:AF:FC
Certificate issuer:       /CN=137e5707444a16c68e1a1c52ac4909d0bdca62ae
Certificate serial:       019D575F229826B87B7856694EF5A6D87151
Authority key identifier: 13:7E:57:07:44:4A:16:C6:8E:1A:1C:52:AC:49:09:D0:BD:CA:62:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/TMGy79dW2pXkye7BEHy8CMyor_w.roa
Signing time:             Sat 04 Apr 2026 07:22:25 +0000
ROA not before:           Sat 04 Apr 2026 07:22:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202734
IP address blocks:        2a12:cb47:ffff::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:57:5f:22:98:26:b8:7b:78:56:69:4e:f5:a6:d8:71:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=137e5707444a16c68e1a1c52ac4909d0bdca62ae
        Validity
            Not Before: Apr  4 07:22:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4cc1b2efd756da95e4c9eec1107cbc08cca8affc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:2a:81:c9:ac:a0:3f:db:9d:08:18:70:48:e7:
                    8c:6f:e3:66:4d:57:07:c4:79:83:55:f8:50:3d:8b:
                    af:9a:75:d0:b0:00:30:fb:ce:e1:0f:25:bd:a8:14:
                    8a:91:06:5d:6a:a7:23:fc:da:df:39:62:c7:2c:4f:
                    77:bd:fc:93:f0:e0:c4:f1:c9:d8:c7:1c:98:55:ae:
                    e6:50:d9:cd:4c:6b:6f:df:a5:5c:3e:88:d1:1c:26:
                    be:f3:27:8c:a1:75:92:f8:c6:f0:d0:b6:48:ad:50:
                    bc:11:f3:5b:be:61:09:60:a7:4c:9f:ca:bd:26:05:
                    13:0b:ae:63:1c:ac:13:ca:33:a2:22:3f:92:e4:ad:
                    72:da:4b:65:90:b8:6c:14:94:2f:62:6a:96:61:79:
                    5b:11:e3:ea:bc:f2:be:44:6c:ad:ba:04:52:bc:54:
                    d8:c0:fe:ae:09:ff:15:9f:63:7e:24:97:ba:d1:80:
                    d9:4a:b5:53:af:68:1d:c8:b2:8d:df:60:ee:78:1e:
                    98:23:53:c4:4c:05:f8:ea:8f:fd:71:73:2e:fa:ae:
                    26:3a:7c:89:c1:90:6a:5f:b5:25:a1:63:68:ff:97:
                    23:ef:a3:07:b4:1b:29:8d:f2:d5:38:99:26:e4:5f:
                    a8:64:7a:be:85:fb:f4:9d:1c:1f:ef:6d:23:69:26:
                    16:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:C1:B2:EF:D7:56:DA:95:E4:C9:EE:C1:10:7C:BC:08:CC:A8:AF:FC
            X509v3 Authority Key Identifier:
                keyid:13:7E:57:07:44:4A:16:C6:8E:1A:1C:52:AC:49:09:D0:BD:CA:62:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/TMGy79dW2pXkye7BEHy8CMyor_w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:cb47:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         07:74:2f:61:5e:77:51:55:e5:28:ab:c8:35:37:31:9d:67:49:
         32:d3:6d:c5:c1:01:8d:f0:ff:f0:65:fc:15:d1:63:6e:63:7a:
         ce:33:df:9a:6d:d7:e8:62:e4:ec:5b:bb:57:8a:58:38:ec:b7:
         7a:f9:6b:56:9a:1e:84:c0:5c:5f:35:07:18:67:e5:20:df:b4:
         ec:45:d4:24:0f:92:60:67:18:d3:70:2c:52:12:2d:cc:77:a9:
         25:27:ba:3e:28:d4:f5:15:69:77:07:35:7c:49:f1:1e:15:9a:
         03:e0:00:bc:e3:a8:b1:10:ef:48:d8:b3:f0:eb:53:14:7c:68:
         38:42:c3:ee:a8:6c:f3:4e:09:30:fa:3f:9e:c6:c5:ad:ee:dd:
         f4:6c:e0:8a:e6:83:03:7a:27:9e:09:bf:fb:f7:fa:52:e4:1e:
         45:4f:a6:2d:b9:61:fd:6a:37:57:6c:6c:0f:99:ea:13:b2:9e:
         36:03:6f:3d:d3:47:a6:62:3b:39:77:c0:bb:8e:9a:8f:c1:d2:
         fa:24:e3:4b:64:67:bd:08:0f:0e:c2:30:77:5e:26:8b:85:68:
         c1:ae:78:ec:f6:8b:92:a3:da:6f:e5:4c:37:2f:4f:36:b6:56:
         3f:d6:b7:4d:e7:51:58:0a:ac:ba:a1:50:48:db:e4:33:c0:8f:
         2c:d9:df:a5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ1XXyKYJrh7eFZpTvWm2HFRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzN2U1NzA3NDQ0YTE2YzY4ZTFhMWM1MmFjNDkwOWQwYmRj
YTYyYWUwHhcNMjYwNDA0MDcyMjI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2MxYjJlZmQ3NTZkYTk1ZTRjOWVlYzExMDdjYmMwOGNjYThhZmZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAziqByaygP9udCBhwSOeMb+NmTVcH
xHmDVfhQPYuvmnXQsAAw+87hDyW9qBSKkQZdaqcj/NrfOWLHLE93vfyT8ODE8cnY
xxyYVa7mUNnNTGtv36VcPojRHCa+8yeMoXWS+Mbw0LZIrVC8EfNbvmEJYKdMn8q9
JgUTC65jHKwTyjOiIj+S5K1y2ktlkLhsFJQvYmqWYXlbEePqvPK+RGytugRSvFTY
wP6uCf8Vn2N+JJe60YDZSrVTr2gdyLKN32DueB6YI1PETAX46o/9cXMu+q4mOnyJ
wZBqX7UloWNo/5cj76MHtBspjfLVOJkm5F+oZHq+hfv0nRwf720jaSYWJQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEzBsu/XVtqV5MnuwRB8vAjMqK/8MB8GA1UdIwQY
MBaAFBN+VwdEShbGjhocUqxJCdC9ymKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTM1WEIwUktGc2FPR2h4U3JFa0owTDNLWXE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi82ZWFlYWUtZjQ1Yy00MzU1LTkzMmYt
YzBkMjA3YzAyZDI3LzEvVE1HeTc5ZFcycFhreWU3QkVIeThDTXlvcl93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi82ZWFlYWUtZjQ1Yy00MzU1LTkzMmYtYzBkMjA3YzAyZDI3
LzEvRTM1WEIwUktGc2FPR2h4U3JFa0owTDNLWXE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhLLR///
MA0GCSqGSIb3DQEBCwUAA4IBAQAHdC9hXndRVeUoq8g1NzGdZ0ky023FwQGN8P/w
ZfwV0WNuY3rOM9+abdfoYuTsW7tXilg47Ld6+WtWmh6EwFxfNQcYZ+Ug37TsRdQk
D5JgZxjTcCxSEi3Md6klJ7o+KNT1FWl3BzV8SfEeFZoD4AC846ixEO9I2LPw61MU
fGg4QsPuqGzzTgkw+j+exsWt7t30bOCK5oMDeieeCb/79/pS5B5FT6YtuWH9ajdX
bGwPmeoTsp42A28900emYjs5d8C7jpqPwdL6JONLZGe9CA8OwjB3XiaLhWjBrnjs
9ouSo9pv5Uw3L082tlY/1rdN51FYCqy6oVBI2+QzwI8s2d+l
-----END CERTIFICATE-----