Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/CUWJR99H3RNJ3K_jpcgw8mx9CTg.roa
File:                     CUWJR99H3RNJ3K_jpcgw8mx9CTg.roa (raw, json)
Hash identifier:          m6MfKTuu4linfRpkJmIOe2fSAfwXHR/U5mH6nKBDSsI=
Subject key identifier:   09:45:89:47:DF:47:DD:13:49:DC:AF:E3:A5:C8:30:F2:6C:7D:09:38
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019E0C90847EEAA1B203D92BA4221D995032
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/CUWJR99H3RNJ3K_jpcgw8mx9CTg.roa
Signing time:             Sat 09 May 2026 11:47:38 +0000
ROA not before:           Sat 09 May 2026 11:47:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209800
IP address blocks:        2a0e:97c0:c10::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 May 2026 11:18:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:0c:90:84:7e:ea:a1:b2:03:d9:2b:a4:22:1d:99:50:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: May  9 11:47:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=09458947df47dd1349dcafe3a5c830f26c7d0938
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:76:b5:d5:bf:a8:6b:be:2c:6e:75:1e:39:65:
                    82:9e:c4:49:36:c4:dd:7b:d3:36:f8:bb:33:98:f0:
                    57:2a:c2:35:c6:f1:be:ee:34:f2:71:69:75:f3:e3:
                    43:f7:76:ad:ea:71:b9:6f:b0:74:46:74:3e:67:30:
                    14:56:36:bf:2f:ef:29:39:53:49:3f:f0:d9:75:df:
                    f9:28:b5:62:d5:0c:af:e7:c4:a6:cf:82:ad:63:7c:
                    01:fd:6b:78:27:c4:40:89:33:c2:fe:ad:99:72:53:
                    62:82:30:e8:fe:81:b6:8f:01:8d:d0:c4:30:aa:ea:
                    ed:61:d2:14:d7:43:f0:12:92:51:17:a4:73:9c:ee:
                    dd:4d:30:d3:69:78:13:f8:0f:56:81:28:07:4e:09:
                    5a:9f:76:b7:06:dd:d4:5e:17:ef:d9:be:7d:36:d1:
                    01:d9:fa:1c:bf:b4:db:67:53:04:2e:37:8e:24:8b:
                    0d:0c:51:ae:f5:fb:e8:c9:14:b8:03:80:59:d4:3b:
                    ea:75:17:f2:da:37:0c:a7:9c:15:11:50:1b:a5:20:
                    83:9c:45:45:35:c8:8b:2c:36:d1:4e:4f:f8:ca:6b:
                    21:36:39:64:fd:cb:50:3d:32:c0:6b:b3:5c:dd:cb:
                    7d:41:e7:ae:b3:1e:a0:0d:15:19:4c:60:00:bc:4c:
                    b1:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:45:89:47:DF:47:DD:13:49:DC:AF:E3:A5:C8:30:F2:6C:7D:09:38
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/CUWJR99H3RNJ3K_jpcgw8mx9CTg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:c10::/44

    Signature Algorithm: sha256WithRSAEncryption
         a3:2c:e0:a6:26:53:4d:11:e9:5c:20:80:37:1e:11:32:04:91:
         15:24:64:02:c2:e6:9e:3b:34:2b:b5:0e:49:79:77:1d:94:09:
         42:01:9d:9d:df:6f:a8:60:1f:23:2d:6c:2d:b3:7f:01:c8:03:
         a5:82:6f:72:6e:2b:2a:0d:6e:bb:1e:4b:d0:25:51:d8:fb:03:
         bb:78:95:6c:e8:4d:6a:73:ee:bc:6c:0f:c3:ff:21:e5:cd:21:
         1a:a6:8e:cc:b8:0e:f9:54:aa:b7:1d:e5:3f:13:29:6b:9e:a7:
         67:64:b8:98:79:cf:d5:9d:4e:04:f4:3e:be:bf:c0:f2:8c:0e:
         a1:e8:4c:14:8c:16:09:17:6f:99:a7:02:44:75:a5:76:12:78:
         bf:d0:9c:20:eb:a2:ec:8c:4b:60:0b:77:5c:aa:ce:76:35:b5:
         2e:45:8f:12:4b:50:83:cc:7d:46:8b:e1:8c:d0:0f:57:23:79:
         b0:71:be:c4:7a:cf:56:9c:98:52:b7:30:13:b4:b0:c3:cb:86:
         9a:46:47:be:42:82:3d:60:bf:b1:92:be:07:18:54:09:f4:c3:
         0c:34:18:3b:33:a0:1f:05:9f:f4:1d:ce:93:b0:cf:0d:f0:69:
         02:36:e9:e8:15:57:28:33:2e:64:40:68:3b:fb:1b:d1:0c:be:
         77:57:1c:ff
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ4MkIR+6qGyA9krpCIdmVAyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjYwNTA5MTE0NzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTQ1ODk0N2RmNDdkZDEzNDlkY2FmZTNhNWM4MzBmMjZjN2QwOTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA73a11b+oa74sbnUeOWWCnsRJNsTd
e9M2+LszmPBXKsI1xvG+7jTycWl18+ND93at6nG5b7B0RnQ+ZzAUVja/L+8pOVNJ
P/DZdd/5KLVi1Qyv58Smz4KtY3wB/Wt4J8RAiTPC/q2ZclNigjDo/oG2jwGN0MQw
qurtYdIU10PwEpJRF6RznO7dTTDTaXgT+A9WgSgHTglan3a3Bt3UXhfv2b59NtEB
2focv7TbZ1MELjeOJIsNDFGu9fvoyRS4A4BZ1DvqdRfy2jcMp5wVEVAbpSCDnEVF
NciLLDbRTk/4ymshNjlk/ctQPTLAa7Nc3ct9Qeeusx6gDRUZTGAAvEyxxwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAlFiUffR90TSdyv46XIMPJsfQk4MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvQ1VXSlI5OUgzUk5KM0tfanBjZ3c4bXg5Q1RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAwQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCjLOCmJlNNEelcIIA3HhEyBJEVJGQCwuaeOzQr
tQ5JeXcdlAlCAZ2d32+oYB8jLWwts38ByAOlgm9ybisqDW67HkvQJVHY+wO7eJVs
6E1qc+68bA/D/yHlzSEapo7MuA75VKq3HeU/EylrnqdnZLiYec/VnU4E9D6+v8Dy
jA6h6EwUjBYJF2+ZpwJEdaV2Eni/0Jwg66LsjEtgC3dcqs52NbUuRY8SS1CDzH1G
i+GM0A9XI3mwcb7Ees9WnJhStzATtLDDy4aaRke+QoI9YL+xkr4HGFQJ9MMMNBg7
M6AfBZ/0Hc6TsM8N8GkCNunoFVcoMy5kQGg7+xvRDL53Vxz/
-----END CERTIFICATE-----