Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/AvpgA6NsYDXmccSbfKArOjiDdCQ.roa
File:                     AvpgA6NsYDXmccSbfKArOjiDdCQ.roa (raw, json)
Hash identifier:          kEgjgB8mYKfT6ZrExwXQaX3WCa+7CFFlWcE1Bstxo+E=
Subject key identifier:   02:FA:60:03:A3:6C:60:35:E6:71:C4:9B:7C:A0:2B:3A:38:83:74:24
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019ED1504121F8E3BFD36330CAB5759A456E
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/AvpgA6NsYDXmccSbfKArOjiDdCQ.roa
Signing time:             Tue 16 Jun 2026 16:42:38 +0000
ROA not before:           Tue 16 Jun 2026 16:42:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219495
IP address blocks:        2a10:ccc0:150::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 18:28:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:d1:50:41:21:f8:e3:bf:d3:63:30:ca:b5:75:9a:45:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jun 16 16:42:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=02fa6003a36c6035e671c49b7ca02b3a38837424
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:66:63:65:48:4d:37:c3:7c:79:a5:17:9d:a0:
                    39:14:59:39:a6:46:73:01:ee:09:98:e1:6d:fd:29:
                    86:54:67:aa:a7:ff:25:a2:51:5c:5c:e5:45:8f:af:
                    3e:98:35:25:d9:79:55:a7:d5:cb:51:f2:04:d7:d0:
                    0b:7b:af:c6:92:78:08:d0:4b:92:a6:f1:d8:6c:2f:
                    59:88:34:f2:cf:39:08:b8:3d:1c:d5:ce:44:6f:0c:
                    24:39:2d:2e:55:9a:2f:19:fb:ed:1a:27:ca:46:dc:
                    3a:f5:d9:23:de:bd:73:b9:1a:f8:bb:51:ba:9b:8b:
                    b9:bd:dc:82:05:1c:7e:50:d9:45:03:7f:d4:ed:a1:
                    a0:fc:fa:fc:32:fe:2d:d3:e8:6c:9d:0d:a3:96:e1:
                    3a:c3:63:b7:56:15:0f:fb:a0:3b:59:24:b6:23:4a:
                    f8:1f:86:6f:7f:02:dc:b4:d2:a2:35:bb:19:aa:b9:
                    0a:0c:7d:48:14:c4:16:da:07:44:6c:18:1e:7e:67:
                    82:e2:c0:98:ce:d9:ce:87:07:ef:6a:1e:17:69:9e:
                    e5:91:e0:93:69:cc:ff:8d:e4:41:81:80:3a:0f:71:
                    fc:ee:7d:11:62:f4:12:86:b4:d5:8b:4a:c4:df:88:
                    3a:79:e5:fe:9a:20:37:7e:d1:0e:e6:6c:4b:73:18:
                    20:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:FA:60:03:A3:6C:60:35:E6:71:C4:9B:7C:A0:2B:3A:38:83:74:24
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/AvpgA6NsYDXmccSbfKArOjiDdCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ccc0:150::/46

    Signature Algorithm: sha256WithRSAEncryption
         88:b0:5a:4f:95:19:5d:ef:ee:a3:6c:ee:0f:89:dc:96:bc:c1:
         56:bb:49:60:9c:40:d9:8b:78:4a:54:82:17:b0:a8:b0:ab:9f:
         f5:91:aa:5e:ad:6a:33:79:f7:ec:7d:86:97:3b:c9:c0:13:0e:
         25:21:7b:49:b4:67:59:6f:38:0a:c7:e6:ee:eb:bd:4a:30:4b:
         43:ce:e0:af:34:3a:5a:6e:b9:28:8e:c0:09:01:79:95:f3:3f:
         66:3c:f4:0c:dc:e0:ff:ac:b6:e5:4e:4d:37:94:f7:68:02:d5:
         cd:dd:76:47:4b:c7:9a:7e:43:09:27:6f:d0:ce:ea:bb:ee:73:
         7e:f1:e9:9d:cf:2a:34:88:c4:3c:d3:fa:b7:bb:1f:2f:f2:78:
         38:ba:9f:78:7b:7b:dd:4e:4a:fd:71:cc:20:b1:76:5b:e4:e6:
         50:c5:fe:4c:0c:ef:50:a4:33:6a:5d:01:15:d3:3c:a1:9d:68:
         d9:df:b0:68:81:31:dd:e8:03:48:f1:bf:cd:50:ff:16:ab:d2:
         d6:58:74:d7:34:58:86:aa:51:30:52:92:0d:14:e2:13:bd:98:
         78:f1:a2:12:1a:7f:b6:4d:c1:91:f1:31:72:31:86:f4:82:cd:
         43:f0:e5:4e:b3:de:8b:b9:b4:79:4a:44:fd:71:12:b1:e8:3e:
         60:84:53:c2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ7RUEEh+OO/02MwyrV1mkVuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjYwNjE2MTY0MjM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmZhNjAwM2EzNmM2MDM1ZTY3MWM0OWI3Y2EwMmIzYTM4ODM3NDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1GZjZUhNN8N8eaUXnaA5FFk5pkZz
Ae4JmOFt/SmGVGeqp/8lolFcXOVFj68+mDUl2XlVp9XLUfIE19ALe6/GkngI0EuS
pvHYbC9ZiDTyzzkIuD0c1c5EbwwkOS0uVZovGfvtGifKRtw69dkj3r1zuRr4u1G6
m4u5vdyCBRx+UNlFA3/U7aGg/Pr8Mv4t0+hsnQ2jluE6w2O3VhUP+6A7WSS2I0r4
H4ZvfwLctNKiNbsZqrkKDH1IFMQW2gdEbBgefmeC4sCYztnOhwfvah4XaZ7lkeCT
acz/jeRBgYA6D3H87n0RYvQShrTVi0rE34g6eeX+miA3ftEO5mxLcxggiQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAL6YAOjbGA15nHEm3ygKzo4g3QkMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvQXZwZ0E2TnNZRFhtY2NTYmZLQXJPamlEZENRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKhDMwAFQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCIsFpPlRld7+6jbO4PidyWvMFWu0lgnEDZi3hK
VIIXsKiwq5/1kaperWozeffsfYaXO8nAEw4lIXtJtGdZbzgKx+bu671KMEtDzuCv
NDpabrkojsAJAXmV8z9mPPQM3OD/rLblTk03lPdoAtXN3XZHS8eafkMJJ2/Qzuq7
7nN+8emdzyo0iMQ80/q3ux8v8ng4up94e3vdTkr9ccwgsXZb5OZQxf5MDO9QpDNq
XQEV0zyhnWjZ37BogTHd6ANI8b/NUP8Wq9LWWHTXNFiGqlEwUpINFOITvZh48aIS
Gn+2TcGR8TFyMYb0gs1D8OVOs96LubR5SkT9cRKx6D5ghFPC
-----END CERTIFICATE-----