Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/d79d2c-4cb4-4a74-b6ac-d7c6ff933c23/1/Au-jxyk8yuPicdAFMz3eTjzm5xg.roa
File:                     Au-jxyk8yuPicdAFMz3eTjzm5xg.roa (raw, json)
Hash identifier:          SVJvDVr8Okc0XBK6yuIGRkLBFvSr5vNFPiZyk64MGUI=
Subject key identifier:   02:EF:A3:C7:29:3C:CA:E3:E2:71:D0:05:33:3D:DE:4E:3C:E6:E7:18
Certificate issuer:       /CN=05a991acd7b2273d9e1865afa2755e6f5e672e55
Certificate serial:       019EB081B7339A3DB90B0430758FD5B44ADD
Authority key identifier: 05:A9:91:AC:D7:B2:27:3D:9E:18:65:AF:A2:75:5E:6F:5E:67:2E:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BamRrNeyJz2eGGWvonVeb15nLlU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/d79d2c-4cb4-4a74-b6ac-d7c6ff933c23/1/Au-jxyk8yuPicdAFMz3eTjzm5xg.roa
Signing time:             Wed 10 Jun 2026 07:49:11 +0000
ROA not before:           Wed 10 Jun 2026 07:49:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208439
IP address blocks:        45.136.164.0/22 maxlen: 22
                          2a0e:9ec0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/d79d2c-4cb4-4a74-b6ac-d7c6ff933c23/1/BamRrNeyJz2eGGWvonVeb15nLlU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/d79d2c-4cb4-4a74-b6ac-d7c6ff933c23/1/BamRrNeyJz2eGGWvonVeb15nLlU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BamRrNeyJz2eGGWvonVeb15nLlU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 07:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b0:81:b7:33:9a:3d:b9:0b:04:30:75:8f:d5:b4:4a:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05a991acd7b2273d9e1865afa2755e6f5e672e55
        Validity
            Not Before: Jun 10 07:49:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=02efa3c7293ccae3e271d005333dde4e3ce6e718
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:d0:9c:83:0f:23:81:70:75:bb:22:25:3e:ff:
                    be:41:0d:9a:70:09:66:be:91:1d:84:c0:9c:00:ac:
                    05:20:08:b7:bc:ff:c3:ae:98:4b:84:b1:f3:05:16:
                    d0:10:47:47:31:e0:65:6c:8a:31:8b:64:b5:66:94:
                    7f:6e:1e:f0:b7:d4:38:b8:e2:d2:8a:09:95:8b:af:
                    e5:cb:bf:79:72:45:22:1b:b9:9b:eb:3d:03:c6:eb:
                    07:b1:c7:78:14:13:44:1a:e2:d9:92:d2:85:94:67:
                    86:0d:5c:52:17:49:23:21:13:48:10:b7:a8:d8:05:
                    da:87:37:e6:10:2d:ca:57:f4:e1:7c:3c:a3:4d:b2:
                    ff:10:11:d3:4c:23:ce:07:9d:62:21:f5:09:0c:9b:
                    1b:fc:69:48:96:50:23:5d:bf:fb:cd:72:f7:fe:78:
                    92:74:1b:88:93:58:28:23:17:ed:12:cc:77:60:9d:
                    08:04:2b:e9:c3:0f:00:10:c4:60:a7:ee:6d:6e:13:
                    80:80:e8:75:c9:c7:8d:cb:34:ce:28:ba:ae:8c:05:
                    51:75:1d:95:fe:5e:68:1d:6a:89:13:b1:96:11:84:
                    ff:e2:52:91:ca:25:97:ab:51:bc:87:ac:68:1e:f7:
                    a0:32:09:25:f7:be:a6:70:34:7b:5c:cb:7b:e1:2a:
                    e6:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:EF:A3:C7:29:3C:CA:E3:E2:71:D0:05:33:3D:DE:4E:3C:E6:E7:18
            X509v3 Authority Key Identifier:
                keyid:05:A9:91:AC:D7:B2:27:3D:9E:18:65:AF:A2:75:5E:6F:5E:67:2E:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BamRrNeyJz2eGGWvonVeb15nLlU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/d79d2c-4cb4-4a74-b6ac-d7c6ff933c23/1/Au-jxyk8yuPicdAFMz3eTjzm5xg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/d79d2c-4cb4-4a74-b6ac-d7c6ff933c23/1/BamRrNeyJz2eGGWvonVeb15nLlU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.136.164.0/22
                IPv6:
                  2a0e:9ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         68:52:bb:7d:17:98:2b:a0:7b:02:47:18:07:7d:b4:5a:51:fc:
         96:8b:d4:a1:11:73:f6:a3:91:35:62:09:26:58:38:7b:49:e4:
         8a:eb:dd:c2:76:5c:62:46:3e:e4:e4:55:64:d6:f6:33:9e:95:
         30:eb:f7:c1:e6:fc:83:70:99:81:af:d0:51:05:37:2f:59:66:
         c7:11:0f:98:82:f2:25:01:b3:65:12:f3:9e:4d:d9:46:c9:fe:
         dd:29:2f:4f:c2:76:e4:90:5b:fe:20:ef:b8:b8:c8:91:bf:6e:
         34:ae:d8:7e:5b:89:6d:42:54:f2:0f:cd:0c:b4:79:4b:a8:c4:
         4b:24:be:29:c1:19:24:a8:5e:d1:09:0e:a7:f9:b9:45:2b:f2:
         f2:71:bf:3e:32:a9:5a:3b:f1:1a:9e:cb:ea:66:fe:ea:96:3f:
         98:c2:01:46:6a:1e:08:7d:e6:d4:fc:ef:50:84:b5:06:c5:fb:
         b2:36:c5:08:2a:0e:e2:88:ad:d3:4e:8c:24:b8:b8:bc:74:42:
         90:d5:7d:87:1d:df:d3:68:a8:22:c0:01:7c:fc:26:ca:2b:e2:
         08:42:29:00:24:39:9b:a5:08:44:e7:6d:77:2d:f1:e3:e6:00:
         f7:d2:19:34:89:cb:b3:16:c1:50:bb:3d:72:26:a5:ca:81:e9:
         5d:82:b3:ee
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ6wgbczmj25CwQwdY/VtErdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YTk5MWFjZDdiMjI3M2Q5ZTE4NjVhZmEyNzU1ZTZmNWU2
NzJlNTUwHhcNMjYwNjEwMDc0OTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmVmYTNjNzI5M2NjYWUzZTI3MWQwMDUzMzNkZGU0ZTNjZTZlNzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4dCcgw8jgXB1uyIlPv++QQ2acAlm
vpEdhMCcAKwFIAi3vP/DrphLhLHzBRbQEEdHMeBlbIoxi2S1ZpR/bh7wt9Q4uOLS
igmVi6/ly795ckUiG7mb6z0DxusHscd4FBNEGuLZktKFlGeGDVxSF0kjIRNIELeo
2AXahzfmEC3KV/ThfDyjTbL/EBHTTCPOB51iIfUJDJsb/GlIllAjXb/7zXL3/niS
dBuIk1goIxftEsx3YJ0IBCvpww8AEMRgp+5tbhOAgOh1yceNyzTOKLqujAVRdR2V
/l5oHWqJE7GWEYT/4lKRyiWXq1G8h6xoHvegMgkl976mcDR7XMt74SrmUwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFALvo8cpPMrj4nHQBTM93k485ucYMB8GA1UdIwQY
MBaAFAWpkazXsic9nhhlr6J1Xm9eZy5VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmFtUnJOZXlKejJlR0dXdm9uVmViMTVuTGxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9kNzlkMmMtNGNiNC00YTc0LWI2YWMt
ZDdjNmZmOTMzYzIzLzEvQXUtanh5azh5dVBpY2RBRk16M2VUanptNXhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9kNzlkMmMtNGNiNC00YTc0LWI2YWMtZDdjNmZmOTMzYzIz
LzEvQmFtUnJOZXlKejJlR0dXdm9uVmViMTVuTGxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLYikMA0E
AgACMAcDBQMqDp7AMA0GCSqGSIb3DQEBCwUAA4IBAQBoUrt9F5groHsCRxgHfbRa
UfyWi9ShEXP2o5E1YgkmWDh7SeSK693CdlxiRj7k5FVk1vYznpUw6/fB5vyDcJmB
r9BRBTcvWWbHEQ+YgvIlAbNlEvOeTdlGyf7dKS9PwnbkkFv+IO+4uMiRv240rth+
W4ltQlTyD80MtHlLqMRLJL4pwRkkqF7RCQ6n+blFK/Lycb8+MqlaO/EansvqZv7q
lj+YwgFGah4IfebU/O9QhLUGxfuyNsUIKg7iiK3TTowkuLi8dEKQ1X2HHd/TaKgi
wAF8/CbKK+IIQikAJDmbpQhE5213LfHj5gD30hk0icuzFsFQuz1yJqXKgeldgrPu
-----END CERTIFICATE-----