Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/tiDdo7f_XnHXVSPuaqaPMrDsKhk.roa
File:                     tiDdo7f_XnHXVSPuaqaPMrDsKhk.roa (raw, json)
Hash identifier:          Em/xqGeMG3uE3/7i6rZf96M2M8BnQMuwUIR5KYsOWPw=
Subject key identifier:   B6:20:DD:A3:B7:FF:5E:71:D7:55:23:EE:6A:A6:8F:32:B0:EC:2A:19
Certificate issuer:       /CN=a7a4e23482268475c1b935637d0002c2fd2993b8
Certificate serial:       019D9C8787EA6EB407FE17D4132228631ABC
Authority key identifier: A7:A4:E2:34:82:26:84:75:C1:B9:35:63:7D:00:02:C2:FD:29:93:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p6TiNIImhHXBuTVjfQACwv0pk7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/tiDdo7f_XnHXVSPuaqaPMrDsKhk.roa
Signing time:             Fri 17 Apr 2026 17:40:21 +0000
ROA not before:           Fri 17 Apr 2026 17:40:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198748
IP address blocks:        2a14:ae00:103::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/p6TiNIImhHXBuTVjfQACwv0pk7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/p6TiNIImhHXBuTVjfQACwv0pk7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p6TiNIImhHXBuTVjfQACwv0pk7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9c:87:87:ea:6e:b4:07:fe:17:d4:13:22:28:63:1a:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7a4e23482268475c1b935637d0002c2fd2993b8
        Validity
            Not Before: Apr 17 17:40:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b620dda3b7ff5e71d75523ee6aa68f32b0ec2a19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:00:a3:bb:f2:42:99:c3:43:03:bd:64:5c:f1:
                    f4:90:43:ef:f6:a9:8c:8b:fe:3b:f3:ac:42:4a:fd:
                    d7:56:a6:23:f5:a1:59:27:fa:d7:6c:1f:e5:fc:3b:
                    9f:37:af:81:ab:49:a4:9c:55:18:63:f2:39:9f:5c:
                    ed:81:7c:86:70:56:89:8b:9a:02:25:de:99:50:27:
                    d4:b2:02:ca:1a:c3:6e:e2:f1:df:2f:5c:4c:f5:32:
                    83:34:9a:9e:73:c5:5e:cd:6f:57:fd:0f:e6:bb:b1:
                    78:6b:5b:91:48:cd:cb:74:ce:2b:ca:06:a8:27:f8:
                    8f:10:f0:0e:80:59:f0:f0:20:5e:7f:ee:1c:2b:59:
                    ff:e9:04:9b:bc:fe:ea:08:92:3b:e6:21:ce:05:5f:
                    b4:03:ee:92:30:49:cc:ee:90:51:44:3c:63:7c:8b:
                    3c:2f:07:b2:43:3f:68:a7:5b:da:90:d8:b0:fd:5a:
                    54:a5:d7:a4:b7:4d:7c:dd:60:a1:c2:4b:7e:7d:b1:
                    0f:0c:31:e9:3b:8f:ea:10:24:94:33:72:40:9d:11:
                    75:1d:50:64:b3:4e:60:16:f4:39:8b:7b:87:70:8f:
                    b4:b2:03:96:1e:81:b0:e6:79:9e:51:1a:e5:d7:05:
                    7e:70:0f:4c:28:4c:5d:d8:55:ac:c4:47:70:76:9b:
                    5c:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:20:DD:A3:B7:FF:5E:71:D7:55:23:EE:6A:A6:8F:32:B0:EC:2A:19
            X509v3 Authority Key Identifier:
                keyid:A7:A4:E2:34:82:26:84:75:C1:B9:35:63:7D:00:02:C2:FD:29:93:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p6TiNIImhHXBuTVjfQACwv0pk7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/tiDdo7f_XnHXVSPuaqaPMrDsKhk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/p6TiNIImhHXBuTVjfQACwv0pk7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:ae00:103::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:b3:08:da:00:f4:d5:48:d8:25:19:80:35:4c:2a:5e:51:4f:
         44:54:08:ff:78:62:6e:0c:02:8c:d3:a2:7f:aa:df:6c:19:e0:
         95:c3:a6:49:de:49:c2:d5:63:b2:81:f8:4a:93:d9:f2:62:72:
         6b:12:11:8c:5f:d5:b6:02:aa:8b:fc:dd:12:02:4d:82:86:0d:
         22:1e:63:a3:79:74:f6:51:9c:85:4b:b5:44:af:07:68:dd:b4:
         12:d7:42:35:89:6d:5e:e1:0d:a2:cc:33:8a:e3:4d:98:41:96:
         57:eb:c9:44:f5:65:dd:7e:52:70:bc:30:6e:72:df:e3:b8:47:
         cd:93:c6:17:fe:0f:82:db:fc:05:ab:ff:14:69:b0:c3:4b:0b:
         52:68:f7:28:44:32:90:46:86:ed:9c:d9:7b:0f:3c:8b:ee:ea:
         ed:5d:d6:67:a0:11:4b:55:6d:f1:7f:e2:4d:2c:2b:3b:9d:f6:
         af:d7:f8:c8:3d:c5:58:33:3f:40:90:32:93:8e:f6:de:e2:66:
         c3:2f:20:b0:f6:fe:ac:8c:24:28:0f:bb:48:ed:84:36:2f:a7:
         e1:69:36:8e:ac:d8:3a:52:f6:96:18:62:d3:ba:7a:de:fd:c4:
         0e:75:17:4a:64:8e:20:80:55:db:ea:02:37:3f:aa:e7:8b:ce:
         dc:91:5b:53
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ2ch4fqbrQH/hfUEyIoYxq8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3YTRlMjM0ODIyNjg0NzVjMWI5MzU2MzdkMDAwMmMyZmQy
OTkzYjgwHhcNMjYwNDE3MTc0MDIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjIwZGRhM2I3ZmY1ZTcxZDc1NTIzZWU2YWE2OGYzMmIwZWMyYTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjACju/JCmcNDA71kXPH0kEPv9qmM
i/4786xCSv3XVqYj9aFZJ/rXbB/l/DufN6+Bq0mknFUYY/I5n1ztgXyGcFaJi5oC
Jd6ZUCfUsgLKGsNu4vHfL1xM9TKDNJqec8VezW9X/Q/mu7F4a1uRSM3LdM4rygao
J/iPEPAOgFnw8CBef+4cK1n/6QSbvP7qCJI75iHOBV+0A+6SMEnM7pBRRDxjfIs8
LweyQz9op1vakNiw/VpUpdekt0183WChwkt+fbEPDDHpO4/qECSUM3JAnRF1HVBk
s05gFvQ5i3uHcI+0sgOWHoGw5nmeURrl1wV+cA9MKExd2FWsxEdwdptczwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLYg3aO3/15x11Uj7mqmjzKw7CoZMB8GA1UdIwQY
MBaAFKek4jSCJoR1wbk1Y30AAsL9KZO4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDZUaU5JSW1oSFhCdVRWamZRQUN3djBwazdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wN2Y2MjMtMTRmYi00YTgwLTlmNDYt
MjMzMzFiNjQ5MTZjLzEvdGlEZG83Zl9YbkhYVlNQdWFxYVBNckRzS2hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wN2Y2MjMtMTRmYi00YTgwLTlmNDYtMjMzMzFiNjQ5MTZj
LzEvcDZUaU5JSW1oSFhCdVRWamZRQUN3djBwazdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhSuAAED
MA0GCSqGSIb3DQEBCwUAA4IBAQAiswjaAPTVSNglGYA1TCpeUU9EVAj/eGJuDAKM
06J/qt9sGeCVw6ZJ3knC1WOygfhKk9nyYnJrEhGMX9W2AqqL/N0SAk2Chg0iHmOj
eXT2UZyFS7VErwdo3bQS10I1iW1e4Q2izDOK402YQZZX68lE9WXdflJwvDBuct/j
uEfNk8YX/g+C2/wFq/8UabDDSwtSaPcoRDKQRobtnNl7DzyL7urtXdZnoBFLVW3x
f+JNLCs7nfav1/jIPcVYMz9AkDKTjvbe4mbDLyCw9v6sjCQoD7tI7YQ2L6fhaTaO
rNg6UvaWGGLTunre/cQOdRdKZI4ggFXb6gI3P6rni87ckVtT
-----END CERTIFICATE-----