Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/bd4df2-b781-4348-bc54-db387c7801e8/1/zZuqtQC2zJWrlRTYcv01DuQ539I.roa
File:                     zZuqtQC2zJWrlRTYcv01DuQ539I.roa (raw, json)
Hash identifier:          e8aj2NBAUu8cQDdfA+hZFwxLSq3XvalKKas01wW1IyI=
Subject key identifier:   CD:9B:AA:B5:00:B6:CC:95:AB:95:14:D8:72:FD:35:0E:E4:39:DF:D2
Certificate issuer:       /CN=72cc24221420b75f95edb9ceba1f7738fa17379e
Certificate serial:       019D6E68E017E519A1BD36C89EE313BBB078
Authority key identifier: 72:CC:24:22:14:20:B7:5F:95:ED:B9:CE:BA:1F:77:38:FA:17:37:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cswkIhQgt1-V7bnOuh93OPoXN54.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/bd4df2-b781-4348-bc54-db387c7801e8/1/zZuqtQC2zJWrlRTYcv01DuQ539I.roa
Signing time:             Wed 08 Apr 2026 18:44:19 +0000
ROA not before:           Wed 08 Apr 2026 18:44:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203156
IP address blocks:        2a03:ecc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/bd4df2-b781-4348-bc54-db387c7801e8/1/cswkIhQgt1-V7bnOuh93OPoXN54.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/bd4df2-b781-4348-bc54-db387c7801e8/1/cswkIhQgt1-V7bnOuh93OPoXN54.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cswkIhQgt1-V7bnOuh93OPoXN54.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 00:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:6e:68:e0:17:e5:19:a1:bd:36:c8:9e:e3:13:bb:b0:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72cc24221420b75f95edb9ceba1f7738fa17379e
        Validity
            Not Before: Apr  8 18:44:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cd9baab500b6cc95ab9514d872fd350ee439dfd2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:1d:13:5c:66:ad:53:97:f3:44:d3:91:8d:71:
                    0d:21:ef:bd:11:10:88:bb:b6:42:e6:c7:d7:c0:89:
                    f3:af:f1:e7:c0:f4:9d:04:3f:eb:24:ba:d8:4d:42:
                    73:b4:08:f9:6d:5b:fb:10:6d:90:0c:df:8c:68:5b:
                    a9:18:0c:40:45:3d:3a:79:4b:0b:ac:41:10:9a:88:
                    40:e1:55:0d:12:ed:f7:b2:1d:b8:62:bb:10:60:e4:
                    8e:e4:12:49:94:fa:d8:db:6e:5c:6f:80:5e:59:59:
                    64:3f:31:dc:72:17:04:47:b7:ef:5d:78:d5:df:e8:
                    fe:9e:e8:00:4f:89:0f:a0:9a:00:57:ca:54:4d:9f:
                    b9:b1:78:cc:fb:51:5e:84:59:8d:12:a2:31:4b:6d:
                    a2:81:a8:04:d8:c6:8a:65:58:1c:ff:5b:fa:28:12:
                    e5:d3:1b:4c:be:07:16:10:78:b3:d5:5c:09:94:56:
                    c8:7c:9b:37:4d:3a:c7:3e:78:e1:9e:63:98:30:f6:
                    ee:d8:48:07:1f:2a:0f:02:18:d8:15:d1:ea:54:b1:
                    ea:16:ea:38:7e:11:60:47:43:32:41:26:b2:f6:cf:
                    59:23:e5:62:d6:b2:d9:b8:16:cc:0d:73:cb:51:72:
                    30:00:e7:73:b1:e3:35:bb:5d:41:9d:15:0b:85:eb:
                    c1:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:9B:AA:B5:00:B6:CC:95:AB:95:14:D8:72:FD:35:0E:E4:39:DF:D2
            X509v3 Authority Key Identifier:
                keyid:72:CC:24:22:14:20:B7:5F:95:ED:B9:CE:BA:1F:77:38:FA:17:37:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cswkIhQgt1-V7bnOuh93OPoXN54.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/bd4df2-b781-4348-bc54-db387c7801e8/1/zZuqtQC2zJWrlRTYcv01DuQ539I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/bd4df2-b781-4348-bc54-db387c7801e8/1/cswkIhQgt1-V7bnOuh93OPoXN54.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:ecc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         5d:da:42:18:c7:09:2c:20:a4:5c:81:1a:cf:e2:d2:38:d6:db:
         7a:f2:d3:1f:7b:42:cc:98:78:ab:c8:fa:6d:78:bc:d0:d1:c0:
         2f:ea:3c:4e:af:48:9d:37:1c:b9:34:51:61:1a:84:a5:11:9f:
         a4:b8:f9:47:39:5e:d0:d0:0d:f6:cc:8a:fa:48:71:b3:85:75:
         d0:1c:83:7e:b7:53:4d:89:58:63:79:cf:5e:5a:10:0b:9a:2b:
         cd:86:3a:2e:2d:72:e8:77:e8:a0:2b:79:35:84:c4:9d:a3:53:
         c2:f6:91:26:94:6a:00:22:f7:ff:c1:d7:9d:1c:86:98:4c:ef:
         1a:10:94:e7:df:7e:67:96:97:dc:6c:f7:3d:ac:ea:b9:84:ae:
         76:61:39:64:56:a5:d9:25:8c:18:f9:cd:35:af:06:74:8d:96:
         db:ff:f6:a3:2a:ed:2b:7a:55:2b:36:3c:16:57:83:18:88:a9:
         a9:7b:1c:4f:fe:e1:ca:5c:0b:3f:af:67:e5:e3:03:07:26:5d:
         47:c5:0e:14:72:e8:fd:62:fc:13:df:3f:2f:1e:04:8d:47:0f:
         3b:db:4e:10:94:87:78:7f:51:5c:02:53:dd:b0:6b:c5:84:22:
         85:e7:ab:c0:b8:a8:5b:46:78:b7:3e:d6:fa:25:be:16:4a:8b:
         3e:0c:4d:06
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ1uaOAX5RmhvTbInuMTu7B4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyY2MyNDIyMTQyMGI3NWY5NWVkYjljZWJhMWY3NzM4ZmEx
NzM3OWUwHhcNMjYwNDA4MTg0NDE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDliYWFiNTAwYjZjYzk1YWI5NTE0ZDg3MmZkMzUwZWU0MzlkZmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuB0TXGatU5fzRNORjXENIe+9ERCI
u7ZC5sfXwInzr/HnwPSdBD/rJLrYTUJztAj5bVv7EG2QDN+MaFupGAxART06eUsL
rEEQmohA4VUNEu33sh24YrsQYOSO5BJJlPrY225cb4BeWVlkPzHcchcER7fvXXjV
3+j+nugAT4kPoJoAV8pUTZ+5sXjM+1FehFmNEqIxS22igagE2MaKZVgc/1v6KBLl
0xtMvgcWEHiz1VwJlFbIfJs3TTrHPnjhnmOYMPbu2EgHHyoPAhjYFdHqVLHqFuo4
fhFgR0MyQSay9s9ZI+Vi1rLZuBbMDXPLUXIwAOdzseM1u11BnRULhevBjQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFM2bqrUAtsyVq5UU2HL9NQ7kOd/SMB8GA1UdIwQY
MBaAFHLMJCIUILdfle25zrofdzj6FzeeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3N3a0loUWd0MS1WN2JuT3VoOTNPUG9YTjU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9iZDRkZjItYjc4MS00MzQ4LWJjNTQt
ZGIzODdjNzgwMWU4LzEvelp1cXRRQzJ6SldybFJUWWN2MDFEdVE1MzlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9iZDRkZjItYjc4MS00MzQ4LWJjNTQtZGIzODdjNzgwMWU4
LzEvY3N3a0loUWd0MS1WN2JuT3VoOTNPUG9YTjU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgPswDAN
BgkqhkiG9w0BAQsFAAOCAQEAXdpCGMcJLCCkXIEaz+LSONbbevLTH3tCzJh4q8j6
bXi80NHAL+o8Tq9InTccuTRRYRqEpRGfpLj5Rzle0NAN9syK+khxs4V10ByDfrdT
TYlYY3nPXloQC5orzYY6Li1y6HfooCt5NYTEnaNTwvaRJpRqACL3/8HXnRyGmEzv
GhCU599+Z5aX3Gz3PazquYSudmE5ZFal2SWMGPnNNa8GdI2W2//2oyrtK3pVKzY8
FleDGIipqXscT/7hylwLP69n5eMDByZdR8UOFHLo/WL8E98/Lx4EjUcPO9tOEJSH
eH9RXAJT3bBrxYQiheerwLioW0Z4tz7W+iW+FkqLPgxNBg==
-----END CERTIFICATE-----