Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/z3_1G8CgfE6oP9uPEWYcgX3IIYE.roa
File:                     z3_1G8CgfE6oP9uPEWYcgX3IIYE.roa (raw, json)
Hash identifier:          SklYsH/HHgcy6F0ZuLZIi4Ak2XeqY3+5WS/N7IMLw48=
Subject key identifier:   CF:7F:F5:1B:C0:A0:7C:4E:A8:3F:DB:8F:11:66:1C:81:7D:C8:21:81
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019DE1271B65EF9901609F53F4B016D593EE
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/z3_1G8CgfE6oP9uPEWYcgX3IIYE.roa
Signing time:             Fri 01 May 2026 01:28:49 +0000
ROA not before:           Fri 01 May 2026 01:28:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201288
IP address blocks:        2a06:9801:9::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 13:34:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e1:27:1b:65:ef:99:01:60:9f:53:f4:b0:16:d5:93:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: May  1 01:28:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cf7ff51bc0a07c4ea83fdb8f11661c817dc82181
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:91:3d:c1:09:3e:2e:0c:be:a7:a6:04:55:be:
                    73:07:8f:78:fc:22:0a:16:f7:ab:48:16:be:42:d3:
                    e6:51:d3:7f:7b:94:29:c5:f9:fd:b7:cb:6a:1c:a9:
                    2a:2a:ad:8b:20:6e:d9:ec:66:6f:a7:f3:22:5e:96:
                    0a:89:fb:b2:c3:37:48:97:c5:24:98:65:1e:1f:19:
                    e1:a7:13:e3:9f:8a:98:8c:de:14:ba:85:ba:d4:ee:
                    af:56:66:cb:ea:8c:1c:a3:41:7f:6a:a4:d9:ce:bc:
                    22:56:cd:07:02:a9:56:ab:71:af:7b:3d:51:bf:91:
                    b8:8c:23:03:49:a2:db:64:30:19:4c:27:a6:fd:20:
                    17:02:b7:49:1f:a6:83:af:58:1b:11:b0:30:71:4e:
                    d6:79:ee:d4:d9:ac:4c:d9:28:cc:8c:f2:ef:73:57:
                    ea:7e:7d:13:61:a8:10:73:90:0c:68:4c:4c:bd:4e:
                    42:2a:6e:14:40:f4:fa:1c:32:e1:df:90:68:1c:1c:
                    ee:2b:ba:83:2b:13:78:4d:f3:f6:6c:f6:f6:db:4a:
                    a0:95:81:21:ff:69:d8:e7:97:12:5e:71:af:9c:94:
                    2b:bb:2b:55:d5:d9:93:f9:27:19:3e:6e:64:72:35:
                    d8:e7:b3:56:1b:85:6c:5a:c6:e9:6b:df:cf:b1:9b:
                    39:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:7F:F5:1B:C0:A0:7C:4E:A8:3F:DB:8F:11:66:1C:81:7D:C8:21:81
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/z3_1G8CgfE6oP9uPEWYcgX3IIYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:9::/48

    Signature Algorithm: sha256WithRSAEncryption
         6b:7d:8e:32:9b:30:04:ee:03:06:48:73:b9:ae:6e:c5:77:75:
         bc:d7:77:a6:7d:30:c1:d1:fc:24:20:b7:e3:0a:f0:7c:54:aa:
         d1:ab:1e:80:18:6c:cf:7a:bf:f6:d6:56:a6:9b:3f:98:ca:14:
         79:f9:e8:c8:3e:f8:a7:e7:eb:fe:1c:59:90:d1:9a:8c:e4:93:
         8f:70:d2:0e:92:2b:31:cb:80:fd:6b:e2:9b:84:a5:e2:31:b1:
         4f:ab:0d:2d:91:61:cb:5f:b8:aa:09:a3:ab:a1:49:f1:09:bf:
         e0:92:f2:e5:e7:eb:d3:1f:15:ce:62:2d:96:f0:57:55:6d:06:
         6f:ea:90:98:58:3a:45:6d:bc:1e:20:94:b9:95:d6:d3:ec:34:
         b6:61:c4:0c:3b:ff:7f:22:bf:a5:cf:f0:7c:0e:76:75:1a:2b:
         62:3a:24:13:45:4e:aa:8c:54:58:10:a4:50:6a:8f:ad:d9:8e:
         ee:24:e0:16:93:8b:2e:1a:34:12:e6:ca:03:72:59:25:b9:75:
         02:d9:af:6c:1d:61:9c:94:cd:5a:b3:b7:81:35:50:f8:bd:a5:
         06:40:7d:2e:c2:e5:e2:d7:fc:75:3c:4c:36:08:c5:87:72:fd:
         02:81:33:13:94:c5:ac:e3:e8:e3:c6:b4:e3:e1:5c:83:2b:c6:
         98:af:42:fd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ3hJxtl75kBYJ9T9LAW1ZPuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNTAxMDEyODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjdmZjUxYmMwYTA3YzRlYTgzZmRiOGYxMTY2MWM4MTdkYzgyMTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh5E9wQk+Lgy+p6YEVb5zB494/CIK
FverSBa+QtPmUdN/e5Qpxfn9t8tqHKkqKq2LIG7Z7GZvp/MiXpYKifuywzdIl8Uk
mGUeHxnhpxPjn4qYjN4UuoW61O6vVmbL6owco0F/aqTZzrwiVs0HAqlWq3Gvez1R
v5G4jCMDSaLbZDAZTCem/SAXArdJH6aDr1gbEbAwcU7Wee7U2axM2SjMjPLvc1fq
fn0TYagQc5AMaExMvU5CKm4UQPT6HDLh35BoHBzuK7qDKxN4TfP2bPb220qglYEh
/2nY55cSXnGvnJQruytV1dmT+ScZPm5kcjXY57NWG4VsWsbpa9/PsZs5CwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFM9/9RvAoHxOqD/bjxFmHIF9yCGBMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvejNfMUc4Q2dmRTZvUDl1UEVXWWNnWDNJSVlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQAJ
MA0GCSqGSIb3DQEBCwUAA4IBAQBrfY4ymzAE7gMGSHO5rm7Fd3W813emfTDB0fwk
ILfjCvB8VKrRqx6AGGzPer/21lammz+YyhR5+ejIPvin5+v+HFmQ0ZqM5JOPcNIO
kisxy4D9a+KbhKXiMbFPqw0tkWHLX7iqCaOroUnxCb/gkvLl5+vTHxXOYi2W8FdV
bQZv6pCYWDpFbbweIJS5ldbT7DS2YcQMO/9/Ir+lz/B8DnZ1GitiOiQTRU6qjFRY
EKRQao+t2Y7uJOAWk4suGjQS5soDclkluXUC2a9sHWGclM1as7eBNVD4vaUGQH0u
wuXi1/x1PEw2CMWHcv0CgTMTlMWs4+jjxrTj4VyDK8aYr0L9
-----END CERTIFICATE-----