Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/xA5ogvRtcN1VuEBw7M8QMluu67c.roa
File:                     xA5ogvRtcN1VuEBw7M8QMluu67c.roa (raw, json)
Hash identifier:          xc0qLrsJ7ClXMg6hq1AUtzcyyJG1uALc69qLowPDe4k=
Subject key identifier:   C4:0E:68:82:F4:6D:70:DD:55:B8:40:70:EC:CF:10:32:5B:AE:EB:B7
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019E2BEDAD1FA9C7B6AB04BE5154FC54439F
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/xA5ogvRtcN1VuEBw7M8QMluu67c.roa
Signing time:             Fri 15 May 2026 13:57:37 +0000
ROA not before:           Fri 15 May 2026 13:57:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197583
IP address blocks:        2a06:9801:c3::/48 maxlen: 48
                          2a06:9801:2e0::/44 maxlen: 48
                          2a06:9801:2f2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2b:ed:ad:1f:a9:c7:b6:ab:04:be:51:54:fc:54:43:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: May 15 13:57:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c40e6882f46d70dd55b84070eccf10325baeebb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:3f:06:02:be:2f:10:cb:0d:cc:b9:27:7f:c6:
                    31:66:a9:5f:49:ed:19:d3:72:d3:c0:ad:a9:35:e7:
                    8b:42:c4:73:cd:d0:af:2e:38:2b:43:ac:4c:0b:68:
                    da:45:d4:e4:f9:31:8b:a6:26:71:5f:99:a3:7a:9e:
                    64:93:55:8d:ba:4d:5b:f1:67:65:af:f5:e0:80:30:
                    9c:d7:d4:f7:ee:b0:9d:d4:c2:c5:cf:3d:84:17:7b:
                    2d:20:f3:0e:58:6d:69:07:88:ea:26:1d:9a:44:74:
                    ff:31:7b:77:1e:6d:7e:f5:97:ab:ad:b8:93:0e:f5:
                    89:37:e8:54:f1:eb:dd:81:09:14:0c:3f:f8:73:37:
                    a1:68:5b:59:1a:97:52:45:d5:96:39:c4:fd:ab:1d:
                    74:5b:13:6c:5b:f3:52:1d:b8:51:e2:5e:79:ab:a4:
                    66:74:3b:5f:73:cd:3e:6f:ff:04:5b:0d:b2:d7:c9:
                    28:63:7a:f5:5a:9c:9e:ad:9d:cd:96:37:6a:62:9e:
                    47:16:eb:ef:e5:8e:e2:b1:72:70:55:37:2f:ca:35:
                    f5:9c:86:42:d8:38:dd:b4:1e:50:a1:85:96:02:6c:
                    22:02:f3:20:80:e0:9f:ab:7b:41:c7:46:da:be:e8:
                    06:fe:a0:18:c6:b0:6f:09:92:e7:09:f3:b8:e1:50:
                    07:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:0E:68:82:F4:6D:70:DD:55:B8:40:70:EC:CF:10:32:5B:AE:EB:B7
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/xA5ogvRtcN1VuEBw7M8QMluu67c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:c3::/48
                  2a06:9801:2e0::/44
                  2a06:9801:2f2::/48

    Signature Algorithm: sha256WithRSAEncryption
         4e:b3:88:52:41:48:96:3d:d7:b6:24:91:bd:d4:90:b2:dd:a4:
         ce:89:44:da:92:88:14:80:4b:31:b4:99:3b:a1:14:a7:c3:8f:
         f2:5e:5e:3e:de:bc:d9:71:cb:44:7e:06:e4:02:d3:a7:65:40:
         f7:50:05:1c:d3:b5:6d:c6:2c:d3:47:9a:c9:ad:fa:25:f1:25:
         bd:d8:83:fa:3e:ac:9c:e5:f3:15:7a:b2:95:a2:95:b6:a2:92:
         9d:d8:98:73:c3:e6:3d:a4:f7:ef:24:fc:9b:53:7c:aa:57:59:
         70:c0:2c:97:c3:e3:79:c4:64:5b:eb:d2:3c:86:1a:c9:73:65:
         c3:1b:d0:0a:c3:e2:63:8d:66:ae:e0:74:31:62:8c:a6:cc:65:
         59:c9:20:cd:f7:23:18:d7:4c:09:ed:26:42:55:cb:24:65:67:
         70:dd:ea:ef:02:d8:8b:23:77:22:1c:a2:0f:39:31:7b:ff:8c:
         44:ae:4a:fd:14:7d:35:0d:f3:3e:5a:8d:44:ee:51:46:65:6b:
         c7:13:88:f2:7e:e8:80:4b:34:20:2b:d0:f3:75:91:ad:f9:8c:
         44:e9:be:68:9d:3a:01:b2:76:92:3f:9a:20:4f:9e:b3:b2:a1:
         70:6b:97:cb:87:96:ac:ce:79:23:99:f8:f7:ab:d6:62:f8:37:
         4d:af:5a:74
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ4r7a0fqce2qwS+UVT8VEOfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNTE1MTM1NzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDBlNjg4MmY0NmQ3MGRkNTViODQwNzBlY2NmMTAzMjViYWVlYmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0j8GAr4vEMsNzLknf8YxZqlfSe0Z
03LTwK2pNeeLQsRzzdCvLjgrQ6xMC2jaRdTk+TGLpiZxX5mjep5kk1WNuk1b8Wdl
r/XggDCc19T37rCd1MLFzz2EF3stIPMOWG1pB4jqJh2aRHT/MXt3Hm1+9ZerrbiT
DvWJN+hU8evdgQkUDD/4czehaFtZGpdSRdWWOcT9qx10WxNsW/NSHbhR4l55q6Rm
dDtfc80+b/8EWw2y18koY3r1WpyerZ3NljdqYp5HFuvv5Y7isXJwVTcvyjX1nIZC
2DjdtB5QoYWWAmwiAvMggOCfq3tBx0bavugG/qAYxrBvCZLnCfO44VAHtQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMQOaIL0bXDdVbhAcOzPEDJbruu3MB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEveEE1b2d2UnRjTjFWdUVCdzdNOFFNbHV1NjdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAKgaYAQDD
AwcEKgaYAQLgAwcAKgaYAQLyMA0GCSqGSIb3DQEBCwUAA4IBAQBOs4hSQUiWPde2
JJG91JCy3aTOiUTakogUgEsxtJk7oRSnw4/yXl4+3rzZcctEfgbkAtOnZUD3UAUc
07VtxizTR5rJrfol8SW92IP6Pqyc5fMVerKVopW2opKd2Jhzw+Y9pPfvJPybU3yq
V1lwwCyXw+N5xGRb69I8hhrJc2XDG9AKw+JjjWau4HQxYoymzGVZySDN9yMY10wJ
7SZCVcskZWdw3ervAtiLI3ciHKIPOTF7/4xErkr9FH01DfM+Wo1E7lFGZWvHE4jy
fuiASzQgK9DzdZGt+YxE6b5onToBsnaSP5ogT56zsqFwa5fLh5asznkjmfj3q9Zi
+DdNr1p0
-----END CERTIFICATE-----