Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/ax0rIEwmCkaWsbQzuKsVtZ1akYA.roa
File:                     ax0rIEwmCkaWsbQzuKsVtZ1akYA.roa (raw, json)
Hash identifier:          JZiYsaGyAlILplr43owk1tRlRSwGab7TOJU5FDuhKa0=
Subject key identifier:   6B:1D:2B:20:4C:26:0A:46:96:B1:B4:33:B8:AB:15:B5:9D:5A:91:80
Certificate issuer:       /CN=5659b0ba8407be11cfc911bd31ed140cd1c6046c
Certificate serial:       019DFF752E5C1EA3FF1AFA631F625DDE87FC
Authority key identifier: 56:59:B0:BA:84:07:BE:11:CF:C9:11:BD:31:ED:14:0C:D1:C6:04:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VlmwuoQHvhHPyRG9Me0UDNHGBGw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/ax0rIEwmCkaWsbQzuKsVtZ1akYA.roa
Signing time:             Wed 06 May 2026 22:42:42 +0000
ROA not before:           Wed 06 May 2026 22:42:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197871
IP address blocks:        2a10:fa80::/48 maxlen: 48
                          2a10:fa80:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/VlmwuoQHvhHPyRG9Me0UDNHGBGw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/VlmwuoQHvhHPyRG9Me0UDNHGBGw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VlmwuoQHvhHPyRG9Me0UDNHGBGw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ff:75:2e:5c:1e:a3:ff:1a:fa:63:1f:62:5d:de:87:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5659b0ba8407be11cfc911bd31ed140cd1c6046c
        Validity
            Not Before: May  6 22:42:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6b1d2b204c260a4696b1b433b8ab15b59d5a9180
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ae:c6:d3:39:99:1e:f4:f6:3e:41:5d:fc:08:
                    b9:11:ed:3f:39:46:72:71:77:ff:17:1c:3f:e2:ce:
                    9f:c1:a0:7d:77:e3:46:f6:dd:c4:f7:88:0d:c6:07:
                    e2:3f:4a:7f:66:14:2f:26:ed:72:af:ef:68:ec:25:
                    ac:b7:69:46:fc:33:1f:c7:47:40:8c:f8:5b:a4:e5:
                    17:30:67:55:57:ac:a9:89:1a:34:f7:eb:f0:9d:31:
                    e7:26:da:a1:98:59:82:fa:64:21:54:ab:bd:4d:a9:
                    0c:2d:fb:e1:09:88:51:8f:40:a0:1d:56:88:7b:7a:
                    5b:0d:8c:47:fb:af:c3:ca:d1:9a:2b:cd:79:f4:26:
                    5a:97:4a:f9:8c:38:1a:44:5b:b3:cd:ea:b5:2f:1c:
                    05:7d:e5:1a:4f:85:f0:c2:d1:0a:8d:a4:51:4b:5b:
                    47:b1:22:8c:72:81:64:fe:95:69:c4:93:48:9f:33:
                    04:1c:de:59:90:76:c2:fc:27:d8:50:b6:b1:63:f5:
                    01:d7:8c:10:08:87:72:3d:78:33:0a:4a:f2:d7:99:
                    e7:08:80:bd:4e:83:56:e2:0d:01:ac:99:0b:21:2b:
                    ab:10:48:dd:35:0c:d8:81:ba:39:fd:79:c0:4f:cf:
                    80:15:bd:24:b8:8a:25:2d:44:63:97:e7:a8:cf:dd:
                    e1:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:1D:2B:20:4C:26:0A:46:96:B1:B4:33:B8:AB:15:B5:9D:5A:91:80
            X509v3 Authority Key Identifier:
                keyid:56:59:B0:BA:84:07:BE:11:CF:C9:11:BD:31:ED:14:0C:D1:C6:04:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VlmwuoQHvhHPyRG9Me0UDNHGBGw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/ax0rIEwmCkaWsbQzuKsVtZ1akYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/VlmwuoQHvhHPyRG9Me0UDNHGBGw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:fa80::/47

    Signature Algorithm: sha256WithRSAEncryption
         31:73:7c:71:e8:1e:a4:32:4d:e1:0d:1f:c2:c4:90:f8:b8:13:
         e2:d0:81:6e:3e:79:6f:f9:e7:a4:17:1c:35:ea:1c:f6:bd:51:
         eb:50:e2:fe:60:92:4a:5c:17:5e:5d:7b:ed:09:3a:2e:ea:7a:
         b4:b1:4d:65:72:f9:da:65:c7:9d:73:86:16:ed:53:c4:9a:15:
         27:fb:95:77:60:1a:ba:e0:b2:ba:d4:43:a0:aa:f7:d2:ed:6c:
         02:1f:78:77:64:8a:ac:a1:53:76:6b:f6:b9:fd:73:8e:4e:ed:
         15:bc:01:a2:24:8c:37:80:f6:a0:87:7d:d3:b4:b8:89:1f:d6:
         bc:ee:b9:cc:01:37:ba:5e:bc:13:86:e3:1a:e5:73:33:4c:f6:
         63:62:93:37:a7:fc:6e:19:b3:77:1f:80:2c:0a:84:51:b9:c0:
         a5:10:63:17:07:92:c1:47:3a:be:a0:e8:83:14:ed:14:ca:0a:
         47:61:f6:4e:8d:d6:4a:19:d8:41:b2:09:0f:bc:94:3c:e8:d1:
         83:a8:1c:f5:1e:e1:73:93:51:53:7c:8e:14:ee:47:e5:47:36:
         bc:39:e2:8b:5a:37:01:12:ca:ad:72:a9:50:ee:a6:36:ae:79:
         5e:de:89:de:42:eb:6e:a5:35:6a:91:8c:23:21:47:6d:cb:ec:
         e7:e9:14:82
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ3/dS5cHqP/GvpjH2Jd3of8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2NTliMGJhODQwN2JlMTFjZmM5MTFiZDMxZWQxNDBjZDFj
NjA0NmMwHhcNMjYwNTA2MjI0MjQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjFkMmIyMDRjMjYwYTQ2OTZiMWI0MzNiOGFiMTViNTlkNWE5MTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqK7G0zmZHvT2PkFd/Ai5Ee0/OUZy
cXf/Fxw/4s6fwaB9d+NG9t3E94gNxgfiP0p/ZhQvJu1yr+9o7CWst2lG/DMfx0dA
jPhbpOUXMGdVV6ypiRo09+vwnTHnJtqhmFmC+mQhVKu9TakMLfvhCYhRj0CgHVaI
e3pbDYxH+6/DytGaK8159CZal0r5jDgaRFuzzeq1LxwFfeUaT4XwwtEKjaRRS1tH
sSKMcoFk/pVpxJNInzMEHN5ZkHbC/CfYULaxY/UB14wQCIdyPXgzCkry15nnCIC9
ToNW4g0BrJkLISurEEjdNQzYgbo5/XnAT8+AFb0kuIolLURjl+eoz93hHwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGsdKyBMJgpGlrG0M7irFbWdWpGAMB8GA1UdIwQY
MBaAFFZZsLqEB74Rz8kRvTHtFAzRxgRsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmxtd3VvUUh2aEhQeVJHOU1lMFVETkhHQkd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9kZDhlMzEtMDBiNS00MjEyLTllMDEt
MjM5NGM2NjAwMDIyLzEvYXgwcklFd21Da2FXc2JRenVLc1Z0WjFha1lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9kZDhlMzEtMDBiNS00MjEyLTllMDEtMjM5NGM2NjAwMDIy
LzEvVmxtd3VvUUh2aEhQeVJHOU1lMFVETkhHQkd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKhD6gAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAxc3xx6B6kMk3hDR/CxJD4uBPi0IFuPnlv+eek
Fxw16hz2vVHrUOL+YJJKXBdeXXvtCTou6nq0sU1lcvnaZcedc4YW7VPEmhUn+5V3
YBq64LK61EOgqvfS7WwCH3h3ZIqsoVN2a/a5/XOOTu0VvAGiJIw3gPagh33TtLiJ
H9a87rnMATe6XrwThuMa5XMzTPZjYpM3p/xuGbN3H4AsCoRRucClEGMXB5LBRzq+
oOiDFO0UygpHYfZOjdZKGdhBsgkPvJQ86NGDqBz1HuFzk1FTfI4U7kflRza8OeKL
WjcBEsqtcqlQ7qY2rnle3oneQutupTVqkYwjIUdty+zn6RSC
-----END CERTIFICATE-----