Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/XTKBGmOZZ2dfK5M-y-xO1-oQK6o.roa
File:                     XTKBGmOZZ2dfK5M-y-xO1-oQK6o.roa (raw, json)
Hash identifier:          qXWRkL1biFDwtJJer84fS0/YDB6dgBKQpd7X1k+MdKE=
Subject key identifier:   5D:32:81:1A:63:99:67:67:5F:2B:93:3E:CB:EC:4E:D7:EA:10:2B:AA
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       019ED1F24743EF146D442EADF959CDA0F904
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/XTKBGmOZZ2dfK5M-y-xO1-oQK6o.roa
Signing time:             Tue 16 Jun 2026 19:39:36 +0000
ROA not before:           Tue 16 Jun 2026 19:39:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     47400
IP address blocks:        2a10:4640:7::/48 maxlen: 48
                          2a10:4646:30::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 19:39:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:d1:f2:47:43:ef:14:6d:44:2e:ad:f9:59:cd:a0:f9:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: Jun 16 19:39:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5d32811a639967675f2b933ecbec4ed7ea102baa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:be:e2:26:bd:15:86:96:43:e4:66:75:89:d4:
                    e4:4d:51:8e:bb:ee:6f:6d:ae:f6:da:be:e3:fe:fd:
                    d5:60:2e:d6:d4:ab:4a:13:18:c7:d0:34:85:21:a1:
                    0c:9c:fc:bf:37:32:67:5f:6a:5b:1d:93:30:a0:20:
                    c8:3e:5a:79:83:b8:69:9f:a4:d7:58:ba:73:7f:33:
                    52:19:cf:06:92:26:e3:7c:11:47:da:88:bd:0b:5f:
                    56:e5:fa:f5:24:92:ff:89:c5:36:04:ad:bd:87:1a:
                    27:fd:f5:d0:cb:23:98:61:f8:97:77:fd:ed:57:51:
                    18:04:42:f8:39:40:76:8e:c0:e4:23:ff:0a:cc:41:
                    7d:5b:d7:b1:79:b1:42:d5:f1:25:48:db:5d:10:9c:
                    b5:b9:82:25:b8:52:12:e5:80:e5:7e:3f:b7:19:e5:
                    74:3a:47:4d:8f:1b:77:f7:2f:3b:bb:96:12:39:2f:
                    6c:6a:1f:0b:1a:6d:d5:b8:fa:21:cf:fd:79:4a:e7:
                    3f:44:f5:46:5b:9e:04:4c:c2:02:0d:d4:65:98:c5:
                    df:22:63:1c:f0:a5:40:77:99:ba:fb:38:d8:4c:d3:
                    92:ef:0e:5b:62:32:81:a9:ba:34:11:74:de:aa:1c:
                    42:83:28:42:5c:11:a5:89:26:4e:b2:93:35:03:0d:
                    7a:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:32:81:1A:63:99:67:67:5F:2B:93:3E:CB:EC:4E:D7:EA:10:2B:AA
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/XTKBGmOZZ2dfK5M-y-xO1-oQK6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4640:7::/48
                  2a10:4646:30::/44

    Signature Algorithm: sha256WithRSAEncryption
         14:30:a0:5e:5d:c7:86:9d:87:8a:66:77:ed:6f:d8:88:7f:b1:
         39:5c:e0:ea:ba:51:cb:6d:0d:8c:e9:c3:f5:64:ec:08:7b:73:
         30:9d:64:60:c8:9a:ac:b1:0c:7c:e9:20:ca:f8:06:60:ca:ac:
         77:4b:d1:5a:fc:80:13:2c:15:83:80:b8:11:b4:60:3a:fe:98:
         4f:dc:2a:c4:a1:5f:98:48:17:b2:24:ca:e6:f9:ad:f6:fa:35:
         ad:15:ba:7e:fb:d9:dd:b8:39:88:e0:25:7f:e7:89:78:37:c3:
         25:a0:23:c0:6c:06:ee:d5:64:cb:7d:a2:a5:da:01:3c:69:7a:
         3a:09:d8:ce:47:d4:c8:0d:85:ab:08:f7:a0:cc:9b:bf:bb:a5:
         97:23:b7:89:12:26:f3:17:a5:60:c5:9a:22:c2:a3:8c:f2:65:
         5d:91:2b:31:65:20:e3:28:48:02:1f:47:58:87:f6:6b:4d:ff:
         57:13:82:bc:70:9d:cd:3e:c2:11:37:30:fa:c8:07:ac:28:ba:
         96:11:e6:5e:c6:e1:1f:2a:c0:77:42:ea:fb:d2:d2:3a:ce:59:
         0b:34:c0:49:12:13:dc:3d:4b:ea:8a:2b:30:11:7f:e8:4d:13:
         82:bf:9e:0f:75:03:83:9a:b9:7b:c2:09:20:16:6d:70:20:34:
         ea:b9:a5:1b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ7R8kdD7xRtRC6t+VnNoPkEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjYwNjE2MTkzOTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDMyODExYTYzOTk2NzY3NWYyYjkzM2VjYmVjNGVkN2VhMTAyYmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqr7iJr0VhpZD5GZ1idTkTVGOu+5v
ba722r7j/v3VYC7W1KtKExjH0DSFIaEMnPy/NzJnX2pbHZMwoCDIPlp5g7hpn6TX
WLpzfzNSGc8GkibjfBFH2oi9C19W5fr1JJL/icU2BK29hxon/fXQyyOYYfiXd/3t
V1EYBEL4OUB2jsDkI/8KzEF9W9exebFC1fElSNtdEJy1uYIluFIS5YDlfj+3GeV0
OkdNjxt39y87u5YSOS9sah8LGm3VuPohz/15Suc/RPVGW54ETMICDdRlmMXfImMc
8KVAd5m6+zjYTNOS7w5bYjKBqbo0EXTeqhxCgyhCXBGliSZOspM1Aw16NwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFF0ygRpjmWdnXyuTPsvsTtfqECuqMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvWFRLQkdtT1paMmRmSzVNLXkteE8xLW9RSzZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhBGQAAH
AwcEKhBGRgAwMA0GCSqGSIb3DQEBCwUAA4IBAQAUMKBeXceGnYeKZnftb9iIf7E5
XODqulHLbQ2M6cP1ZOwIe3MwnWRgyJqssQx86SDK+AZgyqx3S9Fa/IATLBWDgLgR
tGA6/phP3CrEoV+YSBeyJMrm+a32+jWtFbp++9nduDmI4CV/54l4N8MloCPAbAbu
1WTLfaKl2gE8aXo6CdjOR9TIDYWrCPegzJu/u6WXI7eJEibzF6VgxZoiwqOM8mVd
kSsxZSDjKEgCH0dYh/ZrTf9XE4K8cJ3NPsIRNzD6yAesKLqWEeZexuEfKsB3Qur7
0tI6zlkLNMBJEhPcPUvqiiswEX/oTROCv54PdQODmrl7wgkgFm1wIDTquaUb
-----END CERTIFICATE-----