Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/jQR0uLQdeCmk1jWnOWmGdLH1K24.roa
File:                     jQR0uLQdeCmk1jWnOWmGdLH1K24.roa (raw, json)
Hash identifier:          MRWUwUp7MToQoBTZG/7GhmrXZOlcSzC2aLA99n1InXw=
Subject key identifier:   8D:04:74:B8:B4:1D:78:29:A4:D6:35:A7:39:69:86:74:B1:F5:2B:6E
Certificate issuer:       /CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
Certificate serial:       019D727715AD35849E57A3905BFDBF0BA1FB
Authority key identifier: 1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/jQR0uLQdeCmk1jWnOWmGdLH1K24.roa
Signing time:             Thu 09 Apr 2026 13:38:20 +0000
ROA not before:           Thu 09 Apr 2026 13:38:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199566
IP address blocks:        2a01:ecc0:a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:72:77:15:ad:35:84:9e:57:a3:90:5b:fd:bf:0b:a1:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
        Validity
            Not Before: Apr  9 13:38:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8d0474b8b41d7829a4d635a739698674b1f52b6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:5b:5d:98:61:99:1e:63:e7:b0:9f:da:87:be:
                    d3:1f:9c:3a:85:0b:9a:8e:5a:19:07:94:ab:60:fd:
                    9a:01:8d:09:bb:c1:c6:cd:10:68:fd:65:41:9d:50:
                    fa:dd:e8:0b:c8:fc:ed:98:73:73:4d:0b:82:0f:c0:
                    f0:69:76:43:ff:8f:5c:10:10:a1:a1:8a:1f:35:ca:
                    cf:26:5c:4c:c6:55:64:fd:67:5a:55:f2:b4:ac:2b:
                    ea:52:76:88:cb:6b:32:ff:54:1e:ad:ed:32:90:7f:
                    10:67:e3:1a:b8:c2:d3:70:df:19:5b:db:dd:99:a7:
                    87:0a:ff:9b:9c:6b:a6:4c:3f:a1:95:23:4b:92:81:
                    78:6b:e5:b8:c2:3b:ac:2a:e7:d8:f2:15:79:92:6b:
                    6a:5a:3c:f4:17:7e:d7:8c:58:30:96:87:52:43:c0:
                    b1:ac:8a:35:f2:e2:d9:47:fe:2d:2f:07:62:ed:1f:
                    2d:67:d5:19:35:e9:f1:86:ff:a0:5f:c6:b9:b6:8e:
                    ef:f8:fa:57:e8:fb:6a:2f:f5:a3:f2:b5:8a:0a:df:
                    b2:1a:d9:ed:44:b0:8c:f7:24:d2:b3:39:7d:0f:ab:
                    7d:a4:06:38:57:9f:1d:bc:88:07:0c:65:9e:e7:c0:
                    a7:00:31:de:53:e7:d9:f8:b5:dd:8c:f4:d9:99:ee:
                    15:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:04:74:B8:B4:1D:78:29:A4:D6:35:A7:39:69:86:74:B1:F5:2B:6E
            X509v3 Authority Key Identifier:
                keyid:1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/jQR0uLQdeCmk1jWnOWmGdLH1K24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ecc0:a::/48

    Signature Algorithm: sha256WithRSAEncryption
         3e:e1:ef:0f:ec:85:a4:dc:ac:47:ff:59:0f:bd:ed:20:40:aa:
         57:27:28:0b:37:f1:75:61:6f:9a:30:1d:11:35:1e:bd:ff:36:
         9b:b6:cd:a6:d6:3a:fc:24:6f:ed:89:49:31:7d:a5:66:17:ca:
         70:55:e8:ea:5a:15:ce:c7:40:2e:6d:2e:28:67:57:f4:5b:f4:
         33:54:30:91:51:66:e7:fc:d1:3e:1d:e1:eb:48:eb:e4:3b:5a:
         58:7c:39:bc:03:ed:2f:ca:48:97:bd:38:94:37:5e:ef:da:52:
         3a:e4:75:1d:c9:5c:90:1b:ac:a5:59:34:7c:71:60:56:08:c9:
         7b:0e:04:d8:e7:be:2c:f7:6e:5c:e9:42:43:aa:c1:2b:39:6b:
         21:cd:e2:09:0a:fb:98:c7:46:4b:a8:86:48:af:bc:e1:ef:fd:
         36:c6:91:13:21:5a:dd:cd:95:a9:93:4d:e9:f0:8e:5d:da:5d:
         0e:8b:31:e1:7d:75:9b:f8:d1:5b:39:2c:bb:f1:69:5a:d7:94:
         30:50:73:da:18:39:20:9c:da:05:a2:a4:6d:cb:10:7c:91:3f:
         d1:92:d5:8c:2e:30:f9:fb:eb:92:39:fa:cc:2f:2e:80:0c:ca:
         4e:e7:a8:a8:18:6e:7c:b3:ac:d0:6d:07:d6:bf:f1:68:11:8d:
         35:92:83:4b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ1ydxWtNYSeV6OQW/2/C6H7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNDNhMjQ4NDU2OWQyMGUzZjUzYzE3YmU3YjlmYjI5YzM0
ZWU1YmUwHhcNMjYwNDA5MTMzODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDA0NzRiOGI0MWQ3ODI5YTRkNjM1YTczOTY5ODY3NGIxZjUyYjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVtdmGGZHmPnsJ/ah77TH5w6hQua
jloZB5SrYP2aAY0Ju8HGzRBo/WVBnVD63egLyPztmHNzTQuCD8DwaXZD/49cEBCh
oYofNcrPJlxMxlVk/WdaVfK0rCvqUnaIy2sy/1Qere0ykH8QZ+MauMLTcN8ZW9vd
maeHCv+bnGumTD+hlSNLkoF4a+W4wjusKufY8hV5kmtqWjz0F37XjFgwlodSQ8Cx
rIo18uLZR/4tLwdi7R8tZ9UZNenxhv+gX8a5to7v+PpX6PtqL/Wj8rWKCt+yGtnt
RLCM9yTSszl9D6t9pAY4V58dvIgHDGWe58CnADHeU+fZ+LXdjPTZme4VqwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFI0EdLi0HXgppNY1pzlphnSx9StuMB8GA1UdIwQY
MBaAFB1DokhFadIOP1PBe+e5+ynDTuW+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjkt
NjM0NTE1NDg5NzlkLzEvalFSMHVMUWRlQ21rMWpXbk9XbUdkTEgxSzI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjktNjM0NTE1NDg5Nzlk
LzEvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgHswAAK
MA0GCSqGSIb3DQEBCwUAA4IBAQA+4e8P7IWk3KxH/1kPve0gQKpXJygLN/F1YW+a
MB0RNR69/zabts2m1jr8JG/tiUkxfaVmF8pwVejqWhXOx0AubS4oZ1f0W/QzVDCR
UWbn/NE+HeHrSOvkO1pYfDm8A+0vykiXvTiUN17v2lI65HUdyVyQG6ylWTR8cWBW
CMl7DgTY574s925c6UJDqsErOWshzeIJCvuYx0ZLqIZIr7zh7/02xpETIVrdzZWp
k03p8I5d2l0OizHhfXWb+NFbOSy78Wla15QwUHPaGDkgnNoFoqRtyxB8kT/RktWM
LjD5++uSOfrMLy6ADMpO56ioGG58s6zQbQfWv/FoEY01koNL
-----END CERTIFICATE-----