Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/c03eae-39ae-4002-b66e-04ac0a5e8143/1/_zfrfxE4KY3Sz2qKZ9YX8YUP3Gc.roa
File:                     _zfrfxE4KY3Sz2qKZ9YX8YUP3Gc.roa (raw, json)
Hash identifier:          WlQR46TcsvE8o+HLG0ehANtk2L9KYlzfKkIP64trfQo=
Subject key identifier:   FF:37:EB:7F:11:38:29:8D:D2:CF:6A:8A:67:D6:17:F1:85:0F:DC:67
Certificate issuer:       /CN=1719d0bc044cdaa2341809d000f0fc4e1dedb345
Certificate serial:       019B77C74BCA78B31B5FB1D929D011180F4B
Authority key identifier: 17:19:D0:BC:04:4C:DA:A2:34:18:09:D0:00:F0:FC:4E:1D:ED:B3:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FxnQvARM2qI0GAnQAPD8Th3ts0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/c03eae-39ae-4002-b66e-04ac0a5e8143/1/_zfrfxE4KY3Sz2qKZ9YX8YUP3Gc.roa
Signing time:             Thu 01 Jan 2026 04:18:28 +0000
ROA not before:           Thu 01 Jan 2026 04:18:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208562
IP address blocks:        2001:678:ad8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/c03eae-39ae-4002-b66e-04ac0a5e8143/1/FxnQvARM2qI0GAnQAPD8Th3ts0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/c03eae-39ae-4002-b66e-04ac0a5e8143/1/FxnQvARM2qI0GAnQAPD8Th3ts0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FxnQvARM2qI0GAnQAPD8Th3ts0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 19:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:4b:ca:78:b3:1b:5f:b1:d9:29:d0:11:18:0f:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1719d0bc044cdaa2341809d000f0fc4e1dedb345
        Validity
            Not Before: Jan  1 04:18:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ff37eb7f1138298dd2cf6a8a67d617f1850fdc67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:05:72:d5:13:e0:cf:7b:1f:0a:c6:d6:6c:6e:
                    88:08:6b:ab:49:d4:7a:0e:fa:92:eb:4e:7c:66:df:
                    bf:f2:b6:dc:c9:55:de:4e:3f:79:28:88:9d:0f:f0:
                    b8:69:7d:87:fe:3c:2f:00:8e:2a:1c:5f:24:fa:e8:
                    f2:fe:a6:17:03:04:11:ec:31:81:d7:1d:03:64:3e:
                    79:6a:2d:05:95:43:ed:46:83:25:5d:56:74:a1:fe:
                    25:12:f3:2c:f7:b8:28:7a:5d:2c:63:d3:16:16:dd:
                    be:89:28:3d:fa:3e:66:e4:bf:88:4a:a2:c8:e3:f1:
                    3d:5e:25:14:b1:58:57:ed:d9:a9:9e:c1:1a:53:30:
                    8a:ca:01:f4:86:65:b7:3b:ac:31:91:6a:e3:c0:b1:
                    29:4d:0d:09:a4:93:63:c0:91:9c:90:b9:59:e2:cd:
                    a5:5f:e0:e5:4e:84:54:a2:86:48:86:c0:db:9f:83:
                    0e:fb:34:4f:37:7c:58:eb:22:37:8b:f2:1b:62:04:
                    8d:93:bb:9c:22:9a:23:2a:59:51:de:43:a9:ae:13:
                    78:f0:dc:d0:47:63:22:79:9b:a3:30:68:35:a6:75:
                    e0:e7:08:c7:9a:12:12:ba:dd:bc:7f:c9:26:3d:51:
                    a8:1c:a2:ff:18:e0:50:e8:9d:3c:b6:6e:dc:46:6a:
                    f1:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:37:EB:7F:11:38:29:8D:D2:CF:6A:8A:67:D6:17:F1:85:0F:DC:67
            X509v3 Authority Key Identifier:
                keyid:17:19:D0:BC:04:4C:DA:A2:34:18:09:D0:00:F0:FC:4E:1D:ED:B3:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FxnQvARM2qI0GAnQAPD8Th3ts0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/c03eae-39ae-4002-b66e-04ac0a5e8143/1/_zfrfxE4KY3Sz2qKZ9YX8YUP3Gc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/c03eae-39ae-4002-b66e-04ac0a5e8143/1/FxnQvARM2qI0GAnQAPD8Th3ts0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:ad8::/48

    Signature Algorithm: sha256WithRSAEncryption
         db:37:13:8f:cd:ec:02:eb:d8:21:a7:80:b9:ef:8a:86:8c:e9:
         4d:35:97:13:1c:c8:8a:88:ec:9f:8f:3e:63:bf:44:00:a5:1f:
         02:90:cd:f6:0c:51:f1:f6:20:1f:82:be:8d:d3:b3:dc:d5:e3:
         e1:48:bd:8a:b3:33:b8:b4:14:8d:d3:4d:20:d3:0f:ed:83:5c:
         e9:60:d9:2c:df:72:a7:95:85:9c:d4:29:70:e3:e6:7d:c4:3a:
         00:70:72:d1:b8:8d:d3:4f:2a:e7:14:e4:00:0f:c6:88:a7:ec:
         ed:b3:95:ba:78:e5:75:78:f8:00:e9:2b:b3:8e:cb:f8:11:51:
         26:8e:a4:6c:1e:59:e4:b2:fb:90:88:60:6f:ee:fb:c4:d6:f8:
         a9:08:34:aa:02:33:36:07:e4:d2:52:fd:ed:86:1b:42:f1:40:
         76:64:41:a8:e5:04:1f:67:89:d4:ad:7b:5d:16:fe:aa:13:b4:
         8d:4e:5e:46:37:48:e6:39:f6:ca:89:4c:bc:a1:b4:eb:c3:64:
         81:e4:1a:1e:65:52:b5:6d:ef:74:d6:f7:1f:ae:6f:96:ed:68:
         06:ec:59:54:cf:65:d6:4a:fc:bc:65:02:cc:ac:27:66:ad:d8:
         45:d7:6a:d3:a1:36:dc:c2:cc:58:75:2a:8c:d9:64:5a:75:c4:
         e9:50:51:50
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt3x0vKeLMbX7HZKdARGA9LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MTlkMGJjMDQ0Y2RhYTIzNDE4MDlkMDAwZjBmYzRlMWRl
ZGIzNDUwHhcNMjYwMTAxMDQxODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjM3ZWI3ZjExMzgyOThkZDJjZjZhOGE2N2Q2MTdmMTg1MGZkYzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxAVy1RPgz3sfCsbWbG6ICGurSdR6
DvqS6058Zt+/8rbcyVXeTj95KIidD/C4aX2H/jwvAI4qHF8k+ujy/qYXAwQR7DGB
1x0DZD55ai0FlUPtRoMlXVZ0of4lEvMs97goel0sY9MWFt2+iSg9+j5m5L+ISqLI
4/E9XiUUsVhX7dmpnsEaUzCKygH0hmW3O6wxkWrjwLEpTQ0JpJNjwJGckLlZ4s2l
X+DlToRUooZIhsDbn4MO+zRPN3xY6yI3i/IbYgSNk7ucIpojKllR3kOprhN48NzQ
R2MieZujMGg1pnXg5wjHmhISut28f8kmPVGoHKL/GOBQ6J08tm7cRmrxmwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP83638ROCmN0s9qimfWF/GFD9xnMB8GA1UdIwQY
MBaAFBcZ0LwETNqiNBgJ0ADw/E4d7bNFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnhuUXZBUk0ycUkwR0FuUUFQRDhUaDN0czBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi9jMDNlYWUtMzlhZS00MDAyLWI2NmUt
MDRhYzBhNWU4MTQzLzEvX3pmcmZ4RTRLWTNTejJxS1o5WVg4WVVQM0djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi9jMDNlYWUtMzlhZS00MDAyLWI2NmUtMDRhYzBhNWU4MTQz
LzEvRnhuUXZBUk0ycUkwR0FuUUFQRDhUaDN0czBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeArY
MA0GCSqGSIb3DQEBCwUAA4IBAQDbNxOPzewC69ghp4C574qGjOlNNZcTHMiKiOyf
jz5jv0QApR8CkM32DFHx9iAfgr6N07Pc1ePhSL2KszO4tBSN000g0w/tg1zpYNks
33KnlYWc1Clw4+Z9xDoAcHLRuI3TTyrnFOQAD8aIp+zts5W6eOV1ePgA6Suzjsv4
EVEmjqRsHlnksvuQiGBv7vvE1vipCDSqAjM2B+TSUv3thhtC8UB2ZEGo5QQfZ4nU
rXtdFv6qE7SNTl5GN0jmOfbKiUy8obTrw2SB5BoeZVK1be901vcfrm+W7WgG7FlU
z2XWSvy8ZQLMrCdmrdhF12rToTbcwsxYdSqM2WRadcTpUFFQ
-----END CERTIFICATE-----