Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/8AX6KiV-96COR-_5waTNYZzDaoY.roa
File:                     8AX6KiV-96COR-_5waTNYZzDaoY.roa (raw, json)
Hash identifier:          B+Kol3gI0hotNRAnYPqi23yR9A4MgX6Epp2rjzPmnYQ=
Subject key identifier:   F0:05:FA:2A:25:7E:F7:A0:8E:47:EF:F9:C1:A4:CD:61:9C:C3:6A:86
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019E0E1B1810953542E581800EC984794FDB
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/8AX6KiV-96COR-_5waTNYZzDaoY.roa
Signing time:             Sat 09 May 2026 18:58:37 +0000
ROA not before:           Sat 09 May 2026 18:58:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201182
IP address blocks:        2a06:9801:55::/48 maxlen: 48
                          2a06:9801:300::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:0e:1b:18:10:95:35:42:e5:81:80:0e:c9:84:79:4f:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: May  9 18:58:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f005fa2a257ef7a08e47eff9c1a4cd619cc36a86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:8c:89:7a:47:bd:d6:c0:08:52:e8:9b:5e:6c:
                    35:5e:a4:9c:bc:c4:04:7d:c2:e9:16:1b:8f:9c:8f:
                    ca:fc:8b:64:83:4d:15:eb:d9:09:cc:2b:93:48:97:
                    3f:85:17:f1:d6:ae:8c:d9:fd:dd:af:9a:e4:a8:28:
                    30:a7:df:55:42:14:54:63:f8:08:69:4c:d1:96:b9:
                    dd:81:d3:fe:84:e7:e7:25:26:2a:09:82:d8:41:74:
                    c6:06:18:2a:38:a7:dc:de:b0:6b:9b:23:44:93:e6:
                    f7:44:7e:7e:bc:df:f7:8b:85:d8:68:14:ab:7d:e6:
                    f8:f8:66:52:1f:3a:89:9a:09:56:9e:a6:7b:9f:5a:
                    7d:6d:e8:90:1e:a3:c9:c8:85:d7:9c:79:b9:db:0f:
                    b7:30:c1:55:11:25:54:ce:3c:43:c7:7c:b0:5e:06:
                    d2:a3:6b:7c:e8:94:d7:00:6a:57:03:d3:6a:2f:1b:
                    3d:53:65:ba:83:28:b8:5f:66:41:9d:e7:4d:18:03:
                    a7:63:21:5f:fa:0e:b9:ff:30:c7:84:ff:2b:fb:77:
                    6e:db:59:5a:16:3e:fe:8d:bf:df:b3:d1:12:87:e8:
                    a8:e4:f3:0f:8c:8b:aa:12:40:4d:1b:27:28:ef:96:
                    24:97:7d:a6:05:be:0a:2b:40:5e:a2:23:35:ec:84:
                    40:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:05:FA:2A:25:7E:F7:A0:8E:47:EF:F9:C1:A4:CD:61:9C:C3:6A:86
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/8AX6KiV-96COR-_5waTNYZzDaoY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:55::/48
                  2a06:9801:300::/40

    Signature Algorithm: sha256WithRSAEncryption
         90:f3:bc:55:ff:8a:9f:8c:7c:42:8f:8a:79:01:43:13:4c:c9:
         a9:c7:db:bd:d5:c5:65:1c:2f:5d:ad:bf:d7:a4:34:97:50:10:
         81:f9:a6:48:18:ff:49:41:0d:1e:85:be:3b:35:37:d0:05:78:
         b7:5c:f1:c8:70:cf:79:89:1f:60:7c:02:9e:d0:98:e1:cf:d0:
         ed:23:e6:29:76:06:44:30:4b:df:de:d5:45:36:40:7a:1e:3a:
         0a:a4:21:17:0d:e5:0b:df:76:23:12:bc:50:8b:53:43:41:d2:
         5d:66:04:62:3a:96:85:29:ab:69:13:4f:94:e3:ce:03:e6:63:
         c1:a5:1f:1c:3f:d1:8e:22:7f:df:f0:42:d0:4e:76:64:d9:b9:
         a9:50:45:1c:fd:66:6d:51:a8:b5:f1:4b:6a:47:9f:bd:77:fc:
         89:5b:4f:a2:e1:5f:3e:8f:ec:8b:4b:f9:6d:96:a6:98:2a:31:
         ea:3d:c3:79:87:2b:7c:f9:f9:91:e2:d2:77:2c:8a:68:5c:40:
         c8:e6:8d:00:e5:3c:74:68:a4:cb:67:5f:75:00:49:c1:f6:b1:
         aa:17:d4:dc:a4:97:5e:c4:ac:5e:d6:39:93:b2:4f:53:81:2b:
         ef:00:46:1f:0a:95:23:8b:2a:24:dc:e1:89:92:a0:e4:e7:01:
         63:dc:01:91
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZ4OGxgQlTVC5YGADsmEeU/bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNTA5MTg1ODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDA1ZmEyYTI1N2VmN2EwOGU0N2VmZjljMWE0Y2Q2MTljYzM2YTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkoyJeke91sAIUuibXmw1XqScvMQE
fcLpFhuPnI/K/Itkg00V69kJzCuTSJc/hRfx1q6M2f3dr5rkqCgwp99VQhRUY/gI
aUzRlrndgdP+hOfnJSYqCYLYQXTGBhgqOKfc3rBrmyNEk+b3RH5+vN/3i4XYaBSr
feb4+GZSHzqJmglWnqZ7n1p9beiQHqPJyIXXnHm52w+3MMFVESVUzjxDx3ywXgbS
o2t86JTXAGpXA9NqLxs9U2W6gyi4X2ZBnedNGAOnYyFf+g65/zDHhP8r+3du21la
Fj7+jb/fs9ESh+io5PMPjIuqEkBNGyco75Ykl32mBb4KK0BeoiM17IRAowIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFPAF+iolfvegjkfv+cGkzWGcw2qGMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvOEFYNktpVi05NkNPUi1fNXdhVE5ZWnpEYW9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcAKgaYAQBV
AwYAKgaYAQMwDQYJKoZIhvcNAQELBQADggEBAJDzvFX/ip+MfEKPinkBQxNMyanH
273VxWUcL12tv9ekNJdQEIH5pkgY/0lBDR6Fvjs1N9AFeLdc8chwz3mJH2B8Ap7Q
mOHP0O0j5il2BkQwS9/e1UU2QHoeOgqkIRcN5QvfdiMSvFCLU0NB0l1mBGI6loUp
q2kTT5TjzgPmY8GlHxw/0Y4if9/wQtBOdmTZualQRRz9Zm1RqLXxS2pHn713/Ilb
T6LhXz6P7ItL+W2WppgqMeo9w3mHK3z5+ZHi0ncsimhcQMjmjQDlPHRopMtnX3UA
ScH2saoX1Nykl17ErF7WOZOyT1OBK+8ARh8KlSOLKiTc4YmSoOTnAWPcAZE=
-----END CERTIFICATE-----