Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/mIbPn5Fu1i-5d1fHezHRRGzZKrA.roa
File:                     mIbPn5Fu1i-5d1fHezHRRGzZKrA.roa (raw, json)
Hash identifier:          I/QPZ60E1dnV7fEylkUrWhV1PLhWOtr75mYtpDkfL/Q=
Subject key identifier:   98:86:CF:9F:91:6E:D6:2F:B9:77:57:C7:7B:31:D1:44:6C:D9:2A:B0
Certificate issuer:       /CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
Certificate serial:       019D249A822D865E3FAB0ABA91B26795CE4E
Authority key identifier: CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/mIbPn5Fu1i-5d1fHezHRRGzZKrA.roa
Signing time:             Wed 25 Mar 2026 10:46:38 +0000
ROA not before:           Wed 25 Mar 2026 10:46:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35810
IP address blocks:        2a14:a085::/32 maxlen: 32
                          2a14:a086::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:24:9a:82:2d:86:5e:3f:ab:0a:ba:91:b2:67:95:ce:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
        Validity
            Not Before: Mar 25 10:46:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9886cf9f916ed62fb97757c77b31d1446cd92ab0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:6a:d7:17:7b:50:df:9a:44:e1:23:90:6e:d6:
                    a3:6d:9c:01:cf:c7:dd:3a:75:cf:22:99:da:67:63:
                    98:e9:1b:90:3a:77:68:6e:db:69:73:63:04:50:59:
                    48:f6:8d:29:b8:f2:2b:2e:29:90:00:07:61:91:15:
                    3e:97:79:91:46:cf:94:00:5e:ed:60:a6:de:be:2c:
                    5f:28:e2:16:49:1c:49:d9:18:ae:3a:7f:fb:1c:29:
                    69:94:a9:ff:67:98:47:77:f7:6d:7a:6a:40:41:af:
                    cb:3a:80:2d:8f:56:a4:78:67:78:e2:13:68:03:93:
                    ed:32:4f:0e:11:ca:e4:26:0b:e4:cb:f5:f6:42:94:
                    5d:4c:08:5c:29:99:96:67:68:a7:b1:9b:e7:f5:03:
                    93:af:be:08:60:a6:13:c8:d7:a2:eb:b2:c1:13:7c:
                    45:aa:ff:1b:da:6d:fb:a5:dc:8e:6a:c1:21:55:9c:
                    94:25:fe:dd:42:eb:15:17:cd:41:73:c5:db:fa:be:
                    54:5e:89:07:f9:fa:ca:3e:5e:ae:72:c0:7e:f2:1e:
                    b9:f3:ae:1f:c4:51:48:14:3f:f7:d7:f6:ba:8d:8e:
                    1f:95:eb:ff:5d:d8:63:55:af:00:6f:b4:d3:9e:a2:
                    1e:09:71:32:1c:eb:ca:c1:b4:eb:a8:f4:a2:85:2c:
                    19:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:86:CF:9F:91:6E:D6:2F:B9:77:57:C7:7B:31:D1:44:6C:D9:2A:B0
            X509v3 Authority Key Identifier:
                keyid:CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/mIbPn5Fu1i-5d1fHezHRRGzZKrA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:a085::-2a14:a086:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         33:e2:7d:03:7d:70:41:1f:99:42:6e:4a:04:8b:2a:ea:71:7e:
         d1:47:2f:52:d6:9e:c3:10:fb:ca:1f:27:da:9e:5a:ad:3d:5b:
         8f:8c:98:1a:57:d2:df:bd:15:c2:ef:2b:02:91:f8:1c:20:f7:
         7c:15:5e:0c:40:82:5e:26:67:89:c2:b3:f0:4e:2d:4f:b5:91:
         3f:cc:82:08:5f:a1:b9:30:79:6c:ad:1c:d9:33:02:9e:ab:33:
         f5:68:d2:8d:66:ba:79:8c:a5:4f:f1:f9:ec:ea:ce:c6:c5:46:
         a1:99:ab:4e:44:ed:2d:07:9e:2d:b5:97:78:41:25:1f:a9:c2:
         1b:8b:fb:b3:87:79:e7:3d:ac:7e:40:e2:d6:d7:bd:39:2d:9b:
         6e:bb:2b:2b:7a:63:fe:a0:f5:58:16:33:32:26:40:dd:2d:54:
         cc:b0:06:62:39:f8:38:bf:59:3f:ef:5a:71:bb:bf:04:e5:77:
         74:2c:86:f5:94:21:41:71:e2:13:5b:5d:d7:4e:37:98:d5:a9:
         6c:91:f3:e3:7d:fd:90:77:d6:29:6b:e2:8d:9e:79:d5:e8:00:
         71:45:20:7b:cd:cc:80:db:e3:af:f8:b0:ee:7c:ba:93:00:6e:
         d0:94:1c:10:99:f4:05:7d:63:91:f2:d8:54:52:5e:03:b7:39:
         b6:92:76:0c
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZ0kmoIthl4/qwq6kbJnlc5OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNjQ0MWQ5ZDgwN2UwZDc4Y2U3NTIxM2ExMDM0MDBlZTE0
YTdjZGMwHhcNMjYwMzI1MTA0NjM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODg2Y2Y5ZjkxNmVkNjJmYjk3NzU3Yzc3YjMxZDE0NDZjZDkyYWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7GrXF3tQ35pE4SOQbtajbZwBz8fd
OnXPIpnaZ2OY6RuQOndobttpc2MEUFlI9o0puPIrLimQAAdhkRU+l3mRRs+UAF7t
YKbevixfKOIWSRxJ2RiuOn/7HClplKn/Z5hHd/dtempAQa/LOoAtj1akeGd44hNo
A5PtMk8OEcrkJgvky/X2QpRdTAhcKZmWZ2insZvn9QOTr74IYKYTyNei67LBE3xF
qv8b2m37pdyOasEhVZyUJf7dQusVF81Bc8Xb+r5UXokH+frKPl6ucsB+8h65864f
xFFIFD/31/a6jY4flev/XdhjVa8Ab7TTnqIeCXEyHOvKwbTrqPSihSwZewIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFJiGz5+RbtYvuXdXx3sx0URs2SqwMB8GA1UdIwQY
MBaAFMpkQdnYB+DXjOdSE6EDQA7hSnzcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYt
MmUyOGI5NjQ5OGE5LzEvbUliUG41RnUxaS01ZDFmSGV6SFJSR3paS3JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYtMmUyOGI5NjQ5OGE5
LzEveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQMA4DBQAqFKCF
AwUAKhSghjANBgkqhkiG9w0BAQsFAAOCAQEAM+J9A31wQR+ZQm5KBIsq6nF+0Ucv
UtaewxD7yh8n2p5arT1bj4yYGlfS370Vwu8rApH4HCD3fBVeDECCXiZnicKz8E4t
T7WRP8yCCF+huTB5bK0c2TMCnqsz9WjSjWa6eYylT/H57OrOxsVGoZmrTkTtLQee
LbWXeEElH6nCG4v7s4d55z2sfkDi1te9OS2bbrsrK3pj/qD1WBYzMiZA3S1UzLAG
Yjn4OL9ZP+9acbu/BOV3dCyG9ZQhQXHiE1td1043mNWpbJHz4339kHfWKWvijZ55
1egAcUUge83MgNvjr/iw7ny6kwBu0JQcEJn0BX1jkfLYVFJeA7c5tpJ2DA==
-----END CERTIFICATE-----