Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/RwF2KkSg8KMAYaVbH953VD6HQ60.roa
File:                     RwF2KkSg8KMAYaVbH953VD6HQ60.roa (raw, json)
Hash identifier:          H1cizt+st0YJYZbriHl6DhwZxmaE1uy0epzQmcrnvQM=
Subject key identifier:   47:01:76:2A:44:A0:F0:A3:00:61:A5:5B:1F:DE:77:54:3E:87:43:AD
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019F092BE8CBE27967716008B6D21FB96533
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/RwF2KkSg8KMAYaVbH953VD6HQ60.roa
Signing time:             Sat 27 Jun 2026 13:01:40 +0000
ROA not before:           Sat 27 Jun 2026 13:01:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200193
IP address blocks:        2a06:9801:7dd::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 13:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:09:2b:e8:cb:e2:79:67:71:60:08:b6:d2:1f:b9:65:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Jun 27 13:01:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4701762a44a0f0a30061a55b1fde77543e8743ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:36:74:d6:aa:60:2f:b2:ef:8a:05:94:b2:ec:
                    8e:2b:7a:0d:d3:5d:6e:79:d1:a4:bb:cf:33:d6:3e:
                    a8:5d:ef:82:ea:d4:34:77:e5:4c:6d:7a:d7:55:25:
                    e6:01:db:a3:42:82:06:16:5b:3e:60:14:b6:88:0e:
                    28:2d:fa:7a:ce:22:9c:f8:d0:f1:23:9b:12:f9:db:
                    60:16:f8:e7:ad:31:b6:21:1a:36:76:c9:b3:7d:44:
                    f1:8a:f2:07:bb:62:09:66:c3:f1:33:16:0d:43:ec:
                    5e:58:f2:49:20:f9:b3:76:c6:ac:3d:b5:73:f1:b0:
                    17:4e:a3:84:f3:94:d3:b3:e7:35:c6:d4:0b:7e:68:
                    13:69:b5:1a:d1:83:e6:f6:ae:da:ce:97:a8:8e:83:
                    0d:03:48:8c:03:ef:b0:e2:10:af:09:18:28:7d:9f:
                    e9:e2:a5:2d:25:83:fd:93:07:a0:24:78:3b:40:1f:
                    72:16:ee:0f:de:d8:bc:ca:d4:4a:63:58:bc:4a:61:
                    eb:34:03:cf:d1:f9:a9:fb:49:75:b1:bb:a8:6f:6f:
                    56:9d:9c:32:9e:63:c9:9f:ed:cb:2e:70:cd:37:3b:
                    03:cb:b9:29:e4:b9:e7:a7:db:24:8f:5d:8d:5d:7e:
                    61:0a:8e:b1:fa:18:d3:f3:80:e6:12:f8:54:85:35:
                    f9:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:01:76:2A:44:A0:F0:A3:00:61:A5:5B:1F:DE:77:54:3E:87:43:AD
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/RwF2KkSg8KMAYaVbH953VD6HQ60.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:7dd::/48

    Signature Algorithm: sha256WithRSAEncryption
         46:89:ec:a4:44:b9:30:ef:1e:77:42:56:6c:4c:d7:51:1f:4d:
         7a:9b:a1:78:2e:60:5d:09:9f:95:ea:f7:f7:e9:51:c6:dc:83:
         9a:43:df:e6:a4:61:3f:2d:65:a9:b8:8e:f6:a4:0f:0b:e8:5e:
         62:88:76:e5:5c:ee:17:16:be:57:8e:da:c0:c2:19:7f:15:65:
         ae:e1:b9:f4:3b:4e:06:f7:e7:de:52:7e:aa:63:d2:7f:f6:15:
         fb:12:4c:ef:f6:22:09:67:ff:d6:ed:6b:3b:15:55:2f:f1:3e:
         b2:31:a5:65:38:2a:e6:4f:93:80:66:02:7b:6f:43:10:2f:c0:
         66:da:c2:6f:2b:fd:4a:7e:e5:61:b2:03:6c:69:01:09:10:f4:
         3f:57:68:87:6f:80:b8:fd:54:92:6e:9b:40:53:a4:ee:15:20:
         73:ad:ab:1a:ee:ad:d3:ad:3d:36:cb:86:80:81:ac:1e:7f:69:
         71:74:10:a6:bd:b7:fc:e8:c5:f6:ed:38:af:e6:aa:5a:d2:70:
         c7:c5:ee:f6:17:db:11:c9:74:a8:3a:01:07:f6:b1:24:a7:6b:
         3e:dd:bf:36:3f:cf:cb:41:89:b4:f9:58:00:e1:04:0d:8e:5b:
         13:0e:00:56:9d:6b:0c:38:e0:81:ab:5f:08:49:b2:66:5a:35:
         d3:c3:87:24
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ8JK+jL4nlncWAIttIfuWUzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNjI3MTMwMTQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzAxNzYyYTQ0YTBmMGEzMDA2MWE1NWIxZmRlNzc1NDNlODc0M2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlzZ01qpgL7LvigWUsuyOK3oN011u
edGku88z1j6oXe+C6tQ0d+VMbXrXVSXmAdujQoIGFls+YBS2iA4oLfp6ziKc+NDx
I5sS+dtgFvjnrTG2IRo2dsmzfUTxivIHu2IJZsPxMxYNQ+xeWPJJIPmzdsasPbVz
8bAXTqOE85TTs+c1xtQLfmgTabUa0YPm9q7azpeojoMNA0iMA++w4hCvCRgofZ/p
4qUtJYP9kwegJHg7QB9yFu4P3ti8ytRKY1i8SmHrNAPP0fmp+0l1sbuob29WnZwy
nmPJn+3LLnDNNzsDy7kp5Lnnp9skj12NXX5hCo6x+hjT84DmEvhUhTX5ZwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEcBdipEoPCjAGGlWx/ed1Q+h0OtMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvUndGMktrU2c4S01BWWFWYkg5NTNWRDZIUTYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQfd
MA0GCSqGSIb3DQEBCwUAA4IBAQBGieykRLkw7x53QlZsTNdRH016m6F4LmBdCZ+V
6vf36VHG3IOaQ9/mpGE/LWWpuI72pA8L6F5iiHblXO4XFr5XjtrAwhl/FWWu4bn0
O04G9+feUn6qY9J/9hX7Ekzv9iIJZ//W7Ws7FVUv8T6yMaVlOCrmT5OAZgJ7b0MQ
L8Bm2sJvK/1KfuVhsgNsaQEJEPQ/V2iHb4C4/VSSbptAU6TuFSBzrasa7q3TrT02
y4aAgawef2lxdBCmvbf86MX27Tiv5qpa0nDHxe72F9sRyXSoOgEH9rEkp2s+3b82
P8/LQYm0+VgA4QQNjlsTDgBWnWsMOOCBq18ISbJmWjXTw4ck
-----END CERTIFICATE-----