Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/r7lgL1RmoOQFYRpVNKz5ytoQZto.roa
File:                     r7lgL1RmoOQFYRpVNKz5ytoQZto.roa (raw, json)
Hash identifier:          iIwDj8Vy+TtOrlpivFNbonV0vYztYmcP8Azx7KMqAmY=
Subject key identifier:   AF:B9:60:2F:54:66:A0:E4:05:61:1A:55:34:AC:F9:CA:DA:10:66:DA
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019E465999062A29CB5AC074EB432C302674
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/r7lgL1RmoOQFYRpVNKz5ytoQZto.roa
Signing time:             Wed 20 May 2026 17:05:37 +0000
ROA not before:           Wed 20 May 2026 17:05:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204916
IP address blocks:        2a12:644::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 03:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:46:59:99:06:2a:29:cb:5a:c0:74:eb:43:2c:30:26:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: May 20 17:05:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=afb9602f5466a0e405611a5534acf9cada1066da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:eb:6b:a6:81:9c:92:ff:f1:0d:35:9b:96:41:
                    d2:b0:81:32:34:96:2a:33:47:08:6f:2f:f1:80:6c:
                    1a:9b:69:63:c7:8b:e8:08:b9:dc:f0:be:80:85:5e:
                    33:d9:0f:11:1d:41:ef:36:cf:76:17:b9:b3:16:55:
                    88:47:95:44:57:51:b2:04:55:d2:8e:e3:89:9c:8a:
                    6d:a6:42:53:54:a9:70:d5:f9:ab:60:c2:12:1b:f0:
                    22:ea:e4:d5:82:2a:08:f4:66:cf:b6:e8:af:38:6e:
                    a6:17:f7:18:1f:61:7f:07:78:45:fb:71:bd:b5:03:
                    fd:45:f6:1f:39:9e:57:6c:38:50:46:91:16:79:23:
                    f8:23:4c:01:15:79:2d:61:6a:16:55:39:75:cc:ee:
                    51:ba:85:c4:07:9c:c4:42:4f:46:19:c0:75:57:aa:
                    e2:a5:8b:b7:4a:16:1c:7d:fe:f4:7c:f4:85:71:f2:
                    65:be:b9:8c:83:a4:2f:c6:9e:4d:ba:8b:d5:14:3b:
                    33:38:f8:76:7a:1a:c3:c0:91:98:b0:2e:e3:84:a2:
                    85:78:d1:72:5b:ed:77:da:48:85:ad:e7:a3:57:4c:
                    07:02:28:6b:91:56:3d:7c:96:22:bd:42:a2:66:11:
                    86:01:d9:f8:24:e8:3b:f1:94:1a:12:47:72:a4:33:
                    c6:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:B9:60:2F:54:66:A0:E4:05:61:1A:55:34:AC:F9:CA:DA:10:66:DA
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/r7lgL1RmoOQFYRpVNKz5ytoQZto.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:644::/32

    Signature Algorithm: sha256WithRSAEncryption
         45:5c:d8:69:bb:a9:86:f4:9c:05:13:dc:c0:f8:f6:80:03:96:
         98:14:23:5e:8f:73:a8:9f:f2:f3:24:83:82:17:2c:e5:9b:44:
         9a:75:9e:57:34:ab:ff:39:b9:e8:9f:5a:0f:ab:71:89:44:f0:
         2b:10:01:84:e3:a6:3a:e4:d6:63:13:47:97:0d:e7:dd:00:f3:
         2d:7e:44:57:c9:e6:7c:b5:0d:f2:c0:91:04:03:0e:b8:6a:6e:
         fe:1d:d4:a3:5f:04:13:f6:c9:9e:58:d8:f5:d8:e2:e2:8e:35:
         a6:55:35:d1:e0:a1:4b:8e:1f:44:e7:50:61:ff:d7:29:6c:d6:
         92:36:21:f8:fd:7d:9f:cc:8a:b8:ff:8a:df:28:4c:a7:1e:50:
         81:c9:18:a0:86:63:b4:35:45:f6:09:c3:1f:6b:28:92:00:03:
         ac:a9:3a:ae:75:5d:38:c9:e7:f2:21:eb:0b:a5:ce:1b:96:ae:
         63:2f:b2:3b:f5:4c:d0:fc:1e:54:18:ea:01:94:ea:94:e6:4f:
         5f:fd:36:92:1d:44:36:84:d8:7e:db:7e:a2:e5:60:11:28:35:
         ee:3c:a0:bb:bf:db:2a:6d:33:97:8b:84:1c:45:aa:71:c1:e2:
         7a:50:bb:b4:1b:bf:3a:07:f1:23:06:bd:f7:94:b4:64:bf:21:
         34:0a:a8:e1
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ5GWZkGKinLWsB060MsMCZ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjYwNTIwMTcwNTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmI5NjAyZjU0NjZhMGU0MDU2MTFhNTUzNGFjZjljYWRhMTA2NmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtutrpoGckv/xDTWblkHSsIEyNJYq
M0cIby/xgGwam2ljx4voCLnc8L6AhV4z2Q8RHUHvNs92F7mzFlWIR5VEV1GyBFXS
juOJnIptpkJTVKlw1fmrYMISG/Ai6uTVgioI9GbPtuivOG6mF/cYH2F/B3hF+3G9
tQP9RfYfOZ5XbDhQRpEWeSP4I0wBFXktYWoWVTl1zO5RuoXEB5zEQk9GGcB1V6ri
pYu3ShYcff70fPSFcfJlvrmMg6Qvxp5NuovVFDszOPh2ehrDwJGYsC7jhKKFeNFy
W+132kiFreejV0wHAihrkVY9fJYivUKiZhGGAdn4JOg78ZQaEkdypDPGGQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFK+5YC9UZqDkBWEaVTSs+craEGbaMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvcjdsZ0wxUm1vT1FGWVJwVk5LejV5dG9RWnRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhIGRDAN
BgkqhkiG9w0BAQsFAAOCAQEARVzYabuphvScBRPcwPj2gAOWmBQjXo9zqJ/y8ySD
ghcs5ZtEmnWeVzSr/zm56J9aD6txiUTwKxABhOOmOuTWYxNHlw3n3QDzLX5EV8nm
fLUN8sCRBAMOuGpu/h3Uo18EE/bJnljY9dji4o41plU10eChS44fROdQYf/XKWzW
kjYh+P19n8yKuP+K3yhMpx5QgckYoIZjtDVF9gnDH2sokgADrKk6rnVdOMnn8iHr
C6XOG5auYy+yO/VM0PweVBjqAZTqlOZPX/02kh1ENoTYftt+ouVgESg17jygu7/b
Km0zl4uEHEWqccHielC7tBu/OgfxIwa995S0ZL8hNAqo4Q==
-----END CERTIFICATE-----