Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/KyDbQ0rqHrzNwBeTean_1T8zCJI.roa
File:                     KyDbQ0rqHrzNwBeTean_1T8zCJI.roa (raw, json)
Hash identifier:          gnAGTUMzRMJUrXtxc37/YeHQ/6Be1LuLPiBPiwljXaA=
Subject key identifier:   2B:20:DB:43:4A:EA:1E:BC:CD:C0:17:93:79:A9:FF:D5:3F:33:08:92
Certificate issuer:       /CN=f72e9c9146ed7bc58c85cdab6eb858e42286eef4
Certificate serial:       019DCE8EF00FB1D08E5262659BC7791F56D3
Authority key identifier: F7:2E:9C:91:46:ED:7B:C5:8C:85:CD:AB:6E:B8:58:E4:22:86:EE:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9y6ckUbte8WMhc2rbrhY5CKG7vQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/KyDbQ0rqHrzNwBeTean_1T8zCJI.roa
Signing time:             Mon 27 Apr 2026 10:49:26 +0000
ROA not before:           Mon 27 Apr 2026 10:49:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        2a01:f140::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/9y6ckUbte8WMhc2rbrhY5CKG7vQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/9y6ckUbte8WMhc2rbrhY5CKG7vQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9y6ckUbte8WMhc2rbrhY5CKG7vQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ce:8e:f0:0f:b1:d0:8e:52:62:65:9b:c7:79:1f:56:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f72e9c9146ed7bc58c85cdab6eb858e42286eef4
        Validity
            Not Before: Apr 27 10:49:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2b20db434aea1ebccdc0179379a9ffd53f330892
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:8e:e1:65:1b:13:e2:68:41:8b:ca:c5:99:02:
                    2a:d5:59:b0:64:1a:46:79:cb:8d:9d:dd:f8:2a:48:
                    ed:b4:19:27:d5:8f:fe:f0:e2:b1:56:c3:69:f7:bb:
                    41:c4:42:7f:48:49:d4:9c:cc:f7:53:05:3f:8f:f3:
                    6e:9f:40:6b:ed:09:23:68:b9:c0:49:34:50:7a:11:
                    ed:42:cf:e0:c5:6a:15:28:f6:2f:cb:b7:4d:1f:a5:
                    2b:c1:d2:76:af:04:fe:92:f7:8f:d0:bf:07:4c:db:
                    81:7c:71:52:1a:96:8b:f1:2b:ad:46:75:68:03:84:
                    c8:21:ca:16:b4:b0:0e:0b:81:56:ac:2c:dd:29:07:
                    46:7a:cc:c9:f0:05:d4:26:22:3c:9c:60:2a:75:60:
                    e7:03:e4:c3:96:45:71:36:b4:92:a4:47:91:11:34:
                    13:eb:59:cb:7b:78:27:38:a7:57:8e:37:21:ce:35:
                    41:ef:62:2d:79:a3:39:7e:1f:f0:0c:e4:d7:a9:55:
                    69:49:6f:4f:f4:22:b2:36:fe:5b:4d:38:ce:35:eb:
                    46:ff:45:fc:9e:85:da:75:e6:91:28:4a:9a:81:e8:
                    b7:a9:62:db:62:9c:17:82:c9:51:cd:6a:24:ac:f9:
                    d8:ad:69:80:4a:bd:d3:14:77:2f:f9:d3:cc:a7:d2:
                    59:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:20:DB:43:4A:EA:1E:BC:CD:C0:17:93:79:A9:FF:D5:3F:33:08:92
            X509v3 Authority Key Identifier:
                keyid:F7:2E:9C:91:46:ED:7B:C5:8C:85:CD:AB:6E:B8:58:E4:22:86:EE:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9y6ckUbte8WMhc2rbrhY5CKG7vQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/KyDbQ0rqHrzNwBeTean_1T8zCJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/9y6ckUbte8WMhc2rbrhY5CKG7vQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f140::/29

    Signature Algorithm: sha256WithRSAEncryption
         8b:d9:c8:44:29:17:41:d7:fc:e8:45:46:43:cb:6e:49:71:6f:
         96:49:e5:e3:3d:c4:a5:8e:d2:da:bc:d8:7c:84:fb:50:8e:46:
         e5:3e:e0:44:b1:5a:31:f3:8f:72:8b:1b:b7:03:65:d9:7b:60:
         53:bf:47:3c:ef:76:5a:14:6d:6a:1a:b2:ca:be:8f:a4:ea:a7:
         cb:fd:b5:f1:71:4d:10:9c:3d:03:b8:0d:59:e0:aa:38:07:fe:
         7e:fa:19:53:de:9c:d4:50:90:5f:e3:ed:66:69:16:87:34:f3:
         1b:c8:55:88:7c:76:55:c0:31:81:87:7d:1d:eb:a5:c7:80:0a:
         5d:55:f3:a5:d2:c9:6b:64:b8:e6:2f:84:c9:2a:2e:d1:49:6a:
         ac:f3:ec:1f:ec:95:c2:cc:22:3a:cb:80:b9:fc:5e:8d:bc:07:
         82:3e:d3:68:34:3e:5f:7d:5a:4a:a0:2f:35:6c:9f:e6:f9:a6:
         94:d4:47:f7:5a:b5:46:a3:16:9e:67:6d:71:d9:d8:22:35:9b:
         45:69:70:25:20:ad:ef:42:cc:32:fe:0d:79:d8:e3:98:91:8c:
         2a:5f:2b:d1:44:47:1d:e0:f4:d9:6b:f8:3c:d7:17:2d:37:2d:
         e5:95:64:e1:98:fe:8d:11:e6:d9:98:f2:ad:97:b8:a2:b6:71:
         71:97:43:25
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ3OjvAPsdCOUmJlm8d5H1bTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MmU5YzkxNDZlZDdiYzU4Yzg1Y2RhYjZlYjg1OGU0MjI4
NmVlZjQwHhcNMjYwNDI3MTA0OTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjIwZGI0MzRhZWExZWJjY2RjMDE3OTM3OWE5ZmZkNTNmMzMwODkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzo7hZRsT4mhBi8rFmQIq1VmwZBpG
ecuNnd34KkjttBkn1Y/+8OKxVsNp97tBxEJ/SEnUnMz3UwU/j/Nun0Br7QkjaLnA
STRQehHtQs/gxWoVKPYvy7dNH6UrwdJ2rwT+kveP0L8HTNuBfHFSGpaL8SutRnVo
A4TIIcoWtLAOC4FWrCzdKQdGeszJ8AXUJiI8nGAqdWDnA+TDlkVxNrSSpEeRETQT
61nLe3gnOKdXjjchzjVB72IteaM5fh/wDOTXqVVpSW9P9CKyNv5bTTjONetG/0X8
noXadeaRKEqagei3qWLbYpwXgslRzWokrPnYrWmASr3TFHcv+dPMp9JZewIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCsg20NK6h68zcAXk3mp/9U/MwiSMB8GA1UdIwQY
MBaAFPcunJFG7XvFjIXNq264WOQihu70MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXk2Y2tVYnRlOFdNaGMycmJyaFk1Q0tHN3ZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC81ZWZlZjQtNjI5OS00N2NjLWE5Y2Et
ZDUxNmYwZTE0ODdiLzEvS3lEYlEwcnFIcnpOd0JlVGVhbl8xVDh6Q0pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC81ZWZlZjQtNjI5OS00N2NjLWE5Y2EtZDUxNmYwZTE0ODdi
LzEvOXk2Y2tVYnRlOFdNaGMycmJyaFk1Q0tHN3ZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgHxQDAN
BgkqhkiG9w0BAQsFAAOCAQEAi9nIRCkXQdf86EVGQ8tuSXFvlknl4z3EpY7S2rzY
fIT7UI5G5T7gRLFaMfOPcosbtwNl2XtgU79HPO92WhRtahqyyr6PpOqny/218XFN
EJw9A7gNWeCqOAf+fvoZU96c1FCQX+PtZmkWhzTzG8hViHx2VcAxgYd9Heulx4AK
XVXzpdLJa2S45i+EySou0UlqrPPsH+yVwswiOsuAufxejbwHgj7TaDQ+X31aSqAv
NWyf5vmmlNRH91q1RqMWnmdtcdnYIjWbRWlwJSCt70LMMv4NedjjmJGMKl8r0URH
HeD02Wv4PNcXLTct5ZVk4Zj+jRHm2ZjyrZe4orZxcZdDJQ==
-----END CERTIFICATE-----