Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/9850c0-d5c9-401c-8c09-20babb9766c8/1/a0j_PGG7kFjCCaqBvS8MVdu7gqo.roa
File:                     a0j_PGG7kFjCCaqBvS8MVdu7gqo.roa (raw, json)
Hash identifier:          AqVg4orB7Axc338yQ+bQlw1oYw4wLqMpWh05FAgYxKM=
Subject key identifier:   6B:48:FF:3C:61:BB:90:58:C2:09:AA:81:BD:2F:0C:55:DB:BB:82:AA
Certificate issuer:       /CN=16be9e0916ecd49b20d542ff3a410e416b7585b4
Certificate serial:       019E646404DABF3894EC6F2CFC4872A53581
Authority key identifier: 16:BE:9E:09:16:EC:D4:9B:20:D5:42:FF:3A:41:0E:41:6B:75:85:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fr6eCRbs1Jsg1UL_OkEOQWt1hbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/9850c0-d5c9-401c-8c09-20babb9766c8/1/a0j_PGG7kFjCCaqBvS8MVdu7gqo.roa
Signing time:             Tue 26 May 2026 13:05:36 +0000
ROA not before:           Tue 26 May 2026 13:05:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207067
IP address blocks:        2a00:a607::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/9850c0-d5c9-401c-8c09-20babb9766c8/1/Fr6eCRbs1Jsg1UL_OkEOQWt1hbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/9850c0-d5c9-401c-8c09-20babb9766c8/1/Fr6eCRbs1Jsg1UL_OkEOQWt1hbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fr6eCRbs1Jsg1UL_OkEOQWt1hbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 16:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:64:64:04:da:bf:38:94:ec:6f:2c:fc:48:72:a5:35:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16be9e0916ecd49b20d542ff3a410e416b7585b4
        Validity
            Not Before: May 26 13:05:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6b48ff3c61bb9058c209aa81bd2f0c55dbbb82aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:01:29:b8:a8:36:ae:75:1b:91:b3:d4:ef:9d:
                    e0:30:d5:f5:d2:47:42:e2:a0:f9:f1:6b:72:9a:49:
                    ad:1b:ed:8b:c3:1f:a8:fb:0d:ce:c4:55:c2:ef:bf:
                    5f:d7:2e:e7:45:3e:e9:21:d5:4e:d1:b1:1e:a6:1b:
                    31:68:ec:a9:ac:f4:a4:ac:97:92:ed:87:aa:94:46:
                    d3:05:2c:69:d0:94:e4:61:1b:2d:47:34:b0:84:5b:
                    12:57:07:40:b5:17:47:17:6b:62:c8:63:99:23:6c:
                    08:ec:0b:87:ab:f4:12:32:b4:28:b6:68:8d:ea:14:
                    fc:63:7a:e7:de:57:81:54:fe:df:cb:11:0c:f4:a5:
                    3c:95:f3:0f:8b:f9:ae:32:47:8c:df:e9:b9:17:46:
                    20:ce:98:24:74:78:9e:86:12:d9:84:a7:2d:7e:d2:
                    3b:e5:ca:6c:16:66:96:e3:52:20:77:2d:5c:df:30:
                    5a:0b:86:31:8d:a8:5c:86:4f:2b:ef:09:0d:a9:03:
                    a5:e8:ee:29:59:74:39:4a:45:88:1f:ab:00:ad:10:
                    dc:9f:8b:8d:60:8a:28:0f:23:a0:ea:32:5d:98:98:
                    fe:1d:7c:97:ed:a3:24:1e:4a:36:81:72:4c:5c:87:
                    81:36:52:a5:d6:f7:e7:b1:39:a6:2b:6d:bd:f9:55:
                    24:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:48:FF:3C:61:BB:90:58:C2:09:AA:81:BD:2F:0C:55:DB:BB:82:AA
            X509v3 Authority Key Identifier:
                keyid:16:BE:9E:09:16:EC:D4:9B:20:D5:42:FF:3A:41:0E:41:6B:75:85:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fr6eCRbs1Jsg1UL_OkEOQWt1hbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/9850c0-d5c9-401c-8c09-20babb9766c8/1/a0j_PGG7kFjCCaqBvS8MVdu7gqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/9850c0-d5c9-401c-8c09-20babb9766c8/1/Fr6eCRbs1Jsg1UL_OkEOQWt1hbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:a607::/32

    Signature Algorithm: sha256WithRSAEncryption
         b0:e4:e9:30:ea:a1:c0:0f:94:f1:ff:e0:fd:dd:e9:20:e8:d3:
         68:3c:d7:7a:d7:27:e6:ae:74:b9:1a:d1:bd:92:bf:70:c7:00:
         6d:7d:5f:44:79:27:c1:2c:38:6a:25:b7:9a:bc:c3:b8:90:f5:
         a2:c3:c8:a2:d5:3f:4f:28:38:53:4d:43:7f:30:29:c8:ca:08:
         b3:87:6d:d3:b6:11:23:65:4f:f6:30:c2:6a:46:cf:5b:11:e2:
         e5:bc:3f:4c:86:67:6b:6c:be:a8:5c:ea:d4:d9:66:9c:79:31:
         87:df:36:a4:87:ec:34:53:3c:28:82:9b:53:9c:37:42:2c:29:
         9b:8c:9c:e4:e9:83:8d:c3:53:da:b5:70:1d:6c:40:21:ba:7f:
         77:88:0b:6f:af:5d:21:a2:b7:eb:75:2a:ce:b2:19:b8:c0:02:
         6f:c7:00:ab:9b:74:85:65:9c:74:92:8d:2e:78:e6:42:38:26:
         6b:9c:c6:06:a9:70:d6:d0:48:bd:21:c9:a4:48:58:4f:f6:43:
         75:30:39:12:90:e1:cf:18:56:7d:c8:7c:15:74:d0:b2:a6:24:
         a9:2d:85:10:f7:0a:f4:08:01:f5:56:35:bf:51:83:12:9c:c7:
         d0:52:3d:9b:9f:c0:58:45:f5:13:fd:c5:79:6b:25:31:34:ac:
         66:bd:fb:b5
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ5kZATavziU7G8s/EhypTWBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2YmU5ZTA5MTZlY2Q0OWIyMGQ1NDJmZjNhNDEwZTQxNmI3
NTg1YjQwHhcNMjYwNTI2MTMwNTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjQ4ZmYzYzYxYmI5MDU4YzIwOWFhODFiZDJmMGM1NWRiYmI4MmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAywEpuKg2rnUbkbPU753gMNX10kdC
4qD58WtymkmtG+2Lwx+o+w3OxFXC779f1y7nRT7pIdVO0bEephsxaOyprPSkrJeS
7YeqlEbTBSxp0JTkYRstRzSwhFsSVwdAtRdHF2tiyGOZI2wI7AuHq/QSMrQotmiN
6hT8Y3rn3leBVP7fyxEM9KU8lfMPi/muMkeM3+m5F0YgzpgkdHiehhLZhKctftI7
5cpsFmaW41Igdy1c3zBaC4Yxjahchk8r7wkNqQOl6O4pWXQ5SkWIH6sArRDcn4uN
YIooDyOg6jJdmJj+HXyX7aMkHko2gXJMXIeBNlKl1vfnsTmmK229+VUk+QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGtI/zxhu5BYwgmqgb0vDFXbu4KqMB8GA1UdIwQY
MBaAFBa+ngkW7NSbINVC/zpBDkFrdYW0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnI2ZUNSYnMxSnNnMVVMX09rRU9RV3QxaGJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy85ODUwYzAtZDVjOS00MDFjLThjMDkt
MjBiYWJiOTc2NmM4LzEvYTBqX1BHRzdrRmpDQ2FxQnZTOE1WZHU3Z3FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy85ODUwYzAtZDVjOS00MDFjLThjMDktMjBiYWJiOTc2NmM4
LzEvRnI2ZUNSYnMxSnNnMVVMX09rRU9RV3QxaGJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgCmBzAN
BgkqhkiG9w0BAQsFAAOCAQEAsOTpMOqhwA+U8f/g/d3pIOjTaDzXetcn5q50uRrR
vZK/cMcAbX1fRHknwSw4aiW3mrzDuJD1osPIotU/Tyg4U01DfzApyMoIs4dt07YR
I2VP9jDCakbPWxHi5bw/TIZna2y+qFzq1NlmnHkxh982pIfsNFM8KIKbU5w3Qiwp
m4yc5OmDjcNT2rVwHWxAIbp/d4gLb69dIaK363UqzrIZuMACb8cAq5t0hWWcdJKN
LnjmQjgma5zGBqlw1tBIvSHJpEhYT/ZDdTA5EpDhzxhWfch8FXTQsqYkqS2FEPcK
9AgB9VY1v1GDEpzH0FI9m5/AWEX1E/3FeWslMTSsZr37tQ==
-----END CERTIFICATE-----