Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/n6W7J3PbeyEHNaWCBAkAzitrLUg.roa
File:                     n6W7J3PbeyEHNaWCBAkAzitrLUg.roa (raw, json)
Hash identifier:          GvadsITjBB/vM+bpH1snxkrl1M/SUjPS6QRZxV9LGEA=
Subject key identifier:   9F:A5:BB:27:73:DB:7B:21:07:35:A5:82:04:09:00:CE:2B:6B:2D:48
Certificate issuer:       /CN=a7a4e23482268475c1b935637d0002c2fd2993b8
Certificate serial:       019E3FEB77A4213E50614DDD6CB111EBD9B2
Authority key identifier: A7:A4:E2:34:82:26:84:75:C1:B9:35:63:7D:00:02:C2:FD:29:93:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p6TiNIImhHXBuTVjfQACwv0pk7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/n6W7J3PbeyEHNaWCBAkAzitrLUg.roa
Signing time:             Tue 19 May 2026 11:07:36 +0000
ROA not before:           Tue 19 May 2026 11:07:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197488
IP address blocks:        2a14:ae00:107::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/p6TiNIImhHXBuTVjfQACwv0pk7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/p6TiNIImhHXBuTVjfQACwv0pk7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p6TiNIImhHXBuTVjfQACwv0pk7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 16:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:3f:eb:77:a4:21:3e:50:61:4d:dd:6c:b1:11:eb:d9:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7a4e23482268475c1b935637d0002c2fd2993b8
        Validity
            Not Before: May 19 11:07:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9fa5bb2773db7b210735a582040900ce2b6b2d48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:69:d2:ee:81:22:ea:bd:69:16:f8:05:48:80:
                    1e:c3:00:0c:b1:11:c4:6f:50:1a:fb:55:70:a0:c1:
                    dc:b5:74:b8:a6:0d:35:61:5f:eb:3e:61:72:44:ce:
                    d6:7b:06:81:73:ca:f4:6a:6a:a7:04:54:37:2d:b8:
                    29:19:9e:9f:59:cd:0e:eb:f0:e1:f2:0d:86:68:75:
                    35:df:c5:6f:44:55:75:78:79:9f:68:07:40:af:b5:
                    49:94:ec:fb:21:e5:a7:e0:0e:e0:c6:04:23:58:ef:
                    a0:17:89:6b:68:07:ac:73:9c:0f:25:2f:d1:42:b6:
                    b6:24:65:55:d1:b0:58:ca:35:d9:59:9c:7e:f1:68:
                    d7:ca:79:4b:e6:03:df:17:0f:8e:f5:67:8d:cf:42:
                    1f:62:5f:86:fc:ee:46:d5:ff:d5:d6:4b:27:aa:7e:
                    a4:a6:a0:cf:fb:9b:e8:52:e9:84:b8:26:69:5d:a4:
                    37:e3:de:7f:16:3a:d6:97:85:f7:09:1b:c8:64:39:
                    1b:ea:16:86:3c:5a:b3:7b:24:75:ed:5d:cf:33:bb:
                    c9:b3:30:f9:6b:d4:93:74:05:70:19:e6:d0:10:d6:
                    da:9c:c0:6d:3c:f1:19:e6:07:a7:fd:d8:ff:ac:62:
                    4e:88:8c:b0:fe:9b:8b:c0:7e:c4:15:66:f2:f7:84:
                    62:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:A5:BB:27:73:DB:7B:21:07:35:A5:82:04:09:00:CE:2B:6B:2D:48
            X509v3 Authority Key Identifier:
                keyid:A7:A4:E2:34:82:26:84:75:C1:B9:35:63:7D:00:02:C2:FD:29:93:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p6TiNIImhHXBuTVjfQACwv0pk7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/n6W7J3PbeyEHNaWCBAkAzitrLUg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/p6TiNIImhHXBuTVjfQACwv0pk7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:ae00:107::/48

    Signature Algorithm: sha256WithRSAEncryption
         79:88:16:26:5d:9c:95:15:06:04:2c:58:85:5d:52:56:26:58:
         28:66:bb:3a:f0:09:92:80:ba:0c:96:fe:70:27:1d:70:d0:62:
         dc:99:f1:0b:2b:ba:ce:70:e0:ad:b3:21:e7:13:54:2f:b0:ce:
         35:db:68:43:33:eb:20:56:84:58:7c:3e:18:98:57:57:0a:dd:
         37:e1:d8:26:57:64:c1:f3:5c:58:42:aa:03:55:f7:35:5c:65:
         ce:b7:c9:88:08:2e:9f:e2:4d:af:17:1b:b6:e1:a3:e2:9f:f8:
         7b:61:66:5c:07:8d:23:19:c9:58:1d:f0:35:ae:da:19:3b:77:
         69:8e:03:80:80:7e:87:76:01:fa:31:a1:bc:04:5a:1b:e1:b0:
         9b:10:7c:c8:47:96:42:50:cd:4c:fd:3f:8e:1d:18:1e:09:e4:
         97:6c:84:d1:6c:e5:9e:e5:8a:8b:ae:e4:c7:d4:e0:76:ee:fb:
         2f:ca:5c:51:90:96:f2:fc:35:49:84:87:8d:7a:7b:9d:b8:13:
         0f:d5:81:23:39:61:73:eb:45:ce:07:2b:29:17:d0:4d:e1:c9:
         ad:1e:e2:99:8b:e1:d9:5f:4a:3b:d4:fd:4d:33:34:96:b4:61:
         c0:6c:ee:59:3b:34:bc:fa:f7:c8:4b:15:ba:73:b1:46:bd:2b:
         53:62:9a:a8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ4/63ekIT5QYU3dbLER69myMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3YTRlMjM0ODIyNjg0NzVjMWI5MzU2MzdkMDAwMmMyZmQy
OTkzYjgwHhcNMjYwNTE5MTEwNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmE1YmIyNzczZGI3YjIxMDczNWE1ODIwNDA5MDBjZTJiNmIyZDQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumnS7oEi6r1pFvgFSIAewwAMsRHE
b1Aa+1VwoMHctXS4pg01YV/rPmFyRM7WewaBc8r0amqnBFQ3LbgpGZ6fWc0O6/Dh
8g2GaHU138VvRFV1eHmfaAdAr7VJlOz7IeWn4A7gxgQjWO+gF4lraAesc5wPJS/R
Qra2JGVV0bBYyjXZWZx+8WjXynlL5gPfFw+O9WeNz0IfYl+G/O5G1f/V1ksnqn6k
pqDP+5voUumEuCZpXaQ3495/FjrWl4X3CRvIZDkb6haGPFqzeyR17V3PM7vJszD5
a9STdAVwGebQENbanMBtPPEZ5gen/dj/rGJOiIyw/puLwH7EFWby94RiSQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ+luydz23shBzWlggQJAM4ray1IMB8GA1UdIwQY
MBaAFKek4jSCJoR1wbk1Y30AAsL9KZO4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDZUaU5JSW1oSFhCdVRWamZRQUN3djBwazdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wN2Y2MjMtMTRmYi00YTgwLTlmNDYt
MjMzMzFiNjQ5MTZjLzEvbjZXN0ozUGJleUVITmFXQ0JBa0F6aXRyTFVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wN2Y2MjMtMTRmYi00YTgwLTlmNDYtMjMzMzFiNjQ5MTZj
LzEvcDZUaU5JSW1oSFhCdVRWamZRQUN3djBwazdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhSuAAEH
MA0GCSqGSIb3DQEBCwUAA4IBAQB5iBYmXZyVFQYELFiFXVJWJlgoZrs68AmSgLoM
lv5wJx1w0GLcmfELK7rOcOCtsyHnE1QvsM4122hDM+sgVoRYfD4YmFdXCt034dgm
V2TB81xYQqoDVfc1XGXOt8mICC6f4k2vFxu24aPin/h7YWZcB40jGclYHfA1rtoZ
O3dpjgOAgH6HdgH6MaG8BFob4bCbEHzIR5ZCUM1M/T+OHRgeCeSXbITRbOWe5YqL
ruTH1OB27vsvylxRkJby/DVJhIeNenuduBMP1YEjOWFz60XOByspF9BN4cmtHuKZ
i+HZX0o71P1NMzSWtGHAbO5ZOzS8+vfISxW6c7FGvStTYpqo
-----END CERTIFICATE-----