Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/FLzeXwMTcxPKK3Cylrlgedr-ojc.roa
File:                     FLzeXwMTcxPKK3Cylrlgedr-ojc.roa (raw, json)
Hash identifier:          YhEZuAyUsLvSj9fGLqbsotQyMGnBUmdmRvWkAdNehQg=
Subject key identifier:   14:BC:DE:5F:03:13:73:13:CA:2B:70:B2:96:B9:60:79:DA:FE:A2:37
Certificate issuer:       /CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
Certificate serial:       019C24C3628EEC16DA3E5C145929099871E8
Authority key identifier: 7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/FLzeXwMTcxPKK3Cylrlgedr-ojc.roa
Signing time:             Tue 03 Feb 2026 18:28:30 +0000
ROA not before:           Tue 03 Feb 2026 18:28:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200993
IP address blocks:        2a12:4141::/32 maxlen: 32
                          2a12:4141::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:24:c3:62:8e:ec:16:da:3e:5c:14:59:29:09:98:71:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
        Validity
            Not Before: Feb  3 18:28:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=14bcde5f03137313ca2b70b296b96079dafea237
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:42:08:6f:22:7a:1a:bb:cb:e4:e7:b8:5c:4c:
                    f8:da:b9:0d:1d:6e:3e:a3:0d:f8:05:06:a9:ab:9c:
                    7f:78:f7:a4:5c:02:d0:b4:48:04:fe:84:b4:5e:a0:
                    ba:5e:ac:65:a0:6e:b8:a8:ef:87:41:16:6c:de:56:
                    6c:88:5d:31:33:a7:2f:d7:7f:f2:d2:09:38:01:c2:
                    91:a3:91:65:8d:81:2a:8a:5b:a4:02:f1:de:a1:1d:
                    88:86:6b:48:64:0c:36:4d:23:1a:e7:3d:70:55:63:
                    ef:d4:c5:0d:61:f1:07:c9:31:1e:44:15:7a:61:68:
                    2a:18:bf:4a:ff:13:5a:d0:04:57:62:c9:f5:ff:c0:
                    ca:16:ef:c6:3d:b8:87:29:cf:5a:2c:57:0d:28:cd:
                    6a:bf:0b:1e:9c:6c:40:a5:0f:94:ef:7b:cc:4c:d6:
                    70:a6:18:b6:47:ad:a1:b7:60:56:43:0a:d6:5e:04:
                    df:58:7b:b1:d7:0e:45:93:22:92:a0:b7:25:77:1b:
                    bb:6d:94:63:70:cc:f1:2c:ea:3d:36:7a:09:8d:6d:
                    83:8e:ea:15:98:62:86:b7:2d:2e:f1:d2:7a:91:d2:
                    05:2e:e7:08:9d:8c:89:d7:89:f3:b8:f4:13:fa:43:
                    ac:12:12:25:a0:c5:e1:c8:35:7a:2d:ec:7a:fc:9e:
                    05:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:BC:DE:5F:03:13:73:13:CA:2B:70:B2:96:B9:60:79:DA:FE:A2:37
            X509v3 Authority Key Identifier:
                keyid:7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/FLzeXwMTcxPKK3Cylrlgedr-ojc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:4141::/32

    Signature Algorithm: sha256WithRSAEncryption
         7d:7d:de:1c:cc:dc:d4:62:2a:4a:ae:62:fd:bc:85:f0:c3:66:
         e7:4d:ce:dd:75:b1:5f:4b:93:39:1a:46:11:0b:42:ed:0b:e6:
         76:41:a0:d8:e4:4a:b4:a2:be:bb:95:14:cd:1d:e0:dd:4a:c5:
         bb:fc:7e:68:b4:3c:ef:06:c1:e8:ca:ce:55:79:28:ae:9c:26:
         17:d3:d3:06:7f:fc:fa:0f:4d:f7:10:55:eb:fa:c6:39:9d:53:
         ec:6b:31:99:97:68:23:07:1b:6b:d7:60:d1:11:9b:bf:f5:bd:
         3d:82:97:34:f2:a6:cf:10:b8:dc:b3:fe:3b:ff:76:a0:8c:a2:
         02:40:29:08:07:e9:99:0c:b9:a8:99:50:25:24:37:21:45:57:
         52:d9:72:82:66:79:d8:82:b4:0f:f3:67:df:94:26:97:60:bb:
         c9:a9:2f:91:52:a1:10:bd:d8:10:51:a6:3a:fc:c7:ae:a8:54:
         a5:d5:80:1d:42:03:a3:67:1a:7a:61:43:6f:b1:80:87:91:cd:
         03:15:72:45:c5:55:77:9f:e8:1b:9c:bb:f2:0d:87:69:53:d0:
         19:32:5c:37:d2:97:d4:7e:1e:8b:7a:1f:d6:9e:c8:10:03:2c:
         4f:30:16:df:1a:55:63:d6:fb:3b:a8:76:db:d5:4e:ce:cd:86:
         4e:d8:15:68
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZwkw2KO7BbaPlwUWSkJmHHoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiOTQ0N2ZlOWE0YWNjN2Q2ZmY3MmQ2Yzc5OGQ0M2Q2NmNk
NTBjM2YwHhcNMjYwMjAzMTgyODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGJjZGU1ZjAzMTM3MzEzY2EyYjcwYjI5NmI5NjA3OWRhZmVhMjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUIIbyJ6GrvL5Oe4XEz42rkNHW4+
ow34BQapq5x/ePekXALQtEgE/oS0XqC6XqxloG64qO+HQRZs3lZsiF0xM6cv13/y
0gk4AcKRo5FljYEqilukAvHeoR2IhmtIZAw2TSMa5z1wVWPv1MUNYfEHyTEeRBV6
YWgqGL9K/xNa0ARXYsn1/8DKFu/GPbiHKc9aLFcNKM1qvwsenGxApQ+U73vMTNZw
phi2R62ht2BWQwrWXgTfWHux1w5FkyKSoLcldxu7bZRjcMzxLOo9NnoJjW2DjuoV
mGKGty0u8dJ6kdIFLucInYyJ14nzuPQT+kOsEhIloMXhyDV6Lex6/J4FZwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBS83l8DE3MTyitwspa5YHna/qI3MB8GA1UdIwQY
MBaAFHuUR/6aSsx9b/ctbHmNQ9Zs1Qw/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUt
OWZjZWI0NWQ2ZmRiLzEvRkx6ZVh3TVRjeFBLSzNDeWxybGdlZHItb2pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUtOWZjZWI0NWQ2ZmRi
LzEvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhJBQTAN
BgkqhkiG9w0BAQsFAAOCAQEAfX3eHMzc1GIqSq5i/byF8MNm503O3XWxX0uTORpG
EQtC7QvmdkGg2ORKtKK+u5UUzR3g3UrFu/x+aLQ87wbB6MrOVXkorpwmF9PTBn/8
+g9N9xBV6/rGOZ1T7GsxmZdoIwcba9dg0RGbv/W9PYKXNPKmzxC43LP+O/92oIyi
AkApCAfpmQy5qJlQJSQ3IUVXUtlygmZ52IK0D/Nn35Qml2C7yakvkVKhEL3YEFGm
OvzHrqhUpdWAHUIDo2caemFDb7GAh5HNAxVyRcVVd5/oG5y78g2HaVPQGTJcN9KX
1H4ei3of1p7IEAMsTzAW3xpVY9b7O6h229VOzs2GTtgVaA==
-----END CERTIFICATE-----