Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/DSkLV-HP2H6IDHMLnPTY6mCNSNE.roa
File:                     DSkLV-HP2H6IDHMLnPTY6mCNSNE.roa (raw, json)
Hash identifier:          m1YCEtzkcz8MgtGtYvdmFRoC+s/XL8TjbtvrOozgbzo=
Subject key identifier:   0D:29:0B:57:E1:CF:D8:7E:88:0C:73:0B:9C:F4:D8:EA:60:8D:48:D1
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019D5E9FD458696330F633DBDA33B9859994
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/DSkLV-HP2H6IDHMLnPTY6mCNSNE.roa
Signing time:             Sun 05 Apr 2026 17:10:25 +0000
ROA not before:           Sun 05 Apr 2026 17:10:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     397006
IP address blocks:        2a13:c3c0::/29 maxlen: 29
                          2a13:c3c0::/30 maxlen: 30
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 Apr 2026 17:10:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:5e:9f:d4:58:69:63:30:f6:33:db:da:33:b9:85:99:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Apr  5 17:10:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0d290b57e1cfd87e880c730b9cf4d8ea608d48d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:b7:3f:c9:25:cc:f4:75:7c:90:ae:fc:54:88:
                    e7:5e:95:c5:31:8b:11:43:d9:62:2a:38:f2:21:c2:
                    12:12:f0:ad:38:89:18:9a:a3:09:f1:f6:8b:7d:40:
                    d9:27:b0:53:ff:db:d7:39:c7:85:30:5b:ee:20:3f:
                    c2:f5:b9:c8:2a:b2:ae:99:01:88:48:ff:a5:24:42:
                    f6:a7:8b:da:d4:5e:c7:2a:a7:d6:2a:f3:8e:9d:04:
                    85:d9:98:e2:32:f1:09:c0:56:2c:f5:09:1e:f6:2d:
                    87:76:e8:5c:e1:08:57:cb:40:b7:c1:46:65:8a:b3:
                    e2:c0:42:07:59:49:0c:37:a9:81:7a:92:fa:a1:00:
                    14:aa:67:91:80:74:4c:75:40:25:fb:f9:31:ff:fc:
                    9f:ca:6b:cd:fb:49:05:8f:70:8e:ae:2b:e1:10:ff:
                    f5:0f:8a:4d:d4:97:68:59:3c:00:14:5a:cd:57:ed:
                    d7:74:2d:5c:c6:98:6c:6b:bc:23:03:bb:ee:e5:24:
                    a4:54:c4:84:d3:63:18:62:e0:ac:5a:46:28:30:ca:
                    65:8b:4d:fa:4a:8c:7d:dc:49:01:0a:c2:b2:fc:6f:
                    8f:8e:ac:77:03:7e:a5:59:cf:bf:34:0e:91:3d:10:
                    a0:30:7c:43:b2:75:1d:88:76:57:01:5b:43:70:d3:
                    14:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:29:0B:57:E1:CF:D8:7E:88:0C:73:0B:9C:F4:D8:EA:60:8D:48:D1
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/DSkLV-HP2H6IDHMLnPTY6mCNSNE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c3c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         0f:80:32:8e:31:34:c8:6b:66:fd:74:df:f4:63:93:b1:8d:1f:
         fa:c1:36:21:80:a7:37:7c:bd:52:e8:81:0d:09:ec:8e:4f:f6:
         9f:e9:72:28:cc:bc:f9:1c:75:ed:1e:ce:df:1e:c0:c2:f3:47:
         8b:0d:1c:6a:8f:f6:2f:b8:2c:b0:9e:37:fc:27:ed:d7:e0:b8:
         93:2a:79:e2:90:e1:04:4d:d9:36:5a:87:26:e0:7b:86:28:a2:
         40:e8:06:23:23:fe:1c:a5:09:14:9c:1f:32:e2:86:d3:a8:12:
         01:88:37:06:a2:40:6b:c0:ad:16:44:49:54:3b:5e:85:49:0c:
         ee:d8:45:8a:27:f3:90:1e:f5:bf:c3:b1:ef:69:60:35:c8:f5:
         a1:ed:a6:da:b8:00:d1:e4:81:b9:0b:f4:e4:fe:6e:85:9e:aa:
         69:ca:77:84:19:3d:36:33:ac:ab:f4:7a:e0:0a:c1:42:47:fb:
         e9:29:b5:46:f2:4a:b8:3e:3b:da:49:12:67:23:07:61:dc:a8:
         04:04:7b:9a:57:cd:92:55:20:73:8a:f1:c5:4c:3a:78:11:19:
         81:32:d6:e7:ad:bc:ac:81:b1:7c:67:c6:e9:0d:b6:75:21:34:
         95:2e:6a:70:5a:3c:5d:ec:30:c2:91:e3:41:44:97:9c:f2:b2:
         a0:0a:7d:a3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ1en9RYaWMw9jPb2jO5hZmUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjYwNDA1MTcxMDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDI5MGI1N2UxY2ZkODdlODgwYzczMGI5Y2Y0ZDhlYTYwOGQ0OGQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyrc/ySXM9HV8kK78VIjnXpXFMYsR
Q9liKjjyIcISEvCtOIkYmqMJ8faLfUDZJ7BT/9vXOceFMFvuID/C9bnIKrKumQGI
SP+lJEL2p4va1F7HKqfWKvOOnQSF2ZjiMvEJwFYs9Qke9i2Hduhc4QhXy0C3wUZl
irPiwEIHWUkMN6mBepL6oQAUqmeRgHRMdUAl+/kx//yfymvN+0kFj3COrivhEP/1
D4pN1JdoWTwAFFrNV+3XdC1cxphsa7wjA7vu5SSkVMSE02MYYuCsWkYoMMpli036
Sox93EkBCsKy/G+Pjqx3A36lWc+/NA6RPRCgMHxDsnUdiHZXAVtDcNMUNwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFA0pC1fhz9h+iAxzC5z02OpgjUjRMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvRFNrTFYtSFAySDZJREhNTG5QVFk2bUNOU05FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPDwDAN
BgkqhkiG9w0BAQsFAAOCAQEAD4AyjjE0yGtm/XTf9GOTsY0f+sE2IYCnN3y9UuiB
DQnsjk/2n+lyKMy8+Rx17R7O3x7AwvNHiw0cao/2L7gssJ43/Cft1+C4kyp54pDh
BE3ZNlqHJuB7hiiiQOgGIyP+HKUJFJwfMuKG06gSAYg3BqJAa8CtFkRJVDtehUkM
7thFiifzkB71v8Ox72lgNcj1oe2m2rgA0eSBuQv05P5uhZ6qacp3hBk9NjOsq/R6
4ArBQkf76Sm1RvJKuD472kkSZyMHYdyoBAR7mlfNklUgc4rxxUw6eBEZgTLW5628
rIGxfGfG6Q22dSE0lS5qcFo8XewwwpHjQUSXnPKyoAp9ow==
-----END CERTIFICATE-----