Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/68IxzbO0PTeFxtOuJtyMIHSkCpI.roa
File:                     68IxzbO0PTeFxtOuJtyMIHSkCpI.roa (raw, json)
Hash identifier:          Kf8y6MrTYf33pDu3Ld59rugZdfxz66rzLgCsUSRlkdg=
Subject key identifier:   EB:C2:31:CD:B3:B4:3D:37:85:C6:D3:AE:26:DC:8C:20:74:A4:0A:92
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019ED002EFD43D1730246DDD53FB36B2CECD
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/68IxzbO0PTeFxtOuJtyMIHSkCpI.roa
Signing time:             Tue 16 Jun 2026 10:38:33 +0000
ROA not before:           Tue 16 Jun 2026 10:38:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     152179
IP address blocks:        2a0c:5d40::/29 maxlen: 29
                          2a11:580::/29 maxlen: 29
                          2a11:d680::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 19:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:d0:02:ef:d4:3d:17:30:24:6d:dd:53:fb:36:b2:ce:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jun 16 10:38:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ebc231cdb3b43d3785c6d3ae26dc8c2074a40a92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:e3:67:4e:63:a2:12:5b:d2:39:ce:21:11:45:
                    39:10:bb:7e:5a:71:0a:55:2d:98:e7:4c:e6:02:a2:
                    65:9a:82:b2:81:04:2e:a9:13:b6:a0:83:cf:dc:e0:
                    d3:e3:97:37:00:c5:96:73:9f:50:ed:a9:0a:5d:62:
                    ff:38:46:d8:bb:6b:be:91:77:a4:5f:0d:c3:74:b8:
                    0a:bf:15:06:46:4b:6e:c9:05:e1:9e:06:e5:c8:44:
                    ae:ea:1c:49:6a:d7:67:26:1d:b1:7c:a8:7f:b0:fd:
                    50:b2:65:d4:c3:d6:81:8d:ef:32:68:41:70:21:b4:
                    6e:d4:70:7d:7e:3c:2e:7a:fb:2c:50:dd:f2:52:45:
                    c7:a9:e3:8e:23:9b:78:d6:71:0a:02:b0:a1:46:eb:
                    3f:a0:0b:a6:1e:51:3f:3c:44:54:ff:16:97:7c:53:
                    9c:e2:98:63:f3:6f:ea:96:67:97:f0:6c:91:0a:6d:
                    c8:49:4f:d4:e6:c8:f3:f3:d9:bd:52:31:a0:21:39:
                    e4:e9:5d:fc:62:54:1f:df:d4:e4:ce:0c:15:f5:e8:
                    ff:78:29:ed:42:26:7e:3f:a5:cf:fb:bf:c9:4c:91:
                    9a:e1:c0:68:86:ba:9f:b0:38:b4:a2:bc:20:74:fb:
                    12:72:ac:3b:8f:2d:64:e8:6e:d8:b2:3a:c1:88:e0:
                    98:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:C2:31:CD:B3:B4:3D:37:85:C6:D3:AE:26:DC:8C:20:74:A4:0A:92
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/68IxzbO0PTeFxtOuJtyMIHSkCpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:5d40::/29
                  2a11:580::/29
                  2a11:d680::/29

    Signature Algorithm: sha256WithRSAEncryption
         73:dd:31:66:10:b3:ee:9d:10:a0:c2:35:86:ec:18:ba:dd:20:
         2a:c8:3a:98:3d:68:8e:c9:5b:cd:42:c2:62:74:9c:fa:b9:b7:
         00:86:a7:af:85:bb:bd:1d:76:8d:97:66:8c:09:a6:7b:a9:2e:
         c6:c3:04:2c:25:19:58:83:32:6e:27:aa:7d:21:ca:a2:01:f2:
         92:35:04:37:cb:b6:c1:3e:39:36:b8:3c:4b:fb:6b:b2:cf:ed:
         1b:1f:86:98:65:c9:3b:26:de:aa:d8:92:83:da:b0:9d:d1:dc:
         24:42:f3:f3:a2:86:d9:c9:b1:fd:54:2c:e1:c6:22:eb:e0:29:
         f2:69:35:3d:e9:5f:79:54:0d:65:34:66:3f:91:07:ac:3d:f1:
         79:55:1b:1e:cf:eb:61:80:40:ee:9b:7c:64:bd:c4:82:fa:4c:
         af:ae:af:1c:5d:e6:f3:98:0f:5c:1b:91:28:cb:ba:e6:46:98:
         31:b3:98:b0:47:c7:58:cd:a2:c6:ea:8b:71:d0:34:6e:79:46:
         b8:09:6c:31:94:e0:bb:56:bc:a7:4b:bc:c3:61:e6:2e:09:9f:
         6f:c6:bb:d1:42:74:85:ca:7e:cd:cf:5b:02:49:8d:c3:1d:89:
         90:ac:02:4d:b8:0c:bb:91:ee:d9:77:1d:bf:e6:97:6f:6b:ee:
         7e:e4:01:df
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ7QAu/UPRcwJG3dU/s2ss7NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjYwNjE2MTAzODMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmMyMzFjZGIzYjQzZDM3ODVjNmQzYWUyNmRjOGMyMDc0YTQwYTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuNnTmOiElvSOc4hEUU5ELt+WnEK
VS2Y50zmAqJlmoKygQQuqRO2oIPP3ODT45c3AMWWc59Q7akKXWL/OEbYu2u+kXek
Xw3DdLgKvxUGRktuyQXhngblyESu6hxJatdnJh2xfKh/sP1QsmXUw9aBje8yaEFw
IbRu1HB9fjwuevssUN3yUkXHqeOOI5t41nEKArChRus/oAumHlE/PERU/xaXfFOc
4phj82/qlmeX8GyRCm3ISU/U5sjz89m9UjGgITnk6V38YlQf39TkzgwV9ej/eCnt
QiZ+P6XP+7/JTJGa4cBohrqfsDi0orwgdPsScqw7jy1k6G7YsjrBiOCYBQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOvCMc2ztD03hcbTribcjCB0pAqSMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvNjhJeHpiTzBQVGVGeHRPdUp0eU1JSFNrQ3BJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKgxdQAMF
AyoRBYADBQMqEdaAMA0GCSqGSIb3DQEBCwUAA4IBAQBz3TFmELPunRCgwjWG7Bi6
3SAqyDqYPWiOyVvNQsJidJz6ubcAhqevhbu9HXaNl2aMCaZ7qS7GwwQsJRlYgzJu
J6p9IcqiAfKSNQQ3y7bBPjk2uDxL+2uyz+0bH4aYZck7Jt6q2JKD2rCd0dwkQvPz
oobZybH9VCzhxiLr4CnyaTU96V95VA1lNGY/kQesPfF5VRsez+thgEDum3xkvcSC
+kyvrq8cXebzmA9cG5Eoy7rmRpgxs5iwR8dYzaLG6otx0DRueUa4CWwxlOC7Vryn
S7zDYeYuCZ9vxrvRQnSFyn7Nz1sCSY3DHYmQrAJNuAy7ke7Zdx2/5pdva+5+5AHf
-----END CERTIFICATE-----