Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/K_FqvkTMtmVQBwEMa5QHwxzffak.roa
File:                     K_FqvkTMtmVQBwEMa5QHwxzffak.roa (raw, json)
Hash identifier:          nb9QoyagHZhXK805yeBq/ZhelOqmFdhN6ghmT4BD3gY=
Subject key identifier:   2B:F1:6A:BE:44:CC:B6:65:50:07:01:0C:6B:94:07:C3:1C:DF:7D:A9
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       019E5F9676F297BA10990E05A139F7D39551
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/K_FqvkTMtmVQBwEMa5QHwxzffak.roa
Signing time:             Mon 25 May 2026 14:42:36 +0000
ROA not before:           Mon 25 May 2026 14:42:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201541
IP address blocks:        2a0d:d940:2002::/48 maxlen: 48
                          2a0d:d940:200e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5f:96:76:f2:97:ba:10:99:0e:05:a1:39:f7:d3:95:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: May 25 14:42:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2bf16abe44ccb6655007010c6b9407c31cdf7da9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:b3:51:0d:e9:2c:d8:a4:aa:03:19:3d:1f:2d:
                    30:8e:98:01:38:69:e5:19:40:59:f8:d2:c9:33:01:
                    15:43:80:08:42:57:92:fa:8c:73:75:3b:b2:f8:cc:
                    20:f8:93:43:33:3c:ef:32:f5:da:ab:c9:9e:2a:67:
                    12:ce:80:3e:c4:be:fc:cb:54:75:ed:ba:84:96:81:
                    b9:f0:48:94:4e:25:8e:b1:d5:2d:12:b2:28:22:27:
                    4f:a6:fc:b4:2b:d4:c7:39:2e:53:12:7e:21:df:3b:
                    98:77:60:4c:ed:29:1b:aa:a2:17:08:b0:be:33:89:
                    28:6a:d1:87:df:98:b2:79:e3:0c:4b:6c:94:06:32:
                    3f:9b:01:0e:39:59:63:50:eb:1a:eb:39:1c:36:b3:
                    32:ac:ae:f1:37:7e:56:4f:05:0c:68:c6:77:31:a6:
                    84:19:fa:79:bc:a9:e9:8c:7d:df:3b:08:d0:52:aa:
                    66:24:e4:72:93:cd:90:6c:08:93:5d:cb:01:92:57:
                    6a:ae:74:ec:03:2b:cf:7a:7f:e3:2f:7a:7b:d0:41:
                    fc:3e:c1:a6:c0:52:27:3e:d6:1c:dc:63:c6:24:43:
                    10:3d:a4:07:5f:3c:48:a5:92:44:ab:62:62:9e:ba:
                    4a:99:58:0a:3e:2a:11:0c:26:60:bb:a6:2e:11:52:
                    9a:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:F1:6A:BE:44:CC:B6:65:50:07:01:0C:6B:94:07:C3:1C:DF:7D:A9
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/K_FqvkTMtmVQBwEMa5QHwxzffak.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:2002::/48
                  2a0d:d940:200e::/48

    Signature Algorithm: sha256WithRSAEncryption
         e2:93:3d:5e:b9:5a:90:5b:a9:91:ea:e5:17:54:54:d1:33:e2:
         fe:80:57:50:5b:54:2f:75:67:10:a6:da:58:1c:25:22:12:df:
         07:f7:66:e8:7f:06:4e:ce:f4:17:af:8a:8a:c3:3b:cd:5a:a3:
         ef:83:d8:04:96:ec:0a:df:27:c4:b8:ce:9c:e1:60:55:b9:d7:
         a9:26:8d:ab:f6:d5:0c:78:d8:e5:49:f6:c3:27:10:d7:1b:27:
         13:8b:3b:71:20:12:7e:db:ac:99:cc:f3:26:97:c9:4e:02:5a:
         35:bc:2e:b8:98:06:da:b2:22:f7:b3:a2:f4:9b:1a:fa:ca:87:
         2c:bc:84:57:92:0f:0e:b3:8b:06:0c:66:05:a8:6f:b8:7b:33:
         c1:8b:ac:d3:19:cd:0d:87:d8:59:c7:c7:97:09:f8:97:09:c2:
         c0:ff:ec:44:d7:cc:f7:f5:49:f5:06:f0:9b:68:63:dc:f5:dc:
         1a:de:80:db:18:2a:74:dd:39:93:80:94:3d:fe:d9:37:d2:ff:
         33:80:00:cf:bd:d0:48:a3:8b:b8:32:d3:0e:cf:73:91:4d:b5:
         f8:96:f1:66:f0:a9:a3:75:2d:07:6c:68:58:f9:78:97:12:b6:
         6f:e4:16:ec:cc:0a:38:02:94:8d:73:f1:f4:18:9a:8d:e9:a5:
         11:22:39:14
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ5flnbyl7oQmQ4FoTn305VRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjYwNTI1MTQ0MjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmYxNmFiZTQ0Y2NiNjY1NTAwNzAxMGM2Yjk0MDdjMzFjZGY3ZGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLNRDeks2KSqAxk9Hy0wjpgBOGnl
GUBZ+NLJMwEVQ4AIQleS+oxzdTuy+Mwg+JNDMzzvMvXaq8meKmcSzoA+xL78y1R1
7bqEloG58EiUTiWOsdUtErIoIidPpvy0K9THOS5TEn4h3zuYd2BM7SkbqqIXCLC+
M4koatGH35iyeeMMS2yUBjI/mwEOOVljUOsa6zkcNrMyrK7xN35WTwUMaMZ3MaaE
Gfp5vKnpjH3fOwjQUqpmJORyk82QbAiTXcsBkldqrnTsAyvPen/jL3p70EH8PsGm
wFInPtYc3GPGJEMQPaQHXzxIpZJEq2JinrpKmVgKPioRDCZgu6YuEVKawQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCvxar5EzLZlUAcBDGuUB8Mc332pMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvS19GcXZrVE10bVZRQndFTWE1UUh3eHpmZmFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg3ZQCAC
AwcAKg3ZQCAOMA0GCSqGSIb3DQEBCwUAA4IBAQDikz1euVqQW6mR6uUXVFTRM+L+
gFdQW1QvdWcQptpYHCUiEt8H92bofwZOzvQXr4qKwzvNWqPvg9gEluwK3yfEuM6c
4WBVudepJo2r9tUMeNjlSfbDJxDXGycTiztxIBJ+26yZzPMml8lOAlo1vC64mAba
siL3s6L0mxr6yocsvIRXkg8Os4sGDGYFqG+4ezPBi6zTGc0Nh9hZx8eXCfiXCcLA
/+xE18z39Un1BvCbaGPc9dwa3oDbGCp03TmTgJQ9/tk30v8zgADPvdBIo4u4MtMO
z3ORTbX4lvFm8KmjdS0HbGhY+XiXErZv5BbszAo4ApSNc/H0GJqN6aURIjkU
-----END CERTIFICATE-----