Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/Ca7ETLYxtdhjmb8VIICeg2MUirY.roa
File:                     Ca7ETLYxtdhjmb8VIICeg2MUirY.roa (raw, json)
Hash identifier:          UJFRLmH9hGQowteJZSbc4Zrmh+mdfK3r7IDtHozzHng=
Subject key identifier:   09:AE:C4:4C:B6:31:B5:D8:63:99:BF:15:20:80:9E:83:63:14:8A:B6
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019E02C137F0073A1B11D1167EB0A1C16DBF
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/Ca7ETLYxtdhjmb8VIICeg2MUirY.roa
Signing time:             Thu 07 May 2026 14:04:37 +0000
ROA not before:           Thu 07 May 2026 14:04:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197736
IP address blocks:        2a06:9801:2f3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:02:c1:37:f0:07:3a:1b:11:d1:16:7e:b0:a1:c1:6d:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: May  7 14:04:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=09aec44cb631b5d86399bf1520809e8363148ab6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:55:3b:82:a1:89:7c:e9:56:ca:8d:23:56:e1:
                    b2:29:53:aa:80:b9:b7:c2:be:4c:bd:02:53:a8:f5:
                    fa:ea:6e:0d:38:10:3f:6e:a5:d6:b9:f6:f7:a9:dc:
                    d5:da:5a:e7:82:b9:4b:d3:c0:48:b1:de:52:6e:bc:
                    bc:5e:7b:1b:83:71:72:3c:7a:bf:6c:02:46:e1:3d:
                    fc:c7:79:0b:c1:62:65:f4:1d:35:34:00:45:ed:8c:
                    e2:96:4f:c3:b7:9b:71:6c:2b:34:f2:01:63:69:c5:
                    63:8e:70:f0:8a:71:68:bb:c7:09:60:43:45:32:12:
                    a2:7b:76:1a:d6:aa:27:92:d9:0c:dd:cc:4e:9b:a7:
                    4e:58:fc:34:e7:f0:48:37:4b:9e:74:86:84:91:18:
                    f7:45:f3:76:9d:25:ec:7a:05:dd:70:7e:6f:2d:a1:
                    90:97:9e:51:9c:9f:e9:71:5f:b8:5a:31:1d:6d:8e:
                    21:d1:f0:ec:31:8d:d9:4a:99:d2:de:90:b0:05:19:
                    5b:69:91:ec:3e:a7:27:00:f8:be:c3:5f:b0:d4:2d:
                    6b:04:0f:cc:72:e5:86:3c:d8:2b:c9:78:c2:b9:ab:
                    ac:c2:5a:8e:4d:7f:5d:c4:e6:d0:ca:37:41:b5:fc:
                    8a:7b:a6:41:d0:8c:e0:02:d6:30:94:e3:4e:53:cc:
                    f3:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:AE:C4:4C:B6:31:B5:D8:63:99:BF:15:20:80:9E:83:63:14:8A:B6
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/Ca7ETLYxtdhjmb8VIICeg2MUirY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:2f3::/48

    Signature Algorithm: sha256WithRSAEncryption
         5b:27:6a:e2:b2:14:d5:58:fe:99:94:b9:5b:80:9b:67:3e:29:
         dc:f6:45:a2:ac:ed:f0:fb:7e:6d:46:6e:78:87:0a:96:45:61:
         8c:af:4f:95:78:f2:0f:03:3b:4c:cc:f3:37:a4:7d:e4:e5:c5:
         bd:65:18:e3:6f:99:ab:db:e4:45:99:a6:6c:d5:a7:fc:fb:45:
         cd:e9:18:43:7e:46:0e:4d:7b:6d:4d:6c:d7:54:e2:bb:33:3b:
         55:f1:ad:9c:87:df:7c:0c:67:71:50:21:ff:39:49:6c:ee:5b:
         79:cf:fe:8c:64:9f:ed:46:3c:c7:8d:71:a3:a1:d2:e8:85:8d:
         c1:11:6b:95:8b:51:72:4c:36:6b:40:7d:0b:77:df:16:a0:c5:
         69:a5:64:f6:e0:ef:29:70:de:3c:9f:15:5c:62:1b:f0:b4:48:
         ad:1f:25:36:b1:d5:fd:fe:a7:a0:31:de:ae:f1:5b:fb:80:a8:
         a9:06:94:42:1e:f0:ea:0b:44:ba:34:23:db:35:67:12:ea:11:
         2d:14:a2:ab:59:63:45:53:73:90:1c:53:27:98:87:ca:31:6f:
         73:2a:5a:43:d8:32:78:c8:82:82:39:2a:40:97:66:2f:1c:13:
         ba:84:9f:4f:f8:06:6c:b9:84:02:19:ad:dd:f9:ae:99:45:78:
         90:8c:e1:57
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ4CwTfwBzobEdEWfrChwW2/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNTA3MTQwNDM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWFlYzQ0Y2I2MzFiNWQ4NjM5OWJmMTUyMDgwOWU4MzYzMTQ4YWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzFU7gqGJfOlWyo0jVuGyKVOqgLm3
wr5MvQJTqPX66m4NOBA/bqXWufb3qdzV2lrngrlL08BIsd5Sbry8Xnsbg3FyPHq/
bAJG4T38x3kLwWJl9B01NABF7Yzilk/Dt5txbCs08gFjacVjjnDwinFou8cJYENF
MhKie3Ya1qonktkM3cxOm6dOWPw05/BIN0uedIaEkRj3RfN2nSXsegXdcH5vLaGQ
l55RnJ/pcV+4WjEdbY4h0fDsMY3ZSpnS3pCwBRlbaZHsPqcnAPi+w1+w1C1rBA/M
cuWGPNgryXjCuauswlqOTX9dxObQyjdBtfyKe6ZB0IzgAtYwlONOU8zzZQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAmuxEy2MbXYY5m/FSCAnoNjFIq2MB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvQ2E3RVRMWXh0ZGhqbWI4VklJQ2VnMk1VaXJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQLz
MA0GCSqGSIb3DQEBCwUAA4IBAQBbJ2rishTVWP6ZlLlbgJtnPinc9kWirO3w+35t
Rm54hwqWRWGMr0+VePIPAztMzPM3pH3k5cW9ZRjjb5mr2+RFmaZs1af8+0XN6RhD
fkYOTXttTWzXVOK7MztV8a2ch998DGdxUCH/OUls7lt5z/6MZJ/tRjzHjXGjodLo
hY3BEWuVi1FyTDZrQH0Ld98WoMVppWT24O8pcN48nxVcYhvwtEitHyU2sdX9/qeg
Md6u8Vv7gKipBpRCHvDqC0S6NCPbNWcS6hEtFKKrWWNFU3OQHFMnmIfKMW9zKlpD
2DJ4yIKCOSpAl2YvHBO6hJ9P+AZsuYQCGa3d+a6ZRXiQjOFX
-----END CERTIFICATE-----