Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/8mrgxrdNZJ6NEQ9WslDyifjhRfw.roa
File:                     8mrgxrdNZJ6NEQ9WslDyifjhRfw.roa (raw, json)
Hash identifier:          tRlDuQB/OVh5N2PfJVm/f6JqzxBY+kWwLCQkGXjH2yw=
Subject key identifier:   F2:6A:E0:C6:B7:4D:64:9E:8D:11:0F:56:B2:50:F2:89:F8:E1:45:FC
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0199F47BD21B94F4D8C94EE4679491A2C9F9
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/8mrgxrdNZJ6NEQ9WslDyifjhRfw.roa
Signing time:             Fri 17 Oct 2025 23:22:59 +0000
ROA not before:           Fri 17 Oct 2025 23:22:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199340
IP address blocks:        2a06:de05:6000::/38 maxlen: 48
                          2a0e:97c2:dc00::/38 maxlen: 48
                          2a0e:b107:fa0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f4:7b:d2:1b:94:f4:d8:c9:4e:e4:67:94:91:a2:c9:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Oct 17 23:22:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f26ae0c6b74d649e8d110f56b250f289f8e145fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:96:f5:21:cb:81:4f:d1:45:5a:e0:c1:94:97:
                    0e:09:46:4f:f8:70:3c:dc:41:d4:f7:61:61:6c:e2:
                    ab:46:b2:3b:91:8e:ff:df:f2:c3:89:61:8d:bb:54:
                    31:b1:f3:58:df:c8:6f:50:df:84:f2:53:b7:94:f9:
                    87:c2:78:81:8b:15:8c:33:04:1e:40:43:70:5f:ff:
                    77:a1:a6:91:16:98:6c:4e:da:c0:85:93:93:fb:4f:
                    d8:e0:db:b3:e9:66:a5:5e:84:2b:46:20:90:84:c3:
                    0a:7c:00:b3:2f:2a:37:1f:f6:b4:6d:38:ea:8e:9a:
                    db:a9:a1:c3:1f:ae:91:b0:c8:83:55:bd:6f:96:f1:
                    e9:d4:5c:e8:94:da:a7:a4:01:bd:ed:44:99:a1:19:
                    e4:45:b8:44:53:44:2d:00:d7:94:55:fa:a3:60:fc:
                    8b:83:8b:e6:ab:78:8f:8f:ac:99:3c:28:0a:45:fa:
                    28:8c:c0:b9:28:af:c6:9d:eb:99:1d:74:06:ba:48:
                    90:b5:10:87:9d:21:7c:7c:f5:94:b3:50:95:16:19:
                    f1:00:d6:7a:c2:73:9c:77:07:72:2e:ac:98:54:db:
                    7f:d3:bb:c9:67:8c:e4:75:d9:5a:50:3c:9d:b8:ea:
                    1c:e4:4a:ca:64:7f:80:9a:e3:57:28:36:1d:87:8d:
                    1e:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:6A:E0:C6:B7:4D:64:9E:8D:11:0F:56:B2:50:F2:89:F8:E1:45:FC
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/8mrgxrdNZJ6NEQ9WslDyifjhRfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:de05:6000::/38
                  2a0e:97c2:dc00::/38
                  2a0e:b107:fa0::/44

    Signature Algorithm: sha256WithRSAEncryption
         cc:e6:2d:53:78:09:11:94:50:18:53:ce:eb:18:29:aa:8c:b6:
         7c:dd:09:4d:7a:74:70:ad:a4:fb:99:69:ad:3b:69:bc:23:4f:
         e4:3f:c1:24:2b:b8:a8:a8:61:8d:fa:37:91:ed:a8:fb:4b:7d:
         19:7f:b3:05:8a:dc:62:57:40:0d:d9:eb:65:f3:57:8b:9b:fa:
         23:dc:ee:68:7d:e0:ae:e8:c9:d1:3c:b1:7d:e3:bc:8c:89:65:
         cc:23:4c:98:35:ad:1a:79:4d:97:71:8f:39:08:2a:77:c6:08:
         08:1f:be:a1:22:a2:e2:08:01:21:37:30:a0:a0:83:62:60:72:
         ae:47:f8:d9:e9:d4:47:41:98:cd:af:15:0b:bc:19:54:9e:18:
         24:88:e9:b0:f5:63:f1:f3:b0:11:89:f9:86:a2:5f:f1:ae:8a:
         aa:c2:60:36:3e:23:d5:cc:bf:39:c1:fb:5c:40:62:05:d2:49:
         3f:4b:f7:00:a7:23:d4:c2:50:64:bd:e1:35:ab:1f:34:9b:45:
         78:2b:7c:25:77:cc:e6:c5:1d:86:ce:8d:e6:90:37:9d:aa:77:
         20:c1:48:de:7d:b4:1b:a4:4e:da:c0:5b:c3:2f:fb:05:2d:27:
         98:2d:c3:bb:90:7d:ce:ba:a9:cc:5d:81:1c:c5:4d:ec:95:35:
         d5:9a:ec:35
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAZn0e9IblPTYyU7kZ5SRosn5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUxMDE3MjMyMjU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjZhZTBjNmI3NGQ2NDllOGQxMTBmNTZiMjUwZjI4OWY4ZTE0NWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Jb1IcuBT9FFWuDBlJcOCUZP+HA8
3EHU92FhbOKrRrI7kY7/3/LDiWGNu1QxsfNY38hvUN+E8lO3lPmHwniBixWMMwQe
QENwX/93oaaRFphsTtrAhZOT+0/Y4Nuz6WalXoQrRiCQhMMKfACzLyo3H/a0bTjq
jprbqaHDH66RsMiDVb1vlvHp1FzolNqnpAG97USZoRnkRbhEU0QtANeUVfqjYPyL
g4vmq3iPj6yZPCgKRfoojMC5KK/GneuZHXQGukiQtRCHnSF8fPWUs1CVFhnxANZ6
wnOcdwdyLqyYVNt/07vJZ4zkddlaUDyduOoc5ErKZH+AmuNXKDYdh40eLwIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFPJq4Ma3TWSejREPVrJQ8on44UX8MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvOG1yZ3hyZE5aSjZORVE5V3NsRHlpZmpoUmZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDIGCCsGAQUFBwEHAQH/BCMwITAfBAIAAjAZAwYCKgbeBWAD
BgIqDpfC3AMHBCoOsQcPoDANBgkqhkiG9w0BAQsFAAOCAQEAzOYtU3gJEZRQGFPO
6xgpqoy2fN0JTXp0cK2k+5lprTtpvCNP5D/BJCu4qKhhjfo3ke2o+0t9GX+zBYrc
YldADdnrZfNXi5v6I9zuaH3grujJ0TyxfeO8jIllzCNMmDWtGnlNl3GPOQgqd8YI
CB++oSKi4ggBITcwoKCDYmByrkf42enUR0GYza8VC7wZVJ4YJIjpsPVj8fOwEYn5
hqJf8a6KqsJgNj4j1cy/OcH7XEBiBdJJP0v3AKcj1MJQZL3hNasfNJtFeCt8JXfM
5sUdhs6N5pA3nap3IMFI3n20G6RO2sBbwy/7BS0nmC3Du5B9zrqpzF2BHMVN7JU1
1ZrsNQ==
-----END CERTIFICATE-----