Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/e663dd-3f8f-4ead-b4c9-9c1b2ad559ab/1/vfVAst8rcB_TCAmUKkdXRd4SWfw.roa
File:                     vfVAst8rcB_TCAmUKkdXRd4SWfw.roa (raw, json)
Hash identifier:          kGKOlSX3d0jID8SNKR1LemW4+qLswKQk5EqhjFVffJI=
Subject key identifier:   BD:F5:40:B2:DF:2B:70:1F:D3:08:09:94:2A:47:57:45:DE:12:59:FC
Certificate issuer:       /CN=3ada5baa058c409565ff2ac876a22ee6377b503b
Certificate serial:       019DEA2B249A51595C954CBC7862BA96D333
Authority key identifier: 3A:DA:5B:AA:05:8C:40:95:65:FF:2A:C8:76:A2:2E:E6:37:7B:50:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OtpbqgWMQJVl_yrIdqIu5jd7UDs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/e663dd-3f8f-4ead-b4c9-9c1b2ad559ab/1/vfVAst8rcB_TCAmUKkdXRd4SWfw.roa
Signing time:             Sat 02 May 2026 19:29:49 +0000
ROA not before:           Sat 02 May 2026 19:29:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39889
IP address blocks:        2a00:1c20::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/e663dd-3f8f-4ead-b4c9-9c1b2ad559ab/1/OtpbqgWMQJVl_yrIdqIu5jd7UDs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/e663dd-3f8f-4ead-b4c9-9c1b2ad559ab/1/OtpbqgWMQJVl_yrIdqIu5jd7UDs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OtpbqgWMQJVl_yrIdqIu5jd7UDs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 13:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ea:2b:24:9a:51:59:5c:95:4c:bc:78:62:ba:96:d3:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ada5baa058c409565ff2ac876a22ee6377b503b
        Validity
            Not Before: May  2 19:29:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bdf540b2df2b701fd30809942a475745de1259fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:7b:a9:5c:39:09:73:bc:6d:45:8d:d9:73:bb:
                    0d:ba:f3:5d:4e:b6:2c:20:43:99:cd:5f:5b:ca:c3:
                    86:e6:4c:ce:0c:c3:a9:10:f1:97:ef:9b:1f:ab:e4:
                    1e:1f:0e:6d:cf:13:00:73:aa:8f:86:bf:15:c6:1b:
                    f4:2f:90:b6:fc:f8:b8:33:5b:27:f2:39:5b:90:5e:
                    69:f8:eb:18:14:b0:a5:78:d2:8b:cd:10:c4:2a:ca:
                    25:50:20:d9:9e:dd:f4:d7:a4:0d:35:e0:e5:04:39:
                    bc:0b:db:f5:4d:ed:08:eb:b4:c4:d2:dc:5d:91:92:
                    bc:27:b5:f8:0e:41:42:aa:d3:c5:26:b0:5a:1c:0e:
                    24:51:cb:d2:a6:5d:bd:08:a9:ca:69:ff:7e:53:b6:
                    c5:19:40:9b:42:da:d8:e6:2a:17:5b:d5:be:d6:a8:
                    af:a4:04:55:53:5d:15:18:de:5f:f3:17:b1:f8:f3:
                    03:61:16:b0:14:63:68:34:3a:ba:7d:cb:30:8e:a9:
                    91:41:c7:30:97:da:f0:f9:28:3c:06:26:34:9e:93:
                    6a:63:00:e8:6e:56:5e:84:45:a3:3d:80:2a:9d:41:
                    9c:3f:79:c6:67:39:2e:c0:68:a3:19:f8:49:6f:a5:
                    5f:c4:88:8c:f8:a1:5f:d5:87:42:a3:e1:1a:51:18:
                    f8:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:F5:40:B2:DF:2B:70:1F:D3:08:09:94:2A:47:57:45:DE:12:59:FC
            X509v3 Authority Key Identifier:
                keyid:3A:DA:5B:AA:05:8C:40:95:65:FF:2A:C8:76:A2:2E:E6:37:7B:50:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OtpbqgWMQJVl_yrIdqIu5jd7UDs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e663dd-3f8f-4ead-b4c9-9c1b2ad559ab/1/vfVAst8rcB_TCAmUKkdXRd4SWfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e663dd-3f8f-4ead-b4c9-9c1b2ad559ab/1/OtpbqgWMQJVl_yrIdqIu5jd7UDs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:1c20::/32

    Signature Algorithm: sha256WithRSAEncryption
         96:8b:c6:3f:b2:0c:41:75:e2:be:3a:94:f7:16:3a:b7:93:20:
         0f:70:63:1e:f2:f7:a0:c0:55:12:53:e3:f5:54:fa:8b:5d:83:
         20:e1:0f:20:6f:ee:1f:4a:7e:6f:4a:ab:cc:9a:31:6e:3a:e7:
         58:75:26:92:fc:8e:c2:ab:5d:78:47:89:b0:23:e7:27:ac:b0:
         8b:a3:56:95:12:c4:6a:7c:00:51:23:11:68:8e:96:af:52:49:
         aa:b7:e0:58:d5:fb:58:2f:f4:b3:56:72:37:d1:f0:dd:ca:00:
         7f:5b:3d:07:44:ea:67:e5:de:ad:da:f9:4b:62:fe:24:53:91:
         45:3f:db:55:d1:31:d2:bd:1f:cb:c0:2f:c3:03:d1:36:2b:56:
         8f:a9:85:7d:86:21:1a:f4:ea:57:a0:93:ea:7e:3a:bc:07:4a:
         66:d8:52:b4:fe:d4:6f:0b:ca:bc:58:25:be:07:55:b4:b7:93:
         5e:96:bf:00:5f:dc:ac:2f:c5:26:b9:e3:e7:99:27:9f:a6:0d:
         4f:a7:e3:f1:80:33:13:cf:22:84:c4:00:6f:1d:14:30:a5:87:
         81:c3:92:bd:1d:c5:5e:cd:6f:94:c1:8e:46:43:c7:66:41:cb:
         28:0c:b8:4d:fe:37:3d:04:6c:fb:d7:db:5d:f0:08:f8:88:8b:
         8b:c3:56:79
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ3qKySaUVlclUy8eGK6ltMzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZGE1YmFhMDU4YzQwOTU2NWZmMmFjODc2YTIyZWU2Mzc3
YjUwM2IwHhcNMjYwNTAyMTkyOTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGY1NDBiMmRmMmI3MDFmZDMwODA5OTQyYTQ3NTc0NWRlMTI1OWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxHupXDkJc7xtRY3Zc7sNuvNdTrYs
IEOZzV9bysOG5kzODMOpEPGX75sfq+QeHw5tzxMAc6qPhr8Vxhv0L5C2/Pi4M1sn
8jlbkF5p+OsYFLCleNKLzRDEKsolUCDZnt3016QNNeDlBDm8C9v1Te0I67TE0txd
kZK8J7X4DkFCqtPFJrBaHA4kUcvSpl29CKnKaf9+U7bFGUCbQtrY5ioXW9W+1qiv
pARVU10VGN5f8xex+PMDYRawFGNoNDq6fcswjqmRQccwl9rw+Sg8BiY0npNqYwDo
blZehEWjPYAqnUGcP3nGZzkuwGijGfhJb6VfxIiM+KFf1YdCo+EaURj4HwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFL31QLLfK3Af0wgJlCpHV0XeEln8MB8GA1UdIwQY
MBaAFDraW6oFjECVZf8qyHaiLuY3e1A7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3RwYnFnV01RSlZsX3lySWRxSXU1amQ3VURzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9lNjYzZGQtM2Y4Zi00ZWFkLWI0Yzkt
OWMxYjJhZDU1OWFiLzEvdmZWQXN0OHJjQl9UQ0FtVUtrZFhSZDRTV2Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9lNjYzZGQtM2Y4Zi00ZWFkLWI0YzktOWMxYjJhZDU1OWFi
LzEvT3RwYnFnV01RSlZsX3lySWRxSXU1amQ3VURzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgAcIDAN
BgkqhkiG9w0BAQsFAAOCAQEAlovGP7IMQXXivjqU9xY6t5MgD3BjHvL3oMBVElPj
9VT6i12DIOEPIG/uH0p+b0qrzJoxbjrnWHUmkvyOwqtdeEeJsCPnJ6ywi6NWlRLE
anwAUSMRaI6Wr1JJqrfgWNX7WC/0s1ZyN9Hw3coAf1s9B0TqZ+Xerdr5S2L+JFOR
RT/bVdEx0r0fy8AvwwPRNitWj6mFfYYhGvTqV6CT6n46vAdKZthStP7UbwvKvFgl
vgdVtLeTXpa/AF/crC/FJrnj55knn6YNT6fj8YAzE88ihMQAbx0UMKWHgcOSvR3F
Xs1vlMGORkPHZkHLKAy4Tf43PQRs+9fbXfAI+IiLi8NWeQ==
-----END CERTIFICATE-----