Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/dfbab4-a7e3-4b69-bd40-67f8ce814acb/1/a6qm2G8bP-6TfcIWHf4qN9k0lXk.roa
File:                     a6qm2G8bP-6TfcIWHf4qN9k0lXk.roa (raw, json)
Hash identifier:          AAGltJSHEt26RftxskOpRrCiKKvAykf8bEWROHtz0kQ=
Subject key identifier:   6B:AA:A6:D8:6F:1B:3F:EE:93:7D:C2:16:1D:FE:2A:37:D9:34:95:79
Certificate issuer:       /CN=c8111b11824a51e875b7e067b04ac78fdee4a11c
Certificate serial:       019D0AFF31168E2D35873BC559F9428B831B
Authority key identifier: C8:11:1B:11:82:4A:51:E8:75:B7:E0:67:B0:4A:C7:8F:DE:E4:A1:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yBEbEYJKUeh1t-BnsErHj97koRw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/dfbab4-a7e3-4b69-bd40-67f8ce814acb/1/a6qm2G8bP-6TfcIWHf4qN9k0lXk.roa
Signing time:             Fri 20 Mar 2026 11:26:29 +0000
ROA not before:           Fri 20 Mar 2026 11:26:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209340
IP address blocks:        217.138.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/dfbab4-a7e3-4b69-bd40-67f8ce814acb/1/yBEbEYJKUeh1t-BnsErHj97koRw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/dfbab4-a7e3-4b69-bd40-67f8ce814acb/1/yBEbEYJKUeh1t-BnsErHj97koRw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yBEbEYJKUeh1t-BnsErHj97koRw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0a:ff:31:16:8e:2d:35:87:3b:c5:59:f9:42:8b:83:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c8111b11824a51e875b7e067b04ac78fdee4a11c
        Validity
            Not Before: Mar 20 11:26:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6baaa6d86f1b3fee937dc2161dfe2a37d9349579
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:3b:fe:d0:28:26:20:69:06:d3:74:58:1c:c2:
                    8d:3c:a6:ef:cc:30:37:34:e1:a3:49:d1:41:33:34:
                    0c:18:da:8f:73:d3:0f:28:ec:dd:43:e6:27:f4:b1:
                    1b:24:2b:81:c8:98:8f:2a:ba:a4:a9:2b:a2:0c:6a:
                    b6:9e:91:85:02:58:23:4d:66:d3:e6:87:73:a6:52:
                    68:90:57:7a:5e:7e:42:50:ed:c6:7a:3b:a2:10:35:
                    f2:5c:18:70:29:30:a4:28:46:05:19:f5:85:b5:2d:
                    74:71:42:7c:e2:4f:ef:20:e0:9b:62:73:f8:97:38:
                    8a:70:92:a8:ba:0c:96:0a:27:9b:5e:2b:df:6b:fb:
                    b0:70:eb:9b:b1:92:0b:95:17:67:1c:76:84:ed:c3:
                    40:a5:9d:c1:ac:d8:0f:0e:3b:a8:27:9c:40:86:75:
                    79:e6:45:49:90:4a:4b:4b:68:c0:a9:30:65:1a:32:
                    fa:56:a9:78:0d:4f:a6:51:e8:0f:c0:22:12:c0:8b:
                    15:8a:24:1b:a5:49:4c:62:64:e6:b8:4e:24:b2:b3:
                    9b:f8:e1:9b:ec:b7:cc:d3:65:05:79:97:ce:d7:69:
                    7c:7e:26:b4:30:04:c1:f5:ad:d2:46:cc:eb:90:e5:
                    6a:75:4f:6d:50:7b:fa:7d:88:22:58:74:81:e3:4e:
                    e8:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:AA:A6:D8:6F:1B:3F:EE:93:7D:C2:16:1D:FE:2A:37:D9:34:95:79
            X509v3 Authority Key Identifier:
                keyid:C8:11:1B:11:82:4A:51:E8:75:B7:E0:67:B0:4A:C7:8F:DE:E4:A1:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yBEbEYJKUeh1t-BnsErHj97koRw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/dfbab4-a7e3-4b69-bd40-67f8ce814acb/1/a6qm2G8bP-6TfcIWHf4qN9k0lXk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/dfbab4-a7e3-4b69-bd40-67f8ce814acb/1/yBEbEYJKUeh1t-BnsErHj97koRw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.138.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:34:38:f2:00:6d:62:f8:76:3c:8d:8b:bc:70:ea:2b:75:f7:
         58:10:cf:e2:09:e7:69:a7:98:ce:c8:da:0e:7b:0a:95:86:2b:
         6c:33:24:6a:d0:9d:d7:83:a7:65:e5:a9:8a:ab:d6:c1:52:81:
         97:4e:d0:1d:a5:8d:80:54:33:f1:c4:dd:54:14:c3:82:b8:71:
         f1:f2:56:14:2b:19:3d:28:40:45:a8:19:d3:9d:55:77:9a:ad:
         87:78:53:93:78:4d:28:83:44:a6:a4:a8:b9:c8:3e:a2:9a:f0:
         22:83:46:9f:f3:d7:95:57:56:e0:ee:2a:3f:de:fc:fd:2b:1b:
         a3:d6:d6:67:79:41:72:2b:c7:03:12:40:9c:e8:7e:81:4e:a5:
         f2:63:37:6e:64:62:c6:86:c9:e1:79:7d:94:ee:b3:c9:ac:7f:
         a8:ac:62:e0:50:cb:cb:35:fa:20:77:7b:90:76:f8:d3:61:b9:
         17:4c:ac:05:1b:6b:ef:30:dd:2d:53:bc:48:37:4f:42:fa:e0:
         60:02:c5:ac:8c:29:93:36:eb:de:ce:a8:2e:9f:e6:c2:cd:54:
         f9:91:a3:f8:da:6a:cd:3a:be:8c:15:1f:e5:36:8d:94:d8:8f:
         61:83:44:89:f2:52:6b:e6:55:fc:35:f8:54:42:45:df:3d:c0:
         41:7c:95:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0K/zEWji01hzvFWflCi4MbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4MTExYjExODI0YTUxZTg3NWI3ZTA2N2IwNGFjNzhmZGVl
NGExMWMwHhcNMjYwMzIwMTEyNjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmFhYTZkODZmMWIzZmVlOTM3ZGMyMTYxZGZlMmEzN2Q5MzQ5NTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTv+0CgmIGkG03RYHMKNPKbvzDA3
NOGjSdFBMzQMGNqPc9MPKOzdQ+Yn9LEbJCuByJiPKrqkqSuiDGq2npGFAlgjTWbT
5odzplJokFd6Xn5CUO3GejuiEDXyXBhwKTCkKEYFGfWFtS10cUJ84k/vIOCbYnP4
lziKcJKougyWCiebXivfa/uwcOubsZILlRdnHHaE7cNApZ3BrNgPDjuoJ5xAhnV5
5kVJkEpLS2jAqTBlGjL6Vql4DU+mUegPwCISwIsViiQbpUlMYmTmuE4ksrOb+OGb
7LfM02UFeZfO12l8fia0MATB9a3SRszrkOVqdU9tUHv6fYgiWHSB407o0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGuqpthvGz/uk33CFh3+KjfZNJV5MB8GA1UdIwQY
MBaAFMgRGxGCSlHodbfgZ7BKx4/e5KEcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUJFYkVZSktVZWgxdC1CbnNFckhqOTdrb1J3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9kZmJhYjQtYTdlMy00YjY5LWJkNDAt
NjdmOGNlODE0YWNiLzEvYTZxbTJHOGJQLTZUZmNJV0hmNHFOOWswbFhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9kZmJhYjQtYTdlMy00YjY5LWJkNDAtNjdmOGNlODE0YWNi
LzEveUJFYkVZSktVZWgxdC1CbnNFckhqOTdrb1J3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2YpnMA0G
CSqGSIb3DQEBCwUAA4IBAQCQNDjyAG1i+HY8jYu8cOordfdYEM/iCedpp5jOyNoO
ewqVhitsMyRq0J3Xg6dl5amKq9bBUoGXTtAdpY2AVDPxxN1UFMOCuHHx8lYUKxk9
KEBFqBnTnVV3mq2HeFOTeE0og0SmpKi5yD6imvAig0af89eVV1bg7io/3vz9Kxuj
1tZneUFyK8cDEkCc6H6BTqXyYzduZGLGhsnheX2U7rPJrH+orGLgUMvLNfogd3uQ
dvjTYbkXTKwFG2vvMN0tU7xIN09C+uBgAsWsjCmTNuvezqgun+bCzVT5kaP42mrN
Or6MFR/lNo2U2I9hg0SJ8lJr5lX8NfhUQkXfPcBBfJVD
-----END CERTIFICATE-----