Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/TeeA3bLRogevEjh0KmvORkM65wk.roa
File:                     TeeA3bLRogevEjh0KmvORkM65wk.roa (raw, json)
Hash identifier:          jWUiC5MGtVLx8YTGYit4tmxluFI0DQpqju3g/tnZfXw=
Subject key identifier:   4D:E7:80:DD:B2:D1:A2:07:AF:12:38:74:2A:6B:CE:46:43:3A:E7:09
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019EFF8C331963ED22E84F6031AEB35EE395
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/TeeA3bLRogevEjh0KmvORkM65wk.roa
Signing time:             Thu 25 Jun 2026 16:10:38 +0000
ROA not before:           Thu 25 Jun 2026 16:10:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199892
IP address blocks:        2a06:9801:224::/48 maxlen: 48
                          2a06:9801:230::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 13:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ff:8c:33:19:63:ed:22:e8:4f:60:31:ae:b3:5e:e3:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Jun 25 16:10:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4de780ddb2d1a207af1238742a6bce46433ae709
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:17:5b:56:ad:20:2d:d7:91:31:6f:b5:55:ec:
                    14:ae:1c:44:60:b0:04:4a:bd:12:80:24:c8:7a:68:
                    1a:4d:a5:59:44:77:dc:00:04:10:f2:d8:45:4b:40:
                    6f:70:92:a4:ac:5e:dc:61:ba:ea:0c:92:87:c1:4e:
                    99:d2:33:36:88:d1:13:0c:e4:85:41:fd:64:af:78:
                    2f:07:12:24:4f:9d:0d:5f:54:ed:24:94:f3:4f:95:
                    3b:e3:6b:9f:0c:bb:af:02:e6:59:fd:ab:7f:3f:7c:
                    e2:d9:e8:93:f7:79:c9:b0:63:73:fc:72:9a:cd:05:
                    52:a6:8e:32:de:1a:7b:e1:a0:3e:d0:85:e6:f9:d1:
                    54:2d:64:b0:c8:56:17:7e:a4:cc:c4:ac:11:1d:cb:
                    19:79:9a:29:56:a4:d2:ab:8b:54:45:aa:52:32:dd:
                    42:8b:cc:5f:b1:b1:56:18:a6:ca:aa:a5:39:e0:b9:
                    0e:82:8b:20:ec:e8:91:26:d1:16:8c:34:d4:cf:e4:
                    3f:f4:49:3a:ba:f2:9f:b8:df:53:c6:b5:40:04:0b:
                    f1:2d:71:22:94:5f:3c:0b:b4:bf:b2:1f:6a:51:a7:
                    96:38:eb:6a:d4:10:3f:18:f6:1a:70:76:dd:51:af:
                    10:cb:df:8a:8a:9c:ab:b3:36:fa:fa:e8:42:12:63:
                    d5:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:E7:80:DD:B2:D1:A2:07:AF:12:38:74:2A:6B:CE:46:43:3A:E7:09
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/TeeA3bLRogevEjh0KmvORkM65wk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:224::/48
                  2a06:9801:230::/44

    Signature Algorithm: sha256WithRSAEncryption
         2a:9c:9c:1b:8b:4d:f5:d3:7c:95:c1:18:50:96:b1:ac:02:79:
         a9:a2:21:e0:fe:21:11:a8:c2:bc:2b:c4:77:a1:69:ae:a2:b8:
         21:8c:ea:34:46:40:33:78:c8:a5:e0:e9:98:dd:74:c8:3e:89:
         99:59:f7:e1:04:16:27:14:0f:dd:72:4e:64:fa:02:7a:67:e2:
         98:05:63:95:42:1f:97:77:45:42:e7:d1:fe:c0:e9:9e:94:02:
         84:04:0f:98:97:0d:86:59:3c:71:5f:ef:56:14:59:e9:26:91:
         26:ec:d4:2a:cf:53:8a:1c:cb:ea:ee:7f:80:99:3a:d6:d9:8c:
         26:70:bc:9f:cb:25:05:98:1e:ae:e2:4f:15:15:88:b5:cf:97:
         b8:f6:d7:fb:71:eb:4b:7d:22:e4:ee:7c:0d:ae:b5:6b:41:6f:
         ef:64:33:67:d5:57:c8:be:70:30:ab:1a:5c:d7:b2:b8:50:d0:
         1d:b3:93:09:28:bd:fc:e5:dc:15:e8:49:e4:9a:54:c6:f1:50:
         d8:fc:1a:d7:90:16:5b:64:69:ec:77:3c:ce:91:42:86:3a:0e:
         d8:87:4a:ea:68:2c:ef:b6:d1:d8:65:97:f5:88:97:58:b6:6f:
         81:f1:80:6a:07:1c:a0:dd:3b:f4:a5:01:46:4d:27:39:4a:21:
         8d:d9:c1:19
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ7/jDMZY+0i6E9gMa6zXuOVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNjI1MTYxMDM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGU3ODBkZGIyZDFhMjA3YWYxMjM4NzQyYTZiY2U0NjQzM2FlNzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBdbVq0gLdeRMW+1VewUrhxEYLAE
Sr0SgCTIemgaTaVZRHfcAAQQ8thFS0BvcJKkrF7cYbrqDJKHwU6Z0jM2iNETDOSF
Qf1kr3gvBxIkT50NX1TtJJTzT5U742ufDLuvAuZZ/at/P3zi2eiT93nJsGNz/HKa
zQVSpo4y3hp74aA+0IXm+dFULWSwyFYXfqTMxKwRHcsZeZopVqTSq4tURapSMt1C
i8xfsbFWGKbKqqU54LkOgosg7OiRJtEWjDTUz+Q/9Ek6uvKfuN9TxrVABAvxLXEi
lF88C7S/sh9qUaeWOOtq1BA/GPYacHbdUa8Qy9+Kipyrszb6+uhCEmPV5QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFE3ngN2y0aIHrxI4dCprzkZDOucJMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvVGVlQTNiTFJvZ2V2RWpoMEttdk9Sa002NXdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgaYAQIk
AwcEKgaYAQIwMA0GCSqGSIb3DQEBCwUAA4IBAQAqnJwbi03103yVwRhQlrGsAnmp
oiHg/iERqMK8K8R3oWmuorghjOo0RkAzeMil4OmY3XTIPomZWffhBBYnFA/dck5k
+gJ6Z+KYBWOVQh+Xd0VC59H+wOmelAKEBA+Ylw2GWTxxX+9WFFnpJpEm7NQqz1OK
HMvq7n+AmTrW2YwmcLyfyyUFmB6u4k8VFYi1z5e49tf7cetLfSLk7nwNrrVrQW/v
ZDNn1VfIvnAwqxpc17K4UNAds5MJKL385dwV6EnkmlTG8VDY/BrXkBZbZGnsdzzO
kUKGOg7Yh0rqaCzvttHYZZf1iJdYtm+B8YBqBxyg3Tv0pQFGTSc5SiGN2cEZ
-----END CERTIFICATE-----