Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/CXl9NenGKb3Q_LvdqxRnTrslkLc.roa
File:                     CXl9NenGKb3Q_LvdqxRnTrslkLc.roa (raw, json)
Hash identifier:          SEFuY4wIhllAxnBA/Bzk+q2Fer20fwytf04zSWk8F1I=
Subject key identifier:   09:79:7D:35:E9:C6:29:BD:D0:FC:BB:DD:AB:14:67:4E:BB:25:90:B7
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019ECB5BD8FDF886D1A0935A0588EFD1FA6A
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/CXl9NenGKb3Q_LvdqxRnTrslkLc.roa
Signing time:             Mon 15 Jun 2026 12:57:34 +0000
ROA not before:           Mon 15 Jun 2026 12:57:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219433
IP address blocks:        2a0c:b641:dc0::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 24 Jun 2026 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:cb:5b:d8:fd:f8:86:d1:a0:93:5a:05:88:ef:d1:fa:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jun 15 12:57:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=09797d35e9c629bdd0fcbbddab14674ebb2590b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:2a:4b:d0:c2:3a:1d:7a:b3:5b:24:d1:82:78:
                    09:2c:2f:6e:37:4f:5e:17:5a:de:61:3e:55:8a:22:
                    dd:08:18:c8:5b:19:fc:73:25:18:c6:46:67:4c:22:
                    61:fb:bd:d6:6b:52:b2:2a:c9:6a:3f:39:df:a2:6c:
                    5e:34:3e:1a:bc:79:ed:f3:59:b9:1d:90:6e:b8:f1:
                    c0:07:f3:d1:49:2a:d1:74:48:1d:a9:bd:65:67:d6:
                    58:9c:a2:95:87:56:fc:40:a9:26:5d:32:2c:d9:a5:
                    2d:c6:92:40:37:89:90:b8:91:28:d8:d5:e3:d8:2f:
                    53:48:71:d2:8f:a1:38:37:ac:72:4b:e4:96:23:81:
                    e6:2f:21:cf:e1:0e:a4:2a:fc:70:3a:75:49:a3:bc:
                    0c:28:3f:57:28:1f:ed:08:6b:b8:70:95:a9:3d:88:
                    1f:97:f9:c5:e8:b1:be:43:4e:62:69:25:12:e9:fb:
                    c1:b4:f2:95:7e:c8:27:52:b2:af:42:4a:de:9f:0c:
                    3f:bf:81:f9:3d:43:11:c6:8d:65:a3:75:72:12:ff:
                    7f:78:af:f4:45:d2:e2:56:11:0c:29:9c:e7:6c:f8:
                    fd:dc:db:7b:35:5c:05:08:48:10:b0:19:59:ed:59:
                    70:8d:0b:2d:8c:a9:0f:c4:f6:e7:0e:b6:a0:d6:57:
                    ea:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:79:7D:35:E9:C6:29:BD:D0:FC:BB:DD:AB:14:67:4E:BB:25:90:B7
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/CXl9NenGKb3Q_LvdqxRnTrslkLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:dc0::/44

    Signature Algorithm: sha256WithRSAEncryption
         1e:6f:28:5f:1a:d6:27:9b:39:77:8f:b7:fd:a6:5e:b0:d0:0e:
         ff:2b:50:29:46:bb:38:5a:ae:62:30:f3:c7:a9:54:4a:95:e8:
         3a:d4:70:78:73:dc:18:96:73:f5:e0:25:fa:0f:20:a9:2f:44:
         63:c1:7b:df:ef:11:69:7d:3f:fd:9d:f3:18:dd:88:8c:b5:8e:
         83:7c:56:c6:0f:fd:4a:ff:7a:8b:42:e2:db:e3:55:37:bf:e5:
         11:ef:4f:cd:86:a0:5b:25:85:cb:be:cd:e6:6c:e2:e7:70:e2:
         f7:89:e2:5e:32:2a:03:e7:64:01:0b:5f:46:af:09:37:73:ea:
         3e:0b:a1:0f:0d:a9:3f:8d:7b:04:71:9b:ad:a9:38:34:d1:ae:
         27:ff:3f:a4:0e:e7:23:df:78:26:da:0d:6a:c1:03:08:29:0a:
         af:a7:87:93:21:ad:73:7a:9c:f8:b6:d8:1f:2d:d9:70:5b:84:
         04:c7:35:90:bc:1e:8f:05:5d:0a:02:76:20:c7:1c:80:d6:fc:
         c8:28:7f:44:64:70:c5:cd:83:be:4b:43:96:60:78:c8:fc:85:
         f6:26:9b:6a:fc:46:59:9e:b6:4a:8d:a0:9a:d6:cb:7f:67:83:
         45:9f:84:e0:29:32:0c:60:1d:65:36:ad:46:c3:ab:41:75:8b:
         5b:33:b4:b2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ7LW9j9+IbRoJNaBYjv0fpqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwNjE1MTI1NzM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTc5N2QzNWU5YzYyOWJkZDBmY2JiZGRhYjE0Njc0ZWJiMjU5MGI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5ypL0MI6HXqzWyTRgngJLC9uN09e
F1reYT5ViiLdCBjIWxn8cyUYxkZnTCJh+73Wa1KyKslqPznfomxeND4avHnt81m5
HZBuuPHAB/PRSSrRdEgdqb1lZ9ZYnKKVh1b8QKkmXTIs2aUtxpJAN4mQuJEo2NXj
2C9TSHHSj6E4N6xyS+SWI4HmLyHP4Q6kKvxwOnVJo7wMKD9XKB/tCGu4cJWpPYgf
l/nF6LG+Q05iaSUS6fvBtPKVfsgnUrKvQkrenww/v4H5PUMRxo1lo3VyEv9/eK/0
RdLiVhEMKZznbPj93Nt7NVwFCEgQsBlZ7VlwjQstjKkPxPbnDrag1lfqBwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAl5fTXpxim90Py73asUZ067JZC3MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvQ1hsOU5lbkdLYjNRX0x2ZHF4Um5UcnNsa0xjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQ3A
MA0GCSqGSIb3DQEBCwUAA4IBAQAebyhfGtYnmzl3j7f9pl6w0A7/K1ApRrs4Wq5i
MPPHqVRKleg61HB4c9wYlnP14CX6DyCpL0RjwXvf7xFpfT/9nfMY3YiMtY6DfFbG
D/1K/3qLQuLb41U3v+UR70/NhqBbJYXLvs3mbOLncOL3ieJeMioD52QBC19Grwk3
c+o+C6EPDak/jXsEcZutqTg00a4n/z+kDucj33gm2g1qwQMIKQqvp4eTIa1zepz4
ttgfLdlwW4QExzWQvB6PBV0KAnYgxxyA1vzIKH9EZHDFzYO+S0OWYHjI/IX2Jptq
/EZZnrZKjaCa1st/Z4NFn4TgKTIMYB1lNq1Gw6tBdYtbM7Sy
-----END CERTIFICATE-----