Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/vgFcz0_LaRoiBuBdMDh7fX77-ng.roa
File:                     vgFcz0_LaRoiBuBdMDh7fX77-ng.roa (raw, json)
Hash identifier:          H3g7388O9awbJ3OYok7RxYTrAThBpSM+wl3+XsxguOg=
Subject key identifier:   BE:01:5C:CF:4F:CB:69:1A:22:06:E0:5D:30:38:7B:7D:7E:FB:FA:78
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019E876A8D8BD488B771580E02B21651F800
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/vgFcz0_LaRoiBuBdMDh7fX77-ng.roa
Signing time:             Tue 02 Jun 2026 08:19:27 +0000
ROA not before:           Tue 02 Jun 2026 08:19:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210347
IP address blocks:        2a0c:b641:bf0::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 11:25:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:87:6a:8d:8b:d4:88:b7:71:58:0e:02:b2:16:51:f8:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jun  2 08:19:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=be015ccf4fcb691a2206e05d30387b7d7efbfa78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:82:17:c3:24:06:68:87:50:38:b8:a7:77:06:
                    7a:63:46:88:9a:b7:ad:8f:ae:06:76:cb:11:56:11:
                    d6:6e:ad:f6:a3:00:30:a1:05:1e:b4:db:54:53:fe:
                    d9:46:35:47:95:12:a6:bd:df:b6:44:af:0c:97:6a:
                    9e:11:7d:78:f7:ee:2d:f6:94:51:b0:01:3c:af:7d:
                    16:07:77:a4:d0:cf:b3:7f:25:f7:13:18:8b:7c:db:
                    e7:7b:c2:95:1e:d0:90:99:71:bb:c1:21:7c:1d:ac:
                    5c:bb:4b:34:66:c3:03:b1:37:ac:7f:59:40:b9:aa:
                    50:e5:ee:24:e2:13:36:8f:f4:d2:38:29:cc:46:d1:
                    97:69:2e:68:de:2f:d0:46:7d:df:a2:c2:90:85:3a:
                    c0:c2:a6:5b:f4:28:26:1c:0d:a7:ab:d4:3d:fb:33:
                    e4:28:c3:8e:10:64:c7:39:92:47:d8:f9:cb:bd:26:
                    20:4a:8a:63:e0:ba:70:3d:64:f2:cb:01:dd:94:76:
                    87:36:d3:ec:63:06:e4:2a:6a:74:5e:82:d2:d9:0a:
                    5b:75:2e:83:60:87:80:0f:60:10:8d:e4:69:51:92:
                    37:4a:8a:a7:68:70:a3:59:9f:65:55:5c:c0:f7:d7:
                    b8:76:4a:a2:df:4b:45:7e:36:85:bf:3b:e8:65:0f:
                    c8:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:01:5C:CF:4F:CB:69:1A:22:06:E0:5D:30:38:7B:7D:7E:FB:FA:78
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/vgFcz0_LaRoiBuBdMDh7fX77-ng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:bf0::/44

    Signature Algorithm: sha256WithRSAEncryption
         6b:93:0f:63:61:a9:9b:47:8e:38:75:45:1b:93:75:c8:75:a2:
         d5:5c:b2:bc:d1:42:39:3a:17:4e:23:d2:60:b1:27:00:ca:12:
         f7:e9:85:87:d5:46:17:c9:84:0b:c1:f7:74:84:56:97:d1:90:
         08:55:38:9b:85:f2:d1:24:1b:d9:a1:be:f6:d3:bc:76:34:99:
         40:41:9a:f3:50:ae:9d:5e:a5:4b:51:e6:d2:74:bc:f7:9f:84:
         43:ac:b7:3e:ad:fa:ac:35:67:ca:2e:00:9d:16:2b:f7:7f:6d:
         b7:bb:e1:a5:03:4c:0f:eb:83:a6:ae:80:45:91:a9:e1:14:89:
         f7:be:09:09:c7:b1:db:73:93:19:c9:78:72:3e:e1:24:01:ac:
         bb:b3:34:eb:11:8f:9f:12:1d:1a:cd:4e:93:88:d9:e2:50:43:
         c0:c4:b0:63:a0:c9:5a:d9:f4:33:f5:a6:20:6f:a9:50:40:16:
         fc:9b:a3:bc:8b:f5:64:bb:c7:b2:34:4f:7f:f5:4a:d7:7f:81:
         7c:74:90:29:6d:97:b6:ef:5e:10:6b:44:55:5f:cc:54:ea:d5:
         37:15:75:f5:90:9a:99:80:d5:b0:d1:88:4a:77:34:46:70:67:
         e3:06:0f:5d:53:0d:5f:4e:79:a4:4b:a6:c9:0f:81:4d:94:9f:
         25:69:57:76
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ6Hao2L1Ii3cVgOArIWUfgAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwNjAyMDgxOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTAxNWNjZjRmY2I2OTFhMjIwNmUwNWQzMDM4N2I3ZDdlZmJmYTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYIXwyQGaIdQOLindwZ6Y0aImret
j64GdssRVhHWbq32owAwoQUetNtUU/7ZRjVHlRKmvd+2RK8Ml2qeEX149+4t9pRR
sAE8r30WB3ek0M+zfyX3ExiLfNvne8KVHtCQmXG7wSF8Haxcu0s0ZsMDsTesf1lA
uapQ5e4k4hM2j/TSOCnMRtGXaS5o3i/QRn3fosKQhTrAwqZb9CgmHA2nq9Q9+zPk
KMOOEGTHOZJH2PnLvSYgSopj4LpwPWTyywHdlHaHNtPsYwbkKmp0XoLS2QpbdS6D
YIeAD2AQjeRpUZI3SoqnaHCjWZ9lVVzA99e4dkqi30tFfjaFvzvoZQ/ImQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFL4BXM9Py2kaIgbgXTA4e31++/p4MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvdmdGY3owX0xhUm9pQnVCZE1EaDdmWDc3LW5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQvw
MA0GCSqGSIb3DQEBCwUAA4IBAQBrkw9jYambR444dUUbk3XIdaLVXLK80UI5OhdO
I9JgsScAyhL36YWH1UYXyYQLwfd0hFaX0ZAIVTibhfLRJBvZob7207x2NJlAQZrz
UK6dXqVLUebSdLz3n4RDrLc+rfqsNWfKLgCdFiv3f223u+GlA0wP64OmroBFkanh
FIn3vgkJx7Hbc5MZyXhyPuEkAay7szTrEY+fEh0azU6TiNniUEPAxLBjoMla2fQz
9aYgb6lQQBb8m6O8i/Vku8eyNE9/9UrXf4F8dJApbZe2714Qa0RVX8xU6tU3FXX1
kJqZgNWw0YhKdzRGcGfjBg9dUw1fTnmkS6bJD4FNlJ8laVd2
-----END CERTIFICATE-----