Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/HCkvzdcpIYzytKZqZIZpzBzXxN4.roa
File:                     HCkvzdcpIYzytKZqZIZpzBzXxN4.roa (raw, json)
Hash identifier:          cvwjAl+X65gJhTX/xhQ7zooxN6QAYzDT7NZO/MuLk8g=
Subject key identifier:   1C:29:2F:CD:D7:29:21:8C:F2:B4:A6:6A:64:86:69:CC:1C:D7:C4:DE
Certificate issuer:       /CN=aca77c708af0ba1f81549c9f87089559390167a5
Certificate serial:       019DE408198B1E4F5CB8F54325742E3FE1DF
Authority key identifier: AC:A7:7C:70:8A:F0:BA:1F:81:54:9C:9F:87:08:95:59:39:01:67:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/HCkvzdcpIYzytKZqZIZpzBzXxN4.roa
Signing time:             Fri 01 May 2026 14:53:49 +0000
ROA not before:           Fri 01 May 2026 14:53:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6453
IP address blocks:        2001:4c68:201::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 05:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e4:08:19:8b:1e:4f:5c:b8:f5:43:25:74:2e:3f:e1:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aca77c708af0ba1f81549c9f87089559390167a5
        Validity
            Not Before: May  1 14:53:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1c292fcdd729218cf2b4a66a648669cc1cd7c4de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:19:c6:07:df:ac:30:cf:3a:c6:ee:ff:1c:77:
                    63:ef:c6:58:c0:5d:64:e6:5c:1e:93:be:71:98:a0:
                    0d:7d:f8:6b:e4:71:23:79:6e:c5:5a:0c:8f:82:5a:
                    bb:72:4e:85:bc:60:a4:c4:f6:0c:29:34:bb:a9:35:
                    09:30:0d:36:eb:4f:06:eb:83:74:61:e1:24:3b:ef:
                    46:08:8a:a2:d8:d0:bb:92:34:33:ef:84:c5:0c:02:
                    d9:32:9d:89:29:26:5f:32:27:79:fe:63:2f:31:c8:
                    23:9f:64:d7:44:ff:dc:26:3e:82:06:66:5b:08:49:
                    1d:98:17:f8:62:51:7e:33:43:50:64:1b:cc:d0:f4:
                    30:e9:72:12:f5:b4:a4:cb:7b:9b:f6:88:b4:cc:6d:
                    c5:e7:27:f4:f8:d2:30:47:3d:03:4d:41:17:89:25:
                    72:6a:2c:ba:c1:0d:f0:51:de:97:d2:78:a6:f3:ba:
                    e0:75:6d:63:80:ec:a7:f1:d3:13:f9:48:9d:e2:3a:
                    8b:61:92:43:7a:99:85:a4:79:1c:cb:1c:38:76:9d:
                    aa:5d:ef:7a:d0:aa:91:6a:cd:4d:3e:d8:26:14:aa:
                    af:61:9b:26:1e:fc:a1:14:dd:41:c3:fc:43:da:2d:
                    32:5f:22:c7:fe:3a:4e:03:38:01:9b:3e:aa:09:58:
                    4f:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:29:2F:CD:D7:29:21:8C:F2:B4:A6:6A:64:86:69:CC:1C:D7:C4:DE
            X509v3 Authority Key Identifier:
                keyid:AC:A7:7C:70:8A:F0:BA:1F:81:54:9C:9F:87:08:95:59:39:01:67:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/HCkvzdcpIYzytKZqZIZpzBzXxN4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:4c68:201::/48

    Signature Algorithm: sha256WithRSAEncryption
         03:4f:78:54:ed:fd:81:11:1b:95:54:b5:a7:34:9d:11:00:57:
         9b:cf:22:b3:1a:a5:7c:a9:69:bb:79:94:48:be:bc:f2:ca:48:
         68:f4:a2:65:82:1f:1b:02:9c:fa:b8:d2:53:4d:db:be:56:db:
         77:4f:17:36:4d:94:b9:d5:da:24:ab:21:78:0c:6e:eb:d6:65:
         b8:96:37:f8:68:1c:57:1e:3f:99:15:ac:00:18:38:2b:d0:6c:
         ac:b6:08:d9:c5:6c:8a:0f:43:c3:c9:8a:50:f3:da:f9:72:b3:
         6d:7b:ac:aa:7f:eb:96:2f:1c:80:bd:bb:1e:4c:b0:ee:c7:62:
         d9:a3:4c:69:33:75:76:99:70:50:6f:42:08:84:47:c0:46:35:
         a1:f5:eb:e3:be:b4:5b:9a:36:9f:33:55:bb:6c:69:cf:c8:0b:
         f9:d6:33:c5:2e:e2:fe:98:cb:a8:16:09:7e:64:f4:73:be:d9:
         56:ad:ac:71:ca:e9:6e:52:3e:99:8c:10:a5:e8:8e:25:09:54:
         11:1f:95:d5:b3:79:84:38:59:bf:9b:05:03:2b:83:57:d3:80:
         92:ec:00:58:43:27:b2:cb:f1:05:3a:ef:44:96:f7:68:0a:60:
         4c:f1:d4:c8:06:78:89:1e:d0:7f:9c:27:21:50:59:7b:e8:c4:
         d8:31:d4:da
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ3kCBmLHk9cuPVDJXQuP+HfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTc3YzcwOGFmMGJhMWY4MTU0OWM5Zjg3MDg5NTU5Mzkw
MTY3YTUwHhcNMjYwNTAxMTQ1MzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzI5MmZjZGQ3MjkyMThjZjJiNGE2NmE2NDg2NjljYzFjZDdjNGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApxnGB9+sMM86xu7/HHdj78ZYwF1k
5lwek75xmKANffhr5HEjeW7FWgyPglq7ck6FvGCkxPYMKTS7qTUJMA02608G64N0
YeEkO+9GCIqi2NC7kjQz74TFDALZMp2JKSZfMid5/mMvMcgjn2TXRP/cJj6CBmZb
CEkdmBf4YlF+M0NQZBvM0PQw6XIS9bSky3ub9oi0zG3F5yf0+NIwRz0DTUEXiSVy
aiy6wQ3wUd6X0nim87rgdW1jgOyn8dMT+Uid4jqLYZJDepmFpHkcyxw4dp2qXe96
0KqRas1NPtgmFKqvYZsmHvyhFN1Bw/xD2i0yXyLH/jpOAzgBmz6qCVhPjQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBwpL83XKSGM8rSmamSGacwc18TeMB8GA1UdIwQY
MBaAFKynfHCK8LofgVScn4cIlVk5AWelMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktkOGNJcnd1aC1CVkp5Zmh3aVZXVGtCWjZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS84ZmU3ZDgtMDE3Yi00MWFhLWE5MWYt
MjhiMTllM2ZkNGE2LzEvSENrdnpkY3BJWXp5dEtacVpJWnB6QnpYeE40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS84ZmU3ZDgtMDE3Yi00MWFhLWE5MWYtMjhiMTllM2ZkNGE2
LzEvcktkOGNJcnd1aC1CVkp5Zmh3aVZXVGtCWjZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAFMaAIB
MA0GCSqGSIb3DQEBCwUAA4IBAQADT3hU7f2BERuVVLWnNJ0RAFebzyKzGqV8qWm7
eZRIvrzyykho9KJlgh8bApz6uNJTTdu+Vtt3Txc2TZS51dokqyF4DG7r1mW4ljf4
aBxXHj+ZFawAGDgr0GystgjZxWyKD0PDyYpQ89r5crNte6yqf+uWLxyAvbseTLDu
x2LZo0xpM3V2mXBQb0IIhEfARjWh9evjvrRbmjafM1W7bGnPyAv51jPFLuL+mMuo
Fgl+ZPRzvtlWraxxyuluUj6ZjBCl6I4lCVQRH5XVs3mEOFm/mwUDK4NX04CS7ABY
Qyeyy/EFOu9ElvdoCmBM8dTIBniJHtB/nCchUFl76MTYMdTa
-----END CERTIFICATE-----