Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/Rr5mQbwswXSRK6C4xGW1qW4ogt8.roa
File:                     Rr5mQbwswXSRK6C4xGW1qW4ogt8.roa (raw, json)
Hash identifier:          TXMh6urrb5YT+z+jbthzUDaqMsYwMOfanH3/wnBPWvc=
Subject key identifier:   46:BE:66:41:BC:2C:C1:74:91:2B:A0:B8:C4:65:B5:A9:6E:28:82:DF
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019EFF0F3FB950E04438E6CD401253D6BB1A
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/Rr5mQbwswXSRK6C4xGW1qW4ogt8.roa
Signing time:             Thu 25 Jun 2026 13:54:09 +0000
ROA not before:           Thu 25 Jun 2026 13:54:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219351
IP address blocks:        2a06:9801:7ce::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 13:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ff:0f:3f:b9:50:e0:44:38:e6:cd:40:12:53:d6:bb:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Jun 25 13:54:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=46be6641bc2cc174912ba0b8c465b5a96e2882df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:81:ab:4d:ea:ce:77:76:1d:d8:95:56:95:aa:
                    69:1a:cf:5e:c3:01:ca:80:19:33:fd:5c:96:a9:4a:
                    c2:0c:7c:79:b3:76:7b:0c:50:4d:39:b5:97:94:f9:
                    b8:c2:ae:f5:52:69:6b:19:94:0c:01:df:1e:5f:b4:
                    ab:20:ac:7e:21:12:ef:48:06:58:1f:fb:8f:5b:05:
                    d6:0a:7a:f8:a1:b5:f8:15:1d:80:07:c6:16:f6:62:
                    e2:1d:00:89:06:2e:44:c6:8f:20:2f:b1:71:a7:dd:
                    26:e4:68:a7:5f:de:3c:f3:75:ff:65:51:97:1d:d9:
                    b5:f1:84:20:35:d0:3a:31:33:51:1f:e3:74:54:c2:
                    9a:92:63:94:f5:2f:33:8b:23:69:79:f6:40:7f:bd:
                    0b:38:3b:a2:7b:a9:fc:ef:56:e1:9d:9d:8d:c6:50:
                    26:6f:45:d0:8d:c8:10:f3:f4:bb:59:cf:80:87:30:
                    95:38:5c:28:af:b0:9c:a3:5c:bc:c0:93:fc:64:55:
                    78:b2:1b:af:e9:2f:8a:0e:4f:f0:bc:7a:40:9c:b5:
                    59:00:59:f2:49:df:d7:6a:20:f9:58:ac:d0:fe:45:
                    1c:ba:c1:e3:be:07:ce:6c:4f:08:35:d1:48:b8:83:
                    60:51:64:9c:24:31:8c:03:ee:61:b7:d8:6e:42:3e:
                    26:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:BE:66:41:BC:2C:C1:74:91:2B:A0:B8:C4:65:B5:A9:6E:28:82:DF
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/Rr5mQbwswXSRK6C4xGW1qW4ogt8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:7ce::/48

    Signature Algorithm: sha256WithRSAEncryption
         1d:53:44:f7:94:da:80:27:03:7a:b3:14:c7:c1:23:75:ea:f4:
         6a:66:73:7b:03:64:da:4e:dc:63:1b:a5:26:20:5c:fa:37:f1:
         32:d9:97:86:80:dc:44:bc:ce:30:c6:fb:95:ce:1f:6d:26:01:
         46:2e:62:2c:c6:63:87:12:a0:78:d4:60:46:b2:3d:2d:c6:88:
         7d:ec:54:4b:b3:5c:05:e6:af:29:22:63:9a:05:46:77:fc:12:
         59:3f:6e:3f:09:7a:bf:b8:be:ec:18:cc:91:c8:76:98:28:cc:
         b4:29:00:bb:00:2c:45:bd:0b:2b:c3:0c:e3:93:1a:83:92:79:
         42:d3:c6:6f:9f:57:ca:7c:ab:22:4a:7f:32:1b:b2:ea:a4:57:
         bd:cf:11:8b:6b:38:5f:24:0a:2f:d4:27:6e:96:83:40:68:26:
         0d:be:76:b9:89:27:0d:1b:4b:dc:eb:6a:c0:bb:80:2f:33:44:
         50:58:a0:60:e1:2d:1d:4f:46:aa:67:c5:d9:9c:ca:53:fd:cf:
         83:08:ab:cd:f9:ce:aa:22:39:85:27:09:bd:bc:7e:63:9c:d5:
         0b:fe:3b:40:09:8d:4e:cb:c2:9e:d8:7e:36:32:a0:ee:1d:9f:
         4c:ee:7c:ba:7c:7f:db:a5:51:24:1f:12:a5:f2:56:ea:f5:72:
         ba:c1:62:72
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ7/Dz+5UOBEOObNQBJT1rsaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNjI1MTM1NDA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmJlNjY0MWJjMmNjMTc0OTEyYmEwYjhjNDY1YjVhOTZlMjg4MmRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIGrTerOd3Yd2JVWlappGs9ewwHK
gBkz/VyWqUrCDHx5s3Z7DFBNObWXlPm4wq71UmlrGZQMAd8eX7SrIKx+IRLvSAZY
H/uPWwXWCnr4obX4FR2AB8YW9mLiHQCJBi5Exo8gL7Fxp90m5GinX94883X/ZVGX
Hdm18YQgNdA6MTNRH+N0VMKakmOU9S8ziyNpefZAf70LODuie6n871bhnZ2NxlAm
b0XQjcgQ8/S7Wc+AhzCVOFwor7Cco1y8wJP8ZFV4shuv6S+KDk/wvHpAnLVZAFny
Sd/XaiD5WKzQ/kUcusHjvgfObE8INdFIuINgUWScJDGMA+5ht9huQj4mKwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEa+ZkG8LMF0kSuguMRltaluKILfMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvUnI1bVFid3N3WFNSSzZDNHhHVzFxVzRvZ3Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQfO
MA0GCSqGSIb3DQEBCwUAA4IBAQAdU0T3lNqAJwN6sxTHwSN16vRqZnN7A2TaTtxj
G6UmIFz6N/Ey2ZeGgNxEvM4wxvuVzh9tJgFGLmIsxmOHEqB41GBGsj0txoh97FRL
s1wF5q8pImOaBUZ3/BJZP24/CXq/uL7sGMyRyHaYKMy0KQC7ACxFvQsrwwzjkxqD
knlC08Zvn1fKfKsiSn8yG7LqpFe9zxGLazhfJAov1CduloNAaCYNvna5iScNG0vc
62rAu4AvM0RQWKBg4S0dT0aqZ8XZnMpT/c+DCKvN+c6qIjmFJwm9vH5jnNUL/jtA
CY1Oy8Ke2H42MqDuHZ9M7ny6fH/bpVEkHxKl8lbq9XK6wWJy
-----END CERTIFICATE-----