Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/xOtKmGFOQ0Si4ry-DnEnpbMZzfw.roa
File:                     xOtKmGFOQ0Si4ry-DnEnpbMZzfw.roa (raw, json)
Hash identifier:          uloNgiaPX4XD2hk6wXEnVMKHkzySU+UwLh3IKRIIyAY=
Subject key identifier:   C4:EB:4A:98:61:4E:43:44:A2:E2:BC:BE:0E:71:27:A5:B3:19:CD:FC
Certificate issuer:       /CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
Certificate serial:       019D90E54F811549C58708095E81EA4BD1DD
Authority key identifier: D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/xOtKmGFOQ0Si4ry-DnEnpbMZzfw.roa
Signing time:             Wed 15 Apr 2026 11:27:20 +0000
ROA not before:           Wed 15 Apr 2026 11:27:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     393448
IP address blocks:        2a14:7dc0:1100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:90:e5:4f:81:15:49:c5:87:08:09:5e:81:ea:4b:d1:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8d3ca2c231afdf3b0355c77a7cbb226f81b74de
        Validity
            Not Before: Apr 15 11:27:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c4eb4a98614e4344a2e2bcbe0e7127a5b319cdfc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:17:02:b8:78:f2:7c:80:4f:b4:f1:a7:e8:75:
                    32:7b:bb:7e:41:b8:7c:f5:be:d0:4e:67:c8:df:b3:
                    c9:cb:46:07:34:29:04:75:ae:74:a8:a2:db:32:f7:
                    50:a1:bc:75:83:4b:0b:67:26:89:23:2b:ef:c4:d1:
                    84:a9:4d:a8:bf:2e:c1:c4:ac:a2:19:49:97:30:2b:
                    6c:57:4e:7e:bb:c0:2a:b1:77:b4:27:eb:2d:e4:4b:
                    cb:99:d8:5a:a1:12:2d:7a:4d:6f:05:f6:5f:81:58:
                    bb:50:29:00:4f:c6:1c:4d:7a:6d:6e:ef:38:d3:37:
                    3b:02:68:53:ad:c5:8c:de:c1:65:31:8d:4a:7c:5e:
                    22:8a:a9:52:71:2d:f9:5f:bb:6f:1e:42:d6:4e:e1:
                    f0:b0:41:04:04:db:f3:c5:4f:d9:ed:37:e0:dc:a4:
                    2e:1d:b7:39:a7:b7:70:4a:48:88:56:3e:d2:d9:69:
                    52:f7:37:f0:30:73:00:02:8f:8d:c0:3d:fb:4b:ab:
                    28:17:46:de:c3:36:5b:70:87:a3:c0:d2:63:55:3e:
                    2b:c4:e4:ca:4e:6c:83:47:42:84:3d:b4:f2:de:9e:
                    6e:9d:79:e4:bb:90:cd:5e:09:22:1d:48:e8:d8:9f:
                    c7:9f:57:41:0d:d3:f2:64:50:e1:f1:6c:38:9f:a4:
                    25:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:EB:4A:98:61:4E:43:44:A2:E2:BC:BE:0E:71:27:A5:B3:19:CD:FC
            X509v3 Authority Key Identifier:
                keyid:D8:D3:CA:2C:23:1A:FD:F3:B0:35:5C:77:A7:CB:B2:26:F8:1B:74:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NPKLCMa_fOwNVx3p8uyJvgbdN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/xOtKmGFOQ0Si4ry-DnEnpbMZzfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/3c076b-aea1-4a33-a9e9-99128bf6a841/1/2NPKLCMa_fOwNVx3p8uyJvgbdN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7dc0:1100::/40

    Signature Algorithm: sha256WithRSAEncryption
         6e:f4:4e:35:85:f6:d4:e3:dd:9b:d1:55:75:ae:10:86:2f:d7:
         2f:70:07:bc:4c:84:70:33:2a:03:ac:a5:4f:fe:53:9d:45:ca:
         c0:ea:f7:42:90:c6:cf:73:5e:62:24:f6:b1:17:31:31:59:52:
         3f:2f:08:cc:f0:be:cf:98:fd:cd:fb:b4:f0:f2:15:51:eb:14:
         50:3c:65:ee:61:27:e8:79:7a:65:99:21:88:11:60:27:28:09:
         ed:c2:4f:5d:90:12:a8:79:a9:10:1f:ca:5f:bd:64:bb:75:e6:
         cc:39:93:03:cc:88:94:a1:4f:66:ff:82:0e:12:71:0a:75:fe:
         e8:9d:e0:1c:49:2c:15:8e:20:87:fb:79:2e:20:ba:15:81:ba:
         e0:bc:bd:43:95:e4:ff:50:bb:55:c5:34:69:ee:23:0f:33:34:
         c2:4b:7a:e5:af:de:81:b8:45:d1:81:15:88:61:82:03:a8:f7:
         14:89:df:0e:d0:ef:c5:84:4e:f2:2b:da:41:16:7a:7e:0b:75:
         bf:08:cc:fb:66:52:55:cc:2f:90:42:9a:53:a8:1b:42:fc:d6:
         2c:d7:6d:f7:ac:87:20:01:f9:17:49:7a:8c:f2:6f:54:8a:b3:
         c8:36:8d:8c:6f:32:aa:3b:e1:f4:4e:61:3e:da:97:54:b1:52:
         17:39:66:85
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZ2Q5U+BFUnFhwgJXoHqS9HdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDNjYTJjMjMxYWZkZjNiMDM1NWM3N2E3Y2JiMjI2Zjgx
Yjc0ZGUwHhcNMjYwNDE1MTEyNzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGViNGE5ODYxNGU0MzQ0YTJlMmJjYmUwZTcxMjdhNWIzMTljZGZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRcCuHjyfIBPtPGn6HUye7t+Qbh8
9b7QTmfI37PJy0YHNCkEda50qKLbMvdQobx1g0sLZyaJIyvvxNGEqU2ovy7BxKyi
GUmXMCtsV05+u8AqsXe0J+st5EvLmdhaoRItek1vBfZfgVi7UCkAT8YcTXptbu84
0zc7AmhTrcWM3sFlMY1KfF4iiqlScS35X7tvHkLWTuHwsEEEBNvzxU/Z7Tfg3KQu
Hbc5p7dwSkiIVj7S2WlS9zfwMHMAAo+NwD37S6soF0bewzZbcIejwNJjVT4rxOTK
TmyDR0KEPbTy3p5unXnku5DNXgkiHUjo2J/Hn1dBDdPyZFDh8Ww4n6QliQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMTrSphhTkNEouK8vg5xJ6WzGc38MB8GA1UdIwQY
MBaAFNjTyiwjGv3zsDVcd6fLsib4G3TeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTkt
OTkxMjhiZjZhODQxLzEveE90S21HRk9RMFNpNHJ5LURuRW5wYk1aemZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS8zYzA3NmItYWVhMS00YTMzLWE5ZTktOTkxMjhiZjZhODQx
LzEvMk5QS0xDTWFfZk93TlZ4M3A4dXlKdmdiZE40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhR9wBEw
DQYJKoZIhvcNAQELBQADggEBAG70TjWF9tTj3ZvRVXWuEIYv1y9wB7xMhHAzKgOs
pU/+U51FysDq90KQxs9zXmIk9rEXMTFZUj8vCMzwvs+Y/c37tPDyFVHrFFA8Ze5h
J+h5emWZIYgRYCcoCe3CT12QEqh5qRAfyl+9ZLt15sw5kwPMiJShT2b/gg4ScQp1
/uid4BxJLBWOIIf7eS4guhWBuuC8vUOV5P9Qu1XFNGnuIw8zNMJLeuWv3oG4RdGB
FYhhggOo9xSJ3w7Q78WETvIr2kEWen4Ldb8IzPtmUlXML5BCmlOoG0L81izXbfes
hyAB+RdJeozyb1SKs8g2jYxvMqo74fROYT7al1SxUhc5ZoU=
-----END CERTIFICATE-----