Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/f67aa8-51c2-43b2-b022-6d560debf7b3/1/c9IInvQk6Ef3iUurC3mp63iWhf4.roa
File:                     c9IInvQk6Ef3iUurC3mp63iWhf4.roa (raw, json)
Hash identifier:          Kxgd3maEpRM+hvTBv0YQRf2Y5UIYYS6c6rTCshhu2vs=
Subject key identifier:   73:D2:08:9E:F4:24:E8:47:F7:89:4B:AB:0B:79:A9:EB:78:96:85:FE
Certificate issuer:       /CN=d8012faf98275ae4f3f8d87f084ee4ff8420c485
Certificate serial:       019E6053F9A7C4770FD883A6FBC9E59A5860
Authority key identifier: D8:01:2F:AF:98:27:5A:E4:F3:F8:D8:7F:08:4E:E4:FF:84:20:C4:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2AEvr5gnWuTz-Nh_CE7k_4QgxIU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/f67aa8-51c2-43b2-b022-6d560debf7b3/1/c9IInvQk6Ef3iUurC3mp63iWhf4.roa
Signing time:             Mon 25 May 2026 18:09:36 +0000
ROA not before:           Mon 25 May 2026 18:09:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216215
IP address blocks:        2a01:f4c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/f67aa8-51c2-43b2-b022-6d560debf7b3/1/2AEvr5gnWuTz-Nh_CE7k_4QgxIU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/f67aa8-51c2-43b2-b022-6d560debf7b3/1/2AEvr5gnWuTz-Nh_CE7k_4QgxIU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2AEvr5gnWuTz-Nh_CE7k_4QgxIU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 03:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:60:53:f9:a7:c4:77:0f:d8:83:a6:fb:c9:e5:9a:58:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8012faf98275ae4f3f8d87f084ee4ff8420c485
        Validity
            Not Before: May 25 18:09:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=73d2089ef424e847f7894bab0b79a9eb789685fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:79:6f:9c:9c:08:b4:4b:d5:94:93:8d:4f:2b:
                    e7:0d:8b:2f:c3:ad:73:1c:2b:64:51:e3:42:c9:eb:
                    48:8a:b3:a8:2e:79:ca:5b:82:e0:6a:fc:44:b2:83:
                    f9:fd:2b:99:11:85:0a:36:bd:fa:f1:bb:6a:23:c5:
                    38:ec:72:7f:97:5e:b5:c1:da:d7:cb:7a:6b:eb:0a:
                    75:91:45:73:0f:40:b1:93:5f:d7:43:c5:78:ea:0c:
                    fa:0d:51:20:e7:c9:ec:7b:30:b8:2a:29:72:97:1c:
                    9c:27:5d:28:aa:2a:f4:13:d2:18:1f:54:d1:d5:fa:
                    ca:7c:37:fb:23:3c:4e:1a:33:54:e8:04:0b:af:73:
                    4f:c6:07:92:9f:c2:6a:82:66:ac:44:a6:c2:63:de:
                    f2:0d:c3:45:72:8b:81:4a:d3:51:2b:dc:2d:71:1a:
                    39:11:f0:94:40:54:fd:23:48:d9:e1:1d:da:05:06:
                    38:65:d7:f6:27:4e:35:88:02:56:cb:e3:b5:d7:ba:
                    2e:f9:65:c8:6a:33:2f:af:24:c7:b6:59:7b:14:ee:
                    c7:99:1e:88:19:18:cf:32:33:80:7a:43:98:e2:19:
                    2c:a2:17:a5:1d:30:63:52:9d:37:2e:ae:ed:4f:5e:
                    60:3f:de:b5:51:ca:e8:44:1e:bf:0c:ff:35:6e:66:
                    30:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:D2:08:9E:F4:24:E8:47:F7:89:4B:AB:0B:79:A9:EB:78:96:85:FE
            X509v3 Authority Key Identifier:
                keyid:D8:01:2F:AF:98:27:5A:E4:F3:F8:D8:7F:08:4E:E4:FF:84:20:C4:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2AEvr5gnWuTz-Nh_CE7k_4QgxIU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/f67aa8-51c2-43b2-b022-6d560debf7b3/1/c9IInvQk6Ef3iUurC3mp63iWhf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/f67aa8-51c2-43b2-b022-6d560debf7b3/1/2AEvr5gnWuTz-Nh_CE7k_4QgxIU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f4c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         af:ea:f8:6c:da:fd:83:a4:67:86:54:24:92:3a:00:d4:c4:db:
         bd:ad:2e:d7:03:94:05:0f:af:8b:f2:51:23:8a:3b:52:c1:dc:
         36:f7:fd:f2:6b:87:b2:5f:78:09:97:ac:03:61:f3:2f:42:c7:
         e2:5a:a8:4c:d4:e6:71:7e:63:c8:ef:05:61:ac:6b:8e:02:6b:
         68:e1:a3:aa:c6:53:09:1b:4a:d6:b6:07:ed:e8:88:4d:d6:75:
         de:c4:99:36:92:b9:ce:b8:3e:b5:49:a4:fc:2f:c7:34:2a:a4:
         9c:9a:a2:f1:8f:7c:0e:a3:51:c9:52:8c:cb:19:e3:cc:64:67:
         92:5b:a6:fc:c1:e7:8b:59:46:4b:61:90:b0:ba:d1:fe:57:45:
         2f:3a:bb:eb:79:e6:07:48:e5:f9:77:91:d7:23:94:e8:e1:7a:
         0a:ed:9e:c9:e1:88:de:f1:4c:54:59:8f:9a:b7:f5:23:14:0c:
         23:1a:a4:fc:f0:29:22:59:5a:ec:04:5d:54:57:5b:54:20:02:
         bc:53:c9:eb:8d:96:a9:4f:33:41:fb:67:64:41:4b:8c:3a:9f:
         a2:83:a1:69:c4:ed:b6:5f:6d:f9:3e:cf:31:6f:59:a9:35:93:
         08:c4:a4:73:a5:00:e1:84:d7:4e:4e:8b:d5:4e:01:f9:fc:ef:
         8d:16:38:f0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ5gU/mnxHcP2IOm+8nlmlhgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4MDEyZmFmOTgyNzVhZTRmM2Y4ZDg3ZjA4NGVlNGZmODQy
MGM0ODUwHhcNMjYwNTI1MTgwOTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2QyMDg5ZWY0MjRlODQ3Zjc4OTRiYWIwYjc5YTllYjc4OTY4NWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmXlvnJwItEvVlJONTyvnDYsvw61z
HCtkUeNCyetIirOoLnnKW4LgavxEsoP5/SuZEYUKNr368btqI8U47HJ/l161wdrX
y3pr6wp1kUVzD0Cxk1/XQ8V46gz6DVEg58nsezC4KilylxycJ10oqir0E9IYH1TR
1frKfDf7IzxOGjNU6AQLr3NPxgeSn8JqgmasRKbCY97yDcNFcouBStNRK9wtcRo5
EfCUQFT9I0jZ4R3aBQY4Zdf2J041iAJWy+O117ou+WXIajMvryTHtll7FO7HmR6I
GRjPMjOAekOY4hksohelHTBjUp03Lq7tT15gP961UcroRB6/DP81bmYwAwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHPSCJ70JOhH94lLqwt5qet4loX+MB8GA1UdIwQY
MBaAFNgBL6+YJ1rk8/jYfwhO5P+EIMSFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkFFdnI1Z25XdVR6LU5oX0NFN2tfNFFneElVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9mNjdhYTgtNTFjMi00M2IyLWIwMjIt
NmQ1NjBkZWJmN2IzLzEvYzlJSW52UWs2RWYzaVV1ckMzbXA2M2lXaGY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9mNjdhYTgtNTFjMi00M2IyLWIwMjItNmQ1NjBkZWJmN2Iz
LzEvMkFFdnI1Z25XdVR6LU5oX0NFN2tfNFFneElVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgH0wDAN
BgkqhkiG9w0BAQsFAAOCAQEAr+r4bNr9g6RnhlQkkjoA1MTbva0u1wOUBQ+vi/JR
I4o7UsHcNvf98muHsl94CZesA2HzL0LH4lqoTNTmcX5jyO8FYaxrjgJraOGjqsZT
CRtK1rYH7eiITdZ13sSZNpK5zrg+tUmk/C/HNCqknJqi8Y98DqNRyVKMyxnjzGRn
klum/MHni1lGS2GQsLrR/ldFLzq763nmB0jl+XeR1yOU6OF6Cu2eyeGI3vFMVFmP
mrf1IxQMIxqk/PApIlla7ARdVFdbVCACvFPJ642WqU8zQftnZEFLjDqfooOhacTt
tl9t+T7PMW9ZqTWTCMSkc6UA4YTXTk6L1U4B+fzvjRY48A==
-----END CERTIFICATE-----