Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/2b78a9-411d-4c88-8ccd-fc41d1c414ab/1/Ed26D8U4hy9Q3LQu5_4P5xQ88Fs.roa
File:                     Ed26D8U4hy9Q3LQu5_4P5xQ88Fs.roa (raw, json)
Hash identifier:          kLzLVcajWbXNwZhhTO7Kf1y0Py6ohIR9eaLpz+kos+s=
Subject key identifier:   11:DD:BA:0F:C5:38:87:2F:50:DC:B4:2E:E7:FE:0F:E7:14:3C:F0:5B
Certificate issuer:       /CN=7db10757cfa3917dbfa5b9be68e978653d414368
Certificate serial:       019ECFF2747547862795FC3B1E149E9157C9
Authority key identifier: 7D:B1:07:57:CF:A3:91:7D:BF:A5:B9:BE:68:E9:78:65:3D:41:43:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fbEHV8-jkX2_pbm-aOl4ZT1BQ2g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/2b78a9-411d-4c88-8ccd-fc41d1c414ab/1/Ed26D8U4hy9Q3LQu5_4P5xQ88Fs.roa
Signing time:             Tue 16 Jun 2026 10:20:33 +0000
ROA not before:           Tue 16 Jun 2026 10:20:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     23532
IP address blocks:        2a0d:b140::/29 maxlen: 48
                          2a10:bc40::/29 maxlen: 48
                          2a12:5f40::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/2b78a9-411d-4c88-8ccd-fc41d1c414ab/1/fbEHV8-jkX2_pbm-aOl4ZT1BQ2g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/2b78a9-411d-4c88-8ccd-fc41d1c414ab/1/fbEHV8-jkX2_pbm-aOl4ZT1BQ2g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fbEHV8-jkX2_pbm-aOl4ZT1BQ2g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 14:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:cf:f2:74:75:47:86:27:95:fc:3b:1e:14:9e:91:57:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7db10757cfa3917dbfa5b9be68e978653d414368
        Validity
            Not Before: Jun 16 10:20:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=11ddba0fc538872f50dcb42ee7fe0fe7143cf05b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:86:54:e8:2d:be:9f:60:cb:72:06:90:57:79:
                    92:e2:56:cf:90:13:9c:0b:0e:52:ba:66:20:78:de:
                    ee:2f:b4:62:80:b0:8c:62:46:60:c8:16:4e:7f:44:
                    8c:23:d0:13:8c:d2:e8:e9:a7:76:3e:43:d8:79:0b:
                    25:b8:0f:6b:b2:df:fe:f7:a3:57:74:9e:da:16:e2:
                    76:72:82:c7:49:73:3b:9d:fd:fc:28:68:07:a4:bc:
                    6d:37:25:a6:4c:ab:25:48:ae:e1:92:0d:f8:bc:64:
                    9c:10:f1:fd:1d:77:d4:35:d1:7e:82:05:ab:54:3e:
                    3c:a8:a0:0b:f3:bd:59:82:f2:97:71:63:f8:e1:57:
                    42:e5:c6:ef:2c:01:19:43:d0:f6:de:28:0e:96:17:
                    f0:08:08:17:e1:c4:38:6b:a6:ed:46:ef:78:61:07:
                    f5:76:7d:ed:e4:b7:91:12:b4:c3:ec:0a:31:d2:12:
                    52:57:84:ba:58:ce:c8:92:fa:c9:91:66:91:01:eb:
                    ee:0c:0b:f2:02:35:47:c6:8d:dc:cc:fc:1f:d4:76:
                    1c:5c:17:c0:f4:50:1f:4c:d8:90:36:87:30:c9:4f:
                    d0:70:33:45:94:a0:01:25:f9:33:14:89:09:2d:09:
                    65:df:73:d9:21:22:c8:c3:db:1a:58:67:e3:31:61:
                    9f:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:DD:BA:0F:C5:38:87:2F:50:DC:B4:2E:E7:FE:0F:E7:14:3C:F0:5B
            X509v3 Authority Key Identifier:
                keyid:7D:B1:07:57:CF:A3:91:7D:BF:A5:B9:BE:68:E9:78:65:3D:41:43:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fbEHV8-jkX2_pbm-aOl4ZT1BQ2g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/2b78a9-411d-4c88-8ccd-fc41d1c414ab/1/Ed26D8U4hy9Q3LQu5_4P5xQ88Fs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/2b78a9-411d-4c88-8ccd-fc41d1c414ab/1/fbEHV8-jkX2_pbm-aOl4ZT1BQ2g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:b140::/29
                  2a10:bc40::/29
                  2a12:5f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         93:45:68:7a:b0:9e:a1:37:e5:83:e1:56:8f:2e:8b:8a:4d:5f:
         19:3b:09:2e:56:7f:3a:10:ff:3d:95:74:59:b9:ed:97:b6:04:
         f5:b2:5e:b1:e1:e8:54:76:c6:34:fd:7b:82:5e:9e:62:95:8f:
         3c:9a:c1:5b:72:33:76:1e:01:46:17:a7:5d:a4:a4:70:3f:4f:
         4d:d8:91:a3:78:56:b0:46:c8:16:fc:63:34:98:bc:ee:cb:44:
         e6:ec:a0:e9:e4:b8:e6:43:95:f4:67:42:ef:56:e1:73:5e:2e:
         9a:c7:cc:fe:d0:0a:0e:08:c9:14:15:a6:3a:7c:52:7e:f8:71:
         9f:33:df:51:c7:dc:fd:62:99:9e:f9:d0:f6:93:bf:18:94:38:
         41:2f:9c:69:ae:7c:0e:4f:62:83:2e:29:ee:38:6f:07:c0:6c:
         0b:9f:e2:b7:13:45:b3:6c:96:74:40:5d:b6:f4:fe:62:4b:97:
         ff:d0:a8:f7:fd:6e:bc:6c:90:80:9d:1a:60:ef:06:6f:66:20:
         40:60:e8:23:be:07:ca:0c:46:3e:d1:6f:30:1b:cb:03:68:6d:
         ee:d1:ae:93:16:29:31:8d:a5:21:c8:3c:f3:c3:10:63:a3:a1:
         48:e1:88:bd:0e:9c:47:21:1e:84:18:19:83:10:0f:21:b7:fd:
         57:65:59:fc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ7P8nR1R4Ynlfw7HhSekVfJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYjEwNzU3Y2ZhMzkxN2RiZmE1YjliZTY4ZTk3ODY1M2Q0
MTQzNjgwHhcNMjYwNjE2MTAyMDMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWRkYmEwZmM1Mzg4NzJmNTBkY2I0MmVlN2ZlMGZlNzE0M2NmMDViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4ZU6C2+n2DLcgaQV3mS4lbPkBOc
Cw5SumYgeN7uL7RigLCMYkZgyBZOf0SMI9ATjNLo6ad2PkPYeQsluA9rst/+96NX
dJ7aFuJ2coLHSXM7nf38KGgHpLxtNyWmTKslSK7hkg34vGScEPH9HXfUNdF+ggWr
VD48qKAL871ZgvKXcWP44VdC5cbvLAEZQ9D23igOlhfwCAgX4cQ4a6btRu94YQf1
dn3t5LeRErTD7Aox0hJSV4S6WM7IkvrJkWaRAevuDAvyAjVHxo3czPwf1HYcXBfA
9FAfTNiQNocwyU/QcDNFlKABJfkzFIkJLQll33PZISLIw9saWGfjMWGf6QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBHdug/FOIcvUNy0Luf+D+cUPPBbMB8GA1UdIwQY
MBaAFH2xB1fPo5F9v6W5vmjpeGU9QUNoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmJFSFY4LWprWDJfcGJtLWFPbDRaVDFCUTJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny8yYjc4YTktNDExZC00Yzg4LThjY2Qt
ZmM0MWQxYzQxNGFiLzEvRWQyNkQ4VTRoeTlRM0xRdTVfNFA1eFE4OEZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny8yYjc4YTktNDExZC00Yzg4LThjY2QtZmM0MWQxYzQxNGFi
LzEvZmJFSFY4LWprWDJfcGJtLWFPbDRaVDFCUTJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKg2xQAMF
AyoQvEADBQMqEl9AMA0GCSqGSIb3DQEBCwUAA4IBAQCTRWh6sJ6hN+WD4VaPLouK
TV8ZOwkuVn86EP89lXRZue2XtgT1sl6x4ehUdsY0/XuCXp5ilY88msFbcjN2HgFG
F6ddpKRwP09N2JGjeFawRsgW/GM0mLzuy0Tm7KDp5LjmQ5X0Z0LvVuFzXi6ax8z+
0AoOCMkUFaY6fFJ++HGfM99Rx9z9Ypme+dD2k78YlDhBL5xprnwOT2KDLinuOG8H
wGwLn+K3E0WzbJZ0QF229P5iS5f/0Kj3/W68bJCAnRpg7wZvZiBAYOgjvgfKDEY+
0W8wG8sDaG3u0a6TFikxjaUhyDzzwxBjo6FI4Yi9DpxHIR6EGBmDEA8ht/1XZVn8
-----END CERTIFICATE-----