Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/557524-297d-4849-b4be-c52eb56bfa5b/1/rGcSVw4JD2TsggxvzCf49t06ktI.roa
File:                     rGcSVw4JD2TsggxvzCf49t06ktI.roa (raw, json)
Hash identifier:          N2TX307/s4VGRh8knONcDQ4y4hYb3c4Kd8kYYSngeNM=
Subject key identifier:   AC:67:12:57:0E:09:0F:64:EC:82:0C:6F:CC:27:F8:F6:DD:3A:92:D2
Certificate issuer:       /CN=1d25d0c8845b79886c199345b890f5e8acd516d8
Certificate serial:       019EEE6FA2F2716863C2E27D52D8B20F6C8F
Authority key identifier: 1D:25:D0:C8:84:5B:79:88:6C:19:93:45:B8:90:F5:E8:AC:D5:16:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HSXQyIRbeYhsGZNFuJD16KzVFtg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/557524-297d-4849-b4be-c52eb56bfa5b/1/rGcSVw4JD2TsggxvzCf49t06ktI.roa
Signing time:             Mon 22 Jun 2026 08:25:53 +0000
ROA not before:           Mon 22 Jun 2026 08:25:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197439
IP address blocks:        2001:4060:4052::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/557524-297d-4849-b4be-c52eb56bfa5b/1/HSXQyIRbeYhsGZNFuJD16KzVFtg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/557524-297d-4849-b4be-c52eb56bfa5b/1/HSXQyIRbeYhsGZNFuJD16KzVFtg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HSXQyIRbeYhsGZNFuJD16KzVFtg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 20:12:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ee:6f:a2:f2:71:68:63:c2:e2:7d:52:d8:b2:0f:6c:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d25d0c8845b79886c199345b890f5e8acd516d8
        Validity
            Not Before: Jun 22 08:25:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ac6712570e090f64ec820c6fcc27f8f6dd3a92d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:b4:67:37:20:97:47:31:07:61:99:0a:ff:c5:
                    49:b0:42:a6:71:10:ac:da:9f:92:61:74:f1:83:ce:
                    46:83:88:d9:99:da:f4:4b:33:42:c0:9a:76:3f:2b:
                    a6:76:ac:0d:6a:80:7f:bd:fa:06:59:80:79:a0:7d:
                    27:64:51:80:59:4c:e9:23:db:bd:18:6a:7b:95:fc:
                    fa:9b:32:9b:e8:98:e0:d3:bb:d7:b5:bf:cf:70:8b:
                    46:83:11:b8:73:fd:f5:0c:d1:47:89:9d:d0:f1:c1:
                    db:71:a0:2b:38:35:c2:c6:11:92:6b:11:2f:b8:2c:
                    f6:18:33:dd:95:71:1b:c5:67:62:02:dd:df:fe:dd:
                    2c:3f:0a:f3:3d:66:a5:55:09:3a:27:48:d1:ed:af:
                    7c:40:37:7c:67:ad:8c:60:bf:00:ff:ad:aa:4f:b4:
                    22:da:b5:ca:5c:33:ba:e9:8c:93:d5:75:84:79:83:
                    6c:8a:d9:e1:95:5a:b5:91:3f:80:1c:cf:41:ea:67:
                    c2:4d:9d:b9:c4:74:53:95:48:5b:67:ae:b8:af:8d:
                    57:c4:9a:e0:d4:10:ce:97:0b:8d:ce:ef:88:b0:8f:
                    04:d5:4a:72:ee:1d:fd:2e:56:1c:f5:a8:56:89:c4:
                    32:eb:2e:b1:f4:91:48:51:51:72:cc:0e:6b:0c:1c:
                    8e:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:67:12:57:0E:09:0F:64:EC:82:0C:6F:CC:27:F8:F6:DD:3A:92:D2
            X509v3 Authority Key Identifier:
                keyid:1D:25:D0:C8:84:5B:79:88:6C:19:93:45:B8:90:F5:E8:AC:D5:16:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HSXQyIRbeYhsGZNFuJD16KzVFtg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/557524-297d-4849-b4be-c52eb56bfa5b/1/rGcSVw4JD2TsggxvzCf49t06ktI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/557524-297d-4849-b4be-c52eb56bfa5b/1/HSXQyIRbeYhsGZNFuJD16KzVFtg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:4060:4052::/48

    Signature Algorithm: sha256WithRSAEncryption
         95:93:2d:b1:1d:26:74:1d:c1:bb:0e:43:37:fd:02:e4:10:27:
         da:0c:e7:d8:f5:04:c0:71:3d:14:c7:6b:2b:f9:12:9c:0a:37:
         cf:23:1b:ee:7a:fe:1c:97:69:bd:60:eb:42:d5:d1:da:40:6a:
         3b:7e:9a:62:29:57:d5:ab:52:3a:4d:18:5c:0d:e4:8f:95:e5:
         92:04:8d:07:bf:a6:a8:b5:88:8c:ba:10:d7:e9:d9:c5:93:7c:
         94:18:2c:74:47:c4:c5:70:c6:4a:75:2f:37:81:10:ec:e2:52:
         45:59:1b:ab:06:50:68:65:58:da:a0:aa:4b:9f:cc:37:54:83:
         b4:93:79:37:c1:8b:09:50:8a:aa:1c:e6:a8:ad:05:d3:6c:63:
         9e:fa:74:c8:50:eb:d6:7a:b6:94:06:91:a9:3c:0a:73:32:69:
         0b:a3:5c:63:3e:59:3d:f7:92:d3:09:1b:f9:03:9d:8c:32:8b:
         19:95:86:3d:1f:fd:bd:37:fb:36:c7:23:aa:0b:84:42:c0:8e:
         81:94:84:0a:c3:e3:8e:ef:32:f1:a4:dc:eb:57:ee:bf:dc:f4:
         89:36:b5:28:8d:5d:3f:89:02:e9:e3:9d:62:7f:ea:3b:19:fa:
         b5:fc:20:da:f1:50:4f:7c:32:59:f7:06:21:4b:e1:b8:8c:b1:
         fd:43:f1:89
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ7ub6LycWhjwuJ9UtiyD2yPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMjVkMGM4ODQ1Yjc5ODg2YzE5OTM0NWI4OTBmNWU4YWNk
NTE2ZDgwHhcNMjYwNjIyMDgyNTUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzY3MTI1NzBlMDkwZjY0ZWM4MjBjNmZjYzI3ZjhmNmRkM2E5MmQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAirRnNyCXRzEHYZkK/8VJsEKmcRCs
2p+SYXTxg85Gg4jZmdr0SzNCwJp2PyumdqwNaoB/vfoGWYB5oH0nZFGAWUzpI9u9
GGp7lfz6mzKb6Jjg07vXtb/PcItGgxG4c/31DNFHiZ3Q8cHbcaArODXCxhGSaxEv
uCz2GDPdlXEbxWdiAt3f/t0sPwrzPWalVQk6J0jR7a98QDd8Z62MYL8A/62qT7Qi
2rXKXDO66YyT1XWEeYNsitnhlVq1kT+AHM9B6mfCTZ25xHRTlUhbZ664r41XxJrg
1BDOlwuNzu+IsI8E1Upy7h39LlYc9ahWicQy6y6x9JFIUVFyzA5rDByOSQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKxnElcOCQ9k7IIMb8wn+PbdOpLSMB8GA1UdIwQY
MBaAFB0l0MiEW3mIbBmTRbiQ9eis1RbYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFNYUXlJUmJlWWhzR1pORnVKRDE2S3pWRnRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy81NTc1MjQtMjk3ZC00ODQ5LWI0YmUt
YzUyZWI1NmJmYTViLzEvckdjU1Z3NEpEMlRzZ2d4dnpDZjQ5dDA2a3RJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy81NTc1MjQtMjk3ZC00ODQ5LWI0YmUtYzUyZWI1NmJmYTVi
LzEvSFNYUXlJUmJlWWhzR1pORnVKRDE2S3pWRnRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAFAYEBS
MA0GCSqGSIb3DQEBCwUAA4IBAQCVky2xHSZ0HcG7DkM3/QLkECfaDOfY9QTAcT0U
x2sr+RKcCjfPIxvuev4cl2m9YOtC1dHaQGo7fppiKVfVq1I6TRhcDeSPleWSBI0H
v6aotYiMuhDX6dnFk3yUGCx0R8TFcMZKdS83gRDs4lJFWRurBlBoZVjaoKpLn8w3
VIO0k3k3wYsJUIqqHOaorQXTbGOe+nTIUOvWeraUBpGpPApzMmkLo1xjPlk995LT
CRv5A52MMosZlYY9H/29N/s2xyOqC4RCwI6BlIQKw+OO7zLxpNzrV+6/3PSJNrUo
jV0/iQLp451if+o7Gfq1/CDa8VBPfDJZ9wYhS+G4jLH9Q/GJ
-----END CERTIFICATE-----