Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/Kbw2jQDKKUAch--LSnsiSysNhCo.roa
File:                     Kbw2jQDKKUAch--LSnsiSysNhCo.roa (raw, json)
Hash identifier:          pVoIQCTA6UweJb5TuDljAh9meCCtnKx5/7ZRkaiybCw=
Subject key identifier:   29:BC:36:8D:00:CA:29:40:1C:87:EF:8B:4A:7B:22:4B:2B:0D:84:2A
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       019E9287BE3CCC8069269FBF59BFF1F01282
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/Kbw2jQDKKUAch--LSnsiSysNhCo.roa
Signing time:             Thu 04 Jun 2026 12:07:10 +0000
ROA not before:           Thu 04 Jun 2026 12:07:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197259
IP address blocks:        2a13:a5c6:f000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 06:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:92:87:be:3c:cc:80:69:26:9f:bf:59:bf:f1:f0:12:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jun  4 12:07:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=29bc368d00ca29401c87ef8b4a7b224b2b0d842a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:37:08:aa:c4:9c:b4:8d:88:40:45:7a:2f:8a:
                    df:14:aa:9a:7a:7d:3d:a7:1f:e9:4f:1d:c8:25:52:
                    d0:29:30:a9:bf:11:52:96:15:d4:ca:50:86:f4:40:
                    84:3c:a4:64:66:2b:18:5d:36:d7:eb:15:34:3a:6f:
                    37:92:13:38:b4:18:5b:96:4b:0c:4c:ce:64:3c:49:
                    53:96:a3:07:44:9d:31:d1:fa:4b:a4:11:4c:bc:c5:
                    c3:f5:b0:68:27:70:ab:0f:42:89:8e:15:fd:06:9c:
                    89:4c:7f:2a:92:54:ac:9b:4f:62:ee:58:77:10:93:
                    76:46:63:f3:9d:7a:01:67:c9:17:81:73:c6:aa:d1:
                    33:88:98:35:8c:8c:b3:02:69:c5:86:32:b4:3b:99:
                    64:89:c4:9e:de:b1:ef:bf:3e:a9:e4:7d:14:2b:21:
                    37:29:fe:12:d1:45:19:4a:31:e5:8e:41:5b:19:a0:
                    6f:42:7f:13:46:53:15:d2:e3:6b:33:73:2d:32:9f:
                    f3:6b:4b:9a:df:8d:e5:39:6b:6d:5b:84:a6:d6:d0:
                    fa:55:da:6a:e9:2d:01:fc:e0:72:b3:13:8c:0c:0d:
                    bc:bb:56:1a:7e:b0:70:99:78:c8:b9:51:87:f3:59:
                    81:3d:eb:b9:92:90:71:80:9e:cf:9c:ce:61:5f:ef:
                    05:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:BC:36:8D:00:CA:29:40:1C:87:EF:8B:4A:7B:22:4B:2B:0D:84:2A
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/Kbw2jQDKKUAch--LSnsiSysNhCo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c6:f000::/36

    Signature Algorithm: sha256WithRSAEncryption
         af:3f:d1:9b:6c:16:b2:14:ef:01:dc:84:9a:93:4b:c4:fe:9a:
         a9:19:0e:da:33:38:f4:e1:04:70:e3:64:b4:46:94:26:24:91:
         a9:ca:af:4e:f1:db:2e:8b:63:9d:e7:b0:13:73:c5:5d:90:b3:
         ad:3b:2f:5a:3f:e5:d0:2c:39:c8:59:84:a9:c2:3e:f3:51:e0:
         cf:82:64:0b:77:cc:e4:f3:8a:0d:0d:84:c2:80:f9:5d:b9:f7:
         b8:8f:b5:e4:c1:09:3e:70:54:25:7a:d3:07:54:fe:26:ab:ca:
         4b:bd:60:48:4a:79:e9:e7:8e:ec:b4:2d:b8:30:a6:de:ab:1c:
         c9:84:28:8c:26:fc:5e:f8:05:d7:6c:20:37:e3:c7:b6:ae:b9:
         14:8f:44:1c:80:52:89:15:60:73:49:21:73:bf:4a:74:a6:b3:
         e1:c5:e3:c9:74:b8:ca:67:c8:ad:5b:b5:be:01:12:b2:b7:fa:
         00:2c:1a:90:27:26:20:36:1c:a3:26:b1:ae:4e:33:d8:9a:37:
         33:cd:b3:69:72:94:c2:a5:2c:86:35:46:86:7a:3a:d1:99:e0:
         f9:b8:de:de:4f:39:b4:f8:b5:56:49:09:69:30:10:bc:5c:56:
         84:9d:2d:67:36:5b:e3:7f:23:4b:12:e8:29:e3:66:28:e7:59:
         6e:a4:9f:00
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZ6Sh748zIBpJp+/Wb/x8BKCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjYwNjA0MTIwNzEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWJjMzY4ZDAwY2EyOTQwMWM4N2VmOGI0YTdiMjI0YjJiMGQ4NDJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0DcIqsSctI2IQEV6L4rfFKqaen09
px/pTx3IJVLQKTCpvxFSlhXUylCG9ECEPKRkZisYXTbX6xU0Om83khM4tBhblksM
TM5kPElTlqMHRJ0x0fpLpBFMvMXD9bBoJ3CrD0KJjhX9BpyJTH8qklSsm09i7lh3
EJN2RmPznXoBZ8kXgXPGqtEziJg1jIyzAmnFhjK0O5lkicSe3rHvvz6p5H0UKyE3
Kf4S0UUZSjHljkFbGaBvQn8TRlMV0uNrM3MtMp/za0ua343lOWttW4Sm1tD6Vdpq
6S0B/OBysxOMDA28u1YafrBwmXjIuVGH81mBPeu5kpBxgJ7PnM5hX+8FfwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCm8No0AyilAHIfvi0p7IksrDYQqMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvS2J3MmpRREtLVUFjaC0tTFNuc2lTeXNOaENvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhOlxvAw
DQYJKoZIhvcNAQELBQADggEBAK8/0ZtsFrIU7wHchJqTS8T+mqkZDtozOPThBHDj
ZLRGlCYkkanKr07x2y6LY53nsBNzxV2Qs607L1o/5dAsOchZhKnCPvNR4M+CZAt3
zOTzig0NhMKA+V2597iPteTBCT5wVCV60wdU/iaryku9YEhKeennjuy0Lbgwpt6r
HMmEKIwm/F74BddsIDfjx7auuRSPRByAUokVYHNJIXO/SnSms+HF48l0uMpnyK1b
tb4BErK3+gAsGpAnJiA2HKMmsa5OM9iaNzPNs2lylMKlLIY1RoZ6OtGZ4Pm43t5P
ObT4tVZJCWkwELxcVoSdLWc2W+N/I0sS6CnjZijnWW6knwA=
-----END CERTIFICATE-----