Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/b0711a-542f-4105-8045-54256917be5e/1/H6XYccC7fpMMsVAvJhpTJJjKAts.roa
File:                     H6XYccC7fpMMsVAvJhpTJJjKAts.roa (raw, json)
Hash identifier:          VBnY93gu3N5mykvYUP5adQhIP1FUaypyR6LQP53Vd6A=
Subject key identifier:   1F:A5:D8:71:C0:BB:7E:93:0C:B1:50:2F:26:1A:53:24:98:CA:02:DB
Certificate issuer:       /CN=29ddd647cbcc450e33f91019afbda97bbe9ee2a3
Certificate serial:       019B783431120862C9E0F12AEA9E9360EF6A
Authority key identifier: 29:DD:D6:47:CB:CC:45:0E:33:F9:10:19:AF:BD:A9:7B:BE:9E:E2:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kd3WR8vMRQ4z-RAZr72pe76e4qM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/b0711a-542f-4105-8045-54256917be5e/1/H6XYccC7fpMMsVAvJhpTJJjKAts.roa
Signing time:             Thu 01 Jan 2026 06:17:24 +0000
ROA not before:           Thu 01 Jan 2026 06:17:24 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12923
IP address blocks:        81.201.224.0/20 maxlen: 20
                          85.112.224.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/b0711a-542f-4105-8045-54256917be5e/1/Kd3WR8vMRQ4z-RAZr72pe76e4qM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/b0711a-542f-4105-8045-54256917be5e/1/Kd3WR8vMRQ4z-RAZr72pe76e4qM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kd3WR8vMRQ4z-RAZr72pe76e4qM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 15:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:34:31:12:08:62:c9:e0:f1:2a:ea:9e:93:60:ef:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29ddd647cbcc450e33f91019afbda97bbe9ee2a3
        Validity
            Not Before: Jan  1 06:17:24 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1fa5d871c0bb7e930cb1502f261a532498ca02db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:f0:ba:c2:4c:0b:b2:d4:08:4b:d8:a9:6a:42:
                    98:42:c2:77:48:c5:c6:0b:14:dc:5e:8d:a7:07:a5:
                    3f:e3:26:a4:3c:c8:2d:06:10:f8:72:a2:61:81:9f:
                    d2:e2:87:cc:ea:0a:c2:d7:11:19:5c:dc:03:e3:8d:
                    f4:80:3d:4a:e5:55:48:2f:01:ca:a5:d5:64:88:35:
                    96:69:b5:82:df:2d:e6:98:e4:98:11:cf:2e:bd:16:
                    29:9b:bb:35:0b:b5:4f:66:8e:36:2b:a3:df:48:63:
                    af:1a:25:c5:25:f6:33:53:83:f2:a5:af:11:a4:d3:
                    cd:5d:57:db:a3:91:23:39:be:f5:fb:56:95:a4:08:
                    03:da:5c:99:a4:58:1d:c1:c5:b4:1b:18:fb:03:24:
                    cb:0e:f1:7c:71:06:ea:75:8e:91:1e:57:a4:95:b1:
                    a0:0f:ed:81:be:0a:d8:00:f8:6f:89:1e:a6:c1:0e:
                    68:22:be:5b:b6:db:66:af:b4:50:05:53:a1:92:03:
                    8b:a5:70:0e:61:a8:a6:d9:38:c5:b4:6f:70:98:2f:
                    52:e7:f8:32:50:1e:dc:e5:34:b2:f5:50:1d:68:f7:
                    f6:5a:e2:3b:a1:de:d0:83:67:4c:19:36:fc:5a:c4:
                    e3:33:f3:98:0f:2b:b9:67:00:7a:63:ba:c4:50:9f:
                    7b:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:A5:D8:71:C0:BB:7E:93:0C:B1:50:2F:26:1A:53:24:98:CA:02:DB
            X509v3 Authority Key Identifier:
                keyid:29:DD:D6:47:CB:CC:45:0E:33:F9:10:19:AF:BD:A9:7B:BE:9E:E2:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kd3WR8vMRQ4z-RAZr72pe76e4qM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/b0711a-542f-4105-8045-54256917be5e/1/H6XYccC7fpMMsVAvJhpTJJjKAts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/b0711a-542f-4105-8045-54256917be5e/1/Kd3WR8vMRQ4z-RAZr72pe76e4qM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.201.224.0/20
                  85.112.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         29:28:b2:4b:c1:43:b0:42:e4:1d:db:7e:8c:d7:2f:51:17:a6:
         de:79:11:55:ee:36:37:3f:75:2e:95:99:f0:61:ed:92:77:05:
         af:27:0c:f1:a2:40:a8:c9:56:19:14:17:32:49:6c:fc:44:c8:
         23:27:91:00:a3:b5:f6:cd:3f:9c:ad:bf:60:82:42:2c:4c:03:
         de:82:b4:86:cc:cc:19:ea:3a:e5:28:eb:c8:ef:d5:5f:e3:b4:
         02:ac:4a:53:af:ff:79:58:54:1c:89:ba:c5:63:ef:3e:ca:43:
         25:9d:14:a1:b5:ea:ed:72:1b:83:a2:19:15:48:86:ae:c3:52:
         0f:7f:b1:f4:3d:5c:0d:d9:9f:fa:79:3c:5e:27:83:75:a4:f8:
         d8:cf:26:f7:78:59:0a:3a:fd:18:b7:7c:1d:3f:c4:71:58:7f:
         60:e2:54:57:37:67:26:78:3f:e1:80:07:b1:21:1e:68:d1:dc:
         f2:60:f9:2b:79:c1:ba:d4:23:01:82:a8:22:39:0c:26:cf:7f:
         12:98:81:11:91:a2:f1:a3:5c:35:59:10:18:4e:87:4b:28:77:
         f4:3d:4f:79:9a:29:8b:61:32:69:37:f0:34:19:50:b2:aa:99:
         44:23:55:f1:2b:61:77:6d:58:52:30:f1:39:61:37:2a:78:54:
         4d:1b:ab:77
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZt4NDESCGLJ4PEq6p6TYO9qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZGRkNjQ3Y2JjYzQ1MGUzM2Y5MTAxOWFmYmRhOTdiYmU5
ZWUyYTMwHhcNMjYwMTAxMDYxNzI0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmE1ZDg3MWMwYmI3ZTkzMGNiMTUwMmYyNjFhNTMyNDk4Y2EwMmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofC6wkwLstQIS9ipakKYQsJ3SMXG
CxTcXo2nB6U/4yakPMgtBhD4cqJhgZ/S4ofM6grC1xEZXNwD4430gD1K5VVILwHK
pdVkiDWWabWC3y3mmOSYEc8uvRYpm7s1C7VPZo42K6PfSGOvGiXFJfYzU4Pypa8R
pNPNXVfbo5EjOb71+1aVpAgD2lyZpFgdwcW0Gxj7AyTLDvF8cQbqdY6RHleklbGg
D+2BvgrYAPhviR6mwQ5oIr5btttmr7RQBVOhkgOLpXAOYaim2TjFtG9wmC9S5/gy
UB7c5TSy9VAdaPf2WuI7od7Qg2dMGTb8WsTjM/OYDyu5ZwB6Y7rEUJ97QwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB+l2HHAu36TDLFQLyYaUySYygLbMB8GA1UdIwQY
MBaAFCnd1kfLzEUOM/kQGa+9qXu+nuKjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2QzV1I4dk1SUTR6LVJBWnI3MnBlNzZlNHFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS9iMDcxMWEtNTQyZi00MTA1LTgwNDUt
NTQyNTY5MTdiZTVlLzEvSDZYWWNjQzdmcE1Nc1ZBdkpocFRKSmpLQXRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS9iMDcxMWEtNTQyZi00MTA1LTgwNDUtNTQyNTY5MTdiZTVl
LzEvS2QzV1I4dk1SUTR6LVJBWnI3MnBlNzZlNHFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEUcngAwQF
VXDgMA0GCSqGSIb3DQEBCwUAA4IBAQApKLJLwUOwQuQd236M1y9RF6beeRFV7jY3
P3UulZnwYe2SdwWvJwzxokCoyVYZFBcySWz8RMgjJ5EAo7X2zT+crb9ggkIsTAPe
grSGzMwZ6jrlKOvI79Vf47QCrEpTr/95WFQcibrFY+8+ykMlnRShtertchuDohkV
SIauw1IPf7H0PVwN2Z/6eTxeJ4N1pPjYzyb3eFkKOv0Yt3wdP8RxWH9g4lRXN2cm
eD/hgAexIR5o0dzyYPkrecG61CMBgqgiOQwmz38SmIERkaLxo1w1WRAYTodLKHf0
PU95mimLYTJpN/A0GVCyqplEI1XxK2F3bVhSMPE5YTcqeFRNG6t3
-----END CERTIFICATE-----