Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/gyKL8bGjoMYAJdMuqPLkd5UANrA.roa
File:                     gyKL8bGjoMYAJdMuqPLkd5UANrA.roa (raw, json)
Hash identifier:          YG9SqOy2c8ViHSbY+BF9NvRlMm4Z6WcDNHlnVGPLOzo=
Subject key identifier:   83:22:8B:F1:B1:A3:A0:C6:00:25:D3:2E:A8:F2:E4:77:95:00:36:B0
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019F0318608500851A5B83607E9DF8AA6767
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/gyKL8bGjoMYAJdMuqPLkd5UANrA.roa
Signing time:             Fri 26 Jun 2026 08:42:36 +0000
ROA not before:           Fri 26 Jun 2026 08:42:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219366
IP address blocks:        2a06:9801:7c9::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 13:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:03:18:60:85:00:85:1a:5b:83:60:7e:9d:f8:aa:67:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Jun 26 08:42:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=83228bf1b1a3a0c60025d32ea8f2e477950036b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ff:69:0a:2d:f6:60:8f:50:0c:36:7a:90:a6:
                    cc:64:e9:15:cd:35:78:0f:9f:d3:d4:20:b5:0c:71:
                    72:6b:84:a5:a5:43:aa:ae:fd:ab:5f:9c:dd:27:60:
                    cc:3e:44:b4:eb:e7:33:a5:0f:0a:c2:22:3d:4d:a9:
                    b8:a2:e1:9a:b6:05:e8:70:71:07:b6:a8:58:aa:12:
                    1a:c9:bc:ce:5b:94:3f:fe:9e:5d:db:25:5c:d5:8b:
                    89:c9:59:91:68:8d:29:cf:b2:b7:40:54:35:18:67:
                    98:f3:be:38:8f:db:38:95:91:13:83:7f:4f:21:c0:
                    64:36:a4:81:d1:c7:ab:ce:e4:6d:85:c1:73:77:52:
                    16:90:c0:9e:cb:32:88:ee:70:03:b3:50:62:b0:d6:
                    a2:ac:64:18:f6:92:aa:60:09:b8:82:75:50:2c:60:
                    e0:82:5a:da:8f:d1:6a:c9:6c:ac:02:07:c1:8d:36:
                    bc:74:f2:29:b3:6e:6e:b2:48:3b:e8:f1:39:ac:46:
                    c3:35:b3:9a:ee:67:5e:ba:52:5f:1a:72:cc:f0:cb:
                    8b:cc:bc:e6:a8:6c:0a:67:fa:4b:52:d8:c1:5d:17:
                    3a:19:79:e4:55:4a:43:a5:14:4b:d9:ab:96:9e:a5:
                    8c:19:5d:ca:26:f5:73:84:21:72:67:d3:c7:7a:99:
                    6f:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:22:8B:F1:B1:A3:A0:C6:00:25:D3:2E:A8:F2:E4:77:95:00:36:B0
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/gyKL8bGjoMYAJdMuqPLkd5UANrA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:7c9::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:d3:eb:0f:93:d0:21:71:bc:49:26:3c:79:4f:05:90:0d:57:
         4b:76:ca:83:9f:15:e5:e6:d1:57:68:72:89:a6:7e:9a:1a:4a:
         63:71:80:a3:19:28:d5:b8:e5:ea:a1:74:10:18:ae:8f:c8:ba:
         69:0a:64:61:3d:d6:21:ba:38:19:cc:07:16:aa:05:cf:16:4d:
         96:ad:a1:8c:28:dc:01:56:26:a0:3d:33:16:e2:55:94:0e:d3:
         2d:da:07:f8:1d:0e:12:df:47:d3:cf:8d:cc:be:7e:08:c5:8c:
         58:02:d3:07:a3:16:dd:18:4a:68:b5:89:38:5f:35:61:32:2c:
         68:cd:2e:87:9d:14:a9:49:6f:38:90:fc:77:dd:9a:40:b7:3a:
         41:d9:59:56:5e:ed:ff:0a:02:a9:26:3e:e5:57:d8:8a:b9:c5:
         a5:8d:11:7a:d1:c1:73:97:11:bc:93:3c:3e:ad:64:5b:0c:c2:
         b9:2d:c4:c6:9c:9f:87:60:05:1f:04:d4:b5:56:ca:fe:8f:51:
         c5:f9:a0:ba:e3:bf:49:23:18:9a:93:48:da:22:18:16:af:66:
         ad:e7:52:f6:20:73:d3:5d:24:45:f7:da:9c:19:80:56:e9:56:
         61:4b:16:1b:fa:e4:df:5a:e4:55:53:85:c2:f7:76:bf:b3:50:
         38:51:06:af
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ8DGGCFAIUaW4Ngfp34qmdnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNjI2MDg0MjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzIyOGJmMWIxYTNhMGM2MDAyNWQzMmVhOGYyZTQ3Nzk1MDAzNmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApP9pCi32YI9QDDZ6kKbMZOkVzTV4
D5/T1CC1DHFya4SlpUOqrv2rX5zdJ2DMPkS06+czpQ8KwiI9Tam4ouGatgXocHEH
tqhYqhIaybzOW5Q//p5d2yVc1YuJyVmRaI0pz7K3QFQ1GGeY8744j9s4lZETg39P
IcBkNqSB0cerzuRthcFzd1IWkMCeyzKI7nADs1BisNairGQY9pKqYAm4gnVQLGDg
glraj9FqyWysAgfBjTa8dPIps25uskg76PE5rEbDNbOa7mdeulJfGnLM8MuLzLzm
qGwKZ/pLUtjBXRc6GXnkVUpDpRRL2auWnqWMGV3KJvVzhCFyZ9PHeplvSwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIMii/Gxo6DGACXTLqjy5HeVADawMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvZ3lLTDhiR2pvTVlBSmRNdXFQTGtkNVVBTnJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQfJ
MA0GCSqGSIb3DQEBCwUAA4IBAQAZ0+sPk9AhcbxJJjx5TwWQDVdLdsqDnxXl5tFX
aHKJpn6aGkpjcYCjGSjVuOXqoXQQGK6PyLppCmRhPdYhujgZzAcWqgXPFk2WraGM
KNwBViagPTMW4lWUDtMt2gf4HQ4S30fTz43Mvn4IxYxYAtMHoxbdGEpotYk4XzVh
MixozS6HnRSpSW84kPx33ZpAtzpB2VlWXu3/CgKpJj7lV9iKucWljRF60cFzlxG8
kzw+rWRbDMK5LcTGnJ+HYAUfBNS1Vsr+j1HF+aC6479JIxiak0jaIhgWr2at51L2
IHPTXSRF99qcGYBW6VZhSxYb+uTfWuRVU4XC93a/s1A4UQav
-----END CERTIFICATE-----