Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/b8bf28-b410-4f33-a2e8-c29497291171/1/W41jkoCNrZpVvdG8bkCBNW5R_4k.roa
File:                     W41jkoCNrZpVvdG8bkCBNW5R_4k.roa (raw, json)
Hash identifier:          qtGUsRmtlWOqnoQ+8yxZfu8EirwF0nT2QjPAHj2PBw0=
Subject key identifier:   5B:8D:63:92:80:8D:AD:9A:55:BD:D1:BC:6E:40:81:35:6E:51:FF:89
Certificate issuer:       /CN=9ec43e0a41abb6d154badc371623b4d14d918675
Certificate serial:       019CD81834908B99CB936E95ED5CDBFB7A78
Authority key identifier: 9E:C4:3E:0A:41:AB:B6:D1:54:BA:DC:37:16:23:B4:D1:4D:91:86:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nsQ-CkGrttFUutw3FiO00U2RhnU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/b8bf28-b410-4f33-a2e8-c29497291171/1/W41jkoCNrZpVvdG8bkCBNW5R_4k.roa
Signing time:             Tue 10 Mar 2026 14:13:10 +0000
ROA not before:           Tue 10 Mar 2026 14:13:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     15450
IP address blocks:        2a01:7d00::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/b8bf28-b410-4f33-a2e8-c29497291171/1/nsQ-CkGrttFUutw3FiO00U2RhnU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/b8bf28-b410-4f33-a2e8-c29497291171/1/nsQ-CkGrttFUutw3FiO00U2RhnU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nsQ-CkGrttFUutw3FiO00U2RhnU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d8:18:34:90:8b:99:cb:93:6e:95:ed:5c:db:fb:7a:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9ec43e0a41abb6d154badc371623b4d14d918675
        Validity
            Not Before: Mar 10 14:13:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5b8d6392808dad9a55bdd1bc6e4081356e51ff89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:d3:ff:08:92:50:df:34:66:f5:09:81:b0:99:
                    af:78:ad:1b:f8:64:f4:09:b4:32:07:ac:26:7d:65:
                    01:86:47:5c:ee:38:af:2e:72:78:60:aa:a6:99:39:
                    92:84:63:90:22:52:73:de:9f:ba:41:52:5f:bc:3e:
                    e0:3e:4c:ec:c0:4b:c0:40:1e:a9:b7:d4:c9:0e:4e:
                    8d:9c:06:90:80:73:18:3d:12:f0:19:80:77:15:7d:
                    00:00:9e:d9:c5:b7:a8:6b:80:ac:19:59:77:1c:44:
                    af:7a:04:f8:f3:85:a4:57:e3:d5:d5:de:8e:2e:c6:
                    38:c4:39:9c:d3:50:86:91:30:ad:de:cc:b8:57:09:
                    7e:9c:6d:01:5f:cb:e0:e1:d8:84:f9:dd:4b:b0:e0:
                    f7:3a:9c:f2:6f:83:d4:26:d0:e0:be:09:a0:9f:14:
                    4e:3b:0f:60:7e:83:29:aa:ba:ff:f7:88:38:d1:b5:
                    e0:d5:f1:a4:40:3c:c4:94:0a:d1:ee:1b:43:5f:9c:
                    2b:4f:17:0b:cf:77:f7:96:d7:98:2b:e1:9d:ac:50:
                    15:39:9b:68:dd:4d:ce:91:65:0a:5b:1f:45:43:ff:
                    11:82:05:9c:8a:89:31:19:8b:6d:64:b2:41:4c:ca:
                    8a:6f:be:29:5e:3f:1d:e7:62:84:11:0f:ea:3e:e9:
                    bb:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:8D:63:92:80:8D:AD:9A:55:BD:D1:BC:6E:40:81:35:6E:51:FF:89
            X509v3 Authority Key Identifier:
                keyid:9E:C4:3E:0A:41:AB:B6:D1:54:BA:DC:37:16:23:B4:D1:4D:91:86:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nsQ-CkGrttFUutw3FiO00U2RhnU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/b8bf28-b410-4f33-a2e8-c29497291171/1/W41jkoCNrZpVvdG8bkCBNW5R_4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/b8bf28-b410-4f33-a2e8-c29497291171/1/nsQ-CkGrttFUutw3FiO00U2RhnU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:7d00::/32

    Signature Algorithm: sha256WithRSAEncryption
         82:58:3b:68:7e:a5:02:25:d2:d6:ff:cf:06:5b:6b:9f:cf:d6:
         bd:46:3d:1f:26:fe:c1:0b:31:7d:db:9e:ac:f1:b3:95:19:c8:
         44:ef:67:76:a8:25:55:f4:90:03:71:f4:bb:6d:01:32:6e:dc:
         0c:c9:70:9d:f4:fc:55:80:8d:ad:3a:c1:cb:db:36:68:d7:e0:
         c4:af:a8:b8:b9:af:fb:64:4b:1c:ca:0d:8a:b6:f6:01:4f:58:
         2b:57:be:95:fb:96:8f:89:a6:19:df:2a:ef:cd:a7:cf:6a:92:
         8c:02:21:43:7c:5b:80:80:31:cc:8a:db:01:62:c5:31:ff:9c:
         7c:74:bf:3a:03:53:fe:d3:a3:54:0b:a9:ce:bf:44:89:9e:65:
         1b:6e:32:1e:74:5b:cd:c4:30:35:03:2a:a2:26:09:fb:98:da:
         7f:32:b3:39:41:2f:cb:5f:c8:c9:db:ab:d7:48:f5:f6:70:99:
         fe:41:81:8b:c6:30:23:e4:d9:01:43:d7:f7:b7:0a:6c:c0:6b:
         22:3d:9e:37:7f:95:2a:1d:db:ac:06:58:f2:d2:67:e5:48:eb:
         9c:82:91:7e:43:70:ca:96:0b:e2:20:f3:28:42:80:21:b0:98:
         03:ad:51:e0:2c:3f:69:bc:6e:1c:f8:cc:db:61:7b:c4:35:25:
         ae:e6:79:9f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZzYGDSQi5nLk26V7Vzb+3p4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllYzQzZTBhNDFhYmI2ZDE1NGJhZGMzNzE2MjNiNGQxNGQ5
MTg2NzUwHhcNMjYwMzEwMTQxMzEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjhkNjM5MjgwOGRhZDlhNTViZGQxYmM2ZTQwODEzNTZlNTFmZjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwtP/CJJQ3zRm9QmBsJmveK0b+GT0
CbQyB6wmfWUBhkdc7jivLnJ4YKqmmTmShGOQIlJz3p+6QVJfvD7gPkzswEvAQB6p
t9TJDk6NnAaQgHMYPRLwGYB3FX0AAJ7Zxbeoa4CsGVl3HESvegT484WkV+PV1d6O
LsY4xDmc01CGkTCt3sy4Vwl+nG0BX8vg4diE+d1LsOD3Opzyb4PUJtDgvgmgnxRO
Ow9gfoMpqrr/94g40bXg1fGkQDzElArR7htDX5wrTxcLz3f3lteYK+GdrFAVOZto
3U3OkWUKWx9FQ/8RggWciokxGYttZLJBTMqKb74pXj8d52KEEQ/qPum7MwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFuNY5KAja2aVb3RvG5AgTVuUf+JMB8GA1UdIwQY
MBaAFJ7EPgpBq7bRVLrcNxYjtNFNkYZ1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnNRLUNrR3J0dEZVdXR3M0ZpTzAwVTJSaG5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9iOGJmMjgtYjQxMC00ZjMzLWEyZTgt
YzI5NDk3MjkxMTcxLzEvVzQxamtvQ05yWnBWdmRHOGJrQ0JOVzVSXzRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9iOGJmMjgtYjQxMC00ZjMzLWEyZTgtYzI5NDk3MjkxMTcx
LzEvbnNRLUNrR3J0dEZVdXR3M0ZpTzAwVTJSaG5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgF9ADAN
BgkqhkiG9w0BAQsFAAOCAQEAglg7aH6lAiXS1v/PBltrn8/WvUY9Hyb+wQsxfdue
rPGzlRnIRO9ndqglVfSQA3H0u20BMm7cDMlwnfT8VYCNrTrBy9s2aNfgxK+ouLmv
+2RLHMoNirb2AU9YK1e+lfuWj4mmGd8q782nz2qSjAIhQ3xbgIAxzIrbAWLFMf+c
fHS/OgNT/tOjVAupzr9EiZ5lG24yHnRbzcQwNQMqoiYJ+5jafzKzOUEvy1/Iydur
10j19nCZ/kGBi8YwI+TZAUPX97cKbMBrIj2eN3+VKh3brAZY8tJn5UjrnIKRfkNw
ypYL4iDzKEKAIbCYA61R4Cw/abxuHPjM22F7xDUlruZ5nw==
-----END CERTIFICATE-----