Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/oqvVF5ro_xcfYZX0L91psrz4scE.roa
File:                     oqvVF5ro_xcfYZX0L91psrz4scE.roa (raw, json)
Hash identifier:          9GXkVLe3LroEDzobGbILI6BVJmNa1NCl51cSlpSEpww=
Subject key identifier:   A2:AB:D5:17:9A:E8:FF:17:1F:61:95:F4:2F:DD:69:B2:BC:F8:B1:C1
Certificate issuer:       /CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
Certificate serial:       019E5F2C43525EBF3724C1E6C599DAA6B1E7
Authority key identifier: 1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/oqvVF5ro_xcfYZX0L91psrz4scE.roa
Signing time:             Mon 25 May 2026 12:46:36 +0000
ROA not before:           Mon 25 May 2026 12:46:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215171
IP address blocks:        2a0a:280:35f0::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 May 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5f:2c:43:52:5e:bf:37:24:c1:e6:c5:99:da:a6:b1:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b9f21ba04e5e3077b391e3d48ff5b0a50b3369f
        Validity
            Not Before: May 25 12:46:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a2abd5179ae8ff171f6195f42fdd69b2bcf8b1c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:99:1b:c5:6d:b4:8b:f1:64:51:91:95:a0:25:
                    16:ab:8d:55:a1:77:f9:fa:20:3e:f2:17:31:1a:3a:
                    9d:e4:4e:de:b5:5e:75:80:a7:f7:16:ae:6b:f7:eb:
                    57:3c:47:9a:0e:c9:4b:a6:27:cd:a2:dd:43:e1:2a:
                    4e:fe:60:e4:99:bd:be:30:28:0b:4f:dc:ae:95:1c:
                    fd:27:2c:8e:fe:88:8d:17:da:c5:8e:e9:62:b2:15:
                    4c:52:bc:80:44:63:05:4f:31:fd:dd:cc:de:e2:0f:
                    46:de:40:c9:c7:32:a2:ba:ad:c8:45:8d:a2:f0:53:
                    b5:e4:45:50:84:3e:83:89:24:c4:ab:dd:df:f7:d2:
                    c7:55:e2:7a:23:62:8d:32:16:31:04:f5:1c:65:18:
                    ad:c5:17:3b:9a:89:1d:1a:48:4f:08:62:1f:71:7b:
                    c7:e2:cc:7e:2e:0f:c2:63:bd:18:b0:cd:21:5a:7e:
                    67:ca:25:c0:57:fa:f7:5b:db:61:b2:71:c0:b5:55:
                    5f:2b:35:98:27:f6:53:00:63:44:5f:42:89:d6:54:
                    48:50:2e:4c:50:c2:44:8e:73:a0:86:4d:50:9a:f6:
                    99:59:44:98:9b:f9:d7:1c:b0:44:00:9f:20:86:e7:
                    82:75:47:d6:45:4e:c6:46:62:f9:96:0d:9a:c7:ff:
                    7a:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:AB:D5:17:9A:E8:FF:17:1F:61:95:F4:2F:DD:69:B2:BC:F8:B1:C1
            X509v3 Authority Key Identifier:
                keyid:1B:9F:21:BA:04:E5:E3:07:7B:39:1E:3D:48:FF:5B:0A:50:B3:36:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G58hugTl4wd7OR49SP9bClCzNp8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/oqvVF5ro_xcfYZX0L91psrz4scE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f67a78-183d-494a-995e-f51c5fb3df9a/1/G58hugTl4wd7OR49SP9bClCzNp8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:280:35f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         65:32:68:42:a5:e8:6c:03:d7:26:c3:9d:31:bf:87:42:00:6b:
         aa:f1:8b:0a:47:de:af:54:3a:d8:d9:ef:5d:c2:f7:4f:e2:d4:
         06:c8:01:eb:d3:56:47:c4:5e:d9:ea:23:38:17:d1:fd:d9:67:
         f8:52:29:e3:f6:10:6f:e7:7d:5b:75:3b:be:cb:61:47:90:f1:
         cf:01:2a:b3:5d:a3:d8:c4:7f:2e:ec:ce:3b:04:ff:04:1d:e9:
         fe:d1:e3:46:44:72:66:80:bd:e4:9b:a5:b7:db:d5:24:5d:e4:
         dc:23:80:e1:7f:5e:e3:f3:b9:97:05:28:26:d4:c9:80:da:62:
         58:c9:61:04:5c:f5:8e:f4:7d:ca:1b:78:1c:2b:8a:12:99:dd:
         95:4e:00:00:60:c6:0d:c8:f1:6a:1c:f9:22:89:9a:94:63:c8:
         6e:73:61:3a:5f:67:d6:06:d6:85:92:ce:2b:68:f7:13:8b:5f:
         62:72:7c:7d:1a:3d:a0:d9:f4:f5:ae:a4:3f:57:a3:13:b7:14:
         7a:42:0c:3b:3b:69:23:b0:fa:0f:40:a0:f6:6d:fc:c4:c3:96:
         f7:5b:89:54:b8:f8:53:a1:a2:d0:c2:e4:30:f3:66:29:e1:2e:
         68:ce:ff:71:dd:3f:39:07:eb:9b:15:fd:97:12:9c:87:55:60:
         f1:22:21:f8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ5fLENSXr83JMHmxZnaprHnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiOWYyMWJhMDRlNWUzMDc3YjM5MWUzZDQ4ZmY1YjBhNTBi
MzM2OWYwHhcNMjYwNTI1MTI0NjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmFiZDUxNzlhZThmZjE3MWY2MTk1ZjQyZmRkNjliMmJjZjhiMWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpkbxW20i/FkUZGVoCUWq41VoXf5
+iA+8hcxGjqd5E7etV51gKf3Fq5r9+tXPEeaDslLpifNot1D4SpO/mDkmb2+MCgL
T9yulRz9JyyO/oiNF9rFjulishVMUryARGMFTzH93cze4g9G3kDJxzKiuq3IRY2i
8FO15EVQhD6DiSTEq93f99LHVeJ6I2KNMhYxBPUcZRitxRc7mokdGkhPCGIfcXvH
4sx+Lg/CY70YsM0hWn5nyiXAV/r3W9thsnHAtVVfKzWYJ/ZTAGNEX0KJ1lRIUC5M
UMJEjnOghk1QmvaZWUSYm/nXHLBEAJ8ghueCdUfWRU7GRmL5lg2ax/963QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKKr1Rea6P8XH2GV9C/dabK8+LHBMB8GA1UdIwQY
MBaAFBufIboE5eMHezkePUj/WwpQszafMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUt
ZjUxYzVmYjNkZjlhLzEvb3F2VkY1cm9feGNmWVpYMEw5MXBzcno0c2NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mNjdhNzgtMTgzZC00OTRhLTk5NWUtZjUxYzVmYjNkZjlh
LzEvRzU4aHVnVGw0d2Q3T1I0OVNQOWJDbEN6TnA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgoCgDXw
MA0GCSqGSIb3DQEBCwUAA4IBAQBlMmhCpehsA9cmw50xv4dCAGuq8YsKR96vVDrY
2e9dwvdP4tQGyAHr01ZHxF7Z6iM4F9H92Wf4Uinj9hBv531bdTu+y2FHkPHPASqz
XaPYxH8u7M47BP8EHen+0eNGRHJmgL3km6W329UkXeTcI4Dhf17j87mXBSgm1MmA
2mJYyWEEXPWO9H3KG3gcK4oSmd2VTgAAYMYNyPFqHPkiiZqUY8huc2E6X2fWBtaF
ks4raPcTi19icnx9Gj2g2fT1rqQ/V6MTtxR6Qgw7O2kjsPoPQKD2bfzEw5b3W4lU
uPhToaLQwuQw82Yp4S5ozv9x3T85B+ubFf2XEpyHVWDxIiH4
-----END CERTIFICATE-----