Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/KMh4UcExdoIMlDVKB9fkY4vWVsE.roa
File:                     KMh4UcExdoIMlDVKB9fkY4vWVsE.roa (raw, json)
Hash identifier:          hnMWWoInMespCNhSBI/qH8DZ6/gEuonrlIQB04iJLlM=
Subject key identifier:   28:C8:78:51:C1:31:76:82:0C:94:35:4A:07:D7:E4:63:8B:D6:56:C1
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019E3F96A770897D67AAB500F2BDABAC7076
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/KMh4UcExdoIMlDVKB9fkY4vWVsE.roa
Signing time:             Tue 19 May 2026 09:34:58 +0000
ROA not before:           Tue 19 May 2026 09:34:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212720
IP address blocks:        2a0c:b641:bc0::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 07:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:3f:96:a7:70:89:7d:67:aa:b5:00:f2:bd:ab:ac:70:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: May 19 09:34:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=28c87851c13176820c94354a07d7e4638bd656c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:60:01:f8:fd:e1:08:6f:f9:b0:58:cd:9f:b7:
                    b6:51:f6:35:82:ea:81:86:21:19:d6:59:45:44:41:
                    0f:6d:54:75:6a:99:dd:8b:78:66:f8:7b:29:79:82:
                    95:d7:b8:ee:a5:52:f2:3c:22:82:25:75:b3:d9:47:
                    19:6b:a0:8d:30:29:a4:e2:ec:d3:91:ca:a1:3f:68:
                    87:e5:9a:1c:2b:d7:7e:b5:7a:8e:4f:f5:8b:6c:64:
                    c0:21:51:f5:40:5d:ac:d0:0d:10:70:63:34:6e:78:
                    61:18:ba:a2:56:71:53:99:66:ea:fa:b3:bd:4c:8a:
                    cf:3f:fd:2d:e3:d8:2e:44:44:4c:42:02:9c:d5:5c:
                    5d:e3:89:6d:50:c8:6c:e3:54:08:40:35:bb:70:ef:
                    70:36:34:90:94:e8:7c:7a:f8:12:d5:7d:6f:6f:01:
                    37:a9:4e:48:75:4a:da:1d:51:8f:aa:71:e5:7e:77:
                    6b:c0:d2:41:de:cc:20:f3:05:8a:b5:13:21:64:de:
                    d9:e9:7b:53:8f:c3:37:62:8d:2d:11:df:d9:39:c9:
                    90:c0:fb:2e:c6:a3:56:d9:9e:8f:15:c9:d0:5c:48:
                    c1:08:24:0f:30:81:fa:b8:22:1c:07:62:79:3b:35:
                    88:12:41:99:05:26:3e:4c:47:f3:b6:40:fc:4e:3f:
                    b6:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:C8:78:51:C1:31:76:82:0C:94:35:4A:07:D7:E4:63:8B:D6:56:C1
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/KMh4UcExdoIMlDVKB9fkY4vWVsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:bc0::/44

    Signature Algorithm: sha256WithRSAEncryption
         0e:b2:7d:c9:73:ce:2d:42:a6:37:9e:b6:10:05:09:c5:91:0e:
         a4:f1:45:7a:c9:66:81:4e:0f:70:08:00:0e:4b:56:bf:e1:1c:
         4a:43:9e:8a:9b:9a:f6:b8:74:cc:8e:af:3b:a4:a6:84:02:5c:
         f9:9c:69:a2:85:f2:df:09:c8:4b:c7:a7:58:cc:18:a2:0b:09:
         13:0b:70:11:ee:87:95:75:ed:22:90:34:87:2a:9b:35:3e:b8:
         c2:6d:75:db:49:c1:ee:c5:b3:33:7c:af:21:f3:94:a6:ba:77:
         48:60:af:a7:b8:94:c9:83:28:77:0f:0b:7f:c6:13:1e:da:fc:
         f2:02:29:15:62:05:7e:14:4a:84:7b:3c:3f:79:6d:9d:e8:dd:
         4e:e4:0d:e1:8a:af:78:93:19:a2:74:9e:fa:67:e1:0f:e6:b0:
         0a:2f:d2:ce:be:d0:13:6f:33:78:5e:b2:d9:d3:37:cd:9e:55:
         f0:ab:b2:df:ae:b2:3e:d8:40:6d:d8:c6:db:3d:af:04:bf:ef:
         7e:ad:b0:cc:39:8a:09:56:7b:86:51:93:54:bc:a6:58:b7:20:
         27:9e:ef:9b:2f:6f:b8:62:69:a5:e9:cd:46:18:b2:6c:25:8c:
         1f:61:93:df:da:d6:a2:41:a2:99:36:ac:c2:0b:4f:a8:27:a0:
         89:81:ca:43
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ4/lqdwiX1nqrUA8r2rrHB2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwNTE5MDkzNDU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGM4Nzg1MWMxMzE3NjgyMGM5NDM1NGEwN2Q3ZTQ2MzhiZDY1NmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4WAB+P3hCG/5sFjNn7e2UfY1guqB
hiEZ1llFREEPbVR1apndi3hm+HspeYKV17jupVLyPCKCJXWz2UcZa6CNMCmk4uzT
kcqhP2iH5ZocK9d+tXqOT/WLbGTAIVH1QF2s0A0QcGM0bnhhGLqiVnFTmWbq+rO9
TIrPP/0t49guRERMQgKc1Vxd44ltUMhs41QIQDW7cO9wNjSQlOh8evgS1X1vbwE3
qU5IdUraHVGPqnHlfndrwNJB3swg8wWKtRMhZN7Z6XtTj8M3Yo0tEd/ZOcmQwPsu
xqNW2Z6PFcnQXEjBCCQPMIH6uCIcB2J5OzWIEkGZBSY+TEfztkD8Tj+2mQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCjIeFHBMXaCDJQ1SgfX5GOL1lbBMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvS01oNFVjRXhkb0lNbERWS0I5ZmtZNHZXVnNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQvA
MA0GCSqGSIb3DQEBCwUAA4IBAQAOsn3Jc84tQqY3nrYQBQnFkQ6k8UV6yWaBTg9w
CAAOS1a/4RxKQ56Km5r2uHTMjq87pKaEAlz5nGmihfLfCchLx6dYzBiiCwkTC3AR
7oeVde0ikDSHKps1PrjCbXXbScHuxbMzfK8h85SmundIYK+nuJTJgyh3Dwt/xhMe
2vzyAikVYgV+FEqEezw/eW2d6N1O5A3hiq94kxmidJ76Z+EP5rAKL9LOvtATbzN4
XrLZ0zfNnlXwq7LfrrI+2EBt2MbbPa8Ev+9+rbDMOYoJVnuGUZNUvKZYtyAnnu+b
L2+4Ymml6c1GGLJsJYwfYZPf2taiQaKZNqzCC0+oJ6CJgcpD
-----END CERTIFICATE-----