Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/16153d-fe58-4625-ba6e-092b9fb6a541/1/PZMuJ8QpgBXhv1xbGqZzJ29BgDQ.roa
File:                     PZMuJ8QpgBXhv1xbGqZzJ29BgDQ.roa (raw, json)
Hash identifier:          jrIRAMtDwbYUDnGzpj0BHU287oxSgfwbWoyH7EMZ7jI=
Subject key identifier:   3D:93:2E:27:C4:29:80:15:E1:BF:5C:5B:1A:A6:73:27:6F:41:80:34
Certificate issuer:       /CN=6f51a50a17c41e19041c3fb10b0a839227a5c905
Certificate serial:       019D1FFBF8D5ACC3DCE2AA4728B17FC7B7AD
Authority key identifier: 6F:51:A5:0A:17:C4:1E:19:04:1C:3F:B1:0B:0A:83:92:27:A5:C9:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b1GlChfEHhkEHD-xCwqDkielyQU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/16153d-fe58-4625-ba6e-092b9fb6a541/1/PZMuJ8QpgBXhv1xbGqZzJ29BgDQ.roa
Signing time:             Tue 24 Mar 2026 13:15:00 +0000
ROA not before:           Tue 24 Mar 2026 13:15:00 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13189
IP address blocks:        2001:67c:132c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/16153d-fe58-4625-ba6e-092b9fb6a541/1/b1GlChfEHhkEHD-xCwqDkielyQU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/16153d-fe58-4625-ba6e-092b9fb6a541/1/b1GlChfEHhkEHD-xCwqDkielyQU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b1GlChfEHhkEHD-xCwqDkielyQU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1f:fb:f8:d5:ac:c3:dc:e2:aa:47:28:b1:7f:c7:b7:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f51a50a17c41e19041c3fb10b0a839227a5c905
        Validity
            Not Before: Mar 24 13:15:00 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3d932e27c4298015e1bf5c5b1aa673276f418034
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:fa:11:a1:f2:71:f4:24:e8:3c:4f:2c:d7:b7:
                    34:54:da:f2:42:63:b4:07:93:1e:a6:6b:2c:6b:1b:
                    fc:bc:cc:67:66:a9:33:a8:64:bc:08:aa:ae:77:55:
                    98:88:3b:f6:5c:9f:16:c6:fc:ea:4e:ea:69:0d:f1:
                    64:ea:95:dc:75:4d:c6:a5:b9:ff:e7:cf:b5:ee:8f:
                    e7:8c:f4:29:30:3f:e3:91:4d:06:73:7d:ef:fd:cd:
                    5b:34:ac:4f:6f:52:ff:84:8b:f4:e8:da:06:d3:cc:
                    9f:ea:97:6f:6c:0d:f1:37:77:cd:78:a5:fe:c7:d6:
                    a5:1a:d9:a9:71:70:a0:ee:5c:46:de:c6:8b:b9:b4:
                    9c:f7:1c:28:a6:9f:8b:27:28:df:65:a0:13:57:e9:
                    99:e0:89:ab:7e:5a:21:3c:7b:87:69:ad:c1:fa:7f:
                    73:4c:34:33:c5:81:ae:aa:98:a7:bf:f2:03:92:93:
                    11:cd:62:8c:5d:bc:c4:db:3d:02:80:ae:6f:fa:01:
                    dd:39:d9:45:e2:cc:b7:22:20:1e:f9:c7:a7:4b:82:
                    64:57:72:f0:3a:f9:5b:aa:b6:72:f9:c5:e4:e3:7b:
                    06:35:60:2c:4e:31:d8:33:7a:e7:74:7d:a3:82:de:
                    18:9f:b3:c9:40:a9:81:91:4f:35:68:5c:53:e0:4b:
                    d8:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:93:2E:27:C4:29:80:15:E1:BF:5C:5B:1A:A6:73:27:6F:41:80:34
            X509v3 Authority Key Identifier:
                keyid:6F:51:A5:0A:17:C4:1E:19:04:1C:3F:B1:0B:0A:83:92:27:A5:C9:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1GlChfEHhkEHD-xCwqDkielyQU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/16153d-fe58-4625-ba6e-092b9fb6a541/1/PZMuJ8QpgBXhv1xbGqZzJ29BgDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/16153d-fe58-4625-ba6e-092b9fb6a541/1/b1GlChfEHhkEHD-xCwqDkielyQU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:132c::/48

    Signature Algorithm: sha256WithRSAEncryption
         5f:ae:0d:a0:3d:ef:23:6d:8a:7b:fe:e7:e6:e4:f3:fb:28:ff:
         3e:71:b0:20:06:41:6e:43:b5:36:65:57:c9:01:c9:69:5e:dd:
         04:9a:31:f2:8b:2d:59:02:39:2c:a3:fa:9e:f3:c5:e2:fd:21:
         e0:88:a0:37:4d:f5:67:c9:cb:fd:00:73:b9:01:38:f3:e8:97:
         6a:f6:1a:29:c6:82:ad:e9:bf:c1:bb:30:45:81:91:c1:26:fb:
         f5:36:23:92:c9:bd:8e:0b:f5:10:31:0f:fc:2d:85:9c:35:39:
         0a:44:8d:c6:6d:4d:80:c0:29:d7:08:8a:56:6f:87:5d:88:e9:
         86:ee:e2:73:5b:61:20:c5:ed:0a:59:67:fc:2e:ee:19:58:db:
         3b:62:fc:9e:97:a0:43:8c:dd:f6:23:dd:3d:78:16:8e:a6:6a:
         f9:ec:50:4a:2a:f1:a1:f5:fb:9b:e8:93:c8:fa:c5:28:72:5b:
         17:7a:0a:79:f3:87:3c:2a:de:76:12:bb:48:e9:33:01:61:59:
         7d:42:44:f0:85:50:6a:64:1f:8e:07:f2:12:1d:4e:b2:f5:79:
         b8:74:22:09:be:8f:a0:65:ae:f0:22:54:24:8d:90:25:f3:76:
         b1:32:08:b9:17:bd:36:1e:dc:e9:3f:13:7c:6a:94:ea:b1:c6:
         cf:6a:e9:ba
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ0f+/jVrMPc4qpHKLF/x7etMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNTFhNTBhMTdjNDFlMTkwNDFjM2ZiMTBiMGE4MzkyMjdh
NWM5MDUwHhcNMjYwMzI0MTMxNTAwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDkzMmUyN2M0Mjk4MDE1ZTFiZjVjNWIxYWE2NzMyNzZmNDE4MDM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw/oRofJx9CToPE8s17c0VNryQmO0
B5Mepmssaxv8vMxnZqkzqGS8CKqud1WYiDv2XJ8WxvzqTuppDfFk6pXcdU3Gpbn/
58+17o/njPQpMD/jkU0Gc33v/c1bNKxPb1L/hIv06NoG08yf6pdvbA3xN3fNeKX+
x9alGtmpcXCg7lxG3saLubSc9xwopp+LJyjfZaATV+mZ4ImrflohPHuHaa3B+n9z
TDQzxYGuqpinv/IDkpMRzWKMXbzE2z0CgK5v+gHdOdlF4sy3IiAe+cenS4JkV3Lw
OvlbqrZy+cXk43sGNWAsTjHYM3rndH2jgt4Yn7PJQKmBkU81aFxT4EvYsQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD2TLifEKYAV4b9cWxqmcydvQYA0MB8GA1UdIwQY
MBaAFG9RpQoXxB4ZBBw/sQsKg5InpckFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjFHbENoZkVIaGtFSEQteEN3cURraWVseVFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi8xNjE1M2QtZmU1OC00NjI1LWJhNmUt
MDkyYjlmYjZhNTQxLzEvUFpNdUo4UXBnQlhodjF4YkdxWnpKMjlCZ0RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi8xNjE1M2QtZmU1OC00NjI1LWJhNmUtMDkyYjlmYjZhNTQx
LzEvYjFHbENoZkVIaGtFSEQteEN3cURraWVseVFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBMs
MA0GCSqGSIb3DQEBCwUAA4IBAQBfrg2gPe8jbYp7/ufm5PP7KP8+cbAgBkFuQ7U2
ZVfJAclpXt0EmjHyiy1ZAjkso/qe88Xi/SHgiKA3TfVnycv9AHO5ATjz6Jdq9hop
xoKt6b/BuzBFgZHBJvv1NiOSyb2OC/UQMQ/8LYWcNTkKRI3GbU2AwCnXCIpWb4dd
iOmG7uJzW2Egxe0KWWf8Lu4ZWNs7Yvyel6BDjN32I909eBaOpmr57FBKKvGh9fub
6JPI+sUoclsXegp584c8Kt52ErtI6TMBYVl9QkTwhVBqZB+OB/ISHU6y9Xm4dCIJ
vo+gZa7wIlQkjZAl83axMgi5F702HtzpPxN8apTqscbPaum6
-----END CERTIFICATE-----