Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/pDTvYNMLW2mttoxZkyBNnO1v0uk.roa
File:                     pDTvYNMLW2mttoxZkyBNnO1v0uk.roa (raw, json)
Hash identifier:          cCxMiWyQEWiLZIRSa1CzYY6Z/AYwvRFdCM0FR4Q5K7I=
Subject key identifier:   A4:34:EF:60:D3:0B:5B:69:AD:B6:8C:59:93:20:4D:9C:ED:6F:D2:E9
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       019DAF7DBE6FA30AC9AA2F91BF36C9654581
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/pDTvYNMLW2mttoxZkyBNnO1v0uk.roa
Signing time:             Tue 21 Apr 2026 10:02:26 +0000
ROA not before:           Tue 21 Apr 2026 10:02:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199180
IP address blocks:        2a0d:d940:140::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Apr 2026 21:56:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:af:7d:be:6f:a3:0a:c9:aa:2f:91:bf:36:c9:65:45:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Apr 21 10:02:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a434ef60d30b5b69adb68c5993204d9ced6fd2e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:be:d9:6f:c1:41:dd:ce:59:fe:9c:fb:27:84:
                    24:a2:30:ac:9f:4d:77:05:86:ee:df:6f:79:31:75:
                    7e:2d:a0:5e:3f:f2:94:6b:99:c6:ed:9f:78:96:40:
                    e5:f2:a5:98:21:50:1e:b8:82:65:c5:8a:d6:c0:ec:
                    36:a8:1b:a8:55:38:c0:1e:64:87:5c:90:36:91:d5:
                    23:e5:d6:fb:f3:4a:31:31:c8:1b:38:84:20:09:4e:
                    ba:2e:21:34:0b:69:d0:5d:94:0a:c6:c9:60:89:99:
                    42:b3:e3:8b:d9:c8:91:49:3c:96:67:a8:fc:42:07:
                    57:70:38:d2:b7:30:98:b9:59:f8:ca:1b:87:6e:57:
                    76:53:3b:b5:46:a9:fb:b4:13:d0:df:fa:6a:7b:3e:
                    f5:50:2f:b1:b8:89:fe:b7:c4:ef:b0:99:92:b8:c2:
                    87:49:6c:69:a7:dd:9e:06:ec:cd:39:94:f6:82:3a:
                    ff:87:05:97:16:ee:38:39:e7:9b:2c:02:62:21:93:
                    77:c8:30:43:75:8f:28:a0:d2:24:5c:b9:18:57:6a:
                    e3:bb:68:4d:74:e2:a5:f4:38:cd:b7:1f:4f:f6:9b:
                    6f:72:05:0f:84:b7:fd:1e:0d:f8:af:e7:fb:6a:d4:
                    1f:95:ff:96:ee:03:fa:f9:f0:6f:da:22:00:97:eb:
                    4c:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:34:EF:60:D3:0B:5B:69:AD:B6:8C:59:93:20:4D:9C:ED:6F:D2:E9
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/pDTvYNMLW2mttoxZkyBNnO1v0uk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:140::/44

    Signature Algorithm: sha256WithRSAEncryption
         9e:64:46:a7:f6:f2:81:0c:0e:f7:e7:8a:a6:89:9d:b5:ae:0a:
         74:4e:5c:ae:90:2b:0e:27:c8:08:5a:53:0b:30:e6:f7:40:68:
         68:05:ad:9e:5b:35:aa:4f:9a:03:30:49:2a:c5:66:cb:39:4e:
         7c:df:b5:07:e4:aa:36:9a:b5:a0:33:ba:e7:bb:f4:5e:45:f6:
         f2:00:08:4e:70:d4:6d:10:73:4d:9c:65:58:21:3b:22:a8:a6:
         dc:d9:4a:b7:0c:26:63:f8:de:2a:52:4c:d6:87:d8:d9:b2:d1:
         2c:e7:18:8d:9f:d0:4d:aa:da:24:14:8e:2c:b0:e1:9d:f2:8a:
         d1:b0:c7:93:62:dc:34:9d:20:e0:e2:8f:44:53:6e:a2:3f:63:
         b9:5c:40:c3:94:3c:b5:72:70:bb:9d:48:97:b5:76:e0:94:81:
         f5:cf:b9:d6:c3:ec:fa:1f:03:ff:85:5f:fe:35:9d:d6:f3:96:
         80:d1:62:9e:05:d8:57:01:ee:2d:94:7d:90:b8:1f:df:dc:f1:
         0a:e0:30:57:49:6e:e3:38:54:cb:b0:41:41:53:83:16:8e:75:
         ee:63:cb:a7:bb:10:0f:1e:35:31:10:47:e5:e5:8c:17:81:53:
         68:40:63:0a:6e:e9:d7:5d:dd:2c:19:b3:37:31:2d:29:31:bb:
         9e:05:a0:4a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ2vfb5vowrJqi+RvzbJZUWBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjYwNDIxMTAwMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDM0ZWY2MGQzMGI1YjY5YWRiNjhjNTk5MzIwNGQ5Y2VkNmZkMmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAub7Zb8FB3c5Z/pz7J4QkojCsn013
BYbu3295MXV+LaBeP/KUa5nG7Z94lkDl8qWYIVAeuIJlxYrWwOw2qBuoVTjAHmSH
XJA2kdUj5db780oxMcgbOIQgCU66LiE0C2nQXZQKxslgiZlCs+OL2ciRSTyWZ6j8
QgdXcDjStzCYuVn4yhuHbld2Uzu1Rqn7tBPQ3/pqez71UC+xuIn+t8TvsJmSuMKH
SWxpp92eBuzNOZT2gjr/hwWXFu44OeebLAJiIZN3yDBDdY8ooNIkXLkYV2rju2hN
dOKl9DjNtx9P9ptvcgUPhLf9Hg34r+f7atQflf+W7gP6+fBv2iIAl+tM4QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKQ072DTC1tprbaMWZMgTZztb9LpMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvcERUdllOTUxXMm10dG94Wmt5Qk5uTzF2MHVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg3ZQAFA
MA0GCSqGSIb3DQEBCwUAA4IBAQCeZEan9vKBDA7354qmiZ21rgp0TlyukCsOJ8gI
WlMLMOb3QGhoBa2eWzWqT5oDMEkqxWbLOU5837UH5Ko2mrWgM7rnu/ReRfbyAAhO
cNRtEHNNnGVYITsiqKbc2Uq3DCZj+N4qUkzWh9jZstEs5xiNn9BNqtokFI4ssOGd
8orRsMeTYtw0nSDg4o9EU26iP2O5XEDDlDy1cnC7nUiXtXbglIH1z7nWw+z6HwP/
hV/+NZ3W85aA0WKeBdhXAe4tlH2QuB/f3PEK4DBXSW7jOFTLsEFBU4MWjnXuY8un
uxAPHjUxEEfl5YwXgVNoQGMKbunXXd0sGbM3MS0pMbueBaBK
-----END CERTIFICATE-----