Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/aa7e53-490f-4177-8b11-0b3e7ebe4ac2/1/Cmjf0diDBjMpXK9Rg283uLnjsa4.roa
File:                     Cmjf0diDBjMpXK9Rg283uLnjsa4.roa (raw, json)
Hash identifier:          3GF0sphnOBAsl682z8e9nrFNXKLn18jG5JHQOBCJ7qE=
Subject key identifier:   0A:68:DF:D1:D8:83:06:33:29:5C:AF:51:83:6F:37:B8:B9:E3:B1:AE
Certificate issuer:       /CN=66ba8d64e901b39b501ed3693ec27430713886e3
Certificate serial:       019E1160CB5C0DB17C64FE8B0131D26B7400
Authority key identifier: 66:BA:8D:64:E9:01:B3:9B:50:1E:D3:69:3E:C2:74:30:71:38:86:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZrqNZOkBs5tQHtNpPsJ0MHE4huM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/aa7e53-490f-4177-8b11-0b3e7ebe4ac2/1/Cmjf0diDBjMpXK9Rg283uLnjsa4.roa
Signing time:             Sun 10 May 2026 10:13:36 +0000
ROA not before:           Sun 10 May 2026 10:13:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204911
IP address blocks:        2a11:7980:f002::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/aa7e53-490f-4177-8b11-0b3e7ebe4ac2/1/ZrqNZOkBs5tQHtNpPsJ0MHE4huM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/aa7e53-490f-4177-8b11-0b3e7ebe4ac2/1/ZrqNZOkBs5tQHtNpPsJ0MHE4huM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZrqNZOkBs5tQHtNpPsJ0MHE4huM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:11:60:cb:5c:0d:b1:7c:64:fe:8b:01:31:d2:6b:74:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66ba8d64e901b39b501ed3693ec27430713886e3
        Validity
            Not Before: May 10 10:13:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0a68dfd1d8830633295caf51836f37b8b9e3b1ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:c4:81:d4:58:35:1c:6a:d5:57:ff:a9:b4:ac:
                    23:9e:82:08:2c:64:7d:d6:f4:68:8e:21:86:ed:aa:
                    cb:26:3f:c6:63:d5:3c:7f:d8:b1:4a:aa:ba:2f:35:
                    43:e4:69:cf:53:30:1d:ef:6f:a6:be:d4:0f:05:58:
                    6e:c3:ad:bb:80:c9:34:de:20:75:52:69:9b:7c:82:
                    74:7c:33:50:66:2a:43:70:c0:86:d1:e1:c1:ac:fd:
                    43:83:b0:a5:3b:0d:9c:60:32:e6:99:9f:b1:97:27:
                    c3:a5:3b:0d:9a:7f:78:81:3a:6b:78:44:0c:2d:f1:
                    a0:bc:25:38:12:4a:84:04:2e:2d:8b:37:c2:63:e8:
                    0b:7f:31:1a:14:9a:ba:99:20:c4:bc:02:74:c7:91:
                    44:50:35:41:5a:0d:33:cb:1a:15:32:ac:aa:79:39:
                    e1:c3:16:2e:1c:e2:f5:ac:76:47:75:62:b7:2e:c1:
                    0f:cf:82:cd:3e:9c:28:b1:01:41:7e:fe:ee:c3:16:
                    90:8e:b7:49:15:e6:bb:8b:89:57:bd:fa:ab:74:1c:
                    d9:93:27:6d:f4:ea:dc:14:87:08:42:be:01:78:87:
                    14:82:ea:a2:7c:0c:c5:a0:09:e8:7d:c8:ac:2a:53:
                    d2:6f:d0:82:e8:b6:20:a7:97:c2:e1:28:48:a6:4f:
                    44:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:68:DF:D1:D8:83:06:33:29:5C:AF:51:83:6F:37:B8:B9:E3:B1:AE
            X509v3 Authority Key Identifier:
                keyid:66:BA:8D:64:E9:01:B3:9B:50:1E:D3:69:3E:C2:74:30:71:38:86:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZrqNZOkBs5tQHtNpPsJ0MHE4huM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/aa7e53-490f-4177-8b11-0b3e7ebe4ac2/1/Cmjf0diDBjMpXK9Rg283uLnjsa4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/aa7e53-490f-4177-8b11-0b3e7ebe4ac2/1/ZrqNZOkBs5tQHtNpPsJ0MHE4huM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:7980:f002::/48

    Signature Algorithm: sha256WithRSAEncryption
         10:1d:8a:de:8b:e6:8b:ff:e4:59:3f:1d:25:da:87:ea:3f:ef:
         cd:4e:1b:30:ad:a8:70:8a:28:4d:e2:55:99:78:87:98:05:90:
         7a:4e:97:da:c6:6d:60:35:ed:fa:40:e1:72:bb:df:fd:95:bb:
         e8:df:c5:53:ce:17:90:4a:71:73:03:35:47:04:5a:32:3d:af:
         1e:15:1e:0e:8c:64:07:22:dc:1a:fe:33:6b:98:95:e4:21:ee:
         e4:0c:5e:0e:9e:36:80:98:2a:52:91:3a:09:c9:38:5f:47:b2:
         26:d4:bb:01:21:74:9a:91:6b:39:42:63:9e:93:eb:b8:98:bb:
         99:c3:8b:8c:64:63:4b:b5:2c:43:84:3c:77:5e:d0:e5:d7:cd:
         48:dc:df:09:07:48:94:63:88:73:86:65:00:cf:6f:c3:c5:5c:
         9e:48:29:22:2c:0b:79:c4:25:5a:da:ed:74:d1:55:b0:b2:04:
         3a:b5:4f:55:55:c2:dc:cd:09:c9:d4:0b:31:88:a1:1c:0a:3e:
         c6:94:2d:c7:e3:78:5b:1f:b2:5f:c6:74:f2:4b:3b:94:cf:0d:
         05:c8:1f:3a:28:f9:49:57:09:5e:8f:d9:a7:c3:ec:98:27:2f:
         6b:a6:96:4a:35:38:c1:32:24:bb:16:45:97:c7:13:4f:73:96:
         ad:cc:50:f7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ4RYMtcDbF8ZP6LATHSa3QAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2YmE4ZDY0ZTkwMWIzOWI1MDFlZDM2OTNlYzI3NDMwNzEz
ODg2ZTMwHhcNMjYwNTEwMTAxMzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTY4ZGZkMWQ4ODMwNjMzMjk1Y2FmNTE4MzZmMzdiOGI5ZTNiMWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsSB1Fg1HGrVV/+ptKwjnoIILGR9
1vRojiGG7arLJj/GY9U8f9ixSqq6LzVD5GnPUzAd72+mvtQPBVhuw627gMk03iB1
UmmbfIJ0fDNQZipDcMCG0eHBrP1Dg7ClOw2cYDLmmZ+xlyfDpTsNmn94gTpreEQM
LfGgvCU4EkqEBC4tizfCY+gLfzEaFJq6mSDEvAJ0x5FEUDVBWg0zyxoVMqyqeTnh
wxYuHOL1rHZHdWK3LsEPz4LNPpwosQFBfv7uwxaQjrdJFea7i4lXvfqrdBzZkydt
9OrcFIcIQr4BeIcUguqifAzFoAnofcisKlPSb9CC6LYgp5fC4ShIpk9EcQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFApo39HYgwYzKVyvUYNvN7i547GuMB8GA1UdIwQY
MBaAFGa6jWTpAbObUB7TaT7CdDBxOIbjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnJxTlpPa0JzNXRRSHROcFBzSjBNSEU0aHVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9hYTdlNTMtNDkwZi00MTc3LThiMTEt
MGIzZTdlYmU0YWMyLzEvQ21qZjBkaURCak1wWEs5UmcyODN1TG5qc2E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9hYTdlNTMtNDkwZi00MTc3LThiMTEtMGIzZTdlYmU0YWMy
LzEvWnJxTlpPa0JzNXRRSHROcFBzSjBNSEU0aHVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhF5gPAC
MA0GCSqGSIb3DQEBCwUAA4IBAQAQHYrei+aL/+RZPx0l2ofqP+/NThswrahwiihN
4lWZeIeYBZB6Tpfaxm1gNe36QOFyu9/9lbvo38VTzheQSnFzAzVHBFoyPa8eFR4O
jGQHItwa/jNrmJXkIe7kDF4OnjaAmCpSkToJyThfR7Im1LsBIXSakWs5QmOek+u4
mLuZw4uMZGNLtSxDhDx3XtDl181I3N8JB0iUY4hzhmUAz2/DxVyeSCkiLAt5xCVa
2u100VWwsgQ6tU9VVcLczQnJ1AsxiKEcCj7GlC3H43hbH7JfxnTySzuUzw0FyB86
KPlJVwlej9mnw+yYJy9rppZKNTjBMiS7FkWXxxNPc5atzFD3
-----END CERTIFICATE-----