Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/CNFp8fRkRFtEQks7R0O2wgi6-xA.roa
File:                     CNFp8fRkRFtEQks7R0O2wgi6-xA.roa (raw, json)
Hash identifier:          bXlKDyyKKGdmKBfoGxYPygp5JG45Ozo2FLYDRNT3VpM=
Subject key identifier:   08:D1:69:F1:F4:64:44:5B:44:42:4B:3B:47:43:B6:C2:08:BA:FB:10
Certificate issuer:       /CN=255876412d20fbb6cab823481782ac47703b4404
Certificate serial:       019CE900D4B66C944AE0771442B1E4026FA9
Authority key identifier: 25:58:76:41:2D:20:FB:B6:CA:B8:23:48:17:82:AC:47:70:3B:44:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/CNFp8fRkRFtEQks7R0O2wgi6-xA.roa
Signing time:             Fri 13 Mar 2026 21:01:11 +0000
ROA not before:           Fri 13 Mar 2026 21:01:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213839
IP address blocks:        2a01:ffc7:301::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e9:00:d4:b6:6c:94:4a:e0:77:14:42:b1:e4:02:6f:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=255876412d20fbb6cab823481782ac47703b4404
        Validity
            Not Before: Mar 13 21:01:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=08d169f1f464445b44424b3b4743b6c208bafb10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:d8:bd:f4:ac:8e:d8:0f:01:95:0c:33:2c:5a:
                    cc:09:d9:80:ee:08:28:e0:ac:ef:08:dc:5a:8f:ea:
                    be:0d:55:cb:c2:96:8a:b2:e4:71:e2:7c:37:bd:89:
                    fc:54:57:6b:9b:53:c8:1b:1f:e3:a4:ae:35:b1:13:
                    24:44:6e:39:e6:0b:5a:d1:37:a4:03:11:e6:83:0c:
                    11:61:61:50:88:3b:b9:33:cd:16:e2:26:b4:7a:1d:
                    83:96:23:e0:fa:b1:83:bf:1f:fd:06:7e:2a:34:9d:
                    80:1b:ce:04:e2:9e:cc:ae:f8:60:b4:91:7e:04:e0:
                    f6:e8:06:51:4e:17:c6:6c:7b:54:c1:5a:26:3f:82:
                    d2:0f:e9:39:ff:56:33:3c:d4:a7:f4:bf:e9:99:48:
                    95:16:16:9f:61:8b:c8:d2:ae:66:72:9b:5f:6a:23:
                    12:0a:1d:e9:de:0d:df:65:d4:04:a0:41:40:fb:ca:
                    14:f3:96:47:c1:5a:75:b0:5d:59:0e:bf:ff:ad:a5:
                    48:f6:5a:bc:ec:53:71:1e:21:00:9c:ea:78:05:17:
                    60:38:e6:f9:30:ce:cb:bd:b7:56:d3:01:34:92:88:
                    90:8e:59:da:10:5c:1c:89:98:d1:ec:8c:4d:09:c6:
                    d4:c1:fe:bd:fe:0c:4e:96:89:2d:b7:59:03:95:ee:
                    1b:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:D1:69:F1:F4:64:44:5B:44:42:4B:3B:47:43:B6:C2:08:BA:FB:10
            X509v3 Authority Key Identifier:
                keyid:25:58:76:41:2D:20:FB:B6:CA:B8:23:48:17:82:AC:47:70:3B:44:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/CNFp8fRkRFtEQks7R0O2wgi6-xA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ffc7:301::/48

    Signature Algorithm: sha256WithRSAEncryption
         48:a0:fc:d4:db:b6:22:d5:e9:ec:6f:62:04:03:6f:d7:02:6f:
         5b:30:b2:cf:7e:2e:df:01:56:b6:1f:6f:d8:85:a3:27:22:06:
         a3:79:ff:be:ef:9b:28:dd:b6:99:0d:2a:48:8a:c8:95:af:cb:
         28:aa:6d:1c:36:a0:84:7a:82:12:8c:52:e1:2b:74:9c:9d:54:
         80:68:03:7a:96:ea:0a:e0:9c:4a:34:39:85:2d:67:62:cc:f0:
         85:b7:19:fd:b6:1d:11:a9:94:a2:cd:b7:66:a5:7d:9d:05:9b:
         ea:e4:64:9d:f9:9a:e6:8e:70:fe:cf:e8:42:82:d9:4f:6c:c0:
         d5:c7:90:5b:a8:a2:2c:ba:69:4b:ac:4e:38:97:81:7f:6a:e9:
         b9:20:7d:1b:1c:af:56:73:83:76:53:aa:fc:a6:6e:c1:c4:bb:
         f6:b0:d8:7f:6c:be:e2:fe:60:b0:4d:f7:f7:0e:8d:3a:f7:8f:
         76:fa:e4:8e:a0:a2:62:e9:6d:ee:ba:59:3a:ad:83:5a:89:9e:
         af:34:7f:e9:50:e2:d7:57:65:19:22:72:ed:ba:aa:42:e7:95:
         12:39:c1:1c:8b:fe:5e:14:a2:a8:30:34:62:d3:d3:cc:e6:d3:
         71:f0:52:2a:1b:36:7b:40:38:1d:39:f7:88:f7:87:dc:65:72:
         1b:87:39:13
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZzpANS2bJRK4HcUQrHkAm+pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1NTg3NjQxMmQyMGZiYjZjYWI4MjM0ODE3ODJhYzQ3NzAz
YjQ0MDQwHhcNMjYwMzEzMjEwMTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGQxNjlmMWY0NjQ0NDViNDQ0MjRiM2I0NzQzYjZjMjA4YmFmYjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApti99KyO2A8BlQwzLFrMCdmA7ggo
4KzvCNxaj+q+DVXLwpaKsuRx4nw3vYn8VFdrm1PIGx/jpK41sRMkRG455gta0Tek
AxHmgwwRYWFQiDu5M80W4ia0eh2DliPg+rGDvx/9Bn4qNJ2AG84E4p7MrvhgtJF+
BOD26AZRThfGbHtUwVomP4LSD+k5/1YzPNSn9L/pmUiVFhafYYvI0q5mcptfaiMS
Ch3p3g3fZdQEoEFA+8oU85ZHwVp1sF1ZDr//raVI9lq87FNxHiEAnOp4BRdgOOb5
MM7LvbdW0wE0koiQjlnaEFwciZjR7IxNCcbUwf69/gxOloktt1kDle4btwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAjRafH0ZERbREJLO0dDtsIIuvsQMB8GA1UdIwQY
MBaAFCVYdkEtIPu2yrgjSBeCrEdwO0QEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlZoMlFTMGctN2JLdUNOSUY0S3NSM0E3UkFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9kZDA2MmEtMTMxOS00MDE5LWE1NTEt
ODc2YzdmY2E0YjM0LzEvQ05GcDhmUmtSRnRFUWtzN1IwTzJ3Z2k2LXhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9kZDA2MmEtMTMxOS00MDE5LWE1NTEtODc2YzdmY2E0YjM0
LzEvSlZoMlFTMGctN2JLdUNOSUY0S3NSM0E3UkFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgH/xwMB
MA0GCSqGSIb3DQEBCwUAA4IBAQBIoPzU27Yi1ensb2IEA2/XAm9bMLLPfi7fAVa2
H2/YhaMnIgajef++75so3baZDSpIisiVr8soqm0cNqCEeoISjFLhK3ScnVSAaAN6
luoK4JxKNDmFLWdizPCFtxn9th0RqZSizbdmpX2dBZvq5GSd+ZrmjnD+z+hCgtlP
bMDVx5BbqKIsumlLrE44l4F/aum5IH0bHK9Wc4N2U6r8pm7BxLv2sNh/bL7i/mCw
Tff3Do069492+uSOoKJi6W3uulk6rYNaiZ6vNH/pUOLXV2UZInLtuqpC55USOcEc
i/5eFKKoMDRi09PM5tNx8FIqGzZ7QDgdOfeI94fcZXIbhzkT
-----END CERTIFICATE-----