Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/a43238-0d94-4697-9338-c211a27a7c27/1/sMwIgLKNRpB1RpAtf3RJI_ymDmY.roa
File:                     sMwIgLKNRpB1RpAtf3RJI_ymDmY.roa (raw, json)
Hash identifier:          BKXDq8tUvCJz2+LeUi2VmO5hnXnUxOen+el/zYEKMWI=
Subject key identifier:   B0:CC:08:80:B2:8D:46:90:75:46:90:2D:7F:74:49:23:FC:A6:0E:66
Certificate issuer:       /CN=146cac38aac17acef667cd0eaa02e0fc9677fcf7
Certificate serial:       019E9DA588D7EB3DDED651E9C3A283267601
Authority key identifier: 14:6C:AC:38:AA:C1:7A:CE:F6:67:CD:0E:AA:02:E0:FC:96:77:FC:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FGysOKrBes72Z80OqgLg_JZ3_Pc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/a43238-0d94-4697-9338-c211a27a7c27/1/sMwIgLKNRpB1RpAtf3RJI_ymDmY.roa
Signing time:             Sat 06 Jun 2026 15:55:31 +0000
ROA not before:           Sat 06 Jun 2026 15:55:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44854
IP address blocks:        2001:67c:ff4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/a43238-0d94-4697-9338-c211a27a7c27/1/FGysOKrBes72Z80OqgLg_JZ3_Pc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/a43238-0d94-4697-9338-c211a27a7c27/1/FGysOKrBes72Z80OqgLg_JZ3_Pc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FGysOKrBes72Z80OqgLg_JZ3_Pc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 22:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:9d:a5:88:d7:eb:3d:de:d6:51:e9:c3:a2:83:26:76:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=146cac38aac17acef667cd0eaa02e0fc9677fcf7
        Validity
            Not Before: Jun  6 15:55:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b0cc0880b28d46907546902d7f744923fca60e66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:cd:d1:5f:41:97:cc:c9:6b:cc:b9:24:44:ba:
                    9e:13:ac:5b:7e:79:ba:a7:54:a9:59:f2:d2:d6:9d:
                    c0:24:9f:dd:aa:13:59:41:f8:4b:06:6a:19:a1:69:
                    b0:1c:8c:e1:ad:f8:74:44:94:b0:9d:ad:32:c3:23:
                    0c:47:75:74:0c:75:bf:37:36:96:98:f7:fb:70:da:
                    f4:19:23:cc:a7:84:4d:7a:e4:51:97:93:6b:b3:35:
                    7b:2c:58:88:3f:b2:3e:9e:c2:36:6d:64:61:21:7e:
                    1b:c6:86:f0:06:c4:b5:2a:67:00:75:e0:f7:85:c0:
                    26:fb:d3:f8:58:09:57:65:11:33:90:7c:56:8b:14:
                    91:2a:78:36:7f:37:63:1a:0b:77:9c:b7:fe:f2:23:
                    64:1f:0f:51:bc:c7:e5:24:99:6a:16:b9:15:23:47:
                    86:de:38:c8:60:20:a4:e7:26:e6:54:f9:d5:44:06:
                    42:87:f2:2b:4f:78:de:40:b8:42:18:40:e7:72:a6:
                    33:91:8c:bb:b7:c8:fe:c5:af:02:3f:3c:f8:98:c9:
                    9a:53:d3:ea:c8:77:51:fe:1e:37:20:8e:9c:50:d9:
                    47:f7:82:1d:e8:a2:47:60:94:05:55:a2:0b:47:68:
                    34:89:34:b6:84:11:2d:c0:f8:52:71:42:95:4a:9d:
                    82:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:CC:08:80:B2:8D:46:90:75:46:90:2D:7F:74:49:23:FC:A6:0E:66
            X509v3 Authority Key Identifier:
                keyid:14:6C:AC:38:AA:C1:7A:CE:F6:67:CD:0E:AA:02:E0:FC:96:77:FC:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FGysOKrBes72Z80OqgLg_JZ3_Pc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/a43238-0d94-4697-9338-c211a27a7c27/1/sMwIgLKNRpB1RpAtf3RJI_ymDmY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/a43238-0d94-4697-9338-c211a27a7c27/1/FGysOKrBes72Z80OqgLg_JZ3_Pc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:ff4::/48

    Signature Algorithm: sha256WithRSAEncryption
         5b:11:4b:30:e9:ab:1a:dd:1d:60:bc:ff:23:e1:95:fc:a1:66:
         ae:f9:d7:29:1d:91:db:93:0b:63:08:88:6a:a3:f5:a5:30:dd:
         44:e6:81:f5:f3:0f:7e:2d:a0:fa:21:61:de:e4:a5:75:15:69:
         59:68:c8:0b:04:73:7b:f9:1a:e3:6d:cd:73:c6:0e:d3:e3:b4:
         56:d6:42:61:b7:e4:f0:bf:88:49:5e:61:68:8a:65:c7:7c:ae:
         7a:50:4d:74:d4:38:a6:c5:ec:68:c3:06:6c:cb:42:e7:16:81:
         b7:9a:3a:35:61:15:e4:8d:e5:97:fc:9c:0a:15:1c:a2:97:7f:
         0b:ca:44:78:38:94:2e:2b:ab:a8:47:34:9b:68:7b:36:d5:8e:
         20:75:96:41:b0:9f:22:e2:16:b7:bf:61:a9:62:44:5d:a7:03:
         c3:8b:15:1b:e9:b4:05:51:0b:c2:a3:78:b3:75:4e:b0:90:7e:
         7d:aa:e6:b4:9c:7f:5f:74:48:cb:41:87:4f:6f:dc:ef:6e:da:
         aa:6f:36:3c:24:93:e6:7d:5f:2e:24:a6:c9:f5:41:68:d6:6c:
         96:d7:7a:ac:de:29:6a:5f:0c:dc:d8:de:d0:8c:7d:f5:92:e7:
         d8:f6:db:fc:70:d7:6a:a5:b4:11:13:76:e0:9a:75:98:4c:97:
         3b:1a:6b:2b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ6dpYjX6z3e1lHpw6KDJnYBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0NmNhYzM4YWFjMTdhY2VmNjY3Y2QwZWFhMDJlMGZjOTY3
N2ZjZjcwHhcNMjYwNjA2MTU1NTMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMGNjMDg4MGIyOGQ0NjkwNzU0NjkwMmQ3Zjc0NDkyM2ZjYTYwZTY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3M3RX0GXzMlrzLkkRLqeE6xbfnm6
p1SpWfLS1p3AJJ/dqhNZQfhLBmoZoWmwHIzhrfh0RJSwna0ywyMMR3V0DHW/NzaW
mPf7cNr0GSPMp4RNeuRRl5NrszV7LFiIP7I+nsI2bWRhIX4bxobwBsS1KmcAdeD3
hcAm+9P4WAlXZREzkHxWixSRKng2fzdjGgt3nLf+8iNkHw9RvMflJJlqFrkVI0eG
3jjIYCCk5ybmVPnVRAZCh/IrT3jeQLhCGEDncqYzkYy7t8j+xa8CPzz4mMmaU9Pq
yHdR/h43II6cUNlH94Id6KJHYJQFVaILR2g0iTS2hBEtwPhScUKVSp2C7wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLDMCICyjUaQdUaQLX90SSP8pg5mMB8GA1UdIwQY
MBaAFBRsrDiqwXrO9mfNDqoC4PyWd/z3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkd5c09LckJlczcyWjgwT3FnTGdfSlozX1BjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9hNDMyMzgtMGQ5NC00Njk3LTkzMzgt
YzIxMWEyN2E3YzI3LzEvc013SWdMS05ScEIxUnBBdGYzUkpJX3ltRG1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9hNDMyMzgtMGQ5NC00Njk3LTkzMzgtYzIxMWEyN2E3YzI3
LzEvRkd5c09LckJlczcyWjgwT3FnTGdfSlozX1BjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfA/0
MA0GCSqGSIb3DQEBCwUAA4IBAQBbEUsw6asa3R1gvP8j4ZX8oWau+dcpHZHbkwtj
CIhqo/WlMN1E5oH18w9+LaD6IWHe5KV1FWlZaMgLBHN7+Rrjbc1zxg7T47RW1kJh
t+Twv4hJXmFoimXHfK56UE101DimxexowwZsy0LnFoG3mjo1YRXkjeWX/JwKFRyi
l38LykR4OJQuK6uoRzSbaHs21Y4gdZZBsJ8i4ha3v2GpYkRdpwPDixUb6bQFUQvC
o3izdU6wkH59qua0nH9fdEjLQYdPb9zvbtqqbzY8JJPmfV8uJKbJ9UFo1myW13qs
3ilqXwzc2N7QjH31kufY9tv8cNdqpbQRE3bgmnWYTJc7Gmsr
-----END CERTIFICATE-----