Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/su2ISB7bkAkSpwKquOrycp0fbe4.roa
File:                     su2ISB7bkAkSpwKquOrycp0fbe4.roa (raw, json)
Hash identifier:          3TspUxNX6KLz9bofR3nTsVV1uKk+4rG83iTFAIc75Aw=
Subject key identifier:   B2:ED:88:48:1E:DB:90:09:12:A7:02:AA:B8:EA:F2:72:9D:1F:6D:EE
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019CAE82B325BA3C609D252A016E2F69B443
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/su2ISB7bkAkSpwKquOrycp0fbe4.roa
Signing time:             Mon 02 Mar 2026 12:25:27 +0000
ROA not before:           Mon 02 Mar 2026 12:25:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201667
IP address blocks:        2a06:9801:1e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 12 Mar 2026 05:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ae:82:b3:25:ba:3c:60:9d:25:2a:01:6e:2f:69:b4:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Mar  2 12:25:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b2ed88481edb900912a702aab8eaf2729d1f6dee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b5:67:02:97:d6:6c:7e:0f:59:a5:5d:9e:ec:
                    4c:98:a8:ba:5d:42:f1:9b:36:68:a0:3c:76:38:b0:
                    9c:a9:fc:c8:bb:49:c5:ec:dd:d4:29:d3:a8:b4:1c:
                    54:66:21:50:37:ba:33:b7:f8:87:a6:5b:32:e3:3e:
                    88:e7:d1:83:34:16:89:c1:d0:5c:4d:e2:9e:d5:1a:
                    82:61:9f:43:8a:ba:ab:19:32:a3:42:43:8b:f5:57:
                    64:5c:c2:33:82:b2:db:ba:0d:23:6a:4f:13:4d:ad:
                    e0:ff:9c:e9:18:35:f5:bc:34:0d:db:fe:3b:84:55:
                    31:36:12:04:20:bf:0d:a7:09:6d:69:72:45:f8:02:
                    4a:71:f5:56:38:8c:75:b7:1b:6f:6d:8f:c1:61:2d:
                    3d:fa:4f:a3:95:15:4d:28:3d:65:df:70:21:bf:78:
                    94:95:44:8f:3e:fe:be:d3:3b:de:39:93:cc:ff:5f:
                    ca:b3:9b:cb:5c:b3:46:46:fb:1c:d3:dc:58:c8:0e:
                    2d:1d:e7:78:77:14:62:3f:e1:bb:1e:18:ae:03:43:
                    78:57:a8:80:9c:42:74:63:88:c9:c8:b9:5b:47:5c:
                    c1:0c:ce:4b:14:a9:40:fc:80:e8:77:5f:a7:41:bc:
                    89:b7:4c:38:04:00:bc:89:27:4a:45:6b:17:8e:a8:
                    99:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:ED:88:48:1E:DB:90:09:12:A7:02:AA:B8:EA:F2:72:9D:1F:6D:EE
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/su2ISB7bkAkSpwKquOrycp0fbe4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:1e::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:36:6c:3d:c5:38:60:cb:2d:30:44:e1:f2:d3:eb:89:ae:12:
         86:3d:eb:c4:da:5e:5a:5b:fc:2d:66:5c:5d:7d:b6:97:47:38:
         b1:1b:1e:5b:fa:db:47:f1:83:64:8b:4b:06:d5:51:85:e6:11:
         d2:1f:2f:6a:23:14:a3:12:21:e7:99:ba:05:de:91:40:29:91:
         90:14:17:0c:8c:63:d0:47:b1:43:ce:79:45:2a:a6:6a:e5:62:
         f5:46:74:fb:bf:1f:55:b6:a4:d4:8b:19:de:08:d5:fe:26:74:
         28:55:2b:65:9d:83:a3:1b:93:2f:ca:97:d3:56:c1:58:59:4a:
         fc:c2:b6:f8:3d:b9:9e:ab:44:14:ba:98:d1:cf:2f:cf:3f:90:
         69:5a:11:6a:1e:5c:d2:c7:b7:ab:e3:81:c5:f5:92:35:fe:5a:
         d1:95:88:94:4f:a2:91:8a:85:10:e0:31:40:ca:5d:2e:e9:a1:
         a2:33:8c:48:ca:ec:ae:25:a5:01:15:5b:0f:50:5b:64:49:e0:
         74:84:89:d5:04:a7:f8:cf:d4:da:3a:46:fe:57:c8:60:8e:70:
         e7:d1:e7:d9:00:24:c8:6e:cb:85:da:a8:fa:c6:74:c7:1d:0a:
         78:f0:fd:3b:3c:c9:cf:b6:00:2b:9d:ea:ed:c3:af:6a:32:16:
         e9:fa:0d:b0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZyugrMlujxgnSUqAW4vabRDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwMzAyMTIyNTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmVkODg0ODFlZGI5MDA5MTJhNzAyYWFiOGVhZjI3MjlkMWY2ZGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbVnApfWbH4PWaVdnuxMmKi6XULx
mzZooDx2OLCcqfzIu0nF7N3UKdOotBxUZiFQN7ozt/iHplsy4z6I59GDNBaJwdBc
TeKe1RqCYZ9DirqrGTKjQkOL9VdkXMIzgrLbug0jak8TTa3g/5zpGDX1vDQN2/47
hFUxNhIEIL8NpwltaXJF+AJKcfVWOIx1txtvbY/BYS09+k+jlRVNKD1l33Ahv3iU
lUSPPv6+0zveOZPM/1/Ks5vLXLNGRvsc09xYyA4tHed4dxRiP+G7HhiuA0N4V6iA
nEJ0Y4jJyLlbR1zBDM5LFKlA/IDod1+nQbyJt0w4BAC8iSdKRWsXjqiZYwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLLtiEge25AJEqcCqrjq8nKdH23uMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvc3UySVNCN2JrQWtTcHdLcXVPcnljcDBmYmU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQAe
MA0GCSqGSIb3DQEBCwUAA4IBAQBwNmw9xThgyy0wROHy0+uJrhKGPevE2l5aW/wt
ZlxdfbaXRzixGx5b+ttH8YNki0sG1VGF5hHSHy9qIxSjEiHnmboF3pFAKZGQFBcM
jGPQR7FDznlFKqZq5WL1RnT7vx9VtqTUixneCNX+JnQoVStlnYOjG5MvypfTVsFY
WUr8wrb4Pbmeq0QUupjRzy/PP5BpWhFqHlzSx7er44HF9ZI1/lrRlYiUT6KRioUQ
4DFAyl0u6aGiM4xIyuyuJaUBFVsPUFtkSeB0hInVBKf4z9TaOkb+V8hgjnDn0efZ
ACTIbsuF2qj6xnTHHQp48P07PMnPtgArnertw69qMhbp+g2w
-----END CERTIFICATE-----