Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/5af6ba-cec9-414c-b766-c015a9d4f8ef/1/kEykguVs5gOkKU_5k7qyvCofolk.roa
File:                     kEykguVs5gOkKU_5k7qyvCofolk.roa (raw, json)
Hash identifier:          Gn4QfNQldi0PRVW/G1ca80Zkj+YUJm6Oi9CFZjoOuKE=
Subject key identifier:   90:4C:A4:82:E5:6C:E6:03:A4:29:4F:F9:93:BA:B2:BC:2A:1F:A2:59
Certificate issuer:       /CN=656e407a6b99c0f052932cc777ff0de9b3a1974e
Certificate serial:       019B7910488665F5AB9017CCBAA0286E2579
Authority key identifier: 65:6E:40:7A:6B:99:C0:F0:52:93:2C:C7:77:FF:0D:E9:B3:A1:97:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZW5AemuZwPBSkyzHd_8N6bOhl04.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/5af6ba-cec9-414c-b766-c015a9d4f8ef/1/kEykguVs5gOkKU_5k7qyvCofolk.roa
Signing time:             Thu 01 Jan 2026 10:17:48 +0000
ROA not before:           Thu 01 Jan 2026 10:17:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43336
IP address blocks:        2a0b:9780::/29 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/5af6ba-cec9-414c-b766-c015a9d4f8ef/1/ZW5AemuZwPBSkyzHd_8N6bOhl04.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/5af6ba-cec9-414c-b766-c015a9d4f8ef/1/ZW5AemuZwPBSkyzHd_8N6bOhl04.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZW5AemuZwPBSkyzHd_8N6bOhl04.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Mar 2026 16:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:48:86:65:f5:ab:90:17:cc:ba:a0:28:6e:25:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=656e407a6b99c0f052932cc777ff0de9b3a1974e
        Validity
            Not Before: Jan  1 10:17:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=904ca482e56ce603a4294ff993bab2bc2a1fa259
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:3a:05:14:48:a2:fd:20:9c:39:3f:29:50:12:
                    d4:3f:31:ac:1d:f8:9c:cf:84:12:5a:da:41:a9:0f:
                    b2:7e:55:15:e6:83:60:7c:38:68:34:dc:39:fc:67:
                    8c:ab:86:d7:88:49:24:d7:9f:62:db:20:0e:0d:68:
                    40:1a:7e:72:b2:ee:93:fa:9b:45:b7:7c:7d:b1:ed:
                    32:ea:33:67:23:25:58:4a:18:16:20:66:ed:52:49:
                    33:e2:b8:9a:48:57:c1:40:29:c7:e2:12:fd:35:34:
                    94:50:11:38:a4:fc:38:07:30:aa:f6:35:ef:32:e3:
                    6b:be:d7:cf:f6:d3:6d:65:34:f2:c6:00:df:5d:05:
                    00:39:26:1a:f2:1e:98:dd:91:ca:b6:fc:88:71:7c:
                    0f:c1:ce:6f:5e:4e:81:07:41:25:53:74:0e:39:5e:
                    43:a8:00:bb:42:5d:e6:a0:1b:b2:47:f2:2c:bb:b3:
                    05:dc:aa:1f:a3:e1:08:10:5a:e5:b3:83:e1:14:6a:
                    b9:f0:7b:5a:be:a5:c4:bf:d3:96:22:60:9e:d3:ed:
                    a8:63:ea:3a:1e:98:d3:d4:31:b6:45:f5:64:a7:f2:
                    bb:88:15:ec:2b:13:20:e1:ae:09:7d:a7:67:11:dc:
                    bd:ad:6b:d1:c9:d3:b9:e1:df:b7:26:8e:a0:13:a2:
                    2d:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:4C:A4:82:E5:6C:E6:03:A4:29:4F:F9:93:BA:B2:BC:2A:1F:A2:59
            X509v3 Authority Key Identifier:
                keyid:65:6E:40:7A:6B:99:C0:F0:52:93:2C:C7:77:FF:0D:E9:B3:A1:97:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZW5AemuZwPBSkyzHd_8N6bOhl04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5af6ba-cec9-414c-b766-c015a9d4f8ef/1/kEykguVs5gOkKU_5k7qyvCofolk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/5af6ba-cec9-414c-b766-c015a9d4f8ef/1/ZW5AemuZwPBSkyzHd_8N6bOhl04.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:9780::/29

    Signature Algorithm: sha256WithRSAEncryption
         25:9d:a7:26:88:18:7d:77:98:a5:9a:ec:c0:db:96:65:f3:3f:
         5c:05:c3:66:a5:08:4e:82:24:8d:ce:d7:8a:c1:1e:87:6e:31:
         05:c2:93:00:21:3a:6f:91:cb:05:6a:2b:c4:13:1b:74:a4:ba:
         b6:ae:a9:14:78:cb:dd:ca:dc:9f:c0:d4:f1:0b:60:81:4f:f0:
         9e:76:1f:4d:f6:43:c0:b5:79:8a:bb:78:25:2b:31:bc:af:4b:
         b9:37:95:42:5c:ba:9e:8b:1b:6d:30:a3:15:2e:b7:31:16:ad:
         af:fa:1d:3b:f6:1d:12:88:68:d4:85:cd:ac:48:00:21:3b:ab:
         54:64:d1:3b:fc:38:0c:a8:a1:37:4c:45:50:7a:0d:f3:c5:2e:
         d2:57:05:e2:00:a0:36:e7:c3:25:f6:7b:a2:52:f2:d2:9d:ba:
         be:50:fe:5d:b9:02:6b:c8:b9:c4:bd:3f:bc:49:ff:96:80:f1:
         41:b9:ae:1b:07:a7:ee:c0:d4:eb:71:27:08:86:25:e0:57:54:
         81:bf:be:c1:52:0d:47:8c:ac:12:e9:a2:43:5a:32:c4:df:30:
         34:95:7e:91:09:35:c0:e8:c0:d4:75:5c:ce:31:3e:4a:92:de:
         60:01:26:d4:2b:97:19:ed:e8:2f:bf:10:e8:08:9f:cf:b6:c8:
         96:c0:6d:09
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt5EEiGZfWrkBfMuqAobiV5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1NmU0MDdhNmI5OWMwZjA1MjkzMmNjNzc3ZmYwZGU5YjNh
MTk3NGUwHhcNMjYwMTAxMTAxNzQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDRjYTQ4MmU1NmNlNjAzYTQyOTRmZjk5M2JhYjJiYzJhMWZhMjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDoFFEii/SCcOT8pUBLUPzGsHfic
z4QSWtpBqQ+yflUV5oNgfDhoNNw5/GeMq4bXiEkk159i2yAODWhAGn5ysu6T+ptF
t3x9se0y6jNnIyVYShgWIGbtUkkz4riaSFfBQCnH4hL9NTSUUBE4pPw4BzCq9jXv
MuNrvtfP9tNtZTTyxgDfXQUAOSYa8h6Y3ZHKtvyIcXwPwc5vXk6BB0ElU3QOOV5D
qAC7Ql3moBuyR/Isu7MF3Kofo+EIEFrls4PhFGq58HtavqXEv9OWImCe0+2oY+o6
HpjT1DG2RfVkp/K7iBXsKxMg4a4JfadnEdy9rWvRydO54d+3Jo6gE6ItFwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJBMpILlbOYDpClP+ZO6srwqH6JZMB8GA1UdIwQY
MBaAFGVuQHprmcDwUpMsx3f/DemzoZdOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlc1QWVtdVp3UEJTa3l6SGRfOE42Yk9obDA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC81YWY2YmEtY2VjOS00MTRjLWI3NjYt
YzAxNWE5ZDRmOGVmLzEva0V5a2d1VnM1Z09rS1VfNWs3cXl2Q29mb2xrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC81YWY2YmEtY2VjOS00MTRjLWI3NjYtYzAxNWE5ZDRmOGVm
LzEvWlc1QWVtdVp3UEJTa3l6SGRfOE42Yk9obDA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKguXgDAN
BgkqhkiG9w0BAQsFAAOCAQEAJZ2nJogYfXeYpZrswNuWZfM/XAXDZqUIToIkjc7X
isEeh24xBcKTACE6b5HLBWorxBMbdKS6tq6pFHjL3crcn8DU8QtggU/wnnYfTfZD
wLV5irt4JSsxvK9LuTeVQly6nosbbTCjFS63MRatr/odO/YdEoho1IXNrEgAITur
VGTRO/w4DKihN0xFUHoN88Uu0lcF4gCgNufDJfZ7olLy0p26vlD+XbkCa8i5xL0/
vEn/loDxQbmuGwen7sDU63EnCIYl4FdUgb++wVINR4ysEumiQ1oyxN8wNJV+kQk1
wOjA1HVczjE+SpLeYAEm1CuXGe3oL78Q6Aifz7bIlsBtCQ==
-----END CERTIFICATE-----