Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/58df00-9ddb-4fd5-b65c-6cfdc2877518/1/IBxQMw202wI9H-2El0dEcabarmQ.roa
File:                     IBxQMw202wI9H-2El0dEcabarmQ.roa (raw, json)
Hash identifier:          nV5yVbote6ZsQPTplfUETazD8sVRzYP39kvT+GSB85A=
Subject key identifier:   20:1C:50:33:0D:B4:DB:02:3D:1F:ED:84:97:47:44:71:A6:DA:AE:64
Certificate issuer:       /CN=961727130c259990b005ea9433b57e0792f1af15
Certificate serial:       019CF5E67FF3441E096657E7BE3C5C7D3666
Authority key identifier: 96:17:27:13:0C:25:99:90:B0:05:EA:94:33:B5:7E:07:92:F1:AF:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lhcnEwwlmZCwBeqUM7V-B5LxrxU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/58df00-9ddb-4fd5-b65c-6cfdc2877518/1/IBxQMw202wI9H-2El0dEcabarmQ.roa
Signing time:             Mon 16 Mar 2026 09:07:29 +0000
ROA not before:           Mon 16 Mar 2026 09:07:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201816
IP address blocks:        2001:67c:678::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/58df00-9ddb-4fd5-b65c-6cfdc2877518/1/lhcnEwwlmZCwBeqUM7V-B5LxrxU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/58df00-9ddb-4fd5-b65c-6cfdc2877518/1/lhcnEwwlmZCwBeqUM7V-B5LxrxU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lhcnEwwlmZCwBeqUM7V-B5LxrxU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 03:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f5:e6:7f:f3:44:1e:09:66:57:e7:be:3c:5c:7d:36:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=961727130c259990b005ea9433b57e0792f1af15
        Validity
            Not Before: Mar 16 09:07:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=201c50330db4db023d1fed8497474471a6daae64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:bf:1b:66:77:7b:41:8d:83:b7:b6:0a:05:50:
                    4e:4e:38:f1:51:74:df:4f:43:2d:fb:ce:83:67:4b:
                    5b:f1:e9:a4:d8:2e:bb:51:df:d4:2a:f4:f6:eb:15:
                    d0:ba:83:25:bf:77:f2:17:d1:d7:65:31:a1:31:80:
                    ab:7d:3c:04:26:f3:4e:c8:80:f5:f4:42:64:bc:38:
                    a3:58:1a:f8:74:95:81:23:ed:94:b5:39:75:0c:63:
                    00:65:f2:24:6a:b3:a4:94:37:06:00:48:0e:60:e9:
                    7e:d7:d6:82:d9:4b:ef:ef:75:ba:15:4a:16:f0:53:
                    15:79:bb:4c:45:20:79:ad:67:a6:59:a6:1f:1a:b0:
                    f6:72:ed:43:da:22:7e:5c:2b:20:86:4f:13:26:db:
                    bb:e2:81:9d:08:24:8d:e0:7f:8d:88:d0:24:bb:a6:
                    46:5f:76:82:02:b1:df:f4:fb:2d:35:e2:b5:6c:b4:
                    2a:d8:8b:e9:63:8b:85:8b:e6:ae:06:ec:83:52:c5:
                    92:c9:45:a3:fa:8f:f4:89:17:52:f8:87:03:b3:0c:
                    4c:16:33:1a:51:c5:81:b2:48:d3:2d:c7:d0:e2:52:
                    56:cb:25:f4:b7:13:c7:7e:4d:b3:ec:81:22:12:71:
                    4e:35:0b:c8:57:84:b7:c8:c0:c9:84:78:8c:87:1b:
                    06:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:1C:50:33:0D:B4:DB:02:3D:1F:ED:84:97:47:44:71:A6:DA:AE:64
            X509v3 Authority Key Identifier:
                keyid:96:17:27:13:0C:25:99:90:B0:05:EA:94:33:B5:7E:07:92:F1:AF:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lhcnEwwlmZCwBeqUM7V-B5LxrxU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/58df00-9ddb-4fd5-b65c-6cfdc2877518/1/IBxQMw202wI9H-2El0dEcabarmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/58df00-9ddb-4fd5-b65c-6cfdc2877518/1/lhcnEwwlmZCwBeqUM7V-B5LxrxU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:678::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:d6:01:04:59:60:03:7b:b8:1f:f2:e8:65:c8:8e:62:f1:e9:
         b8:95:41:39:e0:95:2a:cd:f1:f8:d3:81:96:01:5a:32:d2:f4:
         17:e5:55:22:fd:0a:a1:7d:70:db:cf:4e:bf:d4:30:7b:6b:e8:
         27:dd:33:fb:2d:85:a6:69:c9:b3:f9:d7:83:01:6c:49:99:5b:
         ee:f7:1a:ec:e8:68:22:b6:4e:4c:27:18:23:ff:2f:16:87:f2:
         e5:bd:46:6c:ea:4f:67:a8:ba:f0:84:41:17:b6:29:71:cf:44:
         81:3a:f9:89:77:45:14:ad:fd:0c:d7:7e:2d:cb:81:65:6f:b4:
         57:43:99:df:92:ac:c8:10:ad:f3:48:fb:1b:d0:4b:9d:d0:70:
         0c:b4:f5:52:39:1c:3c:f5:ab:c6:b7:a3:0f:86:5d:ef:ff:b9:
         5c:71:c0:54:da:07:f0:69:95:19:33:27:d7:21:2e:88:30:48:
         51:aa:db:85:3b:2b:0b:be:b5:02:e1:df:67:a1:74:db:af:2f:
         15:30:62:34:89:14:1e:41:6c:f7:28:6f:45:0b:31:3d:b7:9e:
         64:59:41:82:d3:06:81:fe:80:8e:8c:ea:a8:1b:b7:2e:a4:19:
         bc:24:e0:56:63:c0:eb:b2:41:33:76:ed:83:86:33:83:07:f5:
         87:9b:66:ff
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZz15n/zRB4JZlfnvjxcfTZmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2MTcyNzEzMGMyNTk5OTBiMDA1ZWE5NDMzYjU3ZTA3OTJm
MWFmMTUwHhcNMjYwMzE2MDkwNzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDFjNTAzMzBkYjRkYjAyM2QxZmVkODQ5NzQ3NDQ3MWE2ZGFhZTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtL8bZnd7QY2Dt7YKBVBOTjjxUXTf
T0Mt+86DZ0tb8emk2C67Ud/UKvT26xXQuoMlv3fyF9HXZTGhMYCrfTwEJvNOyID1
9EJkvDijWBr4dJWBI+2UtTl1DGMAZfIkarOklDcGAEgOYOl+19aC2Uvv73W6FUoW
8FMVebtMRSB5rWemWaYfGrD2cu1D2iJ+XCsghk8TJtu74oGdCCSN4H+NiNAku6ZG
X3aCArHf9PstNeK1bLQq2IvpY4uFi+auBuyDUsWSyUWj+o/0iRdS+IcDswxMFjMa
UcWBskjTLcfQ4lJWyyX0txPHfk2z7IEiEnFONQvIV4S3yMDJhHiMhxsG2wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCAcUDMNtNsCPR/thJdHRHGm2q5kMB8GA1UdIwQY
MBaAFJYXJxMMJZmQsAXqlDO1fgeS8a8VMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGhjbkV3d2xtWkN3QmVxVU03Vi1CNUx4cnhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC81OGRmMDAtOWRkYi00ZmQ1LWI2NWMt
NmNmZGMyODc3NTE4LzEvSUJ4UU13MjAyd0k5SC0yRWwwZEVjYWJhcm1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC81OGRmMDAtOWRkYi00ZmQ1LWI2NWMtNmNmZGMyODc3NTE4
LzEvbGhjbkV3d2xtWkN3QmVxVU03Vi1CNUx4cnhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAZ4
MA0GCSqGSIb3DQEBCwUAA4IBAQAg1gEEWWADe7gf8uhlyI5i8em4lUE54JUqzfH4
04GWAVoy0vQX5VUi/QqhfXDbz06/1DB7a+gn3TP7LYWmacmz+deDAWxJmVvu9xrs
6Ggitk5MJxgj/y8Wh/LlvUZs6k9nqLrwhEEXtilxz0SBOvmJd0UUrf0M134ty4Fl
b7RXQ5nfkqzIEK3zSPsb0Eud0HAMtPVSORw89avGt6MPhl3v/7lcccBU2gfwaZUZ
MyfXIS6IMEhRqtuFOysLvrUC4d9noXTbry8VMGI0iRQeQWz3KG9FCzE9t55kWUGC
0waB/oCOjOqoG7cupBm8JOBWY8DrskEzdu2DhjODB/WHm2b/
-----END CERTIFICATE-----