Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/aqCBlm0fCLBELza1cR_UnqXqgW0.roa
File:                     aqCBlm0fCLBELza1cR_UnqXqgW0.roa (raw, json)
Hash identifier:          2UNZL9LPfKazBGlWhCUBnrV87BKddzE2cndwb2eHDDA=
Subject key identifier:   6A:A0:81:96:6D:1F:08:B0:44:2F:36:B5:71:1F:D4:9E:A5:EA:81:6D
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019DADABBE8454AD721BC959131BB7C7489A
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/aqCBlm0fCLBELza1cR_UnqXqgW0.roa
Signing time:             Tue 21 Apr 2026 01:33:26 +0000
ROA not before:           Tue 21 Apr 2026 01:33:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198802
IP address blocks:        2a06:9801:27c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ad:ab:be:84:54:ad:72:1b:c9:59:13:1b:b7:c7:48:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Apr 21 01:33:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6aa081966d1f08b0442f36b5711fd49ea5ea816d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:09:5b:9d:ff:e7:b0:b7:15:75:e2:b9:3a:cc:
                    88:ab:e7:a2:8f:2b:d8:c8:1a:f9:2a:bf:28:ab:b0:
                    bc:7c:43:74:1b:47:6a:0e:40:1e:23:51:d2:25:43:
                    14:7e:9d:b5:8e:7a:d2:fc:1e:bc:82:78:ba:f1:26:
                    98:b0:45:cc:d3:1c:2a:4e:cb:a2:d5:6d:b9:92:f8:
                    80:35:41:58:72:97:f4:b4:64:1c:06:6f:40:06:2a:
                    c8:88:0f:f6:da:48:9d:2e:5b:7b:da:5f:d2:ed:9d:
                    2f:89:28:83:aa:50:96:fb:5b:31:9f:97:3a:12:60:
                    08:bb:5e:a6:45:da:ea:0a:95:5e:d5:0b:bd:8a:4e:
                    a2:00:53:54:f5:48:95:e2:99:18:35:3d:7b:bf:89:
                    2b:0f:82:5c:c2:6a:cf:98:83:a2:fc:ee:53:9b:c2:
                    40:d8:87:10:57:63:e5:5c:dd:1d:73:ea:ff:33:3e:
                    6d:b9:32:25:f3:ed:53:b4:f2:b9:58:7b:cb:a2:26:
                    34:76:cf:62:4d:46:03:68:b5:f4:fb:1c:a9:b0:4a:
                    bc:5a:d1:11:77:13:f0:b8:a2:c6:57:57:e7:e1:a4:
                    fb:1d:80:67:a3:0f:b7:e9:4c:16:5f:44:03:5b:51:
                    9d:00:68:0c:1c:20:af:e0:0f:2c:cf:ab:d2:10:25:
                    f8:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:A0:81:96:6D:1F:08:B0:44:2F:36:B5:71:1F:D4:9E:A5:EA:81:6D
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/aqCBlm0fCLBELza1cR_UnqXqgW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:27c::/48

    Signature Algorithm: sha256WithRSAEncryption
         95:f6:e9:f5:15:4d:da:16:1f:4d:44:da:fe:72:00:9c:60:b4:
         39:42:ca:17:da:f2:24:6c:fa:f1:9b:2d:28:2f:28:c9:9a:7d:
         40:17:b8:c0:29:98:eb:d1:96:16:7e:fc:1d:ca:8c:d5:a4:87:
         07:28:5f:8e:7b:08:74:58:06:25:88:c7:2e:3f:0c:43:4d:4a:
         52:87:d1:3f:bb:a2:d9:6e:b8:0f:14:22:8a:ce:79:6d:49:46:
         c6:98:f2:b3:07:6a:61:e6:65:16:92:c6:94:04:2c:da:65:fe:
         bc:ee:95:4e:d1:2e:2b:3d:92:ef:85:11:2a:fe:e6:3f:bb:5b:
         21:3e:5e:cc:29:17:fa:29:5f:06:08:3e:86:06:cc:df:a6:d5:
         d6:0d:06:98:1c:5f:c5:05:1a:08:dc:90:3f:01:80:a8:bb:0a:
         b7:54:d3:b8:2f:c1:11:97:84:3f:7d:19:a7:51:0b:4f:b2:45:
         03:00:c7:8c:68:b6:26:7d:c4:f7:22:43:12:a3:40:68:dc:e8:
         73:99:55:48:1d:47:86:5c:7f:b1:36:33:f6:37:17:ae:bd:3b:
         c2:ba:f2:24:87:c1:e4:b2:e9:c2:4b:ab:0d:29:a6:27:17:61:
         7a:fa:cb:32:17:f1:90:a9:71:06:d2:55:bc:86:76:7b:b4:af:
         4f:4a:98:19
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ2tq76EVK1yG8lZExu3x0iaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNDIxMDEzMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWEwODE5NjZkMWYwOGIwNDQyZjM2YjU3MTFmZDQ5ZWE1ZWE4MTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQlbnf/nsLcVdeK5OsyIq+eijyvY
yBr5Kr8oq7C8fEN0G0dqDkAeI1HSJUMUfp21jnrS/B68gni68SaYsEXM0xwqTsui
1W25kviANUFYcpf0tGQcBm9ABirIiA/22kidLlt72l/S7Z0viSiDqlCW+1sxn5c6
EmAIu16mRdrqCpVe1Qu9ik6iAFNU9UiV4pkYNT17v4krD4JcwmrPmIOi/O5Tm8JA
2IcQV2PlXN0dc+r/Mz5tuTIl8+1TtPK5WHvLoiY0ds9iTUYDaLX0+xypsEq8WtER
dxPwuKLGV1fn4aT7HYBnow+36UwWX0QDW1GdAGgMHCCv4A8sz6vSECX4ZQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGqggZZtHwiwRC82tXEf1J6l6oFtMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvYXFDQmxtMGZDTEJFTHphMWNSX1VucVhxZ1cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQJ8
MA0GCSqGSIb3DQEBCwUAA4IBAQCV9un1FU3aFh9NRNr+cgCcYLQ5QsoX2vIkbPrx
my0oLyjJmn1AF7jAKZjr0ZYWfvwdyozVpIcHKF+Oewh0WAYliMcuPwxDTUpSh9E/
u6LZbrgPFCKKznltSUbGmPKzB2ph5mUWksaUBCzaZf687pVO0S4rPZLvhREq/uY/
u1shPl7MKRf6KV8GCD6GBszfptXWDQaYHF/FBRoI3JA/AYCouwq3VNO4L8ERl4Q/
fRmnUQtPskUDAMeMaLYmfcT3IkMSo0Bo3OhzmVVIHUeGXH+xNjP2NxeuvTvCuvIk
h8HksunCS6sNKaYnF2F6+ssyF/GQqXEG0lW8hnZ7tK9PSpgZ
-----END CERTIFICATE-----