Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/9F5K69OnoJIN3Rfj3qgTIPSaxMQ.roa
File:                     9F5K69OnoJIN3Rfj3qgTIPSaxMQ.roa (raw, json)
Hash identifier:          r0GqesN1mdg2yBmMF5EjvOs0cKVeGpxxoq3sKYgQXSY=
Subject key identifier:   F4:5E:4A:EB:D3:A7:A0:92:0D:DD:17:E3:DE:A8:13:20:F4:9A:C4:C4
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019E4F46C036689500E5626F519D56ADE60B
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/9F5K69OnoJIN3Rfj3qgTIPSaxMQ.roa
Signing time:             Fri 22 May 2026 10:41:37 +0000
ROA not before:           Fri 22 May 2026 10:41:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197339
IP address blocks:        2a0c:b641:ba0::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 07:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4f:46:c0:36:68:95:00:e5:62:6f:51:9d:56:ad:e6:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: May 22 10:41:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f45e4aebd3a7a0920ddd17e3dea81320f49ac4c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:08:3f:29:0d:5e:97:2e:8b:5c:dc:53:cd:39:
                    35:92:54:ff:e4:58:9c:e2:fb:df:c5:bb:0b:3e:28:
                    43:b4:e4:ab:80:36:e1:b6:d6:c6:d2:9e:a4:c3:f2:
                    ca:3c:7a:6d:cb:a6:55:5a:88:05:a8:91:0c:a1:69:
                    af:5e:36:5b:bc:06:3f:f2:7e:5f:4d:b8:fa:be:39:
                    63:df:d6:75:bd:80:38:20:27:76:90:6e:63:4a:ce:
                    6b:8f:36:9a:98:d5:00:36:e7:50:b4:d8:2d:7c:6e:
                    e7:b6:80:7a:2b:e1:05:e8:cf:72:f2:41:70:02:e6:
                    14:9b:a5:f7:90:ff:71:88:b8:c8:a5:11:2a:be:ac:
                    5b:1e:5d:4f:94:0f:b7:88:21:11:ce:19:f6:bb:50:
                    ee:a7:83:b7:c4:88:73:8d:98:2b:0f:be:32:b0:74:
                    a1:d7:9f:e7:7c:6d:f4:88:e9:4d:1f:1c:48:8f:0d:
                    66:78:8c:30:b9:07:f1:b2:2c:54:56:67:b7:36:77:
                    74:59:af:5b:69:a1:f2:74:5f:f0:f4:33:d5:d8:1e:
                    c7:7b:43:85:c6:d9:a6:a4:f0:5d:49:a3:df:6e:e9:
                    9f:38:6b:84:dd:08:a1:6c:89:e2:32:76:20:c7:18:
                    f6:83:c5:25:a1:94:e4:66:ed:1e:f8:8f:53:5a:d9:
                    3c:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:5E:4A:EB:D3:A7:A0:92:0D:DD:17:E3:DE:A8:13:20:F4:9A:C4:C4
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/9F5K69OnoJIN3Rfj3qgTIPSaxMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:ba0::/44

    Signature Algorithm: sha256WithRSAEncryption
         9a:96:c9:df:58:9d:1c:e0:1c:08:2a:84:fc:a0:60:f7:2a:81:
         0b:43:93:65:25:f2:98:21:3e:8d:e6:19:f5:da:5a:2b:9d:04:
         a7:1b:c3:57:de:2b:27:71:96:f3:c1:ba:e2:01:85:32:22:27:
         c7:d6:22:55:a1:16:0f:52:cd:fb:4d:ee:31:87:a4:0d:a0:86:
         0d:94:2d:27:81:df:1f:21:81:1f:f5:24:a5:95:7f:c7:97:28:
         02:cd:a2:89:8c:c8:d0:8c:17:07:54:75:87:36:91:17:b9:a0:
         3d:7d:4b:7b:79:68:71:2e:01:4f:1b:f0:56:ad:01:fd:c2:be:
         ce:f8:53:42:83:1c:fb:bd:93:86:92:3c:d2:51:aa:1d:a5:ad:
         8f:af:34:69:a5:c9:3f:b0:96:ac:2b:3d:c9:30:dc:f1:e3:13:
         ee:c9:73:7d:20:39:3e:87:01:4c:ad:67:9e:a8:11:89:c0:ed:
         e0:63:dd:c4:b0:46:bd:bc:b1:0f:6a:dc:5c:05:d1:0e:88:b7:
         25:99:df:22:62:ec:1d:df:80:5b:dc:2d:a0:06:2e:24:28:2d:
         05:e9:f5:ad:7b:63:7b:e4:44:39:ff:ad:72:47:5b:c9:16:b8:
         60:22:21:8c:f9:bc:74:f6:d9:a8:08:55:d6:07:91:be:6c:a8:
         a9:ea:51:9c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ5PRsA2aJUA5WJvUZ1WreYLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwNTIyMTA0MTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDVlNGFlYmQzYTdhMDkyMGRkZDE3ZTNkZWE4MTMyMGY0OWFjNGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjwg/KQ1ely6LXNxTzTk1klT/5Fic
4vvfxbsLPihDtOSrgDbhttbG0p6kw/LKPHpty6ZVWogFqJEMoWmvXjZbvAY/8n5f
Tbj6vjlj39Z1vYA4ICd2kG5jSs5rjzaamNUANudQtNgtfG7ntoB6K+EF6M9y8kFw
AuYUm6X3kP9xiLjIpREqvqxbHl1PlA+3iCERzhn2u1Dup4O3xIhzjZgrD74ysHSh
15/nfG30iOlNHxxIjw1meIwwuQfxsixUVme3Nnd0Wa9baaHydF/w9DPV2B7He0OF
xtmmpPBdSaPfbumfOGuE3QihbIniMnYgxxj2g8UloZTkZu0e+I9TWtk85wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPReSuvTp6CSDd0X496oEyD0msTEMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvOUY1SzY5T25vSklOM1JmajNxZ1RJUFNheE1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQug
MA0GCSqGSIb3DQEBCwUAA4IBAQCalsnfWJ0c4BwIKoT8oGD3KoELQ5NlJfKYIT6N
5hn12lornQSnG8NX3isncZbzwbriAYUyIifH1iJVoRYPUs37Te4xh6QNoIYNlC0n
gd8fIYEf9SSllX/HlygCzaKJjMjQjBcHVHWHNpEXuaA9fUt7eWhxLgFPG/BWrQH9
wr7O+FNCgxz7vZOGkjzSUaodpa2PrzRppck/sJasKz3JMNzx4xPuyXN9IDk+hwFM
rWeeqBGJwO3gY93EsEa9vLEPatxcBdEOiLclmd8iYuwd34Bb3C2gBi4kKC0F6fWt
e2N75EQ5/61yR1vJFrhgIiGM+bx09tmoCFXWB5G+bKip6lGc
-----END CERTIFICATE-----