Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/2fjRCs8xlK3pQaPk8rOIDSYlcxw.roa
File:                     2fjRCs8xlK3pQaPk8rOIDSYlcxw.roa (raw, json)
Hash identifier:          I2k2KEupu6w+ziyxDip54GCFZn2g6M1lsanI8ZV5WcQ=
Subject key identifier:   D9:F8:D1:0A:CF:31:94:AD:E9:41:A3:E4:F2:B3:88:0D:26:25:73:1C
Certificate issuer:       /CN=767f3bd4bfbd3071c38cd4d7092bd3490920c3d9
Certificate serial:       019EDA59F2968CBF2628A4AE5405206F4771
Authority key identifier: 76:7F:3B:D4:BF:BD:30:71:C3:8C:D4:D7:09:2B:D3:49:09:20:C3:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dn871L-9MHHDjNTXCSvTSQkgw9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/2fjRCs8xlK3pQaPk8rOIDSYlcxw.roa
Signing time:             Thu 18 Jun 2026 10:49:48 +0000
ROA not before:           Thu 18 Jun 2026 10:49:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402394
IP address blocks:        2a11:37c0::/29 maxlen: 29
                          2a12:6f80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/dn871L-9MHHDjNTXCSvTSQkgw9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/dn871L-9MHHDjNTXCSvTSQkgw9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dn871L-9MHHDjNTXCSvTSQkgw9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Jun 2026 19:57:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:da:59:f2:96:8c:bf:26:28:a4:ae:54:05:20:6f:47:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=767f3bd4bfbd3071c38cd4d7092bd3490920c3d9
        Validity
            Not Before: Jun 18 10:49:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d9f8d10acf3194ade941a3e4f2b3880d2625731c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:33:cd:02:f1:58:3e:73:49:38:ee:37:fb:bc:
                    37:06:cb:ce:d5:e3:d4:2e:e0:8b:8b:88:0f:1e:5d:
                    46:46:7c:39:bc:0b:f9:c6:c0:b2:30:42:0a:24:fe:
                    d4:f6:50:85:93:9a:ae:86:99:3b:b2:2f:6a:49:e9:
                    ef:81:bd:9c:02:24:bb:63:09:a0:3f:c3:90:d0:2f:
                    26:bd:6f:d7:ee:cb:26:39:27:f8:d4:10:1b:5b:3a:
                    9f:27:90:69:74:c0:b6:40:aa:73:42:46:b4:46:13:
                    78:12:a0:6b:8e:28:66:0a:45:73:42:04:e8:9c:0d:
                    6a:f6:40:8e:43:58:7f:52:e7:8a:a5:94:59:3b:a9:
                    34:f5:e2:2a:b6:59:37:12:c7:3f:f4:b3:bd:ec:50:
                    45:1b:5c:9c:18:77:40:f5:77:c6:7b:1e:b7:03:de:
                    24:e5:dc:0e:9d:1e:92:22:cb:3f:08:27:58:75:61:
                    a5:9d:22:f7:a7:c6:f2:a3:45:9d:0f:69:9a:b0:dd:
                    a8:a1:af:82:66:ea:07:33:ca:bf:70:54:77:4b:a4:
                    87:6c:ce:2b:03:0b:e7:1d:45:39:ae:28:3f:b2:86:
                    0c:40:65:82:dc:45:42:ae:11:a8:e3:75:1b:90:03:
                    13:c8:3b:1b:31:98:b3:11:f6:18:41:f6:38:6c:13:
                    5e:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:F8:D1:0A:CF:31:94:AD:E9:41:A3:E4:F2:B3:88:0D:26:25:73:1C
            X509v3 Authority Key Identifier:
                keyid:76:7F:3B:D4:BF:BD:30:71:C3:8C:D4:D7:09:2B:D3:49:09:20:C3:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dn871L-9MHHDjNTXCSvTSQkgw9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/2fjRCs8xlK3pQaPk8rOIDSYlcxw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/dn871L-9MHHDjNTXCSvTSQkgw9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:37c0::/29
                  2a12:6f80::/29

    Signature Algorithm: sha256WithRSAEncryption
         2c:44:68:e1:70:63:59:16:d6:bc:42:20:13:07:d1:01:3f:e3:
         2a:82:df:de:f1:c5:7e:59:8b:de:d9:50:42:1a:15:41:33:89:
         2d:87:72:b1:3b:8c:b8:6d:7c:c4:a6:ae:de:18:2e:7b:42:09:
         88:f2:6c:8d:ca:0d:df:77:bc:ef:c4:b6:ec:31:be:81:3c:62:
         ad:e9:ce:25:50:5c:f2:ad:a6:f7:fe:c1:7a:0f:bf:ca:38:fc:
         ec:4a:f2:1d:df:13:8d:b5:e8:7f:55:db:50:5d:14:b2:8b:15:
         43:82:ae:0f:ad:76:d1:4e:4c:4c:e4:0a:b2:c8:3d:ab:ac:aa:
         d7:b5:dd:16:c1:1d:11:8e:df:13:11:35:f4:84:23:4a:d9:f6:
         14:a9:d3:25:e6:dd:9f:4b:be:b9:59:63:d0:f2:93:4f:04:18:
         9a:1f:2f:59:94:9b:86:ce:bc:8e:df:60:14:7f:47:dc:ac:21:
         1b:a0:0f:56:4e:94:06:90:cf:55:70:17:34:10:2f:dd:c9:62:
         4a:df:60:bf:bc:5b:65:e6:73:68:8a:f1:d5:fa:27:3a:2d:6f:
         04:ca:d9:76:77:0f:c5:bd:f3:73:8b:be:e0:50:b5:79:f6:dc:
         a7:1d:f8:dc:b4:88:7b:26:9c:40:32:fa:9f:61:6a:ae:00:72:
         d6:4f:a3:f8
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ7aWfKWjL8mKKSuVAUgb0dxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2N2YzYmQ0YmZiZDMwNzFjMzhjZDRkNzA5MmJkMzQ5MDky
MGMzZDkwHhcNMjYwNjE4MTA0OTQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWY4ZDEwYWNmMzE5NGFkZTk0MWEzZTRmMmIzODgwZDI2MjU3MzFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5zPNAvFYPnNJOO43+7w3BsvO1ePU
LuCLi4gPHl1GRnw5vAv5xsCyMEIKJP7U9lCFk5quhpk7si9qSenvgb2cAiS7Ywmg
P8OQ0C8mvW/X7ssmOSf41BAbWzqfJ5BpdMC2QKpzQka0RhN4EqBrjihmCkVzQgTo
nA1q9kCOQ1h/UueKpZRZO6k09eIqtlk3Esc/9LO97FBFG1ycGHdA9XfGex63A94k
5dwOnR6SIss/CCdYdWGlnSL3p8byo0WdD2masN2ooa+CZuoHM8q/cFR3S6SHbM4r
AwvnHUU5rig/soYMQGWC3EVCrhGo43UbkAMTyDsbMZizEfYYQfY4bBNeFQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNn40QrPMZSt6UGj5PKziA0mJXMcMB8GA1UdIwQY
MBaAFHZ/O9S/vTBxw4zU1wkr00kJIMPZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG44NzFMLTlNSEhEak5UWENTdlRTUWtndzlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9mZjVjYzYtOGY2MS00NDdiLWI2NTgt
NGZiNTU5YjNiOWIzLzEvMmZqUkNzOHhsSzNwUWFQazhyT0lEU1lsY3h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9mZjVjYzYtOGY2MS00NDdiLWI2NTgtNGZiNTU5YjNiOWIz
LzEvZG44NzFMLTlNSEhEak5UWENTdlRTUWtndzlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhE3wAMF
AyoSb4AwDQYJKoZIhvcNAQELBQADggEBACxEaOFwY1kW1rxCIBMH0QE/4yqC397x
xX5Zi97ZUEIaFUEziS2HcrE7jLhtfMSmrt4YLntCCYjybI3KDd93vO/EtuwxvoE8
Yq3pziVQXPKtpvf+wXoPv8o4/OxK8h3fE4216H9V21BdFLKLFUOCrg+tdtFOTEzk
CrLIPausqte13RbBHRGO3xMRNfSEI0rZ9hSp0yXm3Z9LvrlZY9Dyk08EGJofL1mU
m4bOvI7fYBR/R9ysIRugD1ZOlAaQz1VwFzQQL93JYkrfYL+8W2Xmc2iK8dX6Jzot
bwTK2XZ3D8W983OLvuBQtXn23Kcd+Ny0iHsmnEAy+p9haq4ActZPo/g=
-----END CERTIFICATE-----