Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/kwgpBCf-aG2SLyitdDUJWO4TKpM.roa
File:                     kwgpBCf-aG2SLyitdDUJWO4TKpM.roa (raw, json)
Hash identifier:          N3j0SoRsQnvW69HmLTlzqCjOXdes92G7U9ev6eAtRgU=
Subject key identifier:   93:08:29:04:27:FE:68:6D:92:2F:28:AD:74:35:09:58:EE:13:2A:93
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019D2542FEC635FFB329A5623A3AEDE4EE2F
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/kwgpBCf-aG2SLyitdDUJWO4TKpM.roa
Signing time:             Wed 25 Mar 2026 13:50:40 +0000
ROA not before:           Wed 25 Mar 2026 13:50:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199776
IP address blocks:        2a0e:97c0:bf0::/48 maxlen: 48
                          2a0e:97c0:bf1::/48 maxlen: 48
                          2a0e:97c0:bf2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 13:50:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:25:42:fe:c6:35:ff:b3:29:a5:62:3a:3a:ed:e4:ee:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Mar 25 13:50:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9308290427fe686d922f28ad74350958ee132a93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:bf:60:bf:c0:6a:c3:64:15:75:11:49:9e:8c:
                    41:34:31:54:2f:67:cc:73:b2:47:1e:99:ff:c5:cb:
                    74:cc:2c:e6:2f:d0:7f:02:e2:45:f5:45:90:8b:c6:
                    14:14:be:79:6a:2d:af:b9:ed:6f:5c:3e:36:a9:d3:
                    03:26:7c:ec:80:ad:ed:75:11:42:8e:05:a3:e7:7f:
                    ee:b4:f7:80:f6:53:d1:63:93:84:0d:eb:ca:87:5b:
                    70:4c:3b:1f:7f:83:a6:43:01:c5:12:e8:aa:b2:06:
                    7e:fd:de:f4:7e:72:59:66:df:d8:34:48:0d:20:b4:
                    b0:87:1c:fe:f1:31:8c:fb:a2:2a:a1:b1:e1:6a:71:
                    c1:fe:0a:d9:af:9e:ab:3c:64:ae:d9:a6:98:97:20:
                    ee:2f:23:aa:18:eb:84:4d:38:83:a1:a8:2c:eb:27:
                    04:d2:cc:41:51:2e:99:b1:b3:e9:4a:60:3b:92:7d:
                    55:b8:39:ca:3f:d1:17:41:3a:cb:81:d6:0d:fd:a6:
                    24:73:06:a3:86:06:d0:2b:50:bf:d5:78:d7:9f:4f:
                    d1:08:5f:a9:29:6c:2d:d6:c2:49:2a:0e:58:6e:9d:
                    68:48:08:6b:bb:09:69:ff:96:2e:cf:cf:fd:ed:d1:
                    52:62:0f:85:15:ee:39:3f:de:1c:be:5d:f9:9c:74:
                    ce:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:08:29:04:27:FE:68:6D:92:2F:28:AD:74:35:09:58:EE:13:2A:93
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/kwgpBCf-aG2SLyitdDUJWO4TKpM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:bf0::-2a0e:97c0:bf2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         a7:bf:da:bb:2b:60:4b:78:a2:ce:23:e2:b3:f2:3c:81:c8:99:
         9e:26:fb:a4:09:56:2e:dd:a3:c4:4e:68:c6:30:bb:00:33:30:
         f4:9c:37:3d:74:cb:fb:67:b5:8d:12:15:d8:81:bd:b8:ca:5a:
         13:44:17:fa:f0:93:7b:92:e6:15:33:c9:76:73:64:15:aa:5a:
         96:d9:00:41:47:b6:9e:53:6e:69:52:43:3c:ce:fd:96:67:5a:
         9b:01:0d:b5:2f:a9:88:71:9c:c4:7a:6a:2e:ac:55:74:41:03:
         60:fe:a3:67:74:2f:ec:98:6c:e5:b9:cc:76:6d:d2:11:39:87:
         a7:7c:00:fe:dd:84:92:f0:bb:35:cc:b2:97:38:e8:1b:22:f2:
         20:9d:90:3a:86:d1:ad:2a:e8:c3:eb:68:c9:5a:b0:20:3e:55:
         b4:52:bf:a3:09:78:3b:60:f0:54:f9:7e:5e:67:12:42:fa:17:
         df:10:a8:85:f8:7b:76:38:4d:76:7e:03:0e:8f:a6:46:95:41:
         89:ad:63:ad:7f:50:79:2f:48:50:69:4c:89:62:72:c2:fe:b6:
         e2:4d:5a:69:db:58:df:0d:b7:33:fd:d7:e5:24:2f:fc:24:90:
         35:2d:bb:23:45:9d:ba:03:93:4c:a8:81:1e:ae:42:29:3b:76:
         f1:79:4f:dd
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ0lQv7GNf+zKaViOjrt5O4vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjYwMzI1MTM1MDQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzA4MjkwNDI3ZmU2ODZkOTIyZjI4YWQ3NDM1MDk1OGVlMTMyYTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq79gv8Bqw2QVdRFJnoxBNDFUL2fM
c7JHHpn/xct0zCzmL9B/AuJF9UWQi8YUFL55ai2vue1vXD42qdMDJnzsgK3tdRFC
jgWj53/utPeA9lPRY5OEDevKh1twTDsff4OmQwHFEuiqsgZ+/d70fnJZZt/YNEgN
ILSwhxz+8TGM+6IqobHhanHB/grZr56rPGSu2aaYlyDuLyOqGOuETTiDoags6ycE
0sxBUS6ZsbPpSmA7kn1VuDnKP9EXQTrLgdYN/aYkcwajhgbQK1C/1XjXn0/RCF+p
KWwt1sJJKg5Ybp1oSAhruwlp/5Yuz8/97dFSYg+FFe45P94cvl35nHTOFwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFJMIKQQn/mhtki8orXQ1CVjuEyqTMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEva3dncEJDZi1hRzJTTHlpdGREVUpXTzRUS3BNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwQqDpfA
C/ADBwAqDpfAC/IwDQYJKoZIhvcNAQELBQADggEBAKe/2rsrYEt4os4j4rPyPIHI
mZ4m+6QJVi7do8ROaMYwuwAzMPScNz10y/tntY0SFdiBvbjKWhNEF/rwk3uS5hUz
yXZzZBWqWpbZAEFHtp5TbmlSQzzO/ZZnWpsBDbUvqYhxnMR6ai6sVXRBA2D+o2d0
L+yYbOW5zHZt0hE5h6d8AP7dhJLwuzXMspc46Bsi8iCdkDqG0a0q6MPraMlasCA+
VbRSv6MJeDtg8FT5fl5nEkL6F98QqIX4e3Y4TXZ+Aw6PpkaVQYmtY61/UHkvSFBp
TIlicsL+tuJNWmnbWN8NtzP91+UkL/wkkDUtuyNFnboDk0yogR6uQik7dvF5T90=
-----END CERTIFICATE-----