Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/b88c86-9629-43c6-821e-7a72e26c8918/1/SsfnBHuvPDESg4pTMTaqtv9nT-Q.roa
File:                     SsfnBHuvPDESg4pTMTaqtv9nT-Q.roa (raw, json)
Hash identifier:          ZrITCydyp3ig8q1pUL+0pHbv4soXKIcGIYDQm4wHpvo=
Subject key identifier:   4A:C7:E7:04:7B:AF:3C:31:12:83:8A:53:31:36:AA:B6:FF:67:4F:E4
Certificate issuer:       /CN=42512561fc4ee54b799c5af428fffbcbafd454ef
Certificate serial:       019DA9CB4D546A4A4CEFE8A2E957566593D4
Authority key identifier: 42:51:25:61:FC:4E:E5:4B:79:9C:5A:F4:28:FF:FB:CB:AF:D4:54:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QlElYfxO5Ut5nFr0KP_7y6_UVO8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/b88c86-9629-43c6-821e-7a72e26c8918/1/SsfnBHuvPDESg4pTMTaqtv9nT-Q.roa
Signing time:             Mon 20 Apr 2026 07:29:26 +0000
ROA not before:           Mon 20 Apr 2026 07:29:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58010
IP address blocks:        2a06:71c0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/b88c86-9629-43c6-821e-7a72e26c8918/1/QlElYfxO5Ut5nFr0KP_7y6_UVO8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/b88c86-9629-43c6-821e-7a72e26c8918/1/QlElYfxO5Ut5nFr0KP_7y6_UVO8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QlElYfxO5Ut5nFr0KP_7y6_UVO8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 Apr 2026 22:01:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:a9:cb:4d:54:6a:4a:4c:ef:e8:a2:e9:57:56:65:93:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42512561fc4ee54b799c5af428fffbcbafd454ef
        Validity
            Not Before: Apr 20 07:29:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4ac7e7047baf3c3112838a533136aab6ff674fe4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:e9:93:b5:7f:8a:d3:fd:91:68:77:95:51:a3:
                    18:f4:48:71:4c:5c:8e:8a:a0:a9:a1:f5:2e:42:f8:
                    f6:bf:f0:53:77:bb:27:4f:84:fd:a9:87:69:09:e8:
                    79:f8:87:48:aa:b8:e2:18:08:23:18:79:9c:a8:af:
                    bd:f4:c1:8f:8a:c2:cd:96:ac:c6:f3:8f:d5:da:43:
                    d8:56:f5:81:7e:82:98:d2:0d:fd:a2:23:41:97:f6:
                    f4:df:48:5b:db:30:a7:02:7c:be:b8:55:aa:53:45:
                    6a:00:a1:59:4b:07:28:b6:a9:7b:d7:6b:4c:f3:e9:
                    6b:a8:5e:16:d9:a4:f4:f4:d7:ad:c1:09:dd:d2:c3:
                    54:7b:7c:6d:a3:d3:ef:80:14:8c:74:cd:86:7c:5f:
                    99:e5:57:e8:7a:5f:05:cd:97:4b:5c:8d:9f:36:f2:
                    12:ef:51:45:25:63:19:99:ce:c6:71:52:53:a2:f0:
                    dd:4e:27:1c:75:85:ce:b7:d6:28:dc:89:12:b4:a1:
                    5a:30:07:4e:ba:bc:df:b9:1d:ac:da:6a:cd:53:72:
                    2f:05:5e:38:be:f4:71:d0:6f:04:82:a9:65:fc:4e:
                    df:f2:74:d3:8c:46:eb:8d:60:3f:60:e6:43:5a:bb:
                    12:05:fa:7a:b4:f6:8e:29:60:97:f0:82:20:dd:c4:
                    67:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:C7:E7:04:7B:AF:3C:31:12:83:8A:53:31:36:AA:B6:FF:67:4F:E4
            X509v3 Authority Key Identifier:
                keyid:42:51:25:61:FC:4E:E5:4B:79:9C:5A:F4:28:FF:FB:CB:AF:D4:54:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QlElYfxO5Ut5nFr0KP_7y6_UVO8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/b88c86-9629-43c6-821e-7a72e26c8918/1/SsfnBHuvPDESg4pTMTaqtv9nT-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/b88c86-9629-43c6-821e-7a72e26c8918/1/QlElYfxO5Ut5nFr0KP_7y6_UVO8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:71c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         55:42:31:e3:80:98:54:bb:23:24:a3:40:ce:fb:eb:af:be:9b:
         d3:2c:d2:6e:7f:7b:05:03:8c:62:7d:1e:6b:49:86:50:07:cc:
         ed:c3:55:a9:d1:66:16:82:97:b5:f6:9c:e0:a6:36:85:19:26:
         95:10:a8:60:f4:62:de:c4:95:b1:29:06:53:94:18:21:5f:ed:
         03:58:94:e6:65:3f:fe:1f:4b:8c:88:21:7f:b4:37:93:dd:8e:
         0c:c8:2e:ed:9d:96:4c:b3:36:a6:72:92:33:0f:bc:ab:ef:df:
         83:ff:b9:32:d9:27:ca:60:b0:f1:ed:a6:50:ba:58:78:25:55:
         99:af:b5:fe:f6:f1:d1:17:53:b0:57:e1:81:54:c2:c0:d8:5a:
         18:ff:48:0c:ed:40:3f:39:71:81:a4:81:ce:2d:3f:15:e1:9d:
         4f:d4:08:38:be:ce:bb:ae:dc:fa:dc:d8:21:81:78:6c:76:b5:
         59:31:52:b4:84:f7:c0:6f:71:ee:73:10:09:9e:3a:4c:27:ff:
         fa:ac:06:a6:37:fd:ea:c0:b8:1d:bc:71:05:a6:76:f8:50:6e:
         5a:63:64:a5:82:3f:f6:4c:f0:db:85:0f:c4:a8:23:52:4c:03:
         ae:81:71:4c:79:aa:48:e8:25:f1:93:f9:e5:65:f2:d8:7f:aa:
         b5:3e:5f:b0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ2py01UakpM7+ii6VdWZZPUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyNTEyNTYxZmM0ZWU1NGI3OTljNWFmNDI4ZmZmYmNiYWZk
NDU0ZWYwHhcNMjYwNDIwMDcyOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWM3ZTcwNDdiYWYzYzMxMTI4MzhhNTMzMTM2YWFiNmZmNjc0ZmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApumTtX+K0/2RaHeVUaMY9EhxTFyO
iqCpofUuQvj2v/BTd7snT4T9qYdpCeh5+IdIqrjiGAgjGHmcqK+99MGPisLNlqzG
84/V2kPYVvWBfoKY0g39oiNBl/b030hb2zCnAny+uFWqU0VqAKFZSwcotql712tM
8+lrqF4W2aT09NetwQnd0sNUe3xto9PvgBSMdM2GfF+Z5Vfoel8FzZdLXI2fNvIS
71FFJWMZmc7GcVJTovDdTiccdYXOt9Yo3IkStKFaMAdOurzfuR2s2mrNU3IvBV44
vvRx0G8Egqll/E7f8nTTjEbrjWA/YOZDWrsSBfp6tPaOKWCX8IIg3cRn/wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFErH5wR7rzwxEoOKUzE2qrb/Z0/kMB8GA1UdIwQY
MBaAFEJRJWH8TuVLeZxa9Cj/+8uv1FTvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWxFbFlmeE81VXQ1bkZyMEtQXzd5Nl9VVk84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS9iODhjODYtOTYyOS00M2M2LTgyMWUt
N2E3MmUyNmM4OTE4LzEvU3NmbkJIdXZQREVTZzRwVE1UYXF0djluVC1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS9iODhjODYtOTYyOS00M2M2LTgyMWUtN2E3MmUyNmM4OTE4
LzEvUWxFbFlmeE81VXQ1bkZyMEtQXzd5Nl9VVk84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgZxwDAN
BgkqhkiG9w0BAQsFAAOCAQEAVUIx44CYVLsjJKNAzvvrr76b0yzSbn97BQOMYn0e
a0mGUAfM7cNVqdFmFoKXtfac4KY2hRkmlRCoYPRi3sSVsSkGU5QYIV/tA1iU5mU/
/h9LjIghf7Q3k92ODMgu7Z2WTLM2pnKSMw+8q+/fg/+5MtknymCw8e2mULpYeCVV
ma+1/vbx0RdTsFfhgVTCwNhaGP9IDO1APzlxgaSBzi0/FeGdT9QIOL7Ou67c+tzY
IYF4bHa1WTFStIT3wG9x7nMQCZ46TCf/+qwGpjf96sC4HbxxBaZ2+FBuWmNkpYI/
9kzw24UPxKgjUkwDroFxTHmqSOgl8ZP55WXy2H+qtT5fsA==
-----END CERTIFICATE-----