Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/77c34c-e460-405f-954e-f641422121d2/1/6KUsRx2xnl7JCFKq8HChIR6zRPc.roa
File:                     6KUsRx2xnl7JCFKq8HChIR6zRPc.roa (raw, json)
Hash identifier:          67x6ED2yaIOgffSYZ+8Ea23/KjH4J0rYemziOMiRIRI=
Subject key identifier:   E8:A5:2C:47:1D:B1:9E:5E:C9:08:52:AA:F0:70:A1:21:1E:B3:44:F7
Certificate issuer:       /CN=1b538316f6852a5d3ca291f4f7a27acf2af789b8
Certificate serial:       019C7D9E85E52E01C66A244651EC745B1C96
Authority key identifier: 1B:53:83:16:F6:85:2A:5D:3C:A2:91:F4:F7:A2:7A:CF:2A:F7:89:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G1ODFvaFKl08opH096J6zyr3ibg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/77c34c-e460-405f-954e-f641422121d2/1/6KUsRx2xnl7JCFKq8HChIR6zRPc.roa
Signing time:             Sat 21 Feb 2026 00:34:26 +0000
ROA not before:           Sat 21 Feb 2026 00:34:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212437
IP address blocks:        2a0d:a380::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/77c34c-e460-405f-954e-f641422121d2/1/G1ODFvaFKl08opH096J6zyr3ibg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/77c34c-e460-405f-954e-f641422121d2/1/G1ODFvaFKl08opH096J6zyr3ibg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G1ODFvaFKl08opH096J6zyr3ibg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7d:9e:85:e5:2e:01:c6:6a:24:46:51:ec:74:5b:1c:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b538316f6852a5d3ca291f4f7a27acf2af789b8
        Validity
            Not Before: Feb 21 00:34:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e8a52c471db19e5ec90852aaf070a1211eb344f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:82:43:de:f4:e8:07:b2:a4:d3:1f:ef:bc:e7:
                    75:da:b3:69:c2:7b:5e:3b:97:80:e1:2b:91:86:5c:
                    9f:e6:cc:2e:46:d5:10:44:3e:5a:35:39:94:f9:d6:
                    7f:f9:8e:cd:82:82:fa:cd:06:e4:fc:cd:73:fa:13:
                    6f:22:7c:a0:6d:01:d4:28:b7:66:d4:f8:38:88:79:
                    54:a4:94:4e:49:0f:07:cb:fd:0d:d2:b5:ae:2f:e2:
                    b6:36:45:84:d1:92:f1:eb:a2:7e:43:75:bc:bb:90:
                    f3:f0:c2:57:b5:bd:ca:be:63:53:6f:b3:56:bb:69:
                    df:e2:8f:2a:c5:64:ab:ef:9e:c0:12:03:9f:d2:f7:
                    7c:92:17:3d:f0:45:2b:9b:91:d2:68:e2:9e:eb:5b:
                    fc:c8:0e:4d:bf:1f:c0:17:30:b4:19:96:cd:42:07:
                    a5:0f:db:ed:8f:2b:8e:72:f2:ff:9d:fa:37:0d:c8:
                    37:77:6f:1c:e7:54:d9:63:6a:74:2a:03:6a:21:8b:
                    97:20:2d:66:e8:d8:93:4a:2e:87:b3:5d:c5:b6:15:
                    27:d1:de:63:62:f1:30:2f:c8:16:4b:9a:d0:59:fe:
                    1c:3e:0d:6f:cc:d3:6a:57:30:9e:c3:d3:cd:73:54:
                    b2:60:de:8b:ed:88:48:c3:2c:21:40:2c:89:5a:bf:
                    de:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:A5:2C:47:1D:B1:9E:5E:C9:08:52:AA:F0:70:A1:21:1E:B3:44:F7
            X509v3 Authority Key Identifier:
                keyid:1B:53:83:16:F6:85:2A:5D:3C:A2:91:F4:F7:A2:7A:CF:2A:F7:89:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G1ODFvaFKl08opH096J6zyr3ibg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/77c34c-e460-405f-954e-f641422121d2/1/6KUsRx2xnl7JCFKq8HChIR6zRPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/77c34c-e460-405f-954e-f641422121d2/1/G1ODFvaFKl08opH096J6zyr3ibg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:a380::/48

    Signature Algorithm: sha256WithRSAEncryption
         28:19:c7:68:62:fb:0a:e8:f5:9d:18:72:25:d3:8b:3b:1a:16:
         49:ec:d9:4e:a7:f4:8c:50:ec:ed:6d:9c:bd:83:94:19:9d:60:
         ca:ac:d6:37:7c:77:0f:d5:34:bf:c3:3f:15:0b:f5:3f:fd:6d:
         81:a3:0a:b9:8d:22:93:e6:21:d4:e3:53:57:5a:15:90:28:b1:
         05:de:a9:dc:94:9c:86:62:86:12:af:8f:f5:1c:dd:25:13:ac:
         e4:8c:a2:18:57:39:41:95:8f:b1:2c:a0:b2:d0:90:98:73:ca:
         40:22:88:ed:c4:0a:42:bc:14:f6:cb:e5:aa:fa:e9:23:c9:00:
         bd:b8:cd:32:21:1c:af:7d:b0:96:4e:b2:34:b1:50:89:91:37:
         20:40:45:bc:9c:d7:6c:cd:3a:09:28:08:e3:ce:ee:51:1f:c5:
         60:46:99:9e:97:ad:34:78:a8:4c:fb:aa:ed:04:48:a4:4e:e8:
         51:7d:18:37:a9:43:0f:b1:28:3c:43:5f:54:c7:4d:87:d8:55:
         85:39:e2:73:dd:df:e7:d6:b8:dc:1e:ab:11:9a:9d:3c:46:50:
         99:ad:8e:2d:59:95:cf:d3:46:6c:2a:84:73:ea:a2:4a:14:9b:
         65:e9:d0:64:41:87:fc:9a:96:f0:fe:05:1f:62:1d:c3:f1:6f:
         23:31:3d:64
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZx9noXlLgHGaiRGUex0WxyWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiNTM4MzE2ZjY4NTJhNWQzY2EyOTFmNGY3YTI3YWNmMmFm
Nzg5YjgwHhcNMjYwMjIxMDAzNDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGE1MmM0NzFkYjE5ZTVlYzkwODUyYWFmMDcwYTEyMTFlYjM0NGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA24JD3vToB7Kk0x/vvOd12rNpwnte
O5eA4SuRhlyf5swuRtUQRD5aNTmU+dZ/+Y7NgoL6zQbk/M1z+hNvInygbQHUKLdm
1Pg4iHlUpJROSQ8Hy/0N0rWuL+K2NkWE0ZLx66J+Q3W8u5Dz8MJXtb3KvmNTb7NW
u2nf4o8qxWSr757AEgOf0vd8khc98EUrm5HSaOKe61v8yA5Nvx/AFzC0GZbNQgel
D9vtjyuOcvL/nfo3Dcg3d28c51TZY2p0KgNqIYuXIC1m6NiTSi6Hs13FthUn0d5j
YvEwL8gWS5rQWf4cPg1vzNNqVzCew9PNc1SyYN6L7YhIwywhQCyJWr/ewQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOilLEcdsZ5eyQhSqvBwoSEes0T3MB8GA1UdIwQY
MBaAFBtTgxb2hSpdPKKR9Peies8q94m4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzFPREZ2YUZLbDA4b3BIMDk2SjZ6eXIzaWJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC83N2MzNGMtZTQ2MC00MDVmLTk1NGUt
ZjY0MTQyMjEyMWQyLzEvNktVc1J4MnhubDdKQ0ZLcThIQ2hJUjZ6UlBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC83N2MzNGMtZTQ2MC00MDVmLTk1NGUtZjY0MTQyMjEyMWQy
LzEvRzFPREZ2YUZLbDA4b3BIMDk2SjZ6eXIzaWJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg2jgAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAoGcdoYvsK6PWdGHIl04s7GhZJ7NlOp/SMUOzt
bZy9g5QZnWDKrNY3fHcP1TS/wz8VC/U//W2Bowq5jSKT5iHU41NXWhWQKLEF3qnc
lJyGYoYSr4/1HN0lE6zkjKIYVzlBlY+xLKCy0JCYc8pAIojtxApCvBT2y+Wq+ukj
yQC9uM0yIRyvfbCWTrI0sVCJkTcgQEW8nNdszToJKAjjzu5RH8VgRpmel600eKhM
+6rtBEikTuhRfRg3qUMPsSg8Q19Ux02H2FWFOeJz3d/n1rjcHqsRmp08RlCZrY4t
WZXP00ZsKoRz6qJKFJtl6dBkQYf8mpbw/gUfYh3D8W8jMT1k
-----END CERTIFICATE-----