Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/xp4XInmvIX6CC9Ex-JmVHgrbPgs.roa
File:                     xp4XInmvIX6CC9Ex-JmVHgrbPgs.roa (raw, json)
Hash identifier:          RHkZbfHLGorgQEqsyMXzjKwc68C6UanDs4STBF1Ck9I=
Subject key identifier:   C6:9E:17:22:79:AF:21:7E:82:0B:D1:31:F8:99:95:1E:0A:DB:3E:0B
Certificate issuer:       /CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
Certificate serial:       019C1F88E246705861685B04474645B92759
Authority key identifier: 7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/xp4XInmvIX6CC9Ex-JmVHgrbPgs.roa
Signing time:             Mon 02 Feb 2026 18:06:30 +0000
ROA not before:           Mon 02 Feb 2026 18:06:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49505
IP address blocks:        2a12:4140::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 11:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:1f:88:e2:46:70:58:61:68:5b:04:47:46:45:b9:27:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
        Validity
            Not Before: Feb  2 18:06:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c69e172279af217e820bd131f899951e0adb3e0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:f9:4b:95:c7:e6:eb:39:ca:da:5b:a2:13:62:
                    3e:4f:e0:48:61:63:e5:80:d6:fa:50:a6:af:ff:14:
                    f8:29:8b:a5:b7:c9:62:3d:43:ba:86:7a:18:22:8a:
                    c6:47:bc:05:77:cd:8e:b5:95:0e:38:07:3a:9c:6b:
                    06:b8:2e:13:68:a2:7f:f3:f0:0e:1e:d9:79:91:5c:
                    5d:76:6f:0e:91:7e:ae:d5:00:b8:63:23:f3:df:38:
                    2b:a1:1f:ac:05:76:be:09:0a:32:d1:55:9b:35:0a:
                    5f:50:94:3f:27:2c:43:eb:b3:2d:02:96:9d:a9:16:
                    dc:1b:75:b7:82:bd:fc:2f:a7:fb:05:e8:d9:fe:cc:
                    ef:16:fb:25:c5:1b:9f:3f:d2:e3:c1:0b:f7:d3:16:
                    de:ca:22:d6:40:8f:e0:ae:29:e1:01:af:fb:a5:07:
                    b5:22:63:c3:1e:0c:7f:6d:d3:ac:4f:76:66:e4:fb:
                    04:a1:04:61:e5:45:25:8d:73:51:53:ab:e5:b0:8c:
                    f1:e9:3a:ff:0b:37:5b:97:92:3f:4b:b2:d4:80:02:
                    67:74:12:3d:62:20:0f:29:b2:27:26:c0:41:7f:01:
                    b1:e1:ef:93:57:e6:04:59:48:80:d1:05:ec:e2:36:
                    c5:78:86:66:ae:cd:9f:70:11:09:95:35:dd:c3:3e:
                    85:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:9E:17:22:79:AF:21:7E:82:0B:D1:31:F8:99:95:1E:0A:DB:3E:0B
            X509v3 Authority Key Identifier:
                keyid:7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/xp4XInmvIX6CC9Ex-JmVHgrbPgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:4140::/32

    Signature Algorithm: sha256WithRSAEncryption
         0c:5c:8e:e5:27:92:32:7e:16:b4:e9:12:53:d9:9c:b9:b2:52:
         33:f3:a9:e9:bd:59:b6:a3:a6:58:52:cc:f5:ff:54:e9:ec:48:
         c3:15:30:58:64:57:25:3a:41:ca:af:80:00:c3:15:b3:a7:e4:
         82:e9:dc:2f:77:1f:50:1d:cb:d2:2d:81:70:5b:b2:10:cd:13:
         03:e3:9a:de:63:7c:1a:c5:8d:52:36:6a:ff:98:6b:43:65:26:
         3d:5e:36:ce:be:2f:31:0a:2b:44:18:66:28:fc:b6:c6:ef:e1:
         85:d7:62:d3:ce:8f:6b:be:bb:ce:89:67:a8:9c:7c:c4:02:57:
         92:67:ac:7b:98:03:73:e8:e6:65:f4:73:7f:05:07:94:33:6b:
         49:74:0c:08:35:5a:4f:13:00:6b:ac:8e:6b:c1:ef:ee:a4:12:
         71:84:ee:d3:1f:81:28:8d:42:20:ff:b7:a7:f5:f4:6f:79:35:
         19:00:6a:2b:8e:18:d2:5e:75:96:e3:0b:75:4d:44:ec:f6:7e:
         44:88:fe:13:42:6a:c8:f8:42:28:04:c2:c5:17:6a:b5:9b:9b:
         ff:ea:e6:2d:5e:20:bc:37:cb:3b:48:fd:c8:8c:40:fc:97:e1:
         2a:ea:31:d6:16:58:31:fa:9b:ad:fd:2c:66:7a:99:8a:37:ba:
         94:29:6c:8e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZwfiOJGcFhhaFsER0ZFuSdZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiOTQ0N2ZlOWE0YWNjN2Q2ZmY3MmQ2Yzc5OGQ0M2Q2NmNk
NTBjM2YwHhcNMjYwMjAyMTgwNjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjllMTcyMjc5YWYyMTdlODIwYmQxMzFmODk5OTUxZTBhZGIzZTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2flLlcfm6znK2luiE2I+T+BIYWPl
gNb6UKav/xT4KYult8liPUO6hnoYIorGR7wFd82OtZUOOAc6nGsGuC4TaKJ/8/AO
Htl5kVxddm8OkX6u1QC4YyPz3zgroR+sBXa+CQoy0VWbNQpfUJQ/JyxD67MtApad
qRbcG3W3gr38L6f7BejZ/szvFvslxRufP9LjwQv30xbeyiLWQI/grinhAa/7pQe1
ImPDHgx/bdOsT3Zm5PsEoQRh5UUljXNRU6vlsIzx6Tr/Czdbl5I/S7LUgAJndBI9
YiAPKbInJsBBfwGx4e+TV+YEWUiA0QXs4jbFeIZmrs2fcBEJlTXdwz6FkwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMaeFyJ5ryF+ggvRMfiZlR4K2z4LMB8GA1UdIwQY
MBaAFHuUR/6aSsx9b/ctbHmNQ9Zs1Qw/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUt
OWZjZWI0NWQ2ZmRiLzEveHA0WElubXZJWDZDQzlFeC1KbVZIZ3JiUGdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUtOWZjZWI0NWQ2ZmRi
LzEvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhJBQDAN
BgkqhkiG9w0BAQsFAAOCAQEADFyO5SeSMn4WtOkSU9mcubJSM/Op6b1ZtqOmWFLM
9f9U6exIwxUwWGRXJTpByq+AAMMVs6fkguncL3cfUB3L0i2BcFuyEM0TA+Oa3mN8
GsWNUjZq/5hrQ2UmPV42zr4vMQorRBhmKPy2xu/hhddi086Pa767zolnqJx8xAJX
kmese5gDc+jmZfRzfwUHlDNrSXQMCDVaTxMAa6yOa8Hv7qQScYTu0x+BKI1CIP+3
p/X0b3k1GQBqK44Y0l51luMLdU1E7PZ+RIj+E0JqyPhCKATCxRdqtZub/+rmLV4g
vDfLO0j9yIxA/JfhKuox1hZYMfqbrf0sZnqZije6lClsjg==
-----END CERTIFICATE-----