Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/TJ4OstfbjQW62VFHQjeqejGYDRo.roa
File:                     TJ4OstfbjQW62VFHQjeqejGYDRo.roa (raw, json)
Hash identifier:          jz3QR2kYl5MORPlY9TIFJwv2Xga9IKh/vFuePDVvWnY=
Subject key identifier:   4C:9E:0E:B2:D7:DB:8D:05:BA:D9:51:47:42:37:AA:7A:31:98:0D:1A
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       019E1C1292DAA7E7293082928FD4D7FDE9D5
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/TJ4OstfbjQW62VFHQjeqejGYDRo.roa
Signing time:             Tue 12 May 2026 12:03:59 +0000
ROA not before:           Tue 12 May 2026 12:03:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214238
IP address blocks:        2a09:e06::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:01:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1c:12:92:da:a7:e7:29:30:82:92:8f:d4:d7:fd:e9:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: May 12 12:03:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4c9e0eb2d7db8d05bad951474237aa7a31980d1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:93:3e:3e:f1:70:e3:49:f4:02:4b:82:63:ad:
                    1b:86:b6:22:84:fd:e8:e4:ee:32:29:8b:93:05:fa:
                    3b:cf:25:11:71:2a:53:f1:9b:22:0f:b5:cd:7b:9e:
                    4b:7b:a8:7f:81:53:46:be:fa:77:28:64:7a:18:47:
                    40:56:8c:a8:24:e8:16:94:ba:82:c1:89:be:48:35:
                    a4:94:3a:43:24:34:ea:34:6f:f3:80:f0:46:b9:d6:
                    7e:4e:91:a4:8d:ec:0d:83:8f:b5:a6:5c:90:59:a7:
                    db:30:a8:e9:2c:d7:de:a8:ac:65:9b:98:42:51:95:
                    df:74:c8:81:d0:d2:8b:10:97:8a:16:93:6c:c5:33:
                    75:a1:21:1c:34:87:c3:08:b4:4b:ed:c8:bc:dd:af:
                    ad:c2:5d:76:a6:04:d1:76:a6:59:ff:8a:8c:fa:c0:
                    4f:9e:9c:93:47:2e:ad:66:18:84:02:3d:40:b7:c0:
                    32:6a:97:a0:7c:35:c2:28:85:07:a6:87:61:ea:20:
                    76:00:10:40:11:44:4a:8d:79:aa:23:12:5f:de:1d:
                    11:40:f2:09:2b:d1:12:05:45:90:60:94:cb:fe:fe:
                    05:70:32:e9:7e:8e:69:3c:43:80:a3:88:79:f1:18:
                    d7:5c:cd:63:e2:d8:a5:be:9b:20:37:ac:18:ea:31:
                    24:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:9E:0E:B2:D7:DB:8D:05:BA:D9:51:47:42:37:AA:7A:31:98:0D:1A
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/TJ4OstfbjQW62VFHQjeqejGYDRo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:e06::/32

    Signature Algorithm: sha256WithRSAEncryption
         27:30:80:05:32:87:af:2d:d4:34:7a:10:b1:50:e7:90:f7:4f:
         77:f0:c2:36:1e:21:eb:58:01:99:94:9d:85:0f:88:01:b4:57:
         01:96:af:eb:57:37:b2:43:66:ed:ae:33:39:21:d6:5a:94:ba:
         b5:c6:19:8d:14:b9:c9:82:64:c1:85:a7:da:4a:35:bf:a3:1c:
         12:74:e4:53:57:b4:9f:65:c7:f7:65:64:43:18:a7:f0:c7:0b:
         48:29:eb:d4:57:87:19:be:54:02:56:7d:35:1f:5c:f2:78:b2:
         2e:56:81:7e:a9:ce:ef:12:83:72:a8:5e:27:37:53:ae:7f:f9:
         d7:be:15:d0:f5:27:49:9c:17:f1:50:db:05:53:06:ce:9b:88:
         79:fe:f2:dc:81:c5:3f:4c:25:35:4a:3f:31:43:c4:60:1d:a8:
         d6:e8:ad:1b:c1:00:0e:db:b7:ee:6c:c6:28:d1:f9:53:d5:f5:
         c5:05:b2:ca:6b:ff:6f:95:24:e0:69:f6:88:cf:e8:b2:68:17:
         78:b2:dc:63:d5:82:c5:28:e0:56:6d:90:87:bb:08:99:5d:a7:
         64:ed:5c:26:49:18:49:e8:b0:bf:55:c6:58:84:7d:45:81:8e:
         9c:de:51:32:72:9b:c7:73:2a:15:82:6c:05:52:f4:44:c4:bc:
         4e:21:10:00
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ4cEpLap+cpMIKSj9TX/enVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjYwNTEyMTIwMzU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzllMGViMmQ3ZGI4ZDA1YmFkOTUxNDc0MjM3YWE3YTMxOTgwZDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpM+PvFw40n0AkuCY60bhrYihP3o
5O4yKYuTBfo7zyURcSpT8ZsiD7XNe55Le6h/gVNGvvp3KGR6GEdAVoyoJOgWlLqC
wYm+SDWklDpDJDTqNG/zgPBGudZ+TpGkjewNg4+1plyQWafbMKjpLNfeqKxlm5hC
UZXfdMiB0NKLEJeKFpNsxTN1oSEcNIfDCLRL7ci83a+twl12pgTRdqZZ/4qM+sBP
npyTRy6tZhiEAj1At8AyapegfDXCKIUHpodh6iB2ABBAEURKjXmqIxJf3h0RQPIJ
K9ESBUWQYJTL/v4FcDLpfo5pPEOAo4h58RjXXM1j4tilvpsgN6wY6jEkJwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEyeDrLX240FutlRR0I3qnoxmA0aMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvVEo0T3N0ZmJqUVc2MlZGSFFqZXFlakdZRFJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgkOBjAN
BgkqhkiG9w0BAQsFAAOCAQEAJzCABTKHry3UNHoQsVDnkPdPd/DCNh4h61gBmZSd
hQ+IAbRXAZav61c3skNm7a4zOSHWWpS6tcYZjRS5yYJkwYWn2ko1v6McEnTkU1e0
n2XH92VkQxin8McLSCnr1FeHGb5UAlZ9NR9c8niyLlaBfqnO7xKDcqheJzdTrn/5
174V0PUnSZwX8VDbBVMGzpuIef7y3IHFP0wlNUo/MUPEYB2o1uitG8EADtu37mzG
KNH5U9X1xQWyymv/b5Uk4Gn2iM/osmgXeLLcY9WCxSjgVm2Qh7sImV2nZO1cJkkY
Seiwv1XGWIR9RYGOnN5RMnKbx3MqFYJsBVL0RMS8TiEQAA==
-----END CERTIFICATE-----