Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/tKTtbjzOTtnzLaHevkw4Nj5q8PQ.roa
File:                     tKTtbjzOTtnzLaHevkw4Nj5q8PQ.roa (raw, json)
Hash identifier:          6rGDG61A17dehYwJ5Aar2UcZfVjKNyf73PtGNcLNjL0=
Subject key identifier:   B4:A4:ED:6E:3C:CE:4E:D9:F3:2D:A1:DE:BE:4C:38:36:3E:6A:F0:F4
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       019E689EF27BF7596B225C192374B3BA8042
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/tKTtbjzOTtnzLaHevkw4Nj5q8PQ.roa
Signing time:             Wed 27 May 2026 08:48:27 +0000
ROA not before:           Wed 27 May 2026 08:48:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197260
IP address blocks:        2a0c:9a40:85d0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 17:49:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:68:9e:f2:7b:f7:59:6b:22:5c:19:23:74:b3:ba:80:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: May 27 08:48:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b4a4ed6e3cce4ed9f32da1debe4c38363e6af0f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:b2:f2:eb:9a:0b:2f:2d:14:e5:0d:75:48:66:
                    71:e5:30:72:74:22:c4:05:5c:05:8e:34:ef:ca:ab:
                    e9:4b:6c:6f:1a:f5:9e:cc:70:70:83:b1:3f:ec:94:
                    02:9f:9a:47:8b:7a:49:28:d1:9b:9f:0a:cf:ae:9f:
                    10:fe:26:f7:cf:5c:8f:96:87:7c:56:25:33:6f:c7:
                    2b:17:d7:70:f1:52:60:b3:2b:df:bc:ca:b4:5e:4c:
                    87:53:3c:3b:fe:c6:62:b1:c2:2e:c3:b8:ba:4a:aa:
                    fc:b5:e6:fc:b3:a1:2c:8a:a2:ac:8f:f1:09:b3:a7:
                    21:08:d8:54:ad:4c:ae:0c:65:7f:71:b3:bd:13:e6:
                    2e:cc:bf:27:31:07:0f:a3:ad:52:f5:d3:fb:65:80:
                    14:84:5f:a6:93:4b:c6:ab:62:e3:1c:1c:70:3e:09:
                    75:29:8d:c0:6a:28:d6:01:da:da:b6:fd:24:ed:6b:
                    f9:c8:79:16:9c:94:b7:e9:5f:68:78:62:b2:6d:0f:
                    56:2b:44:ea:64:0f:ac:5f:0a:9d:36:27:b3:ab:a7:
                    2f:c6:b8:b2:3a:26:69:72:66:46:46:7b:f7:96:e4:
                    b6:36:85:9c:6c:67:96:46:7c:15:ad:4f:dc:e0:af:
                    f0:6f:71:92:ff:ca:fa:79:56:cb:5f:35:0d:4a:3e:
                    a4:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:A4:ED:6E:3C:CE:4E:D9:F3:2D:A1:DE:BE:4C:38:36:3E:6A:F0:F4
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/tKTtbjzOTtnzLaHevkw4Nj5q8PQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:85d0::/48

    Signature Algorithm: sha256WithRSAEncryption
         af:25:4c:0d:a8:1b:f7:e0:06:c0:b1:29:a6:e9:55:af:31:9f:
         ca:f1:cd:22:b6:77:fd:d2:b2:94:dd:14:a0:fb:4a:b9:68:8a:
         89:c5:eb:ec:89:3c:f0:23:c5:8f:de:84:25:6b:14:eb:6a:ce:
         48:54:3e:bd:ed:18:87:a3:82:95:bd:48:fe:63:fb:5d:d1:19:
         f4:08:c7:50:5e:f4:65:5f:e4:d4:61:d4:15:aa:1e:ee:86:68:
         2d:1e:48:48:f7:52:ab:5f:cb:c0:4e:12:41:49:d7:53:95:df:
         35:6f:af:15:94:a8:3e:6c:ad:f6:0b:e5:a3:a0:32:83:83:4c:
         aa:6e:68:d3:00:cd:e6:1b:35:62:bb:b2:c9:4d:1b:7a:9b:c5:
         5e:14:57:a9:7a:6f:0c:ab:39:fb:57:0d:6b:45:97:56:68:10:
         34:f8:65:e4:cc:ee:a6:87:14:e8:14:b1:8b:8e:72:65:1f:43:
         79:ec:e3:8e:f4:47:fd:d1:68:34:34:b0:97:df:ce:92:9b:39:
         19:26:48:e1:0f:34:56:17:65:68:b4:ad:8d:fc:83:97:bf:a9:
         3e:bc:5e:06:ec:0f:e1:83:e7:38:8a:66:ee:8d:31:8b:99:a5:
         d8:fd:d2:27:92:21:c1:d6:6c:5c:8d:b1:ad:10:96:9b:e7:75:
         28:78:e6:03
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ5onvJ791lrIlwZI3SzuoBCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjYwNTI3MDg0ODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGE0ZWQ2ZTNjY2U0ZWQ5ZjMyZGExZGViZTRjMzgzNjNlNmFmMGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLLy65oLLy0U5Q11SGZx5TBydCLE
BVwFjjTvyqvpS2xvGvWezHBwg7E/7JQCn5pHi3pJKNGbnwrPrp8Q/ib3z1yPlod8
ViUzb8crF9dw8VJgsyvfvMq0XkyHUzw7/sZiscIuw7i6Sqr8teb8s6EsiqKsj/EJ
s6chCNhUrUyuDGV/cbO9E+YuzL8nMQcPo61S9dP7ZYAUhF+mk0vGq2LjHBxwPgl1
KY3AaijWAdratv0k7Wv5yHkWnJS36V9oeGKybQ9WK0TqZA+sXwqdNiezq6cvxriy
OiZpcmZGRnv3luS2NoWcbGeWRnwVrU/c4K/wb3GS/8r6eVbLXzUNSj6k+wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLSk7W48zk7Z8y2h3r5MODY+avD0MB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvdEtUdGJqek9UdG56TGFIZXZrdzROajVxOFBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQIXQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCvJUwNqBv34AbAsSmm6VWvMZ/K8c0itnf90rKU
3RSg+0q5aIqJxevsiTzwI8WP3oQlaxTras5IVD697RiHo4KVvUj+Y/td0Rn0CMdQ
XvRlX+TUYdQVqh7uhmgtHkhI91KrX8vAThJBSddTld81b68VlKg+bK32C+WjoDKD
g0yqbmjTAM3mGzViu7LJTRt6m8VeFFepem8Mqzn7Vw1rRZdWaBA0+GXkzO6mhxTo
FLGLjnJlH0N57OOO9Ef90Wg0NLCX386SmzkZJkjhDzRWF2VotK2N/IOXv6k+vF4G
7A/hg+c4imbujTGLmaXY/dInkiHB1mxcjbGtEJab53UoeOYD
-----END CERTIFICATE-----