Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f0971a-8891-4b53-944c-5be9e117dbda/1/__i6sIYUIBe7mo2fXsSB58_KDR8.roa
File:                     __i6sIYUIBe7mo2fXsSB58_KDR8.roa (raw, json)
Hash identifier:          xm+A31I7Z/MMOUkoqOHD6xRyGTCyQb2nbbsP/I4N0LQ=
Subject key identifier:   FF:F8:BA:B0:86:14:20:17:BB:9A:8D:9F:5E:C4:81:E7:CF:CA:0D:1F
Certificate issuer:       /CN=6583d322ef24c87198b765ea1d1c42c283a7f8f6
Certificate serial:       019DE41FE6A57C68607ABB76E4A408FC8854
Authority key identifier: 65:83:D3:22:EF:24:C8:71:98:B7:65:EA:1D:1C:42:C2:83:A7:F8:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZYPTIu8kyHGYt2XqHRxCwoOn-PY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f0971a-8891-4b53-944c-5be9e117dbda/1/__i6sIYUIBe7mo2fXsSB58_KDR8.roa
Signing time:             Fri 01 May 2026 15:19:49 +0000
ROA not before:           Fri 01 May 2026 15:19:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     59411
IP address blocks:        2a11:fe80:d100::/40 maxlen: 48
                          2a11:fe87::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f0971a-8891-4b53-944c-5be9e117dbda/1/ZYPTIu8kyHGYt2XqHRxCwoOn-PY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f0971a-8891-4b53-944c-5be9e117dbda/1/ZYPTIu8kyHGYt2XqHRxCwoOn-PY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZYPTIu8kyHGYt2XqHRxCwoOn-PY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e4:1f:e6:a5:7c:68:60:7a:bb:76:e4:a4:08:fc:88:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6583d322ef24c87198b765ea1d1c42c283a7f8f6
        Validity
            Not Before: May  1 15:19:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fff8bab086142017bb9a8d9f5ec481e7cfca0d1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:e2:90:d1:c0:11:2b:3c:22:ee:a9:03:79:6a:
                    0b:4e:a1:67:fb:cb:ab:3d:72:26:64:26:b8:bf:62:
                    a5:2b:eb:9d:ef:bf:80:85:9c:0c:c3:03:75:9f:2a:
                    a1:42:5a:d9:a6:90:ac:29:03:1f:5a:af:51:fb:0a:
                    38:a9:97:e1:08:68:07:00:89:ba:9b:d0:ae:a6:51:
                    9a:25:05:7f:db:1d:51:1a:7b:c8:9e:42:4d:0a:05:
                    38:71:5f:1e:04:0c:e9:d5:f1:6d:29:83:c9:32:a5:
                    b5:91:2a:4a:76:e7:22:ed:0b:6e:22:2a:e7:87:b6:
                    55:cd:60:d4:7a:23:0e:18:27:e1:d7:ba:ff:32:ee:
                    94:9f:e2:28:cd:9b:1f:5e:0d:75:13:2d:3f:6b:21:
                    f7:88:4d:96:f3:d5:13:e5:e1:95:45:cd:2f:26:d1:
                    fc:64:ad:4d:4a:78:8f:9d:eb:36:94:44:1f:86:13:
                    8c:5f:b7:a1:cc:b4:63:a5:c5:bf:d8:9a:b5:dd:cd:
                    2a:8d:cd:83:4b:d4:82:82:68:02:e7:72:2a:73:3e:
                    81:81:7b:1f:e3:31:23:20:2e:2e:0b:c8:e1:06:58:
                    a4:96:a6:c8:5c:39:d8:c2:4e:54:8a:a2:21:14:f3:
                    46:7d:81:bf:9f:27:1d:4d:cf:2a:09:91:48:0b:eb:
                    4a:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:F8:BA:B0:86:14:20:17:BB:9A:8D:9F:5E:C4:81:E7:CF:CA:0D:1F
            X509v3 Authority Key Identifier:
                keyid:65:83:D3:22:EF:24:C8:71:98:B7:65:EA:1D:1C:42:C2:83:A7:F8:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZYPTIu8kyHGYt2XqHRxCwoOn-PY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f0971a-8891-4b53-944c-5be9e117dbda/1/__i6sIYUIBe7mo2fXsSB58_KDR8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f0971a-8891-4b53-944c-5be9e117dbda/1/ZYPTIu8kyHGYt2XqHRxCwoOn-PY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:fe80:d100::/40
                  2a11:fe87::/32

    Signature Algorithm: sha256WithRSAEncryption
         29:cd:e1:f5:7a:39:48:ce:cf:74:7e:30:1c:b7:0c:1d:9f:4f:
         f5:d2:af:95:e0:63:f4:9e:39:d4:98:55:fa:19:4e:3a:30:ce:
         2b:af:73:50:0f:61:86:43:cc:7d:49:80:47:8c:46:9f:12:1f:
         a3:c2:98:7d:cb:39:6e:06:97:a4:65:ee:b0:85:9a:08:bd:b8:
         4f:b3:51:b5:c8:16:85:32:37:f1:29:35:9c:a3:40:eb:c3:82:
         04:d7:b7:7e:1a:5c:6f:fc:ac:d0:78:f1:0d:9f:c8:1d:4b:21:
         9d:95:0d:43:2b:98:3e:c0:d9:28:f6:60:f8:dd:61:75:3e:6a:
         fc:1c:61:ce:b9:8b:60:e5:5f:63:c5:d4:e0:fb:f1:3d:b6:d8:
         79:cf:82:53:08:17:4d:08:53:a2:6d:e3:63:ae:d9:fe:a8:dd:
         05:0a:bc:9d:25:f2:b8:1b:34:81:fe:0c:7d:9f:f3:05:fd:40:
         db:59:d0:e8:a8:1d:fc:1a:fb:7a:6e:2e:fc:3d:75:a6:13:b9:
         fe:36:3c:af:db:cb:12:cb:79:d1:e0:15:39:46:e3:03:22:04:
         63:10:62:1c:0a:f4:5d:37:bb:cd:29:72:1b:94:8f:67:05:b3:
         f1:e9:87:3b:fb:ce:13:68:ff:92:3b:c4:7b:d3:fe:da:e0:81:
         fc:97:be:a3
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgISAZ3kH+alfGhgert25KQI/IhUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1ODNkMzIyZWYyNGM4NzE5OGI3NjVlYTFkMWM0MmMyODNh
N2Y4ZjYwHhcNMjYwNTAxMTUxOTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmY4YmFiMDg2MTQyMDE3YmI5YThkOWY1ZWM0ODFlN2NmY2EwZDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAveKQ0cARKzwi7qkDeWoLTqFn+8ur
PXImZCa4v2KlK+ud77+AhZwMwwN1nyqhQlrZppCsKQMfWq9R+wo4qZfhCGgHAIm6
m9CuplGaJQV/2x1RGnvInkJNCgU4cV8eBAzp1fFtKYPJMqW1kSpKduci7QtuIirn
h7ZVzWDUeiMOGCfh17r/Mu6Un+IozZsfXg11Ey0/ayH3iE2W89UT5eGVRc0vJtH8
ZK1NSniPnes2lEQfhhOMX7ehzLRjpcW/2Jq13c0qjc2DS9SCgmgC53Iqcz6BgXsf
4zEjIC4uC8jhBliklqbIXDnYwk5UiqIhFPNGfYG/nycdTc8qCZFIC+tKKwIDAQAB
o4ICEjCCAg4wHQYDVR0OBBYEFP/4urCGFCAXu5qNn17EgefPyg0fMB8GA1UdIwQY
MBaAFGWD0yLvJMhxmLdl6h0cQsKDp/j2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWllQVEl1OGt5SEdZdDJYcUhSeEN3b09uLVBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDk3MWEtODg5MS00YjUzLTk0NGMt
NWJlOWUxMTdkYmRhLzEvX19pNnNJWVVJQmU3bW8yZlhzU0I1OF9LRFI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDk3MWEtODg5MS00YjUzLTk0NGMtNWJlOWUxMTdkYmRh
LzEvWllQVEl1OGt5SEdZdDJYcUhSeEN3b09uLVBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCgGCCsGAQUFBwEHAQH/BBkwFzAVBAIAAjAPAwYAKhH+gNED
BQAqEf6HMA0GCSqGSIb3DQEBCwUAA4IBAQApzeH1ejlIzs90fjActwwdn0/10q+V
4GP0njnUmFX6GU46MM4rr3NQD2GGQ8x9SYBHjEafEh+jwph9yzluBpekZe6whZoI
vbhPs1G1yBaFMjfxKTWco0Drw4IE17d+Glxv/KzQePENn8gdSyGdlQ1DK5g+wNko
9mD43WF1Pmr8HGHOuYtg5V9jxdTg+/E9tth5z4JTCBdNCFOibeNjrtn+qN0FCryd
JfK4GzSB/gx9n/MF/UDbWdDoqB38Gvt6bi78PXWmE7n+Njyv28sSy3nR4BU5RuMD
IgRjEGIcCvRdN7vNKXIblI9nBbPx6Yc7+84TaP+SO8R70/7a4IH8l76j
-----END CERTIFICATE-----