Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/AlfCUURMQh5e20Wg7lXkf39YXyM.roa
File:                     AlfCUURMQh5e20Wg7lXkf39YXyM.roa (raw, json)
Hash identifier:          AOotMmeAzDwN8ObkU8I44At0PxTTNcU77Q/OqH8xZAI=
Subject key identifier:   02:57:C2:51:44:4C:42:1E:5E:DB:45:A0:EE:55:E4:7F:7F:58:5F:23
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019EC854FE38D364426D8D20DBDEA714BF89
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/AlfCUURMQh5e20Wg7lXkf39YXyM.roa
Signing time:             Sun 14 Jun 2026 22:51:13 +0000
ROA not before:           Sun 14 Jun 2026 22:51:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198025
IP address blocks:        2a06:de00:de00::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 16 Jun 2026 07:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:c8:54:fe:38:d3:64:42:6d:8d:20:db:de:a7:14:bf:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jun 14 22:51:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0257c251444c421e5edb45a0ee55e47f7f585f23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:fc:18:1d:aa:72:4f:9c:6f:95:42:cd:70:fa:
                    83:21:fe:7a:1c:99:ab:54:d4:f5:09:cc:37:41:10:
                    77:cc:fa:96:f7:f9:3d:5d:ac:6c:48:d6:a5:22:e5:
                    86:3e:e6:e2:14:9b:fe:01:3c:84:88:34:2d:01:43:
                    4f:e2:64:c5:ca:ef:7e:ce:a9:bc:02:8f:5f:4d:88:
                    0b:c6:dc:72:d7:b2:2b:46:eb:13:16:a1:9a:7e:9a:
                    ac:41:d9:8d:74:a7:3d:96:8a:43:ad:a6:9f:34:69:
                    76:11:51:84:3f:b2:32:0a:7c:83:54:54:83:12:fb:
                    37:52:36:9a:9b:c2:89:e1:80:b5:d7:b5:4e:5d:17:
                    90:53:8e:ec:b8:15:af:e1:57:13:34:d0:af:f9:86:
                    94:4f:38:02:99:e7:be:46:e3:dd:6c:21:e6:67:9b:
                    46:9b:cd:b3:b4:0d:53:ee:7a:7d:e3:7c:68:a5:3c:
                    07:d3:64:08:14:f0:03:4a:cf:27:b4:5a:0e:05:c8:
                    ea:9d:6b:7f:89:05:28:67:93:cf:6e:d5:22:ba:43:
                    31:c4:b1:5e:75:5d:bc:2f:6b:aa:7e:1c:10:b2:ff:
                    a5:76:26:47:65:8f:bc:95:4d:78:50:9d:0c:00:ef:
                    40:43:3a:7c:77:cf:8b:56:4f:dd:17:1f:9b:f9:73:
                    9c:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:57:C2:51:44:4C:42:1E:5E:DB:45:A0:EE:55:E4:7F:7F:58:5F:23
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/AlfCUURMQh5e20Wg7lXkf39YXyM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:de00:de00::/44

    Signature Algorithm: sha256WithRSAEncryption
         67:f5:87:fd:dc:63:28:6b:5d:56:7f:c1:ec:e5:c8:7e:7c:78:
         b2:40:d0:d7:18:4a:fb:86:e6:7d:81:25:02:4e:57:58:b2:a1:
         71:be:2a:8d:2b:0e:44:a4:d0:77:2d:d8:6b:94:fa:9e:fa:91:
         a5:9b:d9:51:89:f9:68:91:75:86:c9:f7:be:41:61:ab:89:e3:
         3c:49:7f:ff:35:87:91:99:65:0f:fa:a6:b7:a9:f0:df:0d:0c:
         ad:5c:aa:33:f8:2a:79:c7:10:88:d7:5d:a7:93:f6:b8:86:12:
         95:17:84:3d:a7:6f:1e:d9:ba:e0:93:9d:c9:58:55:a2:8b:94:
         f7:fb:fd:24:74:6d:c5:2a:be:e5:a8:60:10:be:e0:81:af:af:
         81:a6:bd:fb:fb:7a:91:1b:e5:d1:07:fb:92:0a:68:8c:b5:f5:
         d2:7d:c1:30:da:9a:ab:59:6b:66:25:64:c8:10:ae:de:61:54:
         2a:1d:b6:cb:21:72:d6:f8:51:0b:78:2f:e7:09:e2:94:63:d7:
         97:66:94:c6:3a:3a:ed:cb:54:60:92:04:b9:2f:ad:10:7b:99:
         57:f2:f0:a6:a0:b3:73:36:c0:d3:84:10:58:fc:c1:31:e8:60:
         08:1a:27:e8:18:df:35:22:cd:57:55:e2:2f:c6:89:ce:b0:62:
         0b:1d:5d:94
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ7IVP4402RCbY0g296nFL+JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjYwNjE0MjI1MTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjU3YzI1MTQ0NGM0MjFlNWVkYjQ1YTBlZTU1ZTQ3ZjdmNTg1ZjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1fwYHapyT5xvlULNcPqDIf56HJmr
VNT1Ccw3QRB3zPqW9/k9XaxsSNalIuWGPubiFJv+ATyEiDQtAUNP4mTFyu9+zqm8
Ao9fTYgLxtxy17IrRusTFqGafpqsQdmNdKc9lopDraafNGl2EVGEP7IyCnyDVFSD
Evs3Ujaam8KJ4YC117VOXReQU47suBWv4VcTNNCv+YaUTzgCmee+RuPdbCHmZ5tG
m82ztA1T7np943xopTwH02QIFPADSs8ntFoOBcjqnWt/iQUoZ5PPbtUiukMxxLFe
dV28L2uqfhwQsv+ldiZHZY+8lU14UJ0MAO9AQzp8d8+LVk/dFx+b+XOcVQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAJXwlFETEIeXttFoO5V5H9/WF8jMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvQWxmQ1VVUk1RaDVlMjBXZzdsWGtmMzlZWHlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgbeAN4A
MA0GCSqGSIb3DQEBCwUAA4IBAQBn9Yf93GMoa11Wf8Hs5ch+fHiyQNDXGEr7huZ9
gSUCTldYsqFxviqNKw5EpNB3LdhrlPqe+pGlm9lRiflokXWGyfe+QWGrieM8SX//
NYeRmWUP+qa3qfDfDQytXKoz+Cp5xxCI112nk/a4hhKVF4Q9p28e2brgk53JWFWi
i5T3+/0kdG3FKr7lqGAQvuCBr6+Bpr37+3qRG+XRB/uSCmiMtfXSfcEw2pqrWWtm
JWTIEK7eYVQqHbbLIXLW+FELeC/nCeKUY9eXZpTGOjrty1RgkgS5L60Qe5lX8vCm
oLNzNsDThBBY/MEx6GAIGifoGN81Is1XVeIvxonOsGILHV2U
-----END CERTIFICATE-----