Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/e2934c-053a-4b97-aa2a-62808bbbdd21/1/UNr1JSsPVlDmc77n-IlJ4J8D-J0.roa
File:                     UNr1JSsPVlDmc77n-IlJ4J8D-J0.roa (raw, json)
Hash identifier:          cNdO2qWipe5XDjbIGYIIO5If+75z//dCQTdfnQ/FOsg=
Subject key identifier:   50:DA:F5:25:2B:0F:56:50:E6:73:BE:E7:F8:89:49:E0:9F:03:F8:9D
Certificate issuer:       /CN=12b87c6caf81de3625fe1ce0559f39e30505a051
Certificate serial:       019CDBFC4E054AAC51EFB8019BF8F8346286
Authority key identifier: 12:B8:7C:6C:AF:81:DE:36:25:FE:1C:E0:55:9F:39:E3:05:05:A0:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Erh8bK-B3jYl_hzgVZ854wUFoFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/e2934c-053a-4b97-aa2a-62808bbbdd21/1/UNr1JSsPVlDmc77n-IlJ4J8D-J0.roa
Signing time:             Wed 11 Mar 2026 08:21:11 +0000
ROA not before:           Wed 11 Mar 2026 08:21:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210070
IP address blocks:        2a0f:f7c0::/32 maxlen: 32
                          2a0f:f7c1::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/e2934c-053a-4b97-aa2a-62808bbbdd21/1/Erh8bK-B3jYl_hzgVZ854wUFoFE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/e2934c-053a-4b97-aa2a-62808bbbdd21/1/Erh8bK-B3jYl_hzgVZ854wUFoFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Erh8bK-B3jYl_hzgVZ854wUFoFE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:db:fc:4e:05:4a:ac:51:ef:b8:01:9b:f8:f8:34:62:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12b87c6caf81de3625fe1ce0559f39e30505a051
        Validity
            Not Before: Mar 11 08:21:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=50daf5252b0f5650e673bee7f88949e09f03f89d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:33:4d:f4:a5:19:7d:8f:29:5c:a3:72:90:83:
                    7b:f7:ec:56:88:0c:29:f5:6e:d2:60:00:cc:6d:42:
                    58:b0:fb:ad:0c:49:8c:2b:c8:98:68:45:38:91:dc:
                    0b:fb:05:ab:cd:c8:e6:72:23:d8:11:ac:a6:73:4b:
                    0c:58:09:a6:f4:cf:93:a9:6a:fb:64:60:56:0c:bc:
                    9f:74:5c:d2:4e:13:23:72:33:e3:73:74:6d:75:de:
                    21:f4:fc:52:6a:6a:f6:cc:d6:40:c5:9f:b0:2f:cf:
                    e7:7e:d2:a0:65:16:28:ce:dc:b8:1b:52:84:06:3d:
                    36:43:f3:f6:81:f5:8a:5c:5e:04:7e:83:8a:d8:a0:
                    fd:84:28:c8:c3:3b:76:6b:b8:54:09:7c:82:a5:cb:
                    e9:32:a5:26:28:9b:2d:e5:e1:29:62:e3:a2:b3:1a:
                    98:7e:c2:b0:da:2b:9a:d6:7a:f8:d7:c8:9e:b2:e5:
                    ac:99:c8:08:e4:17:29:33:29:51:79:a4:6a:1a:28:
                    c7:bf:18:b5:b0:40:bd:c4:34:52:ef:e4:fb:c7:54:
                    2f:ea:83:3b:b0:89:64:e9:45:c8:f2:1e:6e:64:15:
                    f5:aa:c4:89:51:79:66:7e:e6:eb:a6:d4:a6:e0:4a:
                    e9:05:80:5d:d4:9c:dc:e4:fb:32:7d:9d:90:5f:14:
                    95:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:DA:F5:25:2B:0F:56:50:E6:73:BE:E7:F8:89:49:E0:9F:03:F8:9D
            X509v3 Authority Key Identifier:
                keyid:12:B8:7C:6C:AF:81:DE:36:25:FE:1C:E0:55:9F:39:E3:05:05:A0:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Erh8bK-B3jYl_hzgVZ854wUFoFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/e2934c-053a-4b97-aa2a-62808bbbdd21/1/UNr1JSsPVlDmc77n-IlJ4J8D-J0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/e2934c-053a-4b97-aa2a-62808bbbdd21/1/Erh8bK-B3jYl_hzgVZ854wUFoFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:f7c0::/31

    Signature Algorithm: sha256WithRSAEncryption
         a1:14:06:67:86:77:ce:52:e4:3a:63:60:a4:d9:78:87:28:bf:
         1d:bb:56:b4:d4:6b:ff:58:18:1c:b2:fa:2b:fc:49:48:fb:93:
         c0:5f:0d:88:5b:c6:d3:93:69:e5:96:69:55:75:90:5e:f3:76:
         a7:6e:01:fa:04:3e:14:bc:80:17:b2:4d:89:9b:da:da:1e:47:
         0e:01:8c:5a:45:19:47:df:0f:c6:91:c1:12:32:d3:d5:86:d1:
         95:dd:96:f2:17:46:b1:a1:fc:ee:36:65:b7:3b:b7:0e:e2:07:
         72:be:e4:31:fe:4f:dd:90:ca:e8:36:aa:57:e0:e2:da:ce:0b:
         3e:c6:aa:02:9b:af:f1:7e:2c:ff:92:7f:c1:0a:7d:b6:c1:a9:
         8b:97:10:d0:10:23:22:de:b6:66:2e:96:46:a6:e9:9d:55:33:
         56:9d:ea:10:50:77:2f:52:d3:0a:2a:b7:f9:40:19:73:0d:84:
         9f:ef:20:77:c2:78:29:85:33:28:6b:ce:fb:2e:39:45:42:e7:
         cb:37:08:c0:58:33:97:60:1a:15:25:85:9e:05:2a:25:10:85:
         5a:4e:f7:df:ad:c9:ac:19:c6:37:6a:be:0d:dd:01:cf:4c:c3:
         00:f1:31:a3:a0:4c:ec:7e:9f:0e:0c:38:c8:ef:95:42:ac:dd:
         90:c5:9c:3a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZzb/E4FSqxR77gBm/j4NGKGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYjg3YzZjYWY4MWRlMzYyNWZlMWNlMDU1OWYzOWUzMDUw
NWEwNTEwHhcNMjYwMzExMDgyMTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGRhZjUyNTJiMGY1NjUwZTY3M2JlZTdmODg5NDllMDlmMDNmODlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDNN9KUZfY8pXKNykIN79+xWiAwp
9W7SYADMbUJYsPutDEmMK8iYaEU4kdwL+wWrzcjmciPYEaymc0sMWAmm9M+TqWr7
ZGBWDLyfdFzSThMjcjPjc3Rtdd4h9PxSamr2zNZAxZ+wL8/nftKgZRYozty4G1KE
Bj02Q/P2gfWKXF4EfoOK2KD9hCjIwzt2a7hUCXyCpcvpMqUmKJst5eEpYuOisxqY
fsKw2iua1nr418iesuWsmcgI5BcpMylReaRqGijHvxi1sEC9xDRS7+T7x1Qv6oM7
sIlk6UXI8h5uZBX1qsSJUXlmfubrptSm4ErpBYBd1Jzc5PsyfZ2QXxSVgQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFDa9SUrD1ZQ5nO+5/iJSeCfA/idMB8GA1UdIwQY
MBaAFBK4fGyvgd42Jf4c4FWfOeMFBaBRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXJoOGJLLUIzallsX2h6Z1ZaODU0d1VGb0ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy9lMjkzNGMtMDUzYS00Yjk3LWFhMmEt
NjI4MDhiYmJkZDIxLzEvVU5yMUpTc1BWbERtYzc3bi1JbEo0SjhELUowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy9lMjkzNGMtMDUzYS00Yjk3LWFhMmEtNjI4MDhiYmJkZDIx
LzEvRXJoOGJLLUIzallsX2h6Z1ZaODU0d1VGb0ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBKg/3wDAN
BgkqhkiG9w0BAQsFAAOCAQEAoRQGZ4Z3zlLkOmNgpNl4hyi/HbtWtNRr/1gYHLL6
K/xJSPuTwF8NiFvG05Np5ZZpVXWQXvN2p24B+gQ+FLyAF7JNiZva2h5HDgGMWkUZ
R98PxpHBEjLT1YbRld2W8hdGsaH87jZltzu3DuIHcr7kMf5P3ZDK6DaqV+Di2s4L
PsaqApuv8X4s/5J/wQp9tsGpi5cQ0BAjIt62Zi6WRqbpnVUzVp3qEFB3L1LTCiq3
+UAZcw2En+8gd8J4KYUzKGvO+y45RULnyzcIwFgzl2AaFSWFngUqJRCFWk73363J
rBnGN2q+Dd0Bz0zDAPExo6BM7H6fDgw4yO+VQqzdkMWcOg==
-----END CERTIFICATE-----