Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/CWpeoA_m5Rp4WrfYW0k4nbsDaPA.roa
File:                     CWpeoA_m5Rp4WrfYW0k4nbsDaPA.roa (raw, json)
Hash identifier:          TCa5Vx5eMz1ws8KO033EfY5PWI9+kKyqdRuOA1hf16E=
Subject key identifier:   09:6A:5E:A0:0F:E6:E5:1A:78:5A:B7:D8:5B:49:38:9D:BB:03:68:F0
Certificate issuer:       /CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
Certificate serial:       019DCCB3C525A30F5C8CB1A0394E5B784ACB
Authority key identifier: 83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/CWpeoA_m5Rp4WrfYW0k4nbsDaPA.roa
Signing time:             Mon 27 Apr 2026 02:10:26 +0000
ROA not before:           Mon 27 Apr 2026 02:10:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401297
IP address blocks:        2a0b:6b82::/32 maxlen: 32
                          2a0b:6b86:1300::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 May 2026 11:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:cc:b3:c5:25:a3:0f:5c:8c:b1:a0:39:4e:5b:78:4a:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=835bc9bb547e27788d221bc8bbd5fb02e024480f
        Validity
            Not Before: Apr 27 02:10:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=096a5ea00fe6e51a785ab7d85b49389dbb0368f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:e8:85:f4:ea:8d:ce:8a:fc:99:3b:29:dc:f5:
                    d3:23:4b:6c:77:23:c7:c1:f8:f6:dd:5f:49:40:60:
                    9e:01:32:a9:27:a1:af:e1:f6:b0:cf:02:26:25:29:
                    d9:9c:90:f1:48:cd:73:45:bb:5b:62:88:7b:9d:24:
                    8e:19:a7:de:0e:17:1a:79:c1:f9:06:8d:de:d8:c9:
                    bb:ae:ee:3c:a2:f9:74:63:a9:b4:9f:ae:52:ef:34:
                    59:75:07:01:a3:d3:93:25:d5:26:9e:03:73:33:b9:
                    14:8a:18:f2:72:96:5a:05:55:53:c1:3f:e2:53:05:
                    a8:ce:58:c7:ff:84:3b:50:33:72:ae:7c:ef:ea:4b:
                    8a:72:c6:c0:f5:e6:8a:a8:49:63:70:31:df:6f:2f:
                    cd:37:a6:7a:5f:77:1c:39:77:6a:5b:2e:3a:5e:94:
                    29:45:73:46:38:3e:9c:3f:c7:0a:39:1d:8c:16:74:
                    9a:8f:2c:33:a7:5f:af:c1:59:f7:d5:39:82:bf:14:
                    4c:ff:a4:4b:2f:de:f7:70:07:26:f7:33:32:01:23:
                    fe:8e:70:64:58:b8:c0:2b:61:1b:b3:5d:d5:38:1c:
                    c8:e5:da:fe:55:0b:08:89:d9:1c:a3:bc:14:26:6e:
                    6e:d9:71:f1:71:30:7e:1a:d5:f1:a0:22:9e:5b:c5:
                    02:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:6A:5E:A0:0F:E6:E5:1A:78:5A:B7:D8:5B:49:38:9D:BB:03:68:F0
            X509v3 Authority Key Identifier:
                keyid:83:5B:C9:BB:54:7E:27:78:8D:22:1B:C8:BB:D5:FB:02:E0:24:48:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g1vJu1R-J3iNIhvIu9X7AuAkSA8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/CWpeoA_m5Rp4WrfYW0k4nbsDaPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/962fb1-3df0-4ec2-b50a-b36a24d39427/1/g1vJu1R-J3iNIhvIu9X7AuAkSA8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:6b82::/32
                  2a0b:6b86:1300::/40

    Signature Algorithm: sha256WithRSAEncryption
         87:97:f0:13:71:bd:12:bf:a9:68:ec:7c:93:21:59:9d:11:01:
         89:a8:40:9a:59:81:88:61:d3:4a:72:81:36:07:79:57:f4:59:
         83:e7:3b:9e:da:50:32:59:57:8d:f2:52:29:f3:9e:4e:eb:64:
         17:cb:df:a5:d2:34:e5:e3:17:20:2e:e0:71:14:89:8c:eb:16:
         80:38:cc:00:cb:30:04:6e:fa:61:45:79:5b:4c:57:ee:1d:55:
         4f:1b:c9:e9:ae:ca:3e:18:9b:e3:d1:8c:52:2f:8e:6c:4f:d5:
         4a:14:17:7c:5b:ad:8d:c0:33:58:7c:de:39:88:9a:8b:d8:0f:
         df:5f:c4:54:b3:33:bf:80:2e:33:0b:c0:a3:4c:ed:a2:f5:b9:
         5c:b8:3c:66:55:2d:c0:d2:ab:66:0d:50:f0:3d:c2:1b:59:94:
         9c:ca:3e:40:e5:da:dc:b0:c6:e3:e5:1b:23:e6:70:dd:75:ca:
         f6:6d:8f:89:64:65:c5:d0:57:00:51:86:ea:0f:b0:9c:ec:21:
         c4:65:09:2c:6b:90:40:7d:e5:07:d4:a6:86:06:a2:d7:88:1d:
         68:de:e7:74:1d:4e:9e:7c:58:6d:2e:77:28:e5:ff:0d:35:14:
         7b:8e:c8:cf:d1:b3:9c:70:90:cb:e5:a1:c1:82:d9:84:e9:20:
         ce:c6:76:b4
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgISAZ3Ms8Ulow9cjLGgOU5beErLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzNWJjOWJiNTQ3ZTI3Nzg4ZDIyMWJjOGJiZDVmYjAyZTAy
NDQ4MGYwHhcNMjYwNDI3MDIxMDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTZhNWVhMDBmZTZlNTFhNzg1YWI3ZDg1YjQ5Mzg5ZGJiMDM2OGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxuiF9OqNzor8mTsp3PXTI0tsdyPH
wfj23V9JQGCeATKpJ6Gv4fawzwImJSnZnJDxSM1zRbtbYoh7nSSOGafeDhcaecH5
Bo3e2Mm7ru48ovl0Y6m0n65S7zRZdQcBo9OTJdUmngNzM7kUihjycpZaBVVTwT/i
UwWozljH/4Q7UDNyrnzv6kuKcsbA9eaKqEljcDHfby/NN6Z6X3ccOXdqWy46XpQp
RXNGOD6cP8cKOR2MFnSajywzp1+vwVn31TmCvxRM/6RLL973cAcm9zMyASP+jnBk
WLjAK2Ebs13VOBzI5dr+VQsIidkco7wUJm5u2XHxcTB+GtXxoCKeW8UCCQIDAQAB
o4ICEjCCAg4wHQYDVR0OBBYEFAlqXqAP5uUaeFq32FtJOJ27A2jwMB8GA1UdIwQY
MBaAFINbybtUfid4jSIbyLvV+wLgJEgPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEt
YjM2YTI0ZDM5NDI3LzEvQ1dwZW9BX201UnA0V3JmWVcwazRuYnNEYVBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC85NjJmYjEtM2RmMC00ZWMyLWI1MGEtYjM2YTI0ZDM5NDI3
LzEvZzF2SnUxUi1KM2lOSWh2SXU5WDdBdUFrU0E4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCgGCCsGAQUFBwEHAQH/BBkwFzAVBAIAAjAPAwUAKgtrggMG
ACoLa4YTMA0GCSqGSIb3DQEBCwUAA4IBAQCHl/ATcb0Sv6lo7HyTIVmdEQGJqECa
WYGIYdNKcoE2B3lX9FmD5zue2lAyWVeN8lIp855O62QXy9+l0jTl4xcgLuBxFImM
6xaAOMwAyzAEbvphRXlbTFfuHVVPG8nprso+GJvj0YxSL45sT9VKFBd8W62NwDNY
fN45iJqL2A/fX8RUszO/gC4zC8CjTO2i9blcuDxmVS3A0qtmDVDwPcIbWZScyj5A
5drcsMbj5Rsj5nDddcr2bY+JZGXF0FcAUYbqD7Cc7CHEZQksa5BAfeUH1KaGBqLX
iB1o3ud0HU6efFhtLnco5f8NNRR7jsjP0bOccJDL5aHBgtmE6SDOxna0
-----END CERTIFICATE-----