Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/kta5CBZAcBfrByVhLNhv77A7Nnw.roa
File:                     kta5CBZAcBfrByVhLNhv77A7Nnw.roa (raw, json)
Hash identifier:          iB9/y4roqhfy7yeepaUHwneLE6n6E3LST9D16mF7l0o=
Subject key identifier:   92:D6:B9:08:16:40:70:17:EB:07:25:61:2C:D8:6F:EF:B0:3B:36:7C
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019F042A1D4350539B69668FB2B9780D1257
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/kta5CBZAcBfrByVhLNhv77A7Nnw.roa
Signing time:             Fri 26 Jun 2026 13:41:36 +0000
ROA not before:           Fri 26 Jun 2026 13:41:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219333
IP address blocks:        2a06:9801:274::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 13:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:04:2a:1d:43:50:53:9b:69:66:8f:b2:b9:78:0d:12:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Jun 26 13:41:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=92d6b90816407017eb0725612cd86fefb03b367c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:06:ac:b3:83:9f:1a:8c:e5:fa:1e:1b:ba:62:
                    54:a2:6b:eb:44:d7:70:1b:27:00:bf:ad:3a:00:ed:
                    d1:98:9f:5e:d3:cb:67:0d:3f:4a:a6:58:37:08:91:
                    62:58:d8:43:cb:9d:fb:c0:05:41:b0:66:6c:9c:33:
                    dc:d1:d1:f7:55:32:11:4b:54:32:6b:b3:12:26:27:
                    56:48:ba:63:3d:f7:0d:f1:f9:eb:e6:2e:9f:4b:dd:
                    c5:10:dd:41:7d:d6:5c:9f:7d:d9:59:a4:0c:5f:f3:
                    c6:88:c6:f1:db:c9:5d:44:9b:42:cd:92:55:cf:91:
                    6d:aa:3e:b1:90:bc:3e:f9:7d:fa:d1:e9:d3:7e:1f:
                    de:da:d9:85:95:d0:9e:86:4d:2b:a0:ae:31:a4:29:
                    dd:6d:e9:f2:14:b1:5e:f8:56:99:54:70:c6:8c:2e:
                    69:91:02:6f:cc:64:e2:33:e1:57:ef:b9:f8:7c:d1:
                    a9:c0:a3:fd:05:89:5a:a6:10:c3:8b:ac:87:bb:9c:
                    5f:13:3a:3a:07:87:9b:57:6f:30:d5:fd:36:28:d3:
                    c5:b9:29:ee:5d:90:ec:ac:59:52:bf:43:a0:d4:a4:
                    41:fb:35:50:4e:7a:d2:cc:7a:b8:d8:36:0f:ba:05:
                    9e:c1:21:68:21:a5:0e:0f:77:9d:81:69:5e:20:d3:
                    af:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:D6:B9:08:16:40:70:17:EB:07:25:61:2C:D8:6F:EF:B0:3B:36:7C
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/kta5CBZAcBfrByVhLNhv77A7Nnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:274::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:32:24:49:36:9b:d3:95:55:4f:f2:9e:a9:9f:de:3e:46:b3:
         db:2b:4d:c6:c6:bc:05:4d:c6:86:18:02:d7:f7:e4:47:11:b4:
         68:55:6c:88:ea:a9:49:e3:a0:77:ae:44:c3:fb:6b:aa:a5:72:
         b5:39:49:60:60:9c:bc:a4:7b:e5:ab:0c:bf:99:8a:76:38:0f:
         2d:22:6a:81:8b:65:d8:72:38:ea:9f:61:ee:49:0e:98:cd:5e:
         95:67:06:5a:31:09:1c:90:1a:cb:2c:40:e7:85:ca:4f:be:b6:
         f2:ae:08:8e:cf:0e:f8:30:ce:68:fe:ed:b8:c2:6d:0d:07:4e:
         d9:e1:1c:32:75:54:02:f8:01:c4:08:02:56:50:75:9d:3a:74:
         12:b6:13:b4:5f:7e:f2:41:03:d5:f2:74:7a:86:4a:ba:71:cb:
         ec:c1:c8:f9:3a:a7:4d:cd:3a:c8:8c:ad:9c:18:1a:72:21:b0:
         3a:fd:27:a7:47:46:51:cd:3b:67:59:91:06:f7:58:21:f7:23:
         e2:e4:12:6b:68:1f:b8:bc:6e:a9:d5:74:e7:b0:52:18:5d:cf:
         1f:17:5f:55:54:ad:1b:ea:25:6f:1b:85:09:ca:91:92:b7:d5:
         ef:9b:49:9d:55:74:00:35:a8:af:fc:a4:03:8b:ed:79:d5:12:
         62:e8:86:f4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ8EKh1DUFObaWaPsrl4DRJXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNjI2MTM0MTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmQ2YjkwODE2NDA3MDE3ZWIwNzI1NjEyY2Q4NmZlZmIwM2IzNjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxgass4OfGozl+h4bumJUomvrRNdw
GycAv606AO3RmJ9e08tnDT9Kplg3CJFiWNhDy537wAVBsGZsnDPc0dH3VTIRS1Qy
a7MSJidWSLpjPfcN8fnr5i6fS93FEN1BfdZcn33ZWaQMX/PGiMbx28ldRJtCzZJV
z5Ftqj6xkLw++X360enTfh/e2tmFldCehk0roK4xpCndbenyFLFe+FaZVHDGjC5p
kQJvzGTiM+FX77n4fNGpwKP9BYlaphDDi6yHu5xfEzo6B4ebV28w1f02KNPFuSnu
XZDsrFlSv0Og1KRB+zVQTnrSzHq42DYPugWewSFoIaUOD3edgWleINOvoQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJLWuQgWQHAX6wclYSzYb++wOzZ8MB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEva3RhNUNCWkFjQmZyQnlWaExOaHY3N0E3Tm53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQJ0
MA0GCSqGSIb3DQEBCwUAA4IBAQAKMiRJNpvTlVVP8p6pn94+RrPbK03GxrwFTcaG
GALX9+RHEbRoVWyI6qlJ46B3rkTD+2uqpXK1OUlgYJy8pHvlqwy/mYp2OA8tImqB
i2XYcjjqn2HuSQ6YzV6VZwZaMQkckBrLLEDnhcpPvrbyrgiOzw74MM5o/u24wm0N
B07Z4RwydVQC+AHECAJWUHWdOnQSthO0X37yQQPV8nR6hkq6ccvswcj5OqdNzTrI
jK2cGBpyIbA6/SenR0ZRzTtnWZEG91gh9yPi5BJraB+4vG6p1XTnsFIYXc8fF19V
VK0b6iVvG4UJypGSt9Xvm0mdVXQANaiv/KQDi+151RJi6Ib0
-----END CERTIFICATE-----