Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/TzsKtY4yH3hMHXGVr2mEO5e2XX0.roa
File:                     TzsKtY4yH3hMHXGVr2mEO5e2XX0.roa (raw, json)
Hash identifier:          QQL+sebNXE8j2Sq08pOlk1vwab5QNpo78/csMt17vj8=
Subject key identifier:   4F:3B:0A:B5:8E:32:1F:78:4C:1D:71:95:AF:69:84:3B:97:B6:5D:7D
Certificate issuer:       /CN=137e5707444a16c68e1a1c52ac4909d0bdca62ae
Certificate serial:       019DF210A13227106F795914AD3262E3DE59
Authority key identifier: 13:7E:57:07:44:4A:16:C6:8E:1A:1C:52:AC:49:09:D0:BD:CA:62:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/TzsKtY4yH3hMHXGVr2mEO5e2XX0.roa
Signing time:             Mon 04 May 2026 08:17:49 +0000
ROA not before:           Mon 04 May 2026 08:17:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204921
IP address blocks:        2a12:cb41:800::/39 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f2:10:a1:32:27:10:6f:79:59:14:ad:32:62:e3:de:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=137e5707444a16c68e1a1c52ac4909d0bdca62ae
        Validity
            Not Before: May  4 08:17:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4f3b0ab58e321f784c1d7195af69843b97b65d7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:9d:67:26:59:aa:a6:bc:42:1e:25:a7:0f:dd:
                    6d:b4:81:4f:6f:5e:3a:39:b8:7a:67:91:9c:7a:dd:
                    ef:a6:02:92:fa:34:e5:7d:06:b5:47:03:41:2d:06:
                    ef:cf:c3:50:9b:5c:90:b4:4b:c3:5b:44:bf:c0:b9:
                    18:d8:c1:c4:de:7d:94:ea:22:e1:9f:15:b2:be:59:
                    ff:98:ac:e5:89:52:51:fa:58:d6:fe:81:74:9d:63:
                    69:2f:32:d4:b5:96:8c:c1:3c:c8:b5:eb:ea:ca:d6:
                    5b:3f:39:3a:c3:36:3f:8e:63:22:2f:03:74:ba:b3:
                    be:be:57:87:ed:1c:de:2d:aa:53:af:c4:82:cf:02:
                    91:10:5d:8f:04:ba:e9:b2:f9:19:0d:ea:15:31:d9:
                    f3:f6:d0:e8:2e:e7:85:dc:16:5c:d2:7d:5d:aa:0c:
                    b8:53:75:84:14:03:79:04:1c:7a:5d:4d:bf:90:87:
                    33:3f:0a:8e:ab:e6:89:2e:96:14:d7:7f:19:9b:a2:
                    ac:5a:1b:0e:9b:7e:70:b7:d9:4b:27:f8:db:96:80:
                    ac:9c:21:e4:a9:34:6d:f0:be:77:82:01:4f:46:21:
                    70:2c:eb:5a:14:c0:6f:75:60:7d:b0:b8:0a:92:48:
                    cb:f1:9f:05:76:5e:eb:a4:50:5d:e7:0e:24:3c:73:
                    f9:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:3B:0A:B5:8E:32:1F:78:4C:1D:71:95:AF:69:84:3B:97:B6:5D:7D
            X509v3 Authority Key Identifier:
                keyid:13:7E:57:07:44:4A:16:C6:8E:1A:1C:52:AC:49:09:D0:BD:CA:62:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/TzsKtY4yH3hMHXGVr2mEO5e2XX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:cb41:800::/39

    Signature Algorithm: sha256WithRSAEncryption
         88:84:b7:b9:15:01:30:8a:1f:0e:a8:44:16:f0:49:18:a3:86:
         68:e8:72:66:25:9d:ab:7d:c0:3a:49:87:15:8f:f7:3a:4a:1f:
         4a:e1:f0:ff:9a:af:85:6a:26:e9:df:44:ef:cd:9e:8c:55:87:
         5e:f0:17:68:b7:5d:79:9f:55:6a:c5:56:94:15:0f:37:be:e4:
         e7:26:ba:e9:63:84:8c:d8:62:59:54:58:2f:be:ac:3b:84:b6:
         29:f5:60:a2:dc:f0:90:02:e6:d4:d6:54:83:87:7c:22:65:77:
         c4:9c:76:b4:4f:ce:f9:3a:49:bf:d5:5e:2d:2b:1f:1e:22:7c:
         a2:ae:43:71:89:7e:e7:ed:fa:c5:a9:c2:61:af:84:c6:09:d7:
         ac:39:cf:59:3a:1a:11:06:74:7d:b3:45:b2:c4:38:21:f9:02:
         80:60:8e:7d:43:e9:a5:96:ed:60:3d:24:b8:4d:b9:31:a9:0b:
         f1:83:93:7c:f8:f6:4f:8a:0c:56:f9:7d:8a:68:c0:eb:6c:dd:
         c4:5e:8a:12:60:ea:66:96:9a:f4:0f:96:6d:53:02:de:a7:bd:
         60:9a:e1:da:3c:4a:cf:a7:42:c3:25:7b:0f:05:21:8e:0f:f1:
         53:77:d4:a9:4b:b3:95:e6:73:8e:6b:58:c0:25:d3:10:12:2c:
         48:e8:9b:10
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZ3yEKEyJxBveVkUrTJi495ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzN2U1NzA3NDQ0YTE2YzY4ZTFhMWM1MmFjNDkwOWQwYmRj
YTYyYWUwHhcNMjYwNTA0MDgxNzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjNiMGFiNThlMzIxZjc4NGMxZDcxOTVhZjY5ODQzYjk3YjY1ZDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZ1nJlmqprxCHiWnD91ttIFPb146
Obh6Z5Gcet3vpgKS+jTlfQa1RwNBLQbvz8NQm1yQtEvDW0S/wLkY2MHE3n2U6iLh
nxWyvln/mKzliVJR+ljW/oF0nWNpLzLUtZaMwTzItevqytZbPzk6wzY/jmMiLwN0
urO+vleH7RzeLapTr8SCzwKREF2PBLrpsvkZDeoVMdnz9tDoLueF3BZc0n1dqgy4
U3WEFAN5BBx6XU2/kIczPwqOq+aJLpYU138Zm6KsWhsOm35wt9lLJ/jbloCsnCHk
qTRt8L53ggFPRiFwLOtaFMBvdWB9sLgKkkjL8Z8Fdl7rpFBd5w4kPHP59wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFE87CrWOMh94TB1xla9phDuXtl19MB8GA1UdIwQY
MBaAFBN+VwdEShbGjhocUqxJCdC9ymKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTM1WEIwUktGc2FPR2h4U3JFa0owTDNLWXE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi82ZWFlYWUtZjQ1Yy00MzU1LTkzMmYt
YzBkMjA3YzAyZDI3LzEvVHpzS3RZNHlIM2hNSFhHVnIybUVPNWUyWFgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi82ZWFlYWUtZjQ1Yy00MzU1LTkzMmYtYzBkMjA3YzAyZDI3
LzEvRTM1WEIwUktGc2FPR2h4U3JFa0owTDNLWXE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYBKhLLQQgw
DQYJKoZIhvcNAQELBQADggEBAIiEt7kVATCKHw6oRBbwSRijhmjocmYlnat9wDpJ
hxWP9zpKH0rh8P+ar4VqJunfRO/NnoxVh17wF2i3XXmfVWrFVpQVDze+5Ocmuulj
hIzYYllUWC++rDuEtin1YKLc8JAC5tTWVIOHfCJld8ScdrRPzvk6Sb/VXi0rHx4i
fKKuQ3GJfuft+sWpwmGvhMYJ16w5z1k6GhEGdH2zRbLEOCH5AoBgjn1D6aWW7WA9
JLhNuTGpC/GDk3z49k+KDFb5fYpowOts3cReihJg6maWmvQPlm1TAt6nvWCa4do8
Ss+nQsMlew8FIY4P8VN31KlLs5Xmc45rWMAl0xASLEjomxA=
-----END CERTIFICATE-----