Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/48ed79-62e0-459f-905e-c05adf57a10c/1/oulKldVc1lXzwGs1ahJHWjgxIFc.roa
File:                     oulKldVc1lXzwGs1ahJHWjgxIFc.roa (raw, json)
Hash identifier:          z8sb/9GnwPgMKVRAuThUvOR+/3F+QFxfO/4iRbKmYa4=
Subject key identifier:   A2:E9:4A:95:D5:5C:D6:55:F3:C0:6B:35:6A:12:47:5A:38:31:20:57
Certificate issuer:       /CN=48f57dce4ebc96a31284baeb42ef76cc3d874b05
Certificate serial:       019E1C742E95F8A5028732B74EAF53E2601D
Authority key identifier: 48:F5:7D:CE:4E:BC:96:A3:12:84:BA:EB:42:EF:76:CC:3D:87:4B:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SPV9zk68lqMShLrrQu92zD2HSwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/48ed79-62e0-459f-905e-c05adf57a10c/1/oulKldVc1lXzwGs1ahJHWjgxIFc.roa
Signing time:             Tue 12 May 2026 13:50:36 +0000
ROA not before:           Tue 12 May 2026 13:50:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199920
IP address blocks:        2a13:4d00::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/48ed79-62e0-459f-905e-c05adf57a10c/1/SPV9zk68lqMShLrrQu92zD2HSwU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/48ed79-62e0-459f-905e-c05adf57a10c/1/SPV9zk68lqMShLrrQu92zD2HSwU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SPV9zk68lqMShLrrQu92zD2HSwU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1c:74:2e:95:f8:a5:02:87:32:b7:4e:af:53:e2:60:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=48f57dce4ebc96a31284baeb42ef76cc3d874b05
        Validity
            Not Before: May 12 13:50:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a2e94a95d55cd655f3c06b356a12475a38312057
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:00:6a:85:33:f1:72:07:e3:c9:f9:b0:af:28:
                    dc:80:56:ee:4e:7c:d4:26:7d:48:80:71:09:9b:04:
                    1a:52:0d:69:bb:29:29:f9:7d:33:59:db:dc:18:e7:
                    13:f4:81:ca:d3:97:df:d1:22:c7:a0:75:2a:24:da:
                    67:df:79:d7:2a:cf:d6:6b:6a:61:19:0b:50:64:77:
                    72:60:67:1b:b2:4e:df:f6:44:29:f3:ed:ee:3d:d8:
                    5a:10:7d:78:6c:d2:df:ce:7d:23:f3:31:8f:57:00:
                    18:4d:4f:ac:e1:03:fa:7a:dd:83:56:40:00:37:4d:
                    5d:f6:c9:ed:ec:6e:bb:2a:c9:aa:0c:71:f7:03:d6:
                    96:8d:9e:35:f2:9a:05:37:38:62:3b:71:72:68:c3:
                    a1:26:4b:6e:b5:40:b5:65:53:4e:60:34:9f:9b:81:
                    12:9b:43:74:19:a2:b7:28:28:b0:41:3e:e3:ad:1b:
                    2f:79:12:49:1e:57:32:16:b6:54:a6:bb:15:84:fa:
                    20:fb:a0:71:7c:ae:28:87:31:bb:86:58:f0:86:74:
                    f2:19:8d:36:db:4c:0a:8a:f5:80:2a:95:37:23:8a:
                    cb:c6:ac:ac:6d:8e:16:b6:07:e1:24:c7:bb:c5:ee:
                    97:24:55:36:0a:75:36:b0:54:0e:6c:80:d5:65:bf:
                    0e:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:E9:4A:95:D5:5C:D6:55:F3:C0:6B:35:6A:12:47:5A:38:31:20:57
            X509v3 Authority Key Identifier:
                keyid:48:F5:7D:CE:4E:BC:96:A3:12:84:BA:EB:42:EF:76:CC:3D:87:4B:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SPV9zk68lqMShLrrQu92zD2HSwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/48ed79-62e0-459f-905e-c05adf57a10c/1/oulKldVc1lXzwGs1ahJHWjgxIFc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/48ed79-62e0-459f-905e-c05adf57a10c/1/SPV9zk68lqMShLrrQu92zD2HSwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:4d00::/29

    Signature Algorithm: sha256WithRSAEncryption
         33:57:77:a3:d5:6a:89:cd:b5:be:0a:c2:d4:95:54:72:d7:1c:
         fb:18:c3:ba:0f:dd:03:f9:b0:8a:8d:9e:c6:00:ce:db:78:00:
         20:57:9e:c4:d2:3c:44:1f:2a:41:00:78:f4:d2:39:33:30:16:
         4b:f5:a1:b2:1f:45:ba:fc:c5:ec:5b:dc:9a:86:aa:72:a4:c3:
         1c:bb:cc:a7:59:86:4b:58:af:fd:bf:dc:38:29:1f:06:eb:8d:
         c9:c4:f3:57:d5:3a:71:f1:37:a9:82:b2:cd:54:42:57:46:ef:
         75:61:dd:d5:7e:e1:d3:6d:ba:50:26:d5:5a:4d:3f:98:79:f5:
         1c:30:1e:c7:47:7c:51:80:ae:ed:d6:c4:2b:16:61:ff:4f:98:
         fe:96:78:43:72:46:06:06:cf:e7:13:12:df:96:76:30:89:7d:
         de:f7:5f:39:62:90:e5:4c:cd:38:3f:fe:76:a3:a9:fa:22:d8:
         22:4e:13:ac:c7:6a:af:bb:d5:9e:da:d4:25:db:c9:51:7e:59:
         4b:e4:20:9c:27:1a:1d:21:33:c8:05:63:91:c4:17:62:91:e7:
         5d:e9:94:45:6c:9c:27:d4:45:4e:fd:f2:2f:12:81:da:36:0e:
         97:e4:17:b9:31:58:f0:b5:81:47:f9:88:5c:0e:3d:34:29:ce:
         f4:f8:80:7c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ4cdC6V+KUChzK3Tq9T4mAdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4ZjU3ZGNlNGViYzk2YTMxMjg0YmFlYjQyZWY3NmNjM2Q4
NzRiMDUwHhcNMjYwNTEyMTM1MDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmU5NGE5NWQ1NWNkNjU1ZjNjMDZiMzU2YTEyNDc1YTM4MzEyMDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzQBqhTPxcgfjyfmwryjcgFbuTnzU
Jn1IgHEJmwQaUg1puykp+X0zWdvcGOcT9IHK05ff0SLHoHUqJNpn33nXKs/Wa2ph
GQtQZHdyYGcbsk7f9kQp8+3uPdhaEH14bNLfzn0j8zGPVwAYTU+s4QP6et2DVkAA
N01d9snt7G67KsmqDHH3A9aWjZ418poFNzhiO3FyaMOhJktutUC1ZVNOYDSfm4ES
m0N0GaK3KCiwQT7jrRsveRJJHlcyFrZUprsVhPog+6BxfK4ohzG7hljwhnTyGY02
20wKivWAKpU3I4rLxqysbY4WtgfhJMe7xe6XJFU2CnU2sFQObIDVZb8ODwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKLpSpXVXNZV88BrNWoSR1o4MSBXMB8GA1UdIwQY
MBaAFEj1fc5OvJajEoS660Lvdsw9h0sFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1BWOXprNjhscU1TaExyclF1OTJ6RDJIU3dVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS80OGVkNzktNjJlMC00NTlmLTkwNWUt
YzA1YWRmNTdhMTBjLzEvb3VsS2xkVmMxbFh6d0dzMWFoSkhXamd4SUZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS80OGVkNzktNjJlMC00NTlmLTkwNWUtYzA1YWRmNTdhMTBj
LzEvU1BWOXprNjhscU1TaExyclF1OTJ6RDJIU3dVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhNNADAN
BgkqhkiG9w0BAQsFAAOCAQEAM1d3o9Vqic21vgrC1JVUctcc+xjDug/dA/mwio2e
xgDO23gAIFeexNI8RB8qQQB49NI5MzAWS/Whsh9FuvzF7FvcmoaqcqTDHLvMp1mG
S1iv/b/cOCkfBuuNycTzV9U6cfE3qYKyzVRCV0bvdWHd1X7h0226UCbVWk0/mHn1
HDAex0d8UYCu7dbEKxZh/0+Y/pZ4Q3JGBgbP5xMS35Z2MIl93vdfOWKQ5UzNOD/+
dqOp+iLYIk4TrMdqr7vVntrUJdvJUX5ZS+QgnCcaHSEzyAVjkcQXYpHnXemURWyc
J9RFTv3yLxKB2jYOl+QXuTFY8LWBR/mIXA49NCnO9PiAfA==
-----END CERTIFICATE-----