Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/003f70-0a88-4fab-b374-af6be905799d/1/Xco1tcKWr3OJsK2GRTGEy3uXjCI.roa
File:                     Xco1tcKWr3OJsK2GRTGEy3uXjCI.roa (raw, json)
Hash identifier:          MmiJmWSzx/Ap053j4ROh2ZTks4oLbkSzRhXee+eiqmg=
Subject key identifier:   5D:CA:35:B5:C2:96:AF:73:89:B0:AD:86:45:31:84:CB:7B:97:8C:22
Certificate issuer:       /CN=62c5fce77dde4e2ee4fd6535100529c2f444d79a
Certificate serial:       019EF5FFB0AD307EDA8F18F7D515006C6B68
Authority key identifier: 62:C5:FC:E7:7D:DE:4E:2E:E4:FD:65:35:10:05:29:C2:F4:44:D7:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YsX8533eTi7k_WU1EAUpwvRE15o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/003f70-0a88-4fab-b374-af6be905799d/1/Xco1tcKWr3OJsK2GRTGEy3uXjCI.roa
Signing time:             Tue 23 Jun 2026 19:40:35 +0000
ROA not before:           Tue 23 Jun 2026 19:40:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34452
IP address blocks:        2a09:e187::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/003f70-0a88-4fab-b374-af6be905799d/1/YsX8533eTi7k_WU1EAUpwvRE15o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/003f70-0a88-4fab-b374-af6be905799d/1/YsX8533eTi7k_WU1EAUpwvRE15o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YsX8533eTi7k_WU1EAUpwvRE15o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 25 Jun 2026 22:02:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:f5:ff:b0:ad:30:7e:da:8f:18:f7:d5:15:00:6c:6b:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62c5fce77dde4e2ee4fd6535100529c2f444d79a
        Validity
            Not Before: Jun 23 19:40:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5dca35b5c296af7389b0ad86453184cb7b978c22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:44:48:e3:b7:50:b7:e9:b8:94:b3:de:2b:26:
                    02:a7:ad:7b:8a:e1:a6:9a:31:00:e9:0f:1d:ba:59:
                    a0:aa:f4:03:d1:e1:50:50:88:af:bf:29:fc:90:d3:
                    95:42:4c:1f:7a:e9:81:6f:a3:db:b6:95:b9:71:32:
                    3c:23:1e:38:cf:32:0e:85:bd:55:4c:48:d5:04:82:
                    e8:4a:45:0e:c0:4f:a3:02:b4:33:7d:a8:f6:07:38:
                    87:7a:13:4b:1d:c5:50:b7:67:37:2a:54:ea:ca:fc:
                    d3:75:88:6b:9f:6e:0b:5c:61:6e:d2:90:7b:1a:51:
                    8c:32:4a:58:47:c3:f8:c5:b9:42:f4:a3:35:80:a1:
                    23:38:30:8d:9f:b7:d9:07:ee:2e:e3:16:49:12:e7:
                    83:34:bb:dc:64:31:42:ad:f2:03:b4:8f:67:bb:64:
                    4c:9d:65:76:22:5e:21:9a:ba:14:94:af:10:99:db:
                    f9:95:7e:98:ee:6c:98:dc:29:2c:42:c2:81:2e:8a:
                    aa:d1:11:f0:4e:be:63:3b:85:69:5d:b2:94:98:15:
                    0e:16:1d:25:7e:bc:dc:8c:5a:7b:fd:e6:98:12:72:
                    64:18:7e:ed:50:e4:6c:c0:03:99:fb:ca:1a:4d:d0:
                    4d:4f:a2:2a:ee:61:05:56:00:59:4e:f6:6c:e8:96:
                    e0:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:CA:35:B5:C2:96:AF:73:89:B0:AD:86:45:31:84:CB:7B:97:8C:22
            X509v3 Authority Key Identifier:
                keyid:62:C5:FC:E7:7D:DE:4E:2E:E4:FD:65:35:10:05:29:C2:F4:44:D7:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YsX8533eTi7k_WU1EAUpwvRE15o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/003f70-0a88-4fab-b374-af6be905799d/1/Xco1tcKWr3OJsK2GRTGEy3uXjCI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/003f70-0a88-4fab-b374-af6be905799d/1/YsX8533eTi7k_WU1EAUpwvRE15o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:e187::/32

    Signature Algorithm: sha256WithRSAEncryption
         25:8b:ee:52:48:d3:e7:63:4c:da:7c:a4:06:e6:d8:41:12:68:
         39:34:66:bd:53:df:90:ef:10:ca:fa:63:a4:86:37:83:0b:db:
         f8:cf:c5:75:5b:dc:92:98:0f:1e:3a:7c:34:17:28:b3:8f:5a:
         2e:58:35:e0:5e:71:b8:7c:d9:65:6f:f6:4a:a9:fb:74:0b:9e:
         a1:1e:67:72:69:ac:31:3d:72:34:eb:9a:81:2f:9d:84:f3:75:
         97:7c:70:22:da:d8:8f:42:c4:3c:99:5c:e0:fc:23:04:92:43:
         09:72:a5:dd:65:18:5e:77:b6:de:fe:a5:eb:67:d7:61:ec:fd:
         be:9b:31:c9:ff:57:65:a6:f1:f7:fd:9d:08:65:59:42:91:14:
         88:84:ea:90:43:8f:e8:41:cf:5b:bb:10:c1:36:62:69:cf:4a:
         5e:94:f2:23:c9:ef:76:44:d4:f6:79:72:6c:a5:b0:9e:66:55:
         27:00:91:95:f1:0e:36:d3:0e:9d:dd:ab:f8:d8:f2:18:1e:38:
         df:6b:30:97:e2:bd:62:6f:1f:7f:15:08:c8:cf:e9:98:18:05:
         4a:81:d3:b6:94:db:ac:64:8f:ee:82:cd:3d:42:85:19:6d:e8:
         d8:50:65:44:44:a9:b8:7e:91:35:9e:db:5d:04:28:14:12:f1:
         55:25:c5:9b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ71/7CtMH7ajxj31RUAbGtoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyYzVmY2U3N2RkZTRlMmVlNGZkNjUzNTEwMDUyOWMyZjQ0
NGQ3OWEwHhcNMjYwNjIzMTk0MDM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGNhMzViNWMyOTZhZjczODliMGFkODY0NTMxODRjYjdiOTc4YzIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1URI47dQt+m4lLPeKyYCp617iuGm
mjEA6Q8dulmgqvQD0eFQUIivvyn8kNOVQkwfeumBb6PbtpW5cTI8Ix44zzIOhb1V
TEjVBILoSkUOwE+jArQzfaj2BziHehNLHcVQt2c3KlTqyvzTdYhrn24LXGFu0pB7
GlGMMkpYR8P4xblC9KM1gKEjODCNn7fZB+4u4xZJEueDNLvcZDFCrfIDtI9nu2RM
nWV2Il4hmroUlK8Qmdv5lX6Y7myY3CksQsKBLoqq0RHwTr5jO4VpXbKUmBUOFh0l
frzcjFp7/eaYEnJkGH7tUORswAOZ+8oaTdBNT6Iq7mEFVgBZTvZs6JbgqwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFF3KNbXClq9zibCthkUxhMt7l4wiMB8GA1UdIwQY
MBaAFGLF/Od93k4u5P1lNRAFKcL0RNeaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXNYODUzM2VUaTdrX1dVMUVBVXB3dlJFMTVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC8wMDNmNzAtMGE4OC00ZmFiLWIzNzQt
YWY2YmU5MDU3OTlkLzEvWGNvMXRjS1dyM09Kc0syR1JUR0V5M3VYakNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC8wMDNmNzAtMGE4OC00ZmFiLWIzNzQtYWY2YmU5MDU3OTlk
LzEvWXNYODUzM2VUaTdrX1dVMUVBVXB3dlJFMTVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgnhhzAN
BgkqhkiG9w0BAQsFAAOCAQEAJYvuUkjT52NM2nykBubYQRJoOTRmvVPfkO8Qyvpj
pIY3gwvb+M/FdVvckpgPHjp8NBcos49aLlg14F5xuHzZZW/2Sqn7dAueoR5ncmms
MT1yNOuagS+dhPN1l3xwItrYj0LEPJlc4PwjBJJDCXKl3WUYXne23v6l62fXYez9
vpsxyf9XZabx9/2dCGVZQpEUiITqkEOP6EHPW7sQwTZiac9KXpTyI8nvdkTU9nly
bKWwnmZVJwCRlfEONtMOnd2r+NjyGB4432swl+K9Ym8ffxUIyM/pmBgFSoHTtpTb
rGSP7oLNPUKFGW3o2FBlRESpuH6RNZ7bXQQoFBLxVSXFmw==
-----END CERTIFICATE-----