Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/76d161-e1bb-46d7-bc72-05b0cf2ce19a/1/qNh9B_T6D7zIQKtKj3CH1wBuJrU.roa
File:                     qNh9B_T6D7zIQKtKj3CH1wBuJrU.roa (raw, json)
Hash identifier:          VVk6xhwAHQjOQSYBNf9v9JyyynNzDFxtsukm+hVtrgE=
Subject key identifier:   A8:D8:7D:07:F4:FA:0F:BC:C8:40:AB:4A:8F:70:87:D7:00:6E:26:B5
Certificate issuer:       /CN=04da247ec3f4010bbc2ea52a22ac64778bca3e47
Certificate serial:       019DDB12B381DF4BAE59285D97EEB01CB3F1
Authority key identifier: 04:DA:24:7E:C3:F4:01:0B:BC:2E:A5:2A:22:AC:64:77:8B:CA:3E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BNokfsP0AQu8LqUqIqxkd4vKPkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/76d161-e1bb-46d7-bc72-05b0cf2ce19a/1/qNh9B_T6D7zIQKtKj3CH1wBuJrU.roa
Signing time:             Wed 29 Apr 2026 21:08:49 +0000
ROA not before:           Wed 29 Apr 2026 21:08:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210248
IP address blocks:        2a06:7c40::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/76d161-e1bb-46d7-bc72-05b0cf2ce19a/1/BNokfsP0AQu8LqUqIqxkd4vKPkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/76d161-e1bb-46d7-bc72-05b0cf2ce19a/1/BNokfsP0AQu8LqUqIqxkd4vKPkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BNokfsP0AQu8LqUqIqxkd4vKPkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:db:12:b3:81:df:4b:ae:59:28:5d:97:ee:b0:1c:b3:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04da247ec3f4010bbc2ea52a22ac64778bca3e47
        Validity
            Not Before: Apr 29 21:08:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a8d87d07f4fa0fbcc840ab4a8f7087d7006e26b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f8:d1:ec:66:e8:e5:c2:f9:3d:3c:9f:59:a6:
                    b6:05:22:d1:a5:48:3a:d5:a3:44:fb:a3:43:ca:f5:
                    40:24:77:fb:a2:8b:b4:2b:56:70:43:81:f4:ce:1f:
                    53:9d:00:07:c3:39:23:cd:d6:57:23:59:47:bb:00:
                    63:52:97:f9:2f:15:27:aa:e9:4e:47:5e:4e:87:62:
                    64:a1:3c:77:7c:43:b8:d2:c7:3a:91:1d:3e:2d:26:
                    a5:76:32:de:db:31:06:dc:a3:2d:21:61:b9:b3:2a:
                    31:be:b8:21:47:5b:0d:bf:d3:57:ed:b1:84:8b:e6:
                    64:24:6f:52:10:56:31:09:99:a7:bc:d4:1a:4f:3f:
                    a9:41:0e:6f:c4:55:72:1b:ad:02:ff:1e:07:48:49:
                    15:d8:c0:41:9b:d2:d0:f9:ed:2b:f5:0c:03:b0:2f:
                    a8:dc:09:cf:3a:63:ca:dc:ac:e5:e5:df:0a:0c:5e:
                    e2:a5:38:eb:87:19:98:23:48:b0:5f:0d:11:bc:59:
                    44:d5:e0:3d:1c:14:b7:7f:8e:67:ee:c3:0f:5c:1d:
                    21:4d:d0:a9:22:58:08:96:08:fc:e2:c0:78:13:4a:
                    b9:f5:79:2f:04:39:88:0f:cb:c2:f5:48:ad:58:cf:
                    0f:55:43:f0:65:c7:e5:da:4f:4c:37:81:2f:bf:75:
                    ec:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:D8:7D:07:F4:FA:0F:BC:C8:40:AB:4A:8F:70:87:D7:00:6E:26:B5
            X509v3 Authority Key Identifier:
                keyid:04:DA:24:7E:C3:F4:01:0B:BC:2E:A5:2A:22:AC:64:77:8B:CA:3E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BNokfsP0AQu8LqUqIqxkd4vKPkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/76d161-e1bb-46d7-bc72-05b0cf2ce19a/1/qNh9B_T6D7zIQKtKj3CH1wBuJrU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/76d161-e1bb-46d7-bc72-05b0cf2ce19a/1/BNokfsP0AQu8LqUqIqxkd4vKPkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:7c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         69:96:31:9e:e7:cf:06:ce:9e:28:b3:52:32:da:65:02:ea:6a:
         55:f8:a7:8b:88:9c:a0:b6:04:b7:a4:d3:59:ed:82:a9:e7:7a:
         57:be:5b:7d:3b:fa:f0:49:f2:11:7d:f3:af:0f:a6:71:03:df:
         77:17:5c:46:61:e9:3b:09:62:ce:4d:18:f7:82:9f:1c:87:b9:
         b8:cf:7e:a7:61:06:04:ab:81:d0:c3:8f:66:b9:88:3d:46:a6:
         7c:ae:64:b0:ed:46:a1:c0:db:bd:8e:51:7d:08:ea:62:b2:c3:
         f1:ab:1d:e7:42:0b:cf:e3:58:1b:86:da:2b:90:b3:8c:a6:7a:
         c4:5b:dc:08:3d:9f:df:eb:ea:17:bf:e8:2f:c0:a3:7d:6d:29:
         12:e5:1b:4f:93:ea:db:aa:ad:a8:b7:50:53:d3:4f:66:83:ef:
         df:f6:8c:83:2a:c7:83:31:7e:86:f2:5e:23:d2:85:0b:80:ac:
         f0:d3:ac:d9:3b:a5:df:38:94:84:88:3e:8d:76:a1:e2:e0:3b:
         66:f9:30:35:f3:e1:ba:c7:14:64:cc:bb:46:6c:c0:75:6e:53:
         39:5c:73:d9:9b:fd:b5:8c:b0:ed:e8:f0:82:20:07:34:35:ca:
         5e:d5:95:fc:58:1d:82:3e:0b:84:ac:2a:2f:a0:e4:48:0d:8c:
         93:f4:11:87
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ3bErOB30uuWShdl+6wHLPxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0ZGEyNDdlYzNmNDAxMGJiYzJlYTUyYTIyYWM2NDc3OGJj
YTNlNDcwHhcNMjYwNDI5MjEwODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOGQ4N2QwN2Y0ZmEwZmJjYzg0MGFiNGE4ZjcwODdkNzAwNmUyNmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfjR7Gbo5cL5PTyfWaa2BSLRpUg6
1aNE+6NDyvVAJHf7oou0K1ZwQ4H0zh9TnQAHwzkjzdZXI1lHuwBjUpf5LxUnqulO
R15Oh2JkoTx3fEO40sc6kR0+LSaldjLe2zEG3KMtIWG5syoxvrghR1sNv9NX7bGE
i+ZkJG9SEFYxCZmnvNQaTz+pQQ5vxFVyG60C/x4HSEkV2MBBm9LQ+e0r9QwDsC+o
3AnPOmPK3Kzl5d8KDF7ipTjrhxmYI0iwXw0RvFlE1eA9HBS3f45n7sMPXB0hTdCp
IlgIlgj84sB4E0q59XkvBDmID8vC9UitWM8PVUPwZcfl2k9MN4Evv3XsAwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKjYfQf0+g+8yECrSo9wh9cAbia1MB8GA1UdIwQY
MBaAFATaJH7D9AELvC6lKiKsZHeLyj5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQk5va2ZzUDBBUXU4THFVcUlxeGtkNHZLUGtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy83NmQxNjEtZTFiYi00NmQ3LWJjNzIt
MDViMGNmMmNlMTlhLzEvcU5oOUJfVDZEN3pJUUt0S2ozQ0gxd0J1SnJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy83NmQxNjEtZTFiYi00NmQ3LWJjNzItMDViMGNmMmNlMTlh
LzEvQk5va2ZzUDBBUXU4THFVcUlxeGtkNHZLUGtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgZ8QDAN
BgkqhkiG9w0BAQsFAAOCAQEAaZYxnufPBs6eKLNSMtplAupqVfini4icoLYEt6TT
We2Cqed6V75bfTv68EnyEX3zrw+mcQPfdxdcRmHpOwlizk0Y94KfHIe5uM9+p2EG
BKuB0MOPZrmIPUamfK5ksO1GocDbvY5RfQjqYrLD8asd50ILz+NYG4baK5CzjKZ6
xFvcCD2f3+vqF7/oL8CjfW0pEuUbT5Pq26qtqLdQU9NPZoPv3/aMgyrHgzF+hvJe
I9KFC4Cs8NOs2Tul3ziUhIg+jXah4uA7ZvkwNfPhuscUZMy7RmzAdW5TOVxz2Zv9
tYyw7ejwgiAHNDXKXtWV/Fgdgj4LhKwqL6DkSA2Mk/QRhw==
-----END CERTIFICATE-----