Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/2b2878-5b79-40f7-b4b5-356c4d7bb452/1/w1zIh0CnKegnO0T7ra_SO9YilV8.roa
File:                     w1zIh0CnKegnO0T7ra_SO9YilV8.roa (raw, json)
Hash identifier:          KzpnZqdHE55q0MkGU3Ic0fB1a+0zqfLi5dqRW/lkoPk=
Subject key identifier:   C3:5C:C8:87:40:A7:29:E8:27:3B:44:FB:AD:AF:D2:3B:D6:22:95:5F
Certificate issuer:       /CN=f6c3e027d2d1c2d36d7c954867226c83b65eb56f
Certificate serial:       019ECA3DD9CF5F1F7C19A7D870FF209324D0
Authority key identifier: F6:C3:E0:27:D2:D1:C2:D3:6D:7C:95:48:67:22:6C:83:B6:5E:B5:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9sPgJ9LRwtNtfJVIZyJsg7ZetW8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/2b2878-5b79-40f7-b4b5-356c4d7bb452/1/w1zIh0CnKegnO0T7ra_SO9YilV8.roa
Signing time:             Mon 15 Jun 2026 07:45:11 +0000
ROA not before:           Mon 15 Jun 2026 07:45:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200056
IP address blocks:        2a12:5845:b00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/2b2878-5b79-40f7-b4b5-356c4d7bb452/1/9sPgJ9LRwtNtfJVIZyJsg7ZetW8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/2b2878-5b79-40f7-b4b5-356c4d7bb452/1/9sPgJ9LRwtNtfJVIZyJsg7ZetW8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9sPgJ9LRwtNtfJVIZyJsg7ZetW8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 10:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ca:3d:d9:cf:5f:1f:7c:19:a7:d8:70:ff:20:93:24:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6c3e027d2d1c2d36d7c954867226c83b65eb56f
        Validity
            Not Before: Jun 15 07:45:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c35cc88740a729e8273b44fbadafd23bd622955f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:bc:5f:dc:3c:bd:d7:23:91:28:51:97:46:7e:
                    2b:e9:2a:6d:2c:03:8d:00:ce:13:5e:54:b4:23:8d:
                    ad:c1:dd:d6:84:4c:51:4a:a1:c1:b9:f7:f2:5b:8d:
                    bf:2a:f5:e8:2f:a1:dc:ba:9f:bf:ef:da:67:5e:65:
                    9b:ca:12:f7:00:e8:83:48:60:3a:0a:16:1b:a3:9f:
                    03:ba:44:f2:0e:e2:1a:f0:18:38:b8:31:a4:40:eb:
                    e1:76:5a:4e:16:5c:38:aa:b9:4d:7e:62:bc:b4:65:
                    c9:e5:5d:4d:b5:a2:f2:8b:fc:11:6f:a9:88:b1:ad:
                    e9:52:4f:a8:ae:c9:ca:57:bc:88:91:5e:f4:4e:c8:
                    70:88:9e:f5:49:f3:a0:58:37:70:1a:9f:eb:69:bf:
                    a3:35:30:20:03:90:ba:03:59:11:dd:fe:d4:45:85:
                    f9:61:91:56:05:74:03:d6:a6:e7:af:25:65:ca:2f:
                    b8:b6:bf:e2:6a:bd:2a:a9:ce:9c:91:ec:35:b8:1d:
                    fe:d7:4c:de:b5:c4:0f:e9:3d:72:5f:b7:51:dc:81:
                    d3:e7:ba:43:36:20:96:8e:ca:94:5c:28:9d:97:8f:
                    c2:03:8c:a9:e5:bd:7a:38:fc:7c:40:f3:c6:15:3b:
                    e2:82:ce:bb:db:33:2f:37:47:c4:dd:b9:e3:22:81:
                    05:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:5C:C8:87:40:A7:29:E8:27:3B:44:FB:AD:AF:D2:3B:D6:22:95:5F
            X509v3 Authority Key Identifier:
                keyid:F6:C3:E0:27:D2:D1:C2:D3:6D:7C:95:48:67:22:6C:83:B6:5E:B5:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9sPgJ9LRwtNtfJVIZyJsg7ZetW8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/2b2878-5b79-40f7-b4b5-356c4d7bb452/1/w1zIh0CnKegnO0T7ra_SO9YilV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/2b2878-5b79-40f7-b4b5-356c4d7bb452/1/9sPgJ9LRwtNtfJVIZyJsg7ZetW8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:5845:b00::/40

    Signature Algorithm: sha256WithRSAEncryption
         80:45:e7:ec:d9:c1:4b:69:e3:d1:a6:e4:c6:d0:a1:e6:79:d9:
         59:86:69:7a:6d:f4:2a:1a:07:b6:02:76:48:ab:34:f8:54:cd:
         bb:3e:c8:90:9b:c3:9c:71:d8:2d:e3:3b:18:c2:36:93:a4:24:
         63:02:c1:a8:d7:90:dd:c4:f9:0e:d9:27:99:22:1b:ae:62:ad:
         19:90:92:d0:51:c2:cc:81:79:54:7b:75:1b:ab:cb:be:a5:95:
         6a:38:5d:df:4c:9a:5c:44:06:de:9b:3c:93:e2:e2:bc:50:4a:
         f4:bc:c3:bc:0d:52:d8:47:24:78:f6:f3:e6:35:14:b2:1b:5d:
         79:c5:97:c7:b6:c9:b6:2b:ba:c9:69:3a:e3:35:43:44:9a:47:
         e9:7c:d4:0d:12:77:a1:27:6e:1a:91:d7:eb:db:e6:fc:27:a9:
         c8:5d:c0:f3:50:7f:d8:c4:25:29:86:0b:de:b3:3d:3e:cb:f4:
         d6:01:75:36:15:09:e6:4b:d7:de:58:b6:1c:3a:8a:21:62:d2:
         5d:c6:4a:5c:23:5a:42:7c:65:12:79:23:b3:c0:3d:05:d7:6a:
         8e:a0:90:d8:2e:01:73:82:c4:50:1c:ab:33:c1:3d:fd:1e:0d:
         ae:58:c4:3e:f5:15:97:d7:eb:59:e2:53:48:fc:dc:75:fa:73:
         a8:e3:53:6f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZ7KPdnPXx98GafYcP8gkyTQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2YzNlMDI3ZDJkMWMyZDM2ZDdjOTU0ODY3MjI2YzgzYjY1
ZWI1NmYwHhcNMjYwNjE1MDc0NTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzVjYzg4NzQwYTcyOWU4MjczYjQ0ZmJhZGFmZDIzYmQ2MjI5NTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7xf3Dy91yORKFGXRn4r6SptLAON
AM4TXlS0I42twd3WhExRSqHBuffyW42/KvXoL6Hcup+/79pnXmWbyhL3AOiDSGA6
ChYbo58DukTyDuIa8Bg4uDGkQOvhdlpOFlw4qrlNfmK8tGXJ5V1NtaLyi/wRb6mI
sa3pUk+orsnKV7yIkV70TshwiJ71SfOgWDdwGp/rab+jNTAgA5C6A1kR3f7URYX5
YZFWBXQD1qbnryVlyi+4tr/iar0qqc6ckew1uB3+10zetcQP6T1yX7dR3IHT57pD
NiCWjsqUXCidl4/CA4yp5b16OPx8QPPGFTvigs672zMvN0fE3bnjIoEFZQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMNcyIdApynoJztE+62v0jvWIpVfMB8GA1UdIwQY
MBaAFPbD4CfS0cLTbXyVSGcibIO2XrVvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXNQZ0o5TFJ3dE50ZkpWSVp5SnNnN1pldFc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8yYjI4NzgtNWI3OS00MGY3LWI0YjUt
MzU2YzRkN2JiNDUyLzEvdzF6SWgwQ25LZWduTzBUN3JhX1NPOVlpbFY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8yYjI4NzgtNWI3OS00MGY3LWI0YjUtMzU2YzRkN2JiNDUy
LzEvOXNQZ0o5TFJ3dE50ZkpWSVp5SnNnN1pldFc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhJYRQsw
DQYJKoZIhvcNAQELBQADggEBAIBF5+zZwUtp49Gm5MbQoeZ52VmGaXpt9CoaB7YC
dkirNPhUzbs+yJCbw5xx2C3jOxjCNpOkJGMCwajXkN3E+Q7ZJ5kiG65irRmQktBR
wsyBeVR7dRury76llWo4Xd9MmlxEBt6bPJPi4rxQSvS8w7wNUthHJHj28+Y1FLIb
XXnFl8e2ybYruslpOuM1Q0SaR+l81A0Sd6EnbhqR1+vb5vwnqchdwPNQf9jEJSmG
C96zPT7L9NYBdTYVCeZL195Ythw6iiFi0l3GSlwjWkJ8ZRJ5I7PAPQXXao6gkNgu
AXOCxFAcqzPBPf0eDa5YxD71FZfX61niU0j83HX6c6jjU28=
-----END CERTIFICATE-----