Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/DRNywZ7RpyNlzvxoA8XaCUOpGrY.roa
File:                     DRNywZ7RpyNlzvxoA8XaCUOpGrY.roa (raw, json)
Hash identifier:          jSATSjskFp4J3c6yd3M7iEs/oNoEzvGbut3aHFnA/vU=
Subject key identifier:   0D:13:72:C1:9E:D1:A7:23:65:CE:FC:68:03:C5:DA:09:43:A9:1A:B6
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019E5C0FC2D1A151C8F7E6C4F5E44B54A206
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/DRNywZ7RpyNlzvxoA8XaCUOpGrY.roa
Signing time:             Sun 24 May 2026 22:16:37 +0000
ROA not before:           Sun 24 May 2026 22:16:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198590
IP address blocks:        2a06:9801:2d0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 May 2026 11:02:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5c:0f:c2:d1:a1:51:c8:f7:e6:c4:f5:e4:4b:54:a2:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: May 24 22:16:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0d1372c19ed1a72365cefc6803c5da0943a91ab6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:5f:68:d5:f4:24:b7:ff:a6:69:36:82:4f:d1:
                    ee:8c:af:8c:56:a4:d4:df:19:64:ec:fc:e7:ae:ca:
                    73:37:8b:f1:2b:e7:70:6a:fa:79:bd:40:cb:de:34:
                    60:1e:52:fc:ee:a9:c8:a3:24:8b:cc:c5:3e:d3:a2:
                    a3:77:08:a3:65:19:eb:fb:2b:2c:17:ea:b5:99:6b:
                    fc:ff:c6:00:13:bd:d8:7e:3c:26:81:ac:7f:39:59:
                    e9:04:15:29:7d:3d:d3:15:fc:05:58:a3:a6:cd:c8:
                    3b:f8:ee:42:da:a5:6b:32:60:8b:37:72:18:4e:e1:
                    0d:89:e3:4f:37:67:c8:f9:84:e7:74:cb:64:84:3f:
                    de:97:03:9d:e3:87:52:ce:a7:8a:44:02:25:1b:d0:
                    22:d8:25:93:44:9d:94:d1:73:2a:e8:40:62:8a:a3:
                    91:9b:82:d5:30:4f:ed:a8:90:4c:e1:f0:c6:56:8f:
                    6f:f4:0b:a5:3c:4f:52:96:b4:27:44:1d:5b:23:38:
                    d9:56:ec:99:28:26:b2:36:55:09:f4:f2:b7:24:66:
                    6c:7b:b6:2d:bc:b0:14:90:cf:36:fd:ac:5b:4d:a3:
                    23:4f:5a:47:fe:b9:f1:e1:c0:0f:42:49:9d:a6:f9:
                    e3:ba:75:5b:d8:f3:2c:1f:12:38:10:0c:b6:a5:84:
                    2e:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:13:72:C1:9E:D1:A7:23:65:CE:FC:68:03:C5:DA:09:43:A9:1A:B6
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/DRNywZ7RpyNlzvxoA8XaCUOpGrY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:2d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         0d:ae:f8:31:57:d8:83:ee:4b:15:ef:8d:ea:c3:4e:f9:9e:85:
         d5:b0:84:d2:ea:b9:b5:69:10:76:b3:91:85:3c:04:d5:8d:fb:
         d2:6e:4e:5a:71:22:33:a3:08:cb:ce:a2:b4:8e:27:08:ba:5f:
         d6:4f:1d:7a:3f:f2:40:24:51:cc:70:33:ac:69:28:a7:ab:f0:
         37:db:c9:73:57:25:88:23:fc:69:ba:f9:ca:a7:c6:60:0f:45:
         13:f9:ab:c7:2b:9b:0a:4a:19:22:7e:c5:c6:78:07:c7:c3:07:
         02:ba:26:c6:ae:54:8a:3d:68:c3:2e:9f:db:fd:20:80:b8:ab:
         11:63:91:44:4b:51:0e:ac:f2:3d:bc:8e:a1:5b:55:18:95:9d:
         45:80:1d:41:6e:73:a8:5c:6a:c5:de:1f:19:cd:1c:34:63:b0:
         bc:31:ec:b6:1f:d7:1d:35:5c:c9:f0:8c:7d:26:1a:c9:2e:1f:
         7e:fc:90:11:cc:09:cc:7b:da:37:d8:4d:da:77:e2:e7:da:06:
         6f:8a:7f:df:d1:64:da:cf:f5:41:2f:1e:bc:56:aa:6e:ce:3e:
         94:52:44:19:f3:5b:32:0a:37:7c:f7:87:35:02:e6:5e:d3:5d:
         80:e3:ca:1e:5a:da:43:8c:8e:6d:03:93:31:43:f8:48:dd:29:
         8b:84:f3:51
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ5cD8LRoVHI9+bE9eRLVKIGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNTI0MjIxNjM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDEzNzJjMTllZDFhNzIzNjVjZWZjNjgwM2M1ZGEwOTQzYTkxYWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp19o1fQkt/+maTaCT9HujK+MVqTU
3xlk7PznrspzN4vxK+dwavp5vUDL3jRgHlL87qnIoySLzMU+06KjdwijZRnr+yss
F+q1mWv8/8YAE73Yfjwmgax/OVnpBBUpfT3TFfwFWKOmzcg7+O5C2qVrMmCLN3IY
TuENieNPN2fI+YTndMtkhD/elwOd44dSzqeKRAIlG9Ai2CWTRJ2U0XMq6EBiiqOR
m4LVME/tqJBM4fDGVo9v9AulPE9SlrQnRB1bIzjZVuyZKCayNlUJ9PK3JGZse7Yt
vLAUkM82/axbTaMjT1pH/rnx4cAPQkmdpvnjunVb2PMsHxI4EAy2pYQuXQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA0TcsGe0acjZc78aAPF2glDqRq2MB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvRFJOeXdaN1JweU5senZ4b0E4WGFDVU9wR3JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgaYAQLQ
MA0GCSqGSIb3DQEBCwUAA4IBAQANrvgxV9iD7ksV743qw075noXVsITS6rm1aRB2
s5GFPATVjfvSbk5acSIzowjLzqK0jicIul/WTx16P/JAJFHMcDOsaSinq/A328lz
VyWII/xpuvnKp8ZgD0UT+avHK5sKShkifsXGeAfHwwcCuibGrlSKPWjDLp/b/SCA
uKsRY5FES1EOrPI9vI6hW1UYlZ1FgB1BbnOoXGrF3h8ZzRw0Y7C8Mey2H9cdNVzJ
8Ix9JhrJLh9+/JARzAnMe9o32E3ad+Ln2gZvin/f0WTaz/VBLx68Vqpuzj6UUkQZ
81syCjd894c1AuZe012A48oeWtpDjI5tA5MxQ/hI3SmLhPNR
-----END CERTIFICATE-----