Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/inO9L0kQX6rMzOR8bzieUxWa_-o.roa
File:                     inO9L0kQX6rMzOR8bzieUxWa_-o.roa (raw, json)
Hash identifier:          GsXdNVMzswsCXLLYGpUQbjGt/PwUQgF9qY8J+6Hs+Kc=
Subject key identifier:   8A:73:BD:2F:49:10:5F:AA:CC:CC:E4:7C:6F:38:9E:53:15:9A:FF:EA
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019CB64823BA3F50B4EE26B8C2B737DE49EB
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/inO9L0kQX6rMzOR8bzieUxWa_-o.roa
Signing time:             Wed 04 Mar 2026 00:38:26 +0000
ROA not before:           Wed 04 Mar 2026 00:38:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216006
IP address blocks:        2a06:9801:c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b6:48:23:ba:3f:50:b4:ee:26:b8:c2:b7:37:de:49:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Mar  4 00:38:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8a73bd2f49105faacccce47c6f389e53159affea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:f9:68:90:74:73:55:a5:59:34:66:08:e6:42:
                    78:9d:74:4d:dc:c7:d5:e0:62:46:68:33:bf:fd:2e:
                    e2:a8:91:89:76:f5:ce:c1:ac:81:90:61:62:ee:6a:
                    ab:82:53:50:56:c5:15:11:a8:93:b3:cf:de:2c:92:
                    ae:b1:08:9b:31:02:64:18:c3:62:06:08:db:39:6a:
                    b0:32:ff:43:9a:67:cc:cb:f5:3a:c8:6e:d4:c7:3b:
                    42:6d:52:45:3d:64:3c:26:aa:59:4c:c5:57:18:e2:
                    90:ed:76:5f:fa:d0:60:da:11:5f:58:34:07:54:b6:
                    c7:75:5f:8d:ee:8b:9b:e0:d5:99:c5:6b:d3:9e:74:
                    0f:72:f0:6c:6c:ac:2d:4a:fc:a0:7c:56:b8:46:98:
                    aa:99:7c:08:0e:2d:ec:2a:5d:4c:4b:0d:92:14:1e:
                    8e:95:a6:13:4c:1e:b8:ed:71:7a:b9:69:46:14:60:
                    b4:9e:e5:84:d8:52:bb:ad:ee:58:ca:ac:49:35:c2:
                    fa:71:2b:c9:26:f7:f3:83:35:31:1e:a2:ee:e2:94:
                    85:45:c9:ba:bb:fb:73:59:61:c8:b6:04:11:e5:78:
                    c4:9d:27:53:98:79:f7:2a:fa:51:01:33:07:c8:de:
                    2b:8b:1e:85:7b:6a:e8:b8:55:6e:24:c4:a2:78:b3:
                    a2:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:73:BD:2F:49:10:5F:AA:CC:CC:E4:7C:6F:38:9E:53:15:9A:FF:EA
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/inO9L0kQX6rMzOR8bzieUxWa_-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         a0:cd:2f:c6:2e:b5:bf:b8:34:da:9a:d9:d6:4a:33:46:40:a3:
         41:75:6b:ea:07:bd:6c:98:0d:69:91:7a:a5:b3:64:93:23:02:
         be:66:92:f2:5e:6b:cf:81:f3:e6:d6:0c:fd:41:f1:4d:cb:66:
         4f:3e:81:c5:56:a0:7c:2e:9c:ff:52:4c:27:4b:1f:d2:bc:87:
         cf:6d:14:2f:d4:be:1f:a8:0c:b0:eb:e1:01:f0:a4:3c:6c:ba:
         72:cd:80:99:3b:49:27:ea:21:10:3f:ea:04:3c:6f:70:8a:9e:
         e7:e9:5e:27:d1:df:5f:9d:e0:a5:5f:d3:00:5a:f3:7a:49:3d:
         74:85:87:40:e0:49:4c:96:c5:7d:50:da:6d:60:97:8b:01:72:
         7b:a2:67:84:b4:c5:66:ae:be:c0:ae:8f:b8:90:d9:34:96:81:
         4e:11:4e:f2:2b:81:09:2f:5a:50:91:3c:c9:e9:74:db:fb:88:
         50:c5:b8:1f:b4:29:96:fb:e7:e5:96:b2:70:f2:b9:be:54:e6:
         09:ff:c0:33:25:02:61:b0:40:2b:e4:bd:33:fc:f0:db:c5:4f:
         e2:9d:a8:56:eb:e8:99:74:77:0b:0f:3d:6e:73:b2:2d:f0:21:
         b9:4a:b7:7c:d6:98:b7:d3:25:4f:42:e0:66:19:a5:c2:a1:70:
         1a:1b:a4:8c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZy2SCO6P1C07ia4wrc33knrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwMzA0MDAzODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTczYmQyZjQ5MTA1ZmFhY2NjY2U0N2M2ZjM4OWU1MzE1OWFmZmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0/lokHRzVaVZNGYI5kJ4nXRN3MfV
4GJGaDO//S7iqJGJdvXOwayBkGFi7mqrglNQVsUVEaiTs8/eLJKusQibMQJkGMNi
BgjbOWqwMv9DmmfMy/U6yG7UxztCbVJFPWQ8JqpZTMVXGOKQ7XZf+tBg2hFfWDQH
VLbHdV+N7oub4NWZxWvTnnQPcvBsbKwtSvygfFa4RpiqmXwIDi3sKl1MSw2SFB6O
laYTTB647XF6uWlGFGC0nuWE2FK7re5YyqxJNcL6cSvJJvfzgzUxHqLu4pSFRcm6
u/tzWWHItgQR5XjEnSdTmHn3KvpRATMHyN4rix6Fe2rouFVuJMSieLOi3QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIpzvS9JEF+qzMzkfG84nlMVmv/qMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvaW5POUwwa1FYNnJNek9SOGJ6aWVVeFdhXy1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQDA
MA0GCSqGSIb3DQEBCwUAA4IBAQCgzS/GLrW/uDTamtnWSjNGQKNBdWvqB71smA1p
kXqls2STIwK+ZpLyXmvPgfPm1gz9QfFNy2ZPPoHFVqB8Lpz/UkwnSx/SvIfPbRQv
1L4fqAyw6+EB8KQ8bLpyzYCZO0kn6iEQP+oEPG9wip7n6V4n0d9fneClX9MAWvN6
ST10hYdA4ElMlsV9UNptYJeLAXJ7omeEtMVmrr7Aro+4kNk0loFOEU7yK4EJL1pQ
kTzJ6XTb+4hQxbgftCmW++fllrJw8rm+VOYJ/8AzJQJhsEAr5L0z/PDbxU/inahW
6+iZdHcLDz1uc7It8CG5Srd81pi30yVPQuBmGaXCoXAaG6SM
-----END CERTIFICATE-----