Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GnOCcI7jgyu9vdvbId-dZhWpEcI.roa
File:                     GnOCcI7jgyu9vdvbId-dZhWpEcI.roa (raw, json)
Hash identifier:          m6fI6d2r7kTolCNGpHX/DB2svW1IRwai/UezS8rgOog=
Subject key identifier:   1A:73:82:70:8E:E3:83:2B:BD:BD:DB:DB:21:DF:9D:66:15:A9:11:C2
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019EB767CBCD1763C5BC29AE098E07BD270D
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GnOCcI7jgyu9vdvbId-dZhWpEcI.roa
Signing time:             Thu 11 Jun 2026 15:58:13 +0000
ROA not before:           Thu 11 Jun 2026 15:58:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219454
IP address blocks:        2a0e:97c0:d50::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b7:67:cb:cd:17:63:c5:bc:29:ae:09:8e:07:bd:27:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jun 11 15:58:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1a7382708ee3832bbdbddbdb21df9d6615a911c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:d2:c4:6c:cc:0f:93:ac:03:cf:1a:5a:b2:cd:
                    df:bc:81:0a:73:80:1e:a9:ed:89:45:c8:71:58:83:
                    2e:20:c9:ab:d8:64:e7:13:6d:94:c4:fb:86:71:f4:
                    80:1b:b9:c9:36:a6:27:e4:ff:45:01:73:c2:84:11:
                    31:1a:28:b1:c4:77:e3:16:51:18:ce:ee:00:e0:68:
                    0b:f9:d0:fd:a3:2e:32:e3:fc:b5:55:77:70:ba:41:
                    de:9e:14:f6:83:f3:0c:74:a7:3d:21:32:89:39:78:
                    a5:62:cf:d4:cd:31:ef:3f:b5:56:34:93:74:71:8b:
                    df:89:28:6f:86:b5:58:d6:63:0b:49:78:03:a4:a3:
                    6b:30:b1:cf:31:0d:79:97:08:75:ab:78:01:41:20:
                    6b:0d:d9:1d:9e:15:7c:1f:96:42:8a:52:21:57:88:
                    52:61:45:99:dd:b0:b5:d6:82:38:73:13:1b:d8:ff:
                    0d:99:0f:e8:80:8d:31:d2:83:a0:05:b0:dd:dc:c6:
                    6a:cb:13:2a:5b:37:ea:e4:5b:dd:61:f4:1f:6c:c1:
                    bf:06:e5:2d:18:78:f1:c8:cd:2c:64:9d:ef:da:50:
                    04:c7:ef:af:4d:4c:a8:6b:14:9c:9a:ff:42:1c:e7:
                    b5:f7:2f:32:37:f4:22:8e:67:5a:5b:2e:7a:3e:43:
                    1e:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:73:82:70:8E:E3:83:2B:BD:BD:DB:DB:21:DF:9D:66:15:A9:11:C2
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GnOCcI7jgyu9vdvbId-dZhWpEcI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:d50::/44

    Signature Algorithm: sha256WithRSAEncryption
         64:69:46:25:ea:a7:70:96:1b:dd:b4:02:a6:f0:aa:12:a5:0f:
         e7:18:c8:63:a1:ab:5c:ca:2b:c8:c0:ee:c8:00:d8:ef:cf:01:
         38:40:24:65:2b:fa:e0:1e:61:c2:22:27:7e:dc:f1:5e:46:b3:
         33:e5:91:6f:c6:ee:cb:d4:1d:e5:eb:8d:1f:5a:34:14:fd:14:
         bd:d4:44:0b:e2:1b:c7:5d:83:b0:3b:2f:be:77:f1:86:06:af:
         ce:09:98:ac:9f:5f:e4:38:12:d1:74:a0:19:80:09:2f:70:3e:
         17:6a:10:70:f7:0e:5a:e7:fd:a0:33:5f:55:3b:b9:e9:3f:5d:
         10:cf:03:d8:c9:35:07:5e:58:bb:b8:79:81:f3:e1:59:f5:4f:
         58:99:26:7a:1e:a0:7b:db:37:b1:fd:c7:40:b7:ae:4b:47:c3:
         ce:1a:d7:82:aa:d9:32:9d:6d:bf:2c:b6:a7:64:84:72:5e:ba:
         ad:e5:f5:3c:3a:58:94:c7:35:ea:ef:09:57:1b:86:f4:81:6d:
         e9:3c:32:57:7e:5c:b4:df:9f:a3:fd:c3:31:75:38:70:cd:ee:
         2f:8e:8b:eb:d2:a0:41:06:79:82:cc:74:da:b8:b9:56:fc:49:
         b4:02:34:a3:b4:01:8e:c1:05:47:e4:25:71:54:4e:03:45:93:
         c3:88:05:e1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ63Z8vNF2PFvCmuCY4HvScNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjYwNjExMTU1ODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTczODI3MDhlZTM4MzJiYmRiZGRiZGIyMWRmOWQ2NjE1YTkxMWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxtLEbMwPk6wDzxpass3fvIEKc4Ae
qe2JRchxWIMuIMmr2GTnE22UxPuGcfSAG7nJNqYn5P9FAXPChBExGiixxHfjFlEY
zu4A4GgL+dD9oy4y4/y1VXdwukHenhT2g/MMdKc9ITKJOXilYs/UzTHvP7VWNJN0
cYvfiShvhrVY1mMLSXgDpKNrMLHPMQ15lwh1q3gBQSBrDdkdnhV8H5ZCilIhV4hS
YUWZ3bC11oI4cxMb2P8NmQ/ogI0x0oOgBbDd3MZqyxMqWzfq5FvdYfQfbMG/BuUt
GHjxyM0sZJ3v2lAEx++vTUyoaxScmv9CHOe19y8yN/QijmdaWy56PkMe2wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBpzgnCO44Mrvb3b2yHfnWYVqRHCMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvR25PQ2NJN2pneXU5dmR2YklkLWRaaFdwRWNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwA1Q
MA0GCSqGSIb3DQEBCwUAA4IBAQBkaUYl6qdwlhvdtAKm8KoSpQ/nGMhjoatcyivI
wO7IANjvzwE4QCRlK/rgHmHCIid+3PFeRrMz5ZFvxu7L1B3l640fWjQU/RS91EQL
4hvHXYOwOy++d/GGBq/OCZisn1/kOBLRdKAZgAkvcD4XahBw9w5a5/2gM19VO7np
P10QzwPYyTUHXli7uHmB8+FZ9U9YmSZ6HqB72zex/cdAt65LR8POGteCqtkynW2/
LLanZIRyXrqt5fU8OliUxzXq7wlXG4b0gW3pPDJXfly035+j/cMxdThwze4vjovr
0qBBBnmCzHTauLlW/Em0AjSjtAGOwQVH5CVxVE4DRZPDiAXh
-----END CERTIFICATE-----