Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/x7wQ_mkhJS4S6guG1_ezRaaLKfM.roa
File:                     x7wQ_mkhJS4S6guG1_ezRaaLKfM.roa (raw, json)
Hash identifier:          OMgZlgtZe2wH+DLCJVHRvw5cJEznZp7JkYRTk2EFvCw=
Subject key identifier:   C7:BC:10:FE:69:21:25:2E:12:EA:0B:86:D7:F7:B3:45:A6:8B:29:F3
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019DCF73D19A4491BC79E48696AD7FCAD2FB
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/x7wQ_mkhJS4S6guG1_ezRaaLKfM.roa
Signing time:             Mon 27 Apr 2026 14:59:27 +0000
ROA not before:           Mon 27 Apr 2026 14:59:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199686
IP address blocks:        2a06:9801:260::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 13:34:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:cf:73:d1:9a:44:91:bc:79:e4:86:96:ad:7f:ca:d2:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Apr 27 14:59:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c7bc10fe6921252e12ea0b86d7f7b345a68b29f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:a8:b5:36:ae:54:6c:31:40:2d:a2:b9:5b:c5:
                    51:39:f3:0c:42:65:d4:58:68:7f:c2:7c:f9:44:3b:
                    79:be:24:8b:c5:9e:28:44:0d:85:a6:c9:7b:2c:46:
                    25:6d:bf:6b:31:dc:cc:22:78:35:fb:c9:bc:59:60:
                    33:c3:d7:44:a8:54:cb:70:9f:1e:87:60:96:b7:ac:
                    79:02:a5:d2:31:c9:56:8e:30:b4:d7:73:65:a2:2d:
                    38:09:2f:dc:20:4e:1e:a0:d5:5c:5d:b4:67:3c:d4:
                    94:c4:57:30:b1:3d:b3:db:3e:43:60:49:13:95:ea:
                    cb:68:84:70:8d:e2:b3:0a:55:96:b5:ed:3d:45:98:
                    cf:23:97:8b:c5:0c:00:11:ca:e0:8b:2e:ac:ec:31:
                    7e:ec:36:ab:db:51:a9:42:10:6f:89:44:a0:7a:f3:
                    0e:69:c3:b3:e7:34:e7:61:8b:8f:13:80:a0:ab:4c:
                    07:44:23:84:65:fd:a9:97:41:7a:bf:e4:cd:7d:b5:
                    52:0b:43:ae:4c:d1:90:42:66:db:b4:13:2e:e5:9c:
                    60:fa:74:cd:d2:2c:5b:e1:36:f0:98:a1:a3:b4:c2:
                    e2:24:37:5e:c0:d3:56:52:79:eb:3b:ea:28:16:86:
                    2e:8a:73:2c:aa:d2:69:94:8e:74:de:4a:d4:e6:0f:
                    d9:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:BC:10:FE:69:21:25:2E:12:EA:0B:86:D7:F7:B3:45:A6:8B:29:F3
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/x7wQ_mkhJS4S6guG1_ezRaaLKfM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:260::/48

    Signature Algorithm: sha256WithRSAEncryption
         89:df:1d:cc:17:63:8d:97:b9:21:95:84:69:7d:ff:47:20:12:
         7d:e9:c4:60:92:07:b2:74:04:5c:f8:55:24:9e:18:8f:1b:de:
         94:d6:9f:1b:08:a6:3d:94:da:27:09:ea:86:75:fa:bb:a4:d7:
         f3:e8:ed:e0:60:d0:73:f7:e7:a9:f9:ad:91:cb:68:86:98:e9:
         bc:63:92:5e:bd:91:2c:32:6f:22:77:0a:e3:48:1e:03:9f:28:
         74:c5:d8:ec:cf:14:f3:c5:8d:0d:68:06:c8:f3:0d:2a:9f:28:
         88:07:a7:37:3a:56:58:15:09:11:25:57:5e:94:a1:c7:e1:b3:
         d4:2e:a6:0f:31:0b:9e:a2:30:ff:31:69:19:05:9b:f9:e5:70:
         50:23:63:6d:01:90:9c:09:48:21:e4:8f:89:f6:aa:15:f1:52:
         e8:7c:61:cd:5f:a6:b9:e6:c9:be:70:4e:8b:23:09:ef:d5:e7:
         ba:a4:e7:16:d8:82:96:31:fb:41:1c:c4:c9:86:69:33:91:c6:
         64:ac:e7:8e:3d:cf:d2:11:00:b1:e8:bd:dd:ca:40:81:72:a5:
         68:3f:19:79:9c:69:9f:e9:d3:a1:30:5c:87:29:9b:0c:8a:f9:
         fe:96:9c:09:92:59:19:b3:b9:4a:ab:12:9a:b5:cc:8c:18:fd:
         63:5b:d3:aa
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ3Pc9GaRJG8eeSGlq1/ytL7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNDI3MTQ1OTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2JjMTBmZTY5MjEyNTJlMTJlYTBiODZkN2Y3YjM0NWE2OGIyOWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi6i1Nq5UbDFALaK5W8VROfMMQmXU
WGh/wnz5RDt5viSLxZ4oRA2Fpsl7LEYlbb9rMdzMIng1+8m8WWAzw9dEqFTLcJ8e
h2CWt6x5AqXSMclWjjC013Nloi04CS/cIE4eoNVcXbRnPNSUxFcwsT2z2z5DYEkT
lerLaIRwjeKzClWWte09RZjPI5eLxQwAEcrgiy6s7DF+7Dar21GpQhBviUSgevMO
acOz5zTnYYuPE4Cgq0wHRCOEZf2pl0F6v+TNfbVSC0OuTNGQQmbbtBMu5Zxg+nTN
0ixb4TbwmKGjtMLiJDdewNNWUnnrO+ooFoYuinMsqtJplI503krU5g/ZuwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMe8EP5pISUuEuoLhtf3s0WmiynzMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEveDd3UV9ta2hKUzRTNmd1RzFfZXpSYWFMS2ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQJg
MA0GCSqGSIb3DQEBCwUAA4IBAQCJ3x3MF2ONl7khlYRpff9HIBJ96cRgkgeydARc
+FUknhiPG96U1p8bCKY9lNonCeqGdfq7pNfz6O3gYNBz9+ep+a2Ry2iGmOm8Y5Je
vZEsMm8idwrjSB4Dnyh0xdjszxTzxY0NaAbI8w0qnyiIB6c3OlZYFQkRJVdelKHH
4bPULqYPMQueojD/MWkZBZv55XBQI2NtAZCcCUgh5I+J9qoV8VLofGHNX6a55sm+
cE6LIwnv1ee6pOcW2IKWMftBHMTJhmkzkcZkrOeOPc/SEQCx6L3dykCBcqVoPxl5
nGmf6dOhMFyHKZsMivn+lpwJklkZs7lKqxKatcyMGP1jW9Oq
-----END CERTIFICATE-----