Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/uxP2btUVqDDTPgrcrXm_2XyCXB4.roa
File:                     uxP2btUVqDDTPgrcrXm_2XyCXB4.roa (raw, json)
Hash identifier:          1rHCQ1A1X05Tdo4DtWwyV7SjWqHRXqbyg277mgcG2pM=
Subject key identifier:   BB:13:F6:6E:D5:15:A8:30:D3:3E:0A:DC:AD:79:BF:D9:7C:82:5C:1E
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019D228DE9B187569D327230F701C25301E4
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/uxP2btUVqDDTPgrcrXm_2XyCXB4.roa
Signing time:             Wed 25 Mar 2026 01:13:38 +0000
ROA not before:           Wed 25 Mar 2026 01:13:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199874
IP address blocks:        2a06:9801:225::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:22:8d:e9:b1:87:56:9d:32:72:30:f7:01:c2:53:01:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Mar 25 01:13:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bb13f66ed515a830d33e0adcad79bfd97c825c1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:7d:44:6a:db:f6:7e:c8:c5:45:20:4e:8e:3a:
                    ed:8d:c3:3c:53:d6:3c:4f:7c:41:4c:f4:61:41:52:
                    fd:1d:c5:5c:c9:0a:be:59:31:4d:9a:05:d0:4f:93:
                    1c:f5:f4:89:2e:49:00:6f:19:1c:93:01:2e:8e:ad:
                    88:03:58:32:f3:40:e0:d8:dd:29:96:d4:35:bd:c4:
                    df:ed:f2:63:d5:78:43:a1:08:56:e9:e5:48:4c:81:
                    3b:54:da:c6:f5:d8:39:87:1c:2f:3b:5e:68:ce:85:
                    0c:d8:47:cc:10:da:f4:3c:50:9b:3f:5d:d2:27:b7:
                    5d:6e:a4:41:73:f4:70:b2:43:64:8c:53:60:ef:7b:
                    25:3b:9a:7a:28:3f:2e:38:06:0a:16:1a:32:92:4b:
                    9e:86:cc:73:12:67:53:62:69:19:08:ba:37:58:67:
                    ce:9d:7a:0c:cf:9c:d6:05:1b:af:5e:c9:b8:94:f6:
                    6e:78:b1:6a:34:6a:d8:e7:ab:eb:8e:92:16:a2:b7:
                    91:05:17:9c:2b:73:7b:20:56:b3:b4:aa:92:9e:61:
                    0b:7b:1d:a7:0c:76:8f:7e:8a:67:92:f4:ef:5b:83:
                    2f:70:5d:09:05:2b:73:f4:8e:91:51:1e:35:ae:25:
                    2c:d0:62:bb:ef:f4:64:49:b9:2d:60:f4:01:25:d0:
                    d8:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:13:F6:6E:D5:15:A8:30:D3:3E:0A:DC:AD:79:BF:D9:7C:82:5C:1E
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/uxP2btUVqDDTPgrcrXm_2XyCXB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:225::/48

    Signature Algorithm: sha256WithRSAEncryption
         b7:1c:18:d4:10:ce:6f:ff:82:bf:c8:c7:21:40:8f:77:ad:ef:
         95:65:fc:39:6b:e0:ab:23:9f:81:84:7a:1d:1f:e2:6b:e7:d7:
         c8:0f:a9:ce:f0:8b:f5:ba:a5:7e:a4:a0:b7:04:c0:74:23:6b:
         83:53:ae:67:47:21:b7:c5:4d:e5:92:71:bb:6e:72:66:6b:d7:
         f0:17:ff:a0:0f:1e:59:af:73:55:e0:10:85:48:79:52:8b:84:
         f9:bd:d0:44:db:03:32:ab:db:0d:7c:de:68:c4:73:60:d7:76:
         a8:0d:9a:c4:ab:15:28:86:2c:a5:ca:2d:0f:e5:55:a4:3e:60:
         02:45:6d:95:59:b8:23:12:ff:86:a7:d1:50:2c:59:7f:bf:45:
         18:f2:2c:9f:ca:b5:23:d9:96:e8:33:3f:67:70:c4:d1:9d:3b:
         ec:fc:4d:f2:05:01:19:13:06:35:ef:81:36:fa:52:f5:dd:7a:
         1d:83:a1:a9:a1:6b:56:d3:46:fd:28:5f:1a:01:69:6d:bb:b3:
         c4:a5:68:53:bf:85:79:12:33:22:fb:04:45:ba:93:c1:fb:ee:
         16:bf:96:ea:bf:14:27:ab:51:c6:72:85:0c:49:03:93:26:01:
         5a:d8:3d:7f:57:c8:6e:8a:34:55:d7:fc:70:ba:c3:8e:19:39:
         5e:eb:b7:26
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ0ijemxh1adMnIw9wHCUwHkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwMzI1MDExMzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjEzZjY2ZWQ1MTVhODMwZDMzZTBhZGNhZDc5YmZkOTdjODI1YzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu31Eatv2fsjFRSBOjjrtjcM8U9Y8
T3xBTPRhQVL9HcVcyQq+WTFNmgXQT5Mc9fSJLkkAbxkckwEujq2IA1gy80Dg2N0p
ltQ1vcTf7fJj1XhDoQhW6eVITIE7VNrG9dg5hxwvO15ozoUM2EfMENr0PFCbP13S
J7ddbqRBc/RwskNkjFNg73slO5p6KD8uOAYKFhoykkuehsxzEmdTYmkZCLo3WGfO
nXoMz5zWBRuvXsm4lPZueLFqNGrY56vrjpIWoreRBRecK3N7IFaztKqSnmELex2n
DHaPfopnkvTvW4MvcF0JBStz9I6RUR41riUs0GK77/RkSbktYPQBJdDYUQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLsT9m7VFagw0z4K3K15v9l8glweMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvdXhQMmJ0VVZxRERUUGdyY3JYbV8yWHlDWEI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQIl
MA0GCSqGSIb3DQEBCwUAA4IBAQC3HBjUEM5v/4K/yMchQI93re+VZfw5a+CrI5+B
hHodH+Jr59fID6nO8Iv1uqV+pKC3BMB0I2uDU65nRyG3xU3lknG7bnJma9fwF/+g
Dx5Zr3NV4BCFSHlSi4T5vdBE2wMyq9sNfN5oxHNg13aoDZrEqxUohiylyi0P5VWk
PmACRW2VWbgjEv+Gp9FQLFl/v0UY8iyfyrUj2ZboMz9ncMTRnTvs/E3yBQEZEwY1
74E2+lL13Xodg6GpoWtW00b9KF8aAWltu7PEpWhTv4V5EjMi+wRFupPB++4Wv5bq
vxQnq1HGcoUMSQOTJgFa2D1/V8huijRV1/xwusOOGTle67cm
-----END CERTIFICATE-----