Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/08037b-5b67-407c-9105-4c4ea06acfe9/1/cpmgiH1BslsxBNjDBIkAI1gHkq4.roa
File:                     cpmgiH1BslsxBNjDBIkAI1gHkq4.roa (raw, json)
Hash identifier:          7HS2B/w6P1YHari4czqglwcerA3k27fD3l3Bj3QIfa4=
Subject key identifier:   72:99:A0:88:7D:41:B2:5B:31:04:D8:C3:04:89:00:23:58:07:92:AE
Certificate issuer:       /CN=c80dc8b0c6509bc76bc85e67f43ee08a8a14c975
Certificate serial:       019E1B644554BA56D29231B00505953E53E8
Authority key identifier: C8:0D:C8:B0:C6:50:9B:C7:6B:C8:5E:67:F4:3E:E0:8A:8A:14:C9:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yA3IsMZQm8dryF5n9D7giooUyXU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/08037b-5b67-407c-9105-4c4ea06acfe9/1/cpmgiH1BslsxBNjDBIkAI1gHkq4.roa
Signing time:             Tue 12 May 2026 08:53:36 +0000
ROA not before:           Tue 12 May 2026 08:53:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197791
IP address blocks:        2001:67c:88::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/08037b-5b67-407c-9105-4c4ea06acfe9/1/yA3IsMZQm8dryF5n9D7giooUyXU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/08037b-5b67-407c-9105-4c4ea06acfe9/1/yA3IsMZQm8dryF5n9D7giooUyXU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yA3IsMZQm8dryF5n9D7giooUyXU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1b:64:45:54:ba:56:d2:92:31:b0:05:05:95:3e:53:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c80dc8b0c6509bc76bc85e67f43ee08a8a14c975
        Validity
            Not Before: May 12 08:53:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7299a0887d41b25b3104d8c304890023580792ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:46:83:f5:33:a7:9c:ed:3a:56:39:fd:e0:33:
                    f3:ce:fd:e7:6c:e0:3d:a2:79:a7:b8:0d:12:30:5a:
                    07:d5:a3:8f:ec:2d:35:28:b9:f4:67:f4:a7:0f:c2:
                    41:24:c1:56:67:ae:fc:be:42:67:88:b3:3d:87:77:
                    c2:79:4a:d9:96:c8:62:67:1e:2a:05:21:78:e6:c1:
                    0b:d9:a6:df:bb:43:34:b6:fd:ef:ff:24:8e:a4:15:
                    77:b6:b4:bc:2d:9c:01:4d:ae:8b:4b:9c:83:9f:91:
                    29:30:83:6c:32:da:26:6d:58:4e:30:48:32:78:ff:
                    01:be:c6:09:74:6f:88:00:16:7a:d8:68:29:b2:3d:
                    aa:75:8a:8b:b5:7e:5a:7e:ff:a3:27:56:ef:31:db:
                    42:97:4d:65:14:6d:86:77:59:95:dd:ef:10:e1:3d:
                    21:e7:be:4c:51:fa:43:d8:d2:bc:a1:d9:b6:b4:c1:
                    a3:a3:81:25:c2:f0:15:c8:2f:bb:34:e2:4e:26:88:
                    42:42:92:d4:f6:34:32:8f:67:e2:ce:7b:59:51:73:
                    40:22:d7:9a:4c:74:f2:60:70:53:e1:fc:47:60:80:
                    85:b5:b5:b9:f9:11:a8:f7:93:2d:6f:0b:35:39:62:
                    1c:b6:59:a7:29:33:ea:0d:80:e4:f7:60:37:8f:e5:
                    f0:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:99:A0:88:7D:41:B2:5B:31:04:D8:C3:04:89:00:23:58:07:92:AE
            X509v3 Authority Key Identifier:
                keyid:C8:0D:C8:B0:C6:50:9B:C7:6B:C8:5E:67:F4:3E:E0:8A:8A:14:C9:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yA3IsMZQm8dryF5n9D7giooUyXU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/08037b-5b67-407c-9105-4c4ea06acfe9/1/cpmgiH1BslsxBNjDBIkAI1gHkq4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/08037b-5b67-407c-9105-4c4ea06acfe9/1/yA3IsMZQm8dryF5n9D7giooUyXU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:88::/48

    Signature Algorithm: sha256WithRSAEncryption
         48:39:e3:e3:8c:b7:70:cb:2f:8a:f6:80:08:52:6d:1b:fe:af:
         e7:91:da:2b:18:82:02:e9:55:5b:8a:eb:e9:0e:f6:18:8e:7f:
         8f:ae:f4:7e:78:35:4c:f6:29:53:49:48:0f:f3:d9:18:59:c4:
         2c:38:7f:8c:72:35:61:04:92:3e:5d:34:86:e7:41:3c:9f:a9:
         3a:67:39:f0:7e:b2:40:62:bf:0d:56:28:b1:95:59:7e:e7:94:
         e1:e7:51:8d:1f:a5:dd:61:4e:3a:df:9a:10:ff:68:f7:f9:5a:
         4d:a6:a0:d8:3f:cd:2c:7a:a7:ea:f2:d6:f4:dd:8e:36:da:1f:
         7a:a8:f7:38:a4:53:f5:15:52:17:a8:2c:9f:11:79:62:b9:5c:
         79:ab:81:bc:f6:34:a7:31:e8:de:3f:a2:c3:b2:18:a9:9a:7e:
         83:37:61:39:ab:8b:78:25:94:86:b7:d2:61:38:7a:a1:f3:56:
         c8:5c:54:57:78:88:99:73:ea:e9:b2:b2:20:a8:c3:17:99:02:
         0d:a9:76:aa:2d:e7:9e:8e:5e:1e:68:be:55:f5:aa:ce:75:6d:
         1b:ad:a6:e9:78:65:bf:ab:8b:7c:51:c9:cf:eb:1b:f7:f0:f9:
         2d:e2:83:09:4a:61:50:90:57:54:e9:42:df:3d:c0:ea:be:eb:
         c0:db:fe:c2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ4bZEVUulbSkjGwBQWVPlPoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4MGRjOGIwYzY1MDliYzc2YmM4NWU2N2Y0M2VlMDhhOGEx
NGM5NzUwHhcNMjYwNTEyMDg1MzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Mjk5YTA4ODdkNDFiMjViMzEwNGQ4YzMwNDg5MDAyMzU4MDc5MmFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEaD9TOnnO06Vjn94DPzzv3nbOA9
onmnuA0SMFoH1aOP7C01KLn0Z/SnD8JBJMFWZ678vkJniLM9h3fCeUrZlshiZx4q
BSF45sEL2abfu0M0tv3v/ySOpBV3trS8LZwBTa6LS5yDn5EpMINsMtombVhOMEgy
eP8BvsYJdG+IABZ62Ggpsj2qdYqLtX5afv+jJ1bvMdtCl01lFG2Gd1mV3e8Q4T0h
575MUfpD2NK8odm2tMGjo4ElwvAVyC+7NOJOJohCQpLU9jQyj2fizntZUXNAItea
THTyYHBT4fxHYICFtbW5+RGo95Mtbws1OWIctlmnKTPqDYDk92A3j+XwoQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHKZoIh9QbJbMQTYwwSJACNYB5KuMB8GA1UdIwQY
MBaAFMgNyLDGUJvHa8heZ/Q+4IqKFMl1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUEzSXNNWlFtOGRyeUY1bjlEN2dpb29VeVhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wODAzN2ItNWI2Ny00MDdjLTkxMDUt
NGM0ZWEwNmFjZmU5LzEvY3BtZ2lIMUJzbHN4Qk5qREJJa0FJMWdIa3E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wODAzN2ItNWI2Ny00MDdjLTkxMDUtNGM0ZWEwNmFjZmU5
LzEveUEzSXNNWlFtOGRyeUY1bjlEN2dpb29VeVhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfACI
MA0GCSqGSIb3DQEBCwUAA4IBAQBIOePjjLdwyy+K9oAIUm0b/q/nkdorGIIC6VVb
iuvpDvYYjn+PrvR+eDVM9ilTSUgP89kYWcQsOH+McjVhBJI+XTSG50E8n6k6Zznw
frJAYr8NViixlVl+55Th51GNH6XdYU4635oQ/2j3+VpNpqDYP80seqfq8tb03Y42
2h96qPc4pFP1FVIXqCyfEXliuVx5q4G89jSnMejeP6LDshipmn6DN2E5q4t4JZSG
t9JhOHqh81bIXFRXeIiZc+rpsrIgqMMXmQINqXaqLeeejl4eaL5V9arOdW0brabp
eGW/q4t8UcnP6xv38Pkt4oMJSmFQkFdU6ULfPcDqvuvA2/7C
-----END CERTIFICATE-----