Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/RAIDeG8oL45DuYf-7UUuqx3bIoo.roa
File:                     RAIDeG8oL45DuYf-7UUuqx3bIoo.roa (raw, json)
Hash identifier:          0cC0o4TqmH8sWEtiTLo/Zi9ft3B2EqaAr2wV+9DCX6k=
Subject key identifier:   44:02:03:78:6F:28:2F:8E:43:B9:87:FE:ED:45:2E:AB:1D:DB:22:8A
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019DFC5EEB6AF57210B2A17BC300A92A0E21
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/RAIDeG8oL45DuYf-7UUuqx3bIoo.roa
Signing time:             Wed 06 May 2026 08:19:32 +0000
ROA not before:           Wed 06 May 2026 08:19:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21641
IP address blocks:        2a10:3c81::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 May 2026 04:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fc:5e:eb:6a:f5:72:10:b2:a1:7b:c3:00:a9:2a:0e:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: May  6 08:19:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=440203786f282f8e43b987feed452eab1ddb228a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:dc:c6:fe:e1:5f:d1:18:04:59:5b:95:0d:df:
                    aa:82:3a:75:3d:49:66:bb:a3:98:a6:d7:f6:9f:2e:
                    3e:f1:b7:df:2a:f8:a8:09:d7:31:b4:b0:48:d6:be:
                    2d:45:00:ec:1c:78:30:ce:03:25:9a:5c:37:64:97:
                    cd:d6:12:e0:3c:45:eb:69:fa:ba:72:97:d5:95:9c:
                    af:4c:cb:85:55:10:38:b1:49:d3:3e:d6:04:ec:b6:
                    2d:49:1e:5c:5d:d7:d4:d5:fe:47:b6:67:11:df:dd:
                    c5:6c:bb:f3:76:67:4a:c8:32:81:49:74:c2:9b:63:
                    a1:bb:3c:a3:df:8e:2c:a6:6c:f9:28:60:96:7a:51:
                    ba:0a:83:9e:1c:36:6f:77:ac:47:48:48:6d:6f:1b:
                    60:82:74:7f:10:b7:78:ac:b3:98:20:5c:2e:e7:b9:
                    a4:bb:ea:14:64:29:6b:6b:52:1e:52:27:09:48:6e:
                    44:b8:3f:7e:21:36:41:9f:8f:74:b1:6d:c7:e5:af:
                    ea:6a:ea:46:75:52:fa:38:72:58:8d:62:e3:88:28:
                    b9:b3:79:1b:90:41:87:28:cc:86:33:4a:ec:e0:e7:
                    75:c8:6d:b1:4f:f2:ac:b1:d4:c8:9e:7c:94:c0:90:
                    4c:63:19:1f:8d:c7:a0:7e:7b:2b:28:f0:ae:87:ab:
                    1a:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:02:03:78:6F:28:2F:8E:43:B9:87:FE:ED:45:2E:AB:1D:DB:22:8A
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/RAIDeG8oL45DuYf-7UUuqx3bIoo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:3c81::/32

    Signature Algorithm: sha256WithRSAEncryption
         e0:1c:3b:6a:37:79:4f:14:b1:ff:b9:59:a1:5e:d8:ef:01:6f:
         cf:20:12:3b:26:6e:45:ca:62:7b:41:f2:b9:98:f2:1b:0a:a8:
         9a:d8:3f:67:dc:06:68:b4:9d:19:4b:d3:78:4e:5b:ae:d1:60:
         bb:71:16:5f:4c:1e:a0:74:33:92:50:da:e2:74:c0:38:ec:eb:
         aa:82:9b:28:d6:a8:f3:d0:f6:98:fa:51:3c:f8:53:a5:23:1b:
         f1:80:e2:70:fd:f4:d3:5a:fe:50:ef:ad:4b:96:df:f8:02:3c:
         01:02:69:f9:18:41:c3:f4:70:9a:0f:5f:87:b9:db:d8:60:1e:
         5f:58:f9:36:c4:0a:8c:25:dd:f4:1d:a2:82:9e:50:32:0a:81:
         da:63:01:1c:d2:57:b6:9a:45:ea:38:ea:c0:65:2b:a7:e3:9b:
         26:3c:b9:6a:bc:ff:f7:d6:ce:1a:71:57:b3:19:c0:b9:07:da:
         d9:0f:b6:4a:11:71:f4:b7:ec:5c:45:73:1c:54:2e:3d:8c:69:
         69:19:2c:49:9a:7a:31:0c:2f:fb:6f:49:f3:22:7b:d3:08:50:
         27:f2:6d:a5:70:1a:5d:64:3e:61:6e:6f:dd:43:65:f1:4a:e1:
         10:f8:a5:10:22:2c:2c:76:0c:8b:35:41:c1:60:07:48:1b:b3:
         64:1c:aa:3f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ38Xutq9XIQsqF7wwCpKg4hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjYwNTA2MDgxOTMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDAyMDM3ODZmMjgyZjhlNDNiOTg3ZmVlZDQ1MmVhYjFkZGIyMjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdzG/uFf0RgEWVuVDd+qgjp1PUlm
u6OYptf2ny4+8bffKvioCdcxtLBI1r4tRQDsHHgwzgMlmlw3ZJfN1hLgPEXrafq6
cpfVlZyvTMuFVRA4sUnTPtYE7LYtSR5cXdfU1f5HtmcR393FbLvzdmdKyDKBSXTC
m2Ohuzyj344spmz5KGCWelG6CoOeHDZvd6xHSEhtbxtggnR/ELd4rLOYIFwu57mk
u+oUZClra1IeUicJSG5EuD9+ITZBn490sW3H5a/qaupGdVL6OHJYjWLjiCi5s3kb
kEGHKMyGM0rs4Od1yG2xT/KssdTInnyUwJBMYxkfjcegfnsrKPCuh6sawQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEQCA3hvKC+OQ7mH/u1FLqsd2yKKMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvUkFJRGVHOG9MNDVEdVlmLTdVVXVxeDNiSW9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhA8gTAN
BgkqhkiG9w0BAQsFAAOCAQEA4Bw7ajd5TxSx/7lZoV7Y7wFvzyASOyZuRcpie0Hy
uZjyGwqomtg/Z9wGaLSdGUvTeE5brtFgu3EWX0weoHQzklDa4nTAOOzrqoKbKNao
89D2mPpRPPhTpSMb8YDicP3001r+UO+tS5bf+AI8AQJp+RhBw/Rwmg9fh7nb2GAe
X1j5NsQKjCXd9B2igp5QMgqB2mMBHNJXtppF6jjqwGUrp+ObJjy5arz/99bOGnFX
sxnAuQfa2Q+2ShFx9LfsXEVzHFQuPYxpaRksSZp6MQwv+29J8yJ70whQJ/JtpXAa
XWQ+YW5v3UNl8UrhEPilECIsLHYMizVBwWAHSBuzZByqPw==
-----END CERTIFICATE-----