Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/1YgIBhDuLWN1YFBHhoIDr9ib3jw.roa
File:                     1YgIBhDuLWN1YFBHhoIDr9ib3jw.roa (raw, json)
Hash identifier:          myOdoVKp60DUMrkpXBHUSUv+7MyTFBz5tytNPBvkx4Y=
Subject key identifier:   D5:88:08:06:10:EE:2D:63:75:60:50:47:86:82:03:AF:D8:9B:DE:3C
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019CDD6DE1583CDB115CF8739BFE97C5D258
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/1YgIBhDuLWN1YFBHhoIDr9ib3jw.roa
Signing time:             Wed 11 Mar 2026 15:04:51 +0000
ROA not before:           Wed 11 Mar 2026 15:04:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12389
IP address blocks:        2a0d:e247::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:dd:6d:e1:58:3c:db:11:5c:f8:73:9b:fe:97:c5:d2:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Mar 11 15:04:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d588080610ee2d6375605047868203afd89bde3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:6a:28:82:a4:15:ca:a2:d1:e5:fb:4a:33:26:
                    01:17:ff:2d:b7:06:7f:04:6c:6e:c2:cf:3c:3f:6e:
                    41:72:04:ad:53:2a:a8:62:f6:02:0c:0e:c2:bf:78:
                    1e:4a:5e:b3:85:c2:e5:b1:17:e7:d8:cf:15:72:cd:
                    c9:cf:7c:e3:71:b3:5c:a9:45:8a:18:90:56:18:9d:
                    30:5e:b2:ee:de:f1:a4:aa:78:4f:e6:84:4e:61:ba:
                    b1:ab:b6:cd:54:1f:1b:5e:81:d0:bc:55:a4:82:e5:
                    fd:bd:10:d1:4b:b5:2f:71:92:19:e6:e5:56:72:12:
                    e4:31:19:bf:a4:f3:fe:68:5c:ec:50:e6:c8:4a:ba:
                    d6:45:05:06:69:f6:8a:2e:d9:44:fd:d2:54:e7:d5:
                    a8:8c:2a:6c:f9:a9:f2:39:ba:01:c7:2c:e3:22:25:
                    32:41:69:33:59:43:b2:06:7c:3c:bb:7e:d7:e4:f7:
                    ef:83:e6:90:d9:15:f6:95:2a:18:17:57:7a:c5:92:
                    b6:46:bb:f4:78:77:0f:dd:48:32:e1:ac:4b:02:58:
                    d4:69:b6:0b:06:65:d5:88:88:31:d8:46:db:9c:5e:
                    6d:77:9b:15:d9:7a:1a:fa:7d:16:b7:0c:2e:c8:ea:
                    ba:df:40:bb:10:51:a8:27:ca:56:6d:95:63:bc:0e:
                    d9:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:88:08:06:10:EE:2D:63:75:60:50:47:86:82:03:AF:D8:9B:DE:3C
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/1YgIBhDuLWN1YFBHhoIDr9ib3jw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:e247::/32

    Signature Algorithm: sha256WithRSAEncryption
         36:83:cf:0b:1d:a1:61:97:6d:df:3e:d8:d8:a8:fb:98:55:c9:
         2e:75:d9:b9:dd:56:21:2f:84:78:b5:17:75:f2:3a:22:13:12:
         05:db:4d:3d:72:6e:d1:63:fb:06:be:9b:ce:f8:d4:ff:d0:4d:
         83:58:f0:58:76:07:9c:49:a1:a9:ff:66:08:83:44:95:aa:2e:
         e4:d0:e2:71:8a:ff:ac:b2:fa:ed:2f:32:48:67:44:95:59:a6:
         92:db:73:b0:7d:e2:29:19:8b:ce:6c:8a:3f:95:a4:ef:c1:c4:
         78:bd:61:c3:e6:e2:03:3b:87:d2:d3:e2:d9:09:ed:73:ce:4e:
         d8:a1:dd:2f:b1:60:a8:cc:70:c3:9a:d3:55:fc:50:3f:94:9f:
         45:83:84:90:9e:2b:49:00:97:2f:7a:a7:e4:06:72:eb:62:16:
         d0:3c:af:f9:6e:97:a4:07:90:da:d1:9f:70:b5:46:5c:89:e4:
         69:ce:2d:98:88:b1:55:61:3b:93:30:d1:e7:aa:fe:03:fe:54:
         4e:d7:3f:7b:fc:5b:89:e1:b5:73:8d:c0:72:12:68:0c:78:4c:
         9c:17:46:ba:f4:71:1d:af:ed:38:c7:fe:38:71:8f:99:2f:37:
         4f:31:52:1e:a4:63:cd:4d:5d:83:7a:b7:1e:15:61:45:b8:cf:
         9f:78:bd:8b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZzdbeFYPNsRXPhzm/6XxdJYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjYwMzExMTUwNDUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTg4MDgwNjEwZWUyZDYzNzU2MDUwNDc4NjgyMDNhZmQ4OWJkZTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk2oogqQVyqLR5ftKMyYBF/8ttwZ/
BGxuws88P25BcgStUyqoYvYCDA7Cv3geSl6zhcLlsRfn2M8Vcs3Jz3zjcbNcqUWK
GJBWGJ0wXrLu3vGkqnhP5oROYbqxq7bNVB8bXoHQvFWkguX9vRDRS7UvcZIZ5uVW
chLkMRm/pPP+aFzsUObISrrWRQUGafaKLtlE/dJU59WojCps+anyOboBxyzjIiUy
QWkzWUOyBnw8u37X5Pfvg+aQ2RX2lSoYF1d6xZK2Rrv0eHcP3Ugy4axLAljUabYL
BmXViIgx2EbbnF5td5sV2Xoa+n0WtwwuyOq630C7EFGoJ8pWbZVjvA7ZNQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNWICAYQ7i1jdWBQR4aCA6/Ym948MB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvMVlnSUJoRHVMV04xWUZCSGhvSURyOWliM2p3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg3iRzAN
BgkqhkiG9w0BAQsFAAOCAQEANoPPCx2hYZdt3z7Y2Kj7mFXJLnXZud1WIS+EeLUX
dfI6IhMSBdtNPXJu0WP7Br6bzvjU/9BNg1jwWHYHnEmhqf9mCINElaou5NDicYr/
rLL67S8ySGdElVmmkttzsH3iKRmLzmyKP5Wk78HEeL1hw+biAzuH0tPi2Qntc85O
2KHdL7FgqMxww5rTVfxQP5SfRYOEkJ4rSQCXL3qn5AZy62IW0Dyv+W6XpAeQ2tGf
cLVGXInkac4tmIixVWE7kzDR56r+A/5UTtc/e/xbieG1c43AchJoDHhMnBdGuvRx
Ha/tOMf+OHGPmS83TzFSHqRjzU1dg3q3HhVhRbjPn3i9iw==
-----END CERTIFICATE-----