Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/55ad21-42b5-470c-a583-ad6883e0c302/1/Ui1uE0sHytyZbyDmszprdZdlwyE.roa
File:                     Ui1uE0sHytyZbyDmszprdZdlwyE.roa (raw, json)
Hash identifier:          lNVsKk9WXzxSl6slMGypOFZQlfYFnIEcz17VGkNR2ZU=
Subject key identifier:   52:2D:6E:13:4B:07:CA:DC:99:6F:20:E6:B3:3A:6B:75:97:65:C3:21
Certificate issuer:       /CN=9dc96753ff709cd7ce6e6144dc91ddd5f14f8f29
Certificate serial:       019E6A5BE1BF1444BD6CDFFDAAF0176E9286
Authority key identifier: 9D:C9:67:53:FF:70:9C:D7:CE:6E:61:44:DC:91:DD:D5:F1:4F:8F:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nclnU_9wnNfObmFE3JHd1fFPjyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/55ad21-42b5-470c-a583-ad6883e0c302/1/Ui1uE0sHytyZbyDmszprdZdlwyE.roa
Signing time:             Wed 27 May 2026 16:54:26 +0000
ROA not before:           Wed 27 May 2026 16:54:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197260
IP address blocks:        2001:678:1294::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/55ad21-42b5-470c-a583-ad6883e0c302/1/nclnU_9wnNfObmFE3JHd1fFPjyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/55ad21-42b5-470c-a583-ad6883e0c302/1/nclnU_9wnNfObmFE3JHd1fFPjyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nclnU_9wnNfObmFE3JHd1fFPjyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:6a:5b:e1:bf:14:44:bd:6c:df:fd:aa:f0:17:6e:92:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dc96753ff709cd7ce6e6144dc91ddd5f14f8f29
        Validity
            Not Before: May 27 16:54:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=522d6e134b07cadc996f20e6b33a6b759765c321
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:6f:5c:fb:4d:5d:35:6f:c1:07:4f:c0:87:3e:
                    de:ec:49:2a:37:12:74:5a:12:36:25:3c:b1:b9:f9:
                    72:27:f2:70:e0:df:ec:e0:e1:59:59:81:e6:20:60:
                    08:b5:1b:38:6d:b7:e5:e9:43:89:78:08:41:59:f7:
                    5a:d4:fe:66:e4:cb:0b:b0:f2:e9:bb:6b:38:00:7a:
                    ff:b8:e9:8f:cc:f5:f6:b1:77:79:15:ff:37:e5:4d:
                    45:21:06:8e:89:3d:ab:f2:b6:a8:da:f7:62:d6:83:
                    15:7f:16:6b:51:9b:3c:17:8c:c2:36:79:f2:74:2f:
                    ef:0c:54:d7:80:85:51:f3:6b:2b:73:c6:d5:65:7b:
                    01:9f:c3:2a:cd:f6:c7:54:1c:97:5e:3c:21:8e:e9:
                    9f:88:95:50:e6:ef:c2:2c:af:fb:3e:93:6f:08:cc:
                    82:81:e3:d9:8f:76:e6:f4:a9:b8:51:72:81:29:d7:
                    bd:1d:99:24:92:ad:a0:26:2e:29:12:bc:42:03:c3:
                    d3:58:b4:85:69:c0:31:4c:12:c4:f9:a8:79:63:36:
                    88:f0:01:a2:d9:93:07:2f:74:e7:7d:91:db:69:17:
                    64:71:62:4f:18:0d:29:d6:91:4f:eb:9a:b1:35:7b:
                    9d:e0:69:8e:6a:7d:72:df:13:04:80:b2:9d:52:31:
                    01:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:2D:6E:13:4B:07:CA:DC:99:6F:20:E6:B3:3A:6B:75:97:65:C3:21
            X509v3 Authority Key Identifier:
                keyid:9D:C9:67:53:FF:70:9C:D7:CE:6E:61:44:DC:91:DD:D5:F1:4F:8F:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nclnU_9wnNfObmFE3JHd1fFPjyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/55ad21-42b5-470c-a583-ad6883e0c302/1/Ui1uE0sHytyZbyDmszprdZdlwyE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/55ad21-42b5-470c-a583-ad6883e0c302/1/nclnU_9wnNfObmFE3JHd1fFPjyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:1294::/48

    Signature Algorithm: sha256WithRSAEncryption
         67:e2:d0:a9:e9:ea:de:83:c0:db:a9:b9:01:29:f9:0c:23:d6:
         b5:10:a3:0a:f1:38:22:2c:76:02:34:a9:ba:bc:de:a8:c6:42:
         57:3a:cd:46:54:6f:9d:5f:d0:11:88:94:e4:38:b0:ed:c5:69:
         77:86:84:90:f6:74:80:98:aa:b6:13:fc:73:6f:dd:9a:7f:0a:
         76:71:86:a5:1c:29:0a:2e:9f:ee:b6:a9:9b:a7:95:61:a9:58:
         39:15:d2:d9:78:0e:e6:38:32:3d:aa:72:2b:46:50:05:b4:9b:
         d0:12:89:57:4c:b2:9a:ee:59:02:b1:52:0f:91:87:e9:2e:1b:
         30:b1:25:4e:84:6f:b5:15:43:af:44:27:d5:f2:f7:90:a7:d7:
         d6:83:42:f6:a4:94:c1:7f:12:1d:80:7d:29:7f:03:9b:92:ff:
         fe:2b:3a:dc:47:27:2f:b7:06:30:0b:d5:cf:ca:2f:10:6f:20:
         7b:60:60:e7:90:b6:ee:39:58:3c:e0:f3:ee:22:3b:0a:af:c6:
         3c:1f:f6:62:66:61:3d:a9:0a:4e:c9:f8:e2:48:06:d8:7a:aa:
         14:b2:65:74:12:78:8b:c2:5d:5d:f4:20:f9:a0:0a:90:be:48:
         a9:cd:7e:9a:49:67:be:ed:18:44:68:7f:bd:f8:74:08:45:b1:
         9c:0b:b7:5f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ5qW+G/FES9bN/9qvAXbpKGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkYzk2NzUzZmY3MDljZDdjZTZlNjE0NGRjOTFkZGQ1ZjE0
ZjhmMjkwHhcNMjYwNTI3MTY1NDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjJkNmUxMzRiMDdjYWRjOTk2ZjIwZTZiMzNhNmI3NTk3NjVjMzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsG9c+01dNW/BB0/Ahz7e7EkqNxJ0
WhI2JTyxuflyJ/Jw4N/s4OFZWYHmIGAItRs4bbfl6UOJeAhBWfda1P5m5MsLsPLp
u2s4AHr/uOmPzPX2sXd5Ff835U1FIQaOiT2r8rao2vdi1oMVfxZrUZs8F4zCNnny
dC/vDFTXgIVR82src8bVZXsBn8MqzfbHVByXXjwhjumfiJVQ5u/CLK/7PpNvCMyC
gePZj3bm9Km4UXKBKde9HZkkkq2gJi4pErxCA8PTWLSFacAxTBLE+ah5YzaI8AGi
2ZMHL3TnfZHbaRdkcWJPGA0p1pFP65qxNXud4GmOan1y3xMEgLKdUjEBNwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFItbhNLB8rcmW8g5rM6a3WXZcMhMB8GA1UdIwQY
MBaAFJ3JZ1P/cJzXzm5hRNyR3dXxT48pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmNsblVfOXduTmZPYm1GRTNKSGQxZkZQanlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC81NWFkMjEtNDJiNS00NzBjLWE1ODMt
YWQ2ODgzZTBjMzAyLzEvVWkxdUUwc0h5dHlaYnlEbXN6cHJkWmRsd3lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC81NWFkMjEtNDJiNS00NzBjLWE1ODMtYWQ2ODgzZTBjMzAy
LzEvbmNsblVfOXduTmZPYm1GRTNKSGQxZkZQanlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBKU
MA0GCSqGSIb3DQEBCwUAA4IBAQBn4tCp6ereg8DbqbkBKfkMI9a1EKMK8TgiLHYC
NKm6vN6oxkJXOs1GVG+dX9ARiJTkOLDtxWl3hoSQ9nSAmKq2E/xzb92afwp2cYal
HCkKLp/utqmbp5VhqVg5FdLZeA7mODI9qnIrRlAFtJvQEolXTLKa7lkCsVIPkYfp
LhswsSVOhG+1FUOvRCfV8veQp9fWg0L2pJTBfxIdgH0pfwObkv/+KzrcRycvtwYw
C9XPyi8QbyB7YGDnkLbuOVg84PPuIjsKr8Y8H/ZiZmE9qQpOyfjiSAbYeqoUsmV0
EniLwl1d9CD5oAqQvkipzX6aSWe+7RhEaH+9+HQIRbGcC7df
-----END CERTIFICATE-----