Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/Ja-zC4ldLkr_A9dJ1D_9T7lkfxA.roa
File:                     Ja-zC4ldLkr_A9dJ1D_9T7lkfxA.roa (raw, json)
Hash identifier:          vtA1NaMt4rRGmYN9UwnpZj7DO3x8hyXtnFi+5BQmtns=
Subject key identifier:   25:AF:B3:0B:89:5D:2E:4A:FF:03:D7:49:D4:3F:FD:4F:B9:64:7F:10
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019CB1649D4E395FFAD601A5073F8F6BF325
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/Ja-zC4ldLkr_A9dJ1D_9T7lkfxA.roa
Signing time:             Tue 03 Mar 2026 01:51:27 +0000
ROA not before:           Tue 03 Mar 2026 01:51:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40994
IP address blocks:        2a06:9801:c6::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 12 Mar 2026 15:04:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b1:64:9d:4e:39:5f:fa:d6:01:a5:07:3f:8f:6b:f3:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Mar  3 01:51:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=25afb30b895d2e4aff03d749d43ffd4fb9647f10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:13:a3:a0:42:bc:79:98:ab:75:f8:a0:fc:c2:
                    f1:34:a8:ca:99:1e:b5:de:10:aa:84:fa:8a:9c:d7:
                    9c:13:23:31:e0:6d:2f:46:50:26:7a:ec:90:70:a3:
                    f1:77:e1:bb:48:0c:1f:e6:8f:1d:e2:59:39:d4:5e:
                    4a:a9:6f:e2:51:a9:ef:c1:d6:c4:88:f8:72:50:15:
                    c9:2b:de:00:16:dd:97:28:03:b6:cf:da:c5:d3:4b:
                    06:b2:89:f0:39:ab:cc:1b:9f:e1:ec:4c:81:40:37:
                    48:51:34:ab:25:8c:dc:f7:b9:a1:d2:ee:75:d3:2e:
                    6c:29:8d:20:6a:31:f1:65:3a:c5:c3:96:52:31:5a:
                    02:f5:b5:bf:1e:28:4d:87:1e:4a:99:8c:09:64:20:
                    14:13:fe:24:b7:77:de:84:cd:ae:c7:80:01:d1:77:
                    87:fd:15:fe:70:32:09:90:41:97:88:c0:02:56:95:
                    33:3f:e0:bb:9f:28:d3:70:b4:bf:e1:8c:3c:45:98:
                    ea:44:27:21:cc:d2:15:42:77:92:c0:04:5a:1a:a5:
                    a5:e3:0f:3e:62:63:90:68:bd:27:29:3a:15:6f:f1:
                    97:27:cd:c2:f4:8d:76:53:6f:5f:2c:e3:0f:e8:a8:
                    d7:de:94:b9:cf:c4:c9:49:9f:85:e2:3a:fc:89:0c:
                    11:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:AF:B3:0B:89:5D:2E:4A:FF:03:D7:49:D4:3F:FD:4F:B9:64:7F:10
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/Ja-zC4ldLkr_A9dJ1D_9T7lkfxA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:c6::/48

    Signature Algorithm: sha256WithRSAEncryption
         14:30:9f:2c:74:e8:34:b6:4c:d2:18:b3:08:67:63:b0:55:7b:
         b2:95:f4:9c:42:e3:62:ab:59:d7:b0:9a:c3:c3:c2:62:b8:23:
         c9:61:5d:d8:23:b5:ed:5d:4d:4d:cd:e2:43:fb:c4:11:95:56:
         a5:f8:e4:50:09:b6:4f:11:59:54:d2:8c:68:a0:3e:02:65:51:
         8b:e6:86:db:77:fd:cd:14:b2:f8:2c:ec:e3:e8:85:ff:aa:03:
         0e:5b:de:c1:c3:60:01:ea:9e:15:f5:d8:ed:f8:25:b4:00:06:
         d5:42:2a:41:ba:11:aa:fa:0d:f4:0c:9f:24:27:5e:91:99:4e:
         97:f8:31:63:2b:5b:69:b2:1e:25:60:b7:ba:10:1f:b2:26:a1:
         2c:51:3f:28:0b:3a:3d:ab:55:81:26:d5:04:e8:37:f3:e7:8e:
         b5:e1:4c:4f:ff:b3:2c:99:bb:fd:ed:37:03:06:6f:e7:f7:cf:
         5a:ff:03:a2:81:1a:55:ac:cd:4b:09:55:cf:7b:0e:e5:ae:f9:
         6d:23:db:14:c8:86:c2:8a:d1:80:b9:01:3a:6e:a0:e8:87:9b:
         62:e6:76:18:35:0c:3d:db:62:75:d8:b2:78:77:db:fa:08:33:
         90:24:1f:10:e7:ea:7a:1b:c2:0a:c4:62:4f:6f:0a:3e:d9:87:
         d1:f7:0d:84
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZyxZJ1OOV/61gGlBz+Pa/MlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwMzAzMDE1MTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWFmYjMwYjg5NWQyZTRhZmYwM2Q3NDlkNDNmZmQ0ZmI5NjQ3ZjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqROjoEK8eZirdfig/MLxNKjKmR61
3hCqhPqKnNecEyMx4G0vRlAmeuyQcKPxd+G7SAwf5o8d4lk51F5KqW/iUanvwdbE
iPhyUBXJK94AFt2XKAO2z9rF00sGsonwOavMG5/h7EyBQDdIUTSrJYzc97mh0u51
0y5sKY0gajHxZTrFw5ZSMVoC9bW/HihNhx5KmYwJZCAUE/4kt3fehM2ux4AB0XeH
/RX+cDIJkEGXiMACVpUzP+C7nyjTcLS/4Yw8RZjqRCchzNIVQneSwARaGqWl4w8+
YmOQaL0nKToVb/GXJ83C9I12U29fLOMP6KjX3pS5z8TJSZ+F4jr8iQwRAwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCWvswuJXS5K/wPXSdQ//U+5ZH8QMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvSmEtekM0bGRMa3JfQTlkSjFEXzlUN2xrZnhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQDG
MA0GCSqGSIb3DQEBCwUAA4IBAQAUMJ8sdOg0tkzSGLMIZ2OwVXuylfScQuNiq1nX
sJrDw8JiuCPJYV3YI7XtXU1NzeJD+8QRlVal+ORQCbZPEVlU0oxooD4CZVGL5obb
d/3NFLL4LOzj6IX/qgMOW97Bw2AB6p4V9djt+CW0AAbVQipBuhGq+g30DJ8kJ16R
mU6X+DFjK1tpsh4lYLe6EB+yJqEsUT8oCzo9q1WBJtUE6Dfz54614UxP/7Msmbv9
7TcDBm/n989a/wOigRpVrM1LCVXPew7lrvltI9sUyIbCitGAuQE6bqDoh5ti5nYY
NQw922J12LJ4d9v6CDOQJB8Q5+p6G8IKxGJPbwo+2YfR9w2E
-----END CERTIFICATE-----