Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/npK-UV8gEX5Edtev5PkBKO1mtb0.roa
File:                     npK-UV8gEX5Edtev5PkBKO1mtb0.roa (raw, json)
Hash identifier:          fohdKo+mjD+H2gWa/s9ecwiZzBa9hWWPMVhUy1pNDIo=
Subject key identifier:   9E:92:BE:51:5F:20:11:7E:44:76:D7:AF:E4:F9:01:28:ED:66:B5:BD
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019E8814F0AE1125F8E7816D56D4900A0B1E
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/npK-UV8gEX5Edtev5PkBKO1mtb0.roa
Signing time:             Tue 02 Jun 2026 11:25:34 +0000
ROA not before:           Tue 02 Jun 2026 11:25:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209018
IP address blocks:        2a0c:b641:c00::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 07:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:88:14:f0:ae:11:25:f8:e7:81:6d:56:d4:90:0a:0b:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jun  2 11:25:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9e92be515f20117e4476d7afe4f90128ed66b5bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:14:b9:d9:6f:17:57:a9:97:da:e5:27:9f:07:
                    79:81:dc:61:8a:06:db:ca:b1:1f:91:1d:4d:e3:84:
                    1a:34:99:c2:93:25:3c:77:27:63:d3:2b:c0:2e:4d:
                    ae:98:38:28:95:a3:10:36:5a:b2:ad:4e:00:1c:12:
                    bc:55:e9:4b:44:b5:94:8a:c2:cc:6f:9d:61:37:60:
                    e9:4b:61:30:72:5e:72:79:90:e4:01:c6:3f:5f:62:
                    8b:d1:dd:62:4f:56:6c:7b:84:ec:32:20:02:83:af:
                    51:d1:94:0b:a0:6e:e6:f1:11:c2:ac:39:40:e1:56:
                    d5:5e:ee:a6:e7:b0:6d:72:d5:92:3c:5e:7a:e9:e6:
                    9e:5e:77:af:80:40:40:aa:ee:e1:f8:72:bd:ea:fa:
                    8b:d4:e1:33:e8:22:b8:8d:4d:8c:fa:b7:75:56:3e:
                    36:41:2e:ec:85:4f:f4:e8:6d:84:1d:e9:30:ac:69:
                    93:24:03:28:a6:19:a0:17:b6:0c:b3:ef:61:36:e9:
                    6f:14:30:62:09:91:d2:8d:6e:b1:61:30:5f:af:42:
                    c3:b7:5d:cb:73:87:00:31:81:c1:ce:a4:43:9b:df:
                    79:d2:9f:b1:fb:f3:22:f3:f0:d0:03:2d:f5:80:41:
                    ee:ca:81:32:66:15:01:65:2a:03:23:8d:05:8e:f9:
                    54:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:92:BE:51:5F:20:11:7E:44:76:D7:AF:E4:F9:01:28:ED:66:B5:BD
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/npK-UV8gEX5Edtev5PkBKO1mtb0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:c00::/44

    Signature Algorithm: sha256WithRSAEncryption
         0a:e3:18:e7:ff:dc:9a:c3:2d:5d:c0:27:3a:9c:22:85:d0:dd:
         c9:70:42:c6:8e:de:ac:3e:67:7e:ea:7f:b4:4f:2e:fe:b3:45:
         1b:1a:d5:b1:4c:ae:ef:6a:02:35:3c:27:41:bf:7c:50:1f:f7:
         d7:c8:bf:f5:60:65:d7:8e:f0:54:c0:38:45:06:47:c7:15:87:
         af:73:89:16:a6:9a:ca:07:91:ca:5b:bf:04:e0:84:4d:d7:9f:
         a6:41:49:0a:5e:c5:5a:f7:1e:d8:22:e9:6c:dd:e7:6c:56:b5:
         69:63:45:c9:52:ad:3b:be:17:0e:b4:14:78:75:44:50:b5:a6:
         2a:07:1a:69:b0:58:1e:d5:56:7f:a5:67:79:60:97:35:3b:14:
         de:0c:34:f7:76:2e:6a:27:94:cb:5e:ac:42:99:33:28:65:80:
         7a:c5:da:0a:4d:76:22:f6:69:7a:76:ff:6e:9a:9b:5f:df:f5:
         98:cc:09:7c:b8:45:df:bd:41:94:99:ca:0b:0e:69:a7:61:7d:
         73:15:4d:43:c2:e2:a7:a8:5a:03:19:8c:27:e5:99:97:10:dc:
         e8:af:e3:e7:0e:08:34:02:38:8d:75:e2:e7:f3:38:21:36:fd:
         cb:77:a6:dd:27:06:a7:e6:7b:45:b1:ab:8f:39:40:74:0c:29:
         13:f7:a7:42
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ6IFPCuESX454FtVtSQCgseMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwNjAyMTEyNTM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTkyYmU1MTVmMjAxMTdlNDQ3NmQ3YWZlNGY5MDEyOGVkNjZiNWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqBS52W8XV6mX2uUnnwd5gdxhigbb
yrEfkR1N44QaNJnCkyU8dydj0yvALk2umDgolaMQNlqyrU4AHBK8VelLRLWUisLM
b51hN2DpS2Ewcl5yeZDkAcY/X2KL0d1iT1Zse4TsMiACg69R0ZQLoG7m8RHCrDlA
4VbVXu6m57BtctWSPF566eaeXnevgEBAqu7h+HK96vqL1OEz6CK4jU2M+rd1Vj42
QS7shU/06G2EHekwrGmTJAMophmgF7YMs+9hNulvFDBiCZHSjW6xYTBfr0LDt13L
c4cAMYHBzqRDm9950p+x+/Mi8/DQAy31gEHuyoEyZhUBZSoDI40FjvlUAQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ6SvlFfIBF+RHbXr+T5ASjtZrW9MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvbnBLLVVWOGdFWDVFZHRldjVQa0JLTzFtdGIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQwA
MA0GCSqGSIb3DQEBCwUAA4IBAQAK4xjn/9yawy1dwCc6nCKF0N3JcELGjt6sPmd+
6n+0Ty7+s0UbGtWxTK7vagI1PCdBv3xQH/fXyL/1YGXXjvBUwDhFBkfHFYevc4kW
pprKB5HKW78E4IRN15+mQUkKXsVa9x7YIuls3edsVrVpY0XJUq07vhcOtBR4dURQ
taYqBxppsFge1VZ/pWd5YJc1OxTeDDT3di5qJ5TLXqxCmTMoZYB6xdoKTXYi9ml6
dv9umptf3/WYzAl8uEXfvUGUmcoLDmmnYX1zFU1DwuKnqFoDGYwn5ZmXENzor+Pn
Dgg0AjiNdeLn8zghNv3Ld6bdJwan5ntFsauPOUB0DCkT96dC
-----END CERTIFICATE-----