Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/fb52d1-2e71-4ac0-a3a3-1aa6fe406a58/1/kLOdnWYod2whwOKkogh9l2zveHY.roa
File:                     kLOdnWYod2whwOKkogh9l2zveHY.roa (raw, json)
Hash identifier:          PkadpUKMz8JWZjzgiNZ6ReNjXw7sU0Is31wk0WREgYc=
Subject key identifier:   90:B3:9D:9D:66:28:77:6C:21:C0:E2:A4:A2:08:7D:97:6C:EF:78:76
Certificate issuer:       /CN=13dad24b6647eb2cfa873989c6d66d174eb4b586
Certificate serial:       019D35069D108DC8D4096238B18C00A221AC
Authority key identifier: 13:DA:D2:4B:66:47:EB:2C:FA:87:39:89:C6:D6:6D:17:4E:B4:B5:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E9rSS2ZH6yz6hzmJxtZtF060tYY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/fb52d1-2e71-4ac0-a3a3-1aa6fe406a58/1/kLOdnWYod2whwOKkogh9l2zveHY.roa
Signing time:             Sat 28 Mar 2026 15:18:39 +0000
ROA not before:           Sat 28 Mar 2026 15:18:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49304
IP address blocks:        2a0b:1180::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/fb52d1-2e71-4ac0-a3a3-1aa6fe406a58/1/E9rSS2ZH6yz6hzmJxtZtF060tYY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/fb52d1-2e71-4ac0-a3a3-1aa6fe406a58/1/E9rSS2ZH6yz6hzmJxtZtF060tYY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E9rSS2ZH6yz6hzmJxtZtF060tYY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:35:06:9d:10:8d:c8:d4:09:62:38:b1:8c:00:a2:21:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13dad24b6647eb2cfa873989c6d66d174eb4b586
        Validity
            Not Before: Mar 28 15:18:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=90b39d9d6628776c21c0e2a4a2087d976cef7876
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:6f:6a:1b:e8:eb:c9:47:3e:af:b4:97:fa:e3:
                    36:c9:8f:95:dc:64:0e:12:bb:6f:6c:2a:9e:cb:56:
                    3c:73:b7:ee:6e:76:b3:bf:60:89:e8:a8:2f:cb:88:
                    00:87:01:65:b1:05:13:7c:21:18:d6:82:75:7e:0f:
                    45:3d:76:b2:5d:42:a8:1c:fa:74:5c:1d:d6:96:e2:
                    03:64:c7:53:57:0f:83:6a:9f:d4:42:89:6e:01:73:
                    95:f6:28:a5:08:23:39:95:51:4b:42:d7:c8:17:e4:
                    77:3e:cd:57:f4:e2:b4:01:2f:b9:71:0b:4d:42:65:
                    83:1f:e3:01:7e:3f:46:c1:77:d8:0c:d3:9e:c0:a1:
                    90:42:55:80:59:1a:1b:ed:c5:67:80:e7:23:95:65:
                    df:93:12:34:14:b9:48:e7:b1:d0:11:17:bf:6d:2e:
                    a1:44:2c:b7:78:9d:6f:34:e1:06:81:11:97:1a:ac:
                    79:68:9b:ef:56:f2:6a:a4:9e:eb:f8:8d:77:78:d8:
                    94:6d:73:52:e5:3c:69:67:f5:1f:f0:cf:1d:18:ae:
                    07:11:a0:83:19:3c:0d:e4:8c:9a:b2:f7:73:31:91:
                    34:be:de:51:c3:58:7e:d1:37:59:38:dc:e1:9d:f6:
                    cf:84:50:31:55:14:10:dd:f5:b1:13:8f:ad:c8:e4:
                    8d:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:B3:9D:9D:66:28:77:6C:21:C0:E2:A4:A2:08:7D:97:6C:EF:78:76
            X509v3 Authority Key Identifier:
                keyid:13:DA:D2:4B:66:47:EB:2C:FA:87:39:89:C6:D6:6D:17:4E:B4:B5:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E9rSS2ZH6yz6hzmJxtZtF060tYY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/fb52d1-2e71-4ac0-a3a3-1aa6fe406a58/1/kLOdnWYod2whwOKkogh9l2zveHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/fb52d1-2e71-4ac0-a3a3-1aa6fe406a58/1/E9rSS2ZH6yz6hzmJxtZtF060tYY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:1180::/29

    Signature Algorithm: sha256WithRSAEncryption
         79:71:00:36:8c:b8:77:b6:6a:4e:7a:30:a1:77:bc:29:36:78:
         12:d5:e5:9d:9c:66:93:ff:aa:1f:91:6f:b9:27:d0:8d:89:c0:
         9e:1f:37:1d:40:a6:da:09:3c:3a:90:b1:72:4c:c2:0a:37:60:
         20:67:b4:7d:4a:eb:48:2a:3e:16:1e:8a:f3:9f:f1:d3:c0:08:
         d2:fb:13:99:df:d0:3e:63:72:85:2a:18:ba:c9:cf:37:4b:6d:
         80:2d:22:1c:b9:a0:a0:11:35:2d:07:99:4f:98:eb:a2:87:df:
         3a:62:09:5b:f8:82:8b:cd:d6:3a:2c:4d:45:c8:a3:1e:f3:50:
         87:bf:25:8f:bf:e9:9a:04:dd:3d:99:13:57:30:1b:34:84:a1:
         3a:7e:41:07:d6:76:5e:65:bc:4c:e5:01:48:4c:94:16:53:f1:
         e4:8f:2c:b5:f3:dd:95:2d:c9:4e:22:a1:a6:31:ce:37:6d:fa:
         bc:5d:bf:e1:fa:e3:f3:a4:7f:46:26:e6:8a:39:91:59:7d:4b:
         2e:37:76:56:e0:ca:b0:a8:74:f6:74:d8:d5:98:02:35:cd:55:
         25:f7:35:d1:91:b3:69:bb:f9:c7:12:43:fc:e1:48:bb:8a:19:
         77:db:c3:28:91:ce:70:22:5d:4c:fb:82:e1:27:73:9e:a5:5b:
         1d:95:1c:3d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ01Bp0QjcjUCWI4sYwAoiGsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzZGFkMjRiNjY0N2ViMmNmYTg3Mzk4OWM2ZDY2ZDE3NGVi
NGI1ODYwHhcNMjYwMzI4MTUxODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGIzOWQ5ZDY2Mjg3NzZjMjFjMGUyYTRhMjA4N2Q5NzZjZWY3ODc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArW9qG+jryUc+r7SX+uM2yY+V3GQO
ErtvbCqey1Y8c7fubnazv2CJ6Kgvy4gAhwFlsQUTfCEY1oJ1fg9FPXayXUKoHPp0
XB3WluIDZMdTVw+Dap/UQoluAXOV9iilCCM5lVFLQtfIF+R3Ps1X9OK0AS+5cQtN
QmWDH+MBfj9GwXfYDNOewKGQQlWAWRob7cVngOcjlWXfkxI0FLlI57HQERe/bS6h
RCy3eJ1vNOEGgRGXGqx5aJvvVvJqpJ7r+I13eNiUbXNS5TxpZ/Uf8M8dGK4HEaCD
GTwN5IyasvdzMZE0vt5Rw1h+0TdZONzhnfbPhFAxVRQQ3fWxE4+tyOSNSQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJCznZ1mKHdsIcDipKIIfZds73h2MB8GA1UdIwQY
MBaAFBPa0ktmR+ss+oc5icbWbRdOtLWGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTlyU1MyWkg2eXo2aHptSnh0WnRGMDYwdFlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi9mYjUyZDEtMmU3MS00YWMwLWEzYTMt
MWFhNmZlNDA2YTU4LzEva0xPZG5XWW9kMndod09La29naDlsMnp2ZUhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi9mYjUyZDEtMmU3MS00YWMwLWEzYTMtMWFhNmZlNDA2YTU4
LzEvRTlyU1MyWkg2eXo2aHptSnh0WnRGMDYwdFlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgsRgDAN
BgkqhkiG9w0BAQsFAAOCAQEAeXEANoy4d7ZqTnowoXe8KTZ4EtXlnZxmk/+qH5Fv
uSfQjYnAnh83HUCm2gk8OpCxckzCCjdgIGe0fUrrSCo+Fh6K85/x08AI0vsTmd/Q
PmNyhSoYusnPN0ttgC0iHLmgoBE1LQeZT5jrooffOmIJW/iCi83WOixNRcijHvNQ
h78lj7/pmgTdPZkTVzAbNIShOn5BB9Z2XmW8TOUBSEyUFlPx5I8stfPdlS3JTiKh
pjHON236vF2/4frj86R/RibmijmRWX1LLjd2VuDKsKh09nTY1ZgCNc1VJfc10ZGz
abv5xxJD/OFIu4oZd9vDKJHOcCJdTPuC4SdznqVbHZUcPQ==
-----END CERTIFICATE-----