Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/aPfEAgESbaJvAmhwOmWkFh_5GFE.roa
File:                     aPfEAgESbaJvAmhwOmWkFh_5GFE.roa (raw, json)
Hash identifier:          V2pfEYD1yOdvPurA9f7hOGAgfps//g9WlA04BjMJioU=
Subject key identifier:   68:F7:C4:02:01:12:6D:A2:6F:02:68:70:3A:65:A4:16:1F:F9:18:51
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       019CF3C3EF75F5B4B4211CF69D2F0092BD93
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/aPfEAgESbaJvAmhwOmWkFh_5GFE.roa
Signing time:             Sun 15 Mar 2026 23:10:30 +0000
ROA not before:           Sun 15 Mar 2026 23:10:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200140
IP address blocks:        2a0c:9a40:8b00::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f3:c3:ef:75:f5:b4:b4:21:1c:f6:9d:2f:00:92:bd:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Mar 15 23:10:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=68f7c40201126da26f0268703a65a4161ff91851
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:68:17:82:d6:4f:61:95:24:75:d7:a7:9a:94:
                    2b:24:e5:eb:dd:e6:32:48:0f:0c:a8:59:09:d8:7b:
                    43:a6:ca:c2:be:72:84:18:0e:98:b9:3c:30:d1:11:
                    93:bd:5b:c0:31:aa:6e:a3:c3:17:fd:73:1f:90:46:
                    38:09:45:2c:5d:f7:67:35:10:07:d0:bc:a0:be:6e:
                    6a:a8:55:3c:09:b0:b0:ca:64:99:df:34:89:35:bb:
                    b0:da:e3:ca:e2:73:8a:cf:83:98:d6:73:ca:d4:d3:
                    b9:2d:62:d3:91:75:5d:b3:aa:ad:16:f9:cb:67:30:
                    35:74:f0:cd:5b:91:d1:fb:48:cf:fa:28:fc:e8:12:
                    3d:b9:6c:25:c0:1f:14:55:2a:f7:15:a6:b5:9c:d3:
                    b6:4b:b7:a5:1b:0a:54:d6:47:08:64:a1:c3:96:2d:
                    00:ef:96:64:de:c8:e9:04:5f:54:ab:e3:d2:3b:9d:
                    5e:6e:e5:6b:b9:2f:cf:6a:e7:f5:d0:8b:6d:7e:46:
                    1f:8c:2f:f0:ec:9b:f8:d5:9d:79:2f:d3:da:c3:b3:
                    cf:98:70:50:88:6f:38:a1:b7:dc:91:fd:63:b8:1e:
                    8f:d7:bc:a6:e0:9f:b7:34:20:83:46:9c:39:e1:44:
                    86:e3:6e:78:3b:83:24:d0:0e:2a:72:7d:10:54:da:
                    49:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:F7:C4:02:01:12:6D:A2:6F:02:68:70:3A:65:A4:16:1F:F9:18:51
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/aPfEAgESbaJvAmhwOmWkFh_5GFE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8b00::/48

    Signature Algorithm: sha256WithRSAEncryption
         76:82:34:14:c1:84:a9:cc:a4:d3:04:bb:27:3d:b5:00:22:e1:
         e2:98:97:78:b3:3c:9a:b1:bd:5a:ea:d8:e5:b2:93:a1:27:51:
         11:0a:b6:7e:c5:1e:1a:f5:b4:73:f9:f6:32:b5:6f:74:76:e2:
         40:47:67:0b:a2:5d:a3:d2:d7:15:db:09:09:86:3d:df:33:f0:
         48:f5:00:a0:60:53:86:46:da:e7:14:e2:6f:98:52:ac:bb:ae:
         9e:c7:fa:99:1c:ab:86:f6:0a:b3:c1:9f:71:c3:81:e9:61:8c:
         10:09:fc:37:e0:fb:58:a5:8a:6e:c3:b0:74:6c:22:f2:4d:63:
         c4:90:0d:94:41:f2:f3:72:48:e1:c9:4b:0e:d1:ac:0e:b8:6e:
         dc:df:c1:8a:4b:72:53:38:99:8c:98:60:5b:d5:af:e8:54:c7:
         d8:34:b6:54:5e:3b:80:ba:6b:55:2e:1d:ea:6a:83:a0:e5:2e:
         f2:06:a0:06:fa:41:32:d4:dd:af:5a:e7:c8:5c:99:5e:bf:b4:
         0a:a8:fe:a7:cf:a9:09:34:23:e0:c5:c6:4b:1c:a5:d6:8a:e5:
         06:dd:1a:04:94:43:56:84:84:2d:99:14:a3:04:7b:e9:83:77:
         5e:2a:42:ad:84:49:60:de:61:f5:cd:f7:97:cb:97:a0:e0:8b:
         70:1a:b5:58
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZzzw+919bS0IRz2nS8Akr2TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjYwMzE1MjMxMDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGY3YzQwMjAxMTI2ZGEyNmYwMjY4NzAzYTY1YTQxNjFmZjkxODUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt2gXgtZPYZUkddenmpQrJOXr3eYy
SA8MqFkJ2HtDpsrCvnKEGA6YuTww0RGTvVvAMapuo8MX/XMfkEY4CUUsXfdnNRAH
0Lygvm5qqFU8CbCwymSZ3zSJNbuw2uPK4nOKz4OY1nPK1NO5LWLTkXVds6qtFvnL
ZzA1dPDNW5HR+0jP+ij86BI9uWwlwB8UVSr3Faa1nNO2S7elGwpU1kcIZKHDli0A
75Zk3sjpBF9Uq+PSO51ebuVruS/Pauf10IttfkYfjC/w7Jv41Z15L9Paw7PPmHBQ
iG84obfckf1juB6P17ym4J+3NCCDRpw54USG4254O4Mk0A4qcn0QVNpJ/wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGj3xAIBEm2ibwJocDplpBYf+RhRMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvYVBmRUFnRVNiYUp2QW1od09tV2tGaF81R0ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQIsA
MA0GCSqGSIb3DQEBCwUAA4IBAQB2gjQUwYSpzKTTBLsnPbUAIuHimJd4szyasb1a
6tjlspOhJ1ERCrZ+xR4a9bRz+fYytW90duJAR2cLol2j0tcV2wkJhj3fM/BI9QCg
YFOGRtrnFOJvmFKsu66ex/qZHKuG9gqzwZ9xw4HpYYwQCfw34PtYpYpuw7B0bCLy
TWPEkA2UQfLzckjhyUsO0awOuG7c38GKS3JTOJmMmGBb1a/oVMfYNLZUXjuAumtV
Lh3qaoOg5S7yBqAG+kEy1N2vWufIXJlev7QKqP6nz6kJNCPgxcZLHKXWiuUG3RoE
lENWhIQtmRSjBHvpg3deKkKthElg3mH1zfeXy5eg4ItwGrVY
-----END CERTIFICATE-----