Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/a8f742-ab9b-4b29-8ad4-6e912db02f5d/1/kSpQdj4pHKFVSlXJ4ce8DARPvac.roa
File:                     kSpQdj4pHKFVSlXJ4ce8DARPvac.roa (raw, json)
Hash identifier:          kZtsdvWcO2A1I+qg+DhaJ9CEvwXS8FB59+ItpXgZAT0=
Subject key identifier:   91:2A:50:76:3E:29:1C:A1:55:4A:55:C9:E1:C7:BC:0C:04:4F:BD:A7
Certificate issuer:       /CN=f3fb2efb4ec1e9b6f6c6d0ba260747a9c3e0adca
Certificate serial:       019CBE482C69EBB51ED43EAC01E428E30BEA
Authority key identifier: F3:FB:2E:FB:4E:C1:E9:B6:F6:C6:D0:BA:26:07:47:A9:C3:E0:AD:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8_su-07B6bb2xtC6JgdHqcPgrco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/a8f742-ab9b-4b29-8ad4-6e912db02f5d/1/kSpQdj4pHKFVSlXJ4ce8DARPvac.roa
Signing time:             Thu 05 Mar 2026 13:55:26 +0000
ROA not before:           Thu 05 Mar 2026 13:55:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210852
IP address blocks:        2001:678:5dc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/a8f742-ab9b-4b29-8ad4-6e912db02f5d/1/8_su-07B6bb2xtC6JgdHqcPgrco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/a8f742-ab9b-4b29-8ad4-6e912db02f5d/1/8_su-07B6bb2xtC6JgdHqcPgrco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8_su-07B6bb2xtC6JgdHqcPgrco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 13:01:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:be:48:2c:69:eb:b5:1e:d4:3e:ac:01:e4:28:e3:0b:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3fb2efb4ec1e9b6f6c6d0ba260747a9c3e0adca
        Validity
            Not Before: Mar  5 13:55:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=912a50763e291ca1554a55c9e1c7bc0c044fbda7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:32:62:29:79:f9:c2:76:ab:0e:72:45:3d:77:
                    59:c0:bf:e6:e6:9b:2c:91:30:52:ca:57:0d:2a:07:
                    f1:5a:2e:aa:14:d1:7d:19:e0:cd:7b:61:aa:52:45:
                    81:b6:4c:ea:99:44:9a:93:59:53:25:07:e6:19:06:
                    ba:71:ae:67:ca:63:7f:ad:b4:3c:31:e7:e5:5d:6e:
                    82:02:39:57:a4:31:e5:a3:0b:5b:b4:85:b3:61:c0:
                    f5:8c:aa:7e:b9:d4:35:d0:a1:9c:e2:c3:25:9a:e0:
                    bc:15:5f:e2:22:09:24:8d:0d:9b:22:12:69:c3:b5:
                    a9:53:01:97:99:96:ec:fe:d8:1b:4c:bb:fe:a3:99:
                    a6:d6:ee:4d:ad:89:76:9a:c0:a1:86:2f:5c:0f:2f:
                    43:8e:c9:ce:44:43:d9:1e:ba:ea:e6:f2:02:c5:73:
                    b9:a3:f1:f5:41:04:8a:5a:43:ea:c7:7d:16:ff:bc:
                    f0:80:af:32:44:c5:89:10:c2:73:1b:9c:c5:56:da:
                    6e:52:fc:9b:dc:cc:3b:21:56:34:2f:68:2e:7f:88:
                    f0:a8:26:f7:77:86:04:44:0c:37:8c:25:2d:f2:36:
                    e9:45:14:de:16:0a:ad:9c:61:e7:43:91:55:4d:6a:
                    fc:b4:82:ee:ca:8c:b2:df:04:88:ab:2b:7d:b9:8b:
                    d4:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:2A:50:76:3E:29:1C:A1:55:4A:55:C9:E1:C7:BC:0C:04:4F:BD:A7
            X509v3 Authority Key Identifier:
                keyid:F3:FB:2E:FB:4E:C1:E9:B6:F6:C6:D0:BA:26:07:47:A9:C3:E0:AD:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8_su-07B6bb2xtC6JgdHqcPgrco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/a8f742-ab9b-4b29-8ad4-6e912db02f5d/1/kSpQdj4pHKFVSlXJ4ce8DARPvac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/a8f742-ab9b-4b29-8ad4-6e912db02f5d/1/8_su-07B6bb2xtC6JgdHqcPgrco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:5dc::/48

    Signature Algorithm: sha256WithRSAEncryption
         87:d2:73:82:a5:66:66:36:b7:79:82:6c:b3:d1:bb:70:be:ca:
         7f:10:89:14:d8:37:9a:d3:61:8b:25:4d:92:0f:8e:3d:15:46:
         fb:81:66:39:3a:95:06:52:16:07:45:aa:2d:2c:b3:a4:cf:92:
         7f:da:b1:95:f8:d4:b8:14:44:ba:bb:47:12:7b:1e:62:6b:46:
         a6:7f:bc:f6:2b:71:92:5c:dc:be:fb:2b:32:cc:55:38:83:b5:
         ed:ce:85:89:d6:64:0b:c5:00:bd:10:50:10:73:24:df:82:5f:
         87:c7:3c:a7:01:80:e1:55:5b:64:91:4e:cf:07:a4:fe:25:77:
         ee:eb:d7:7a:79:24:dd:99:33:7e:4a:ce:2a:9d:3f:75:cd:fc:
         66:ed:82:09:d8:1f:21:dc:c6:14:2b:7f:94:db:eb:6d:a6:ad:
         35:41:37:ea:d7:85:3b:95:63:06:00:6e:5e:34:c6:25:76:99:
         8c:3e:0e:1b:68:32:ec:3e:37:cd:12:ef:a8:24:d8:93:b5:48:
         8d:bf:6e:1a:4f:7c:93:77:aa:af:74:ab:5c:12:ed:ef:2d:c8:
         e2:b5:e7:eb:9e:5a:e8:09:65:58:a4:03:c1:61:3b:ca:c4:a0:
         2a:61:eb:d3:b6:5e:f6:72:e5:79:65:29:25:41:82:99:ee:29:
         40:07:a7:c1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZy+SCxp67Ue1D6sAeQo4wvqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzZmIyZWZiNGVjMWU5YjZmNmM2ZDBiYTI2MDc0N2E5YzNl
MGFkY2EwHhcNMjYwMzA1MTM1NTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTJhNTA3NjNlMjkxY2ExNTU0YTU1YzllMWM3YmMwYzA0NGZiZGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTJiKXn5wnarDnJFPXdZwL/m5pss
kTBSylcNKgfxWi6qFNF9GeDNe2GqUkWBtkzqmUSak1lTJQfmGQa6ca5nymN/rbQ8
MeflXW6CAjlXpDHlowtbtIWzYcD1jKp+udQ10KGc4sMlmuC8FV/iIgkkjQ2bIhJp
w7WpUwGXmZbs/tgbTLv+o5mm1u5NrYl2msChhi9cDy9DjsnOREPZHrrq5vICxXO5
o/H1QQSKWkPqx30W/7zwgK8yRMWJEMJzG5zFVtpuUvyb3Mw7IVY0L2guf4jwqCb3
d4YERAw3jCUt8jbpRRTeFgqtnGHnQ5FVTWr8tILuyoyy3wSIqyt9uYvUkwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJEqUHY+KRyhVUpVyeHHvAwET72nMB8GA1UdIwQY
MBaAFPP7LvtOwem29sbQuiYHR6nD4K3KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOF9zdS0wN0I2YmIyeHRDNkpnZEhxY1BncmNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy9hOGY3NDItYWI5Yi00YjI5LThhZDQt
NmU5MTJkYjAyZjVkLzEva1NwUWRqNHBIS0ZWU2xYSjRjZThEQVJQdmFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy9hOGY3NDItYWI5Yi00YjI5LThhZDQtNmU5MTJkYjAyZjVk
LzEvOF9zdS0wN0I2YmIyeHRDNkpnZEhxY1BncmNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAXc
MA0GCSqGSIb3DQEBCwUAA4IBAQCH0nOCpWZmNrd5gmyz0btwvsp/EIkU2Dea02GL
JU2SD449FUb7gWY5OpUGUhYHRaotLLOkz5J/2rGV+NS4FES6u0cSex5ia0amf7z2
K3GSXNy++ysyzFU4g7XtzoWJ1mQLxQC9EFAQcyTfgl+HxzynAYDhVVtkkU7PB6T+
JXfu69d6eSTdmTN+Ss4qnT91zfxm7YIJ2B8h3MYUK3+U2+ttpq01QTfq14U7lWMG
AG5eNMYldpmMPg4baDLsPjfNEu+oJNiTtUiNv24aT3yTd6qvdKtcEu3vLcjitefr
nlroCWVYpAPBYTvKxKAqYevTtl72cuV5ZSklQYKZ7ilAB6fB
-----END CERTIFICATE-----