Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/68bf1d-6e50-4996-82af-0ac581a58cd1/1/S4wwLn9fDgIk6Y9FUd4042L2ynI.roa
File:                     S4wwLn9fDgIk6Y9FUd4042L2ynI.roa (raw, json)
Hash identifier:          /05M3ivPyCp6HZVks6NA1oAAHLfQXNFMpgoWZYo9jdI=
Subject key identifier:   4B:8C:30:2E:7F:5F:0E:02:24:E9:8F:45:51:DE:34:E3:62:F6:CA:72
Certificate issuer:       /CN=b0c9e116678959b8a9478fcea7ca3c0603102162
Certificate serial:       019F12A514004E5116448E9D01C74FD87BB6
Authority key identifier: B0:C9:E1:16:67:89:59:B8:A9:47:8F:CE:A7:CA:3C:06:03:10:21:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sMnhFmeJWbipR4_Op8o8BgMQIWI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/68bf1d-6e50-4996-82af-0ac581a58cd1/1/S4wwLn9fDgIk6Y9FUd4042L2ynI.roa
Signing time:             Mon 29 Jun 2026 09:10:36 +0000
ROA not before:           Mon 29 Jun 2026 09:10:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        2001:67c:64:ffff:0:19e:da2f:ee0a/128 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/68bf1d-6e50-4996-82af-0ac581a58cd1/1/sMnhFmeJWbipR4_Op8o8BgMQIWI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/68bf1d-6e50-4996-82af-0ac581a58cd1/1/sMnhFmeJWbipR4_Op8o8BgMQIWI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sMnhFmeJWbipR4_Op8o8BgMQIWI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:12:a5:14:00:4e:51:16:44:8e:9d:01:c7:4f:d8:7b:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0c9e116678959b8a9478fcea7ca3c0603102162
        Validity
            Not Before: Jun 29 09:10:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4b8c302e7f5f0e0224e98f4551de34e362f6ca72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:73:82:5d:c9:07:c9:6c:d6:bb:95:a3:a1:a9:
                    e2:8e:1b:95:7b:05:36:f8:69:0b:25:f6:3c:99:d6:
                    46:20:ca:96:e4:72:05:eb:99:c6:8c:60:a8:4c:1e:
                    e3:de:43:2a:11:47:7d:7d:fe:e8:15:92:d3:b9:3b:
                    39:b3:e8:f5:da:7a:61:c9:22:59:b4:7c:78:00:5f:
                    65:36:6d:04:28:eb:1e:20:15:07:bf:3b:43:06:9f:
                    9c:62:34:cb:1b:a4:0a:b1:e1:93:6e:13:64:94:81:
                    eb:ae:ed:22:82:6b:94:3f:b4:94:1b:fc:f7:5b:e7:
                    f9:f2:ab:24:44:a7:32:ff:39:50:62:88:af:71:a3:
                    69:d4:cc:48:0f:0c:43:69:51:d3:33:af:ca:f2:3e:
                    96:f7:b3:5f:cc:9f:47:87:bd:dc:6b:87:92:9a:b9:
                    5b:c9:cc:4d:a6:57:bd:2d:8c:71:14:8b:d0:e7:b7:
                    e5:c8:41:55:96:b8:62:f3:13:bc:48:43:47:75:fa:
                    9e:26:62:df:25:28:1f:90:8d:57:18:e6:8b:47:ac:
                    d7:c2:0b:29:4b:f0:18:3b:cc:8a:38:e4:aa:f6:72:
                    1c:70:0a:c9:a3:39:bc:af:0f:9c:ca:64:97:1d:e3:
                    b4:64:9b:a0:14:28:ec:e2:38:95:ff:3e:3f:59:a2:
                    2e:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:8C:30:2E:7F:5F:0E:02:24:E9:8F:45:51:DE:34:E3:62:F6:CA:72
            X509v3 Authority Key Identifier:
                keyid:B0:C9:E1:16:67:89:59:B8:A9:47:8F:CE:A7:CA:3C:06:03:10:21:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sMnhFmeJWbipR4_Op8o8BgMQIWI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/68bf1d-6e50-4996-82af-0ac581a58cd1/1/S4wwLn9fDgIk6Y9FUd4042L2ynI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/68bf1d-6e50-4996-82af-0ac581a58cd1/1/sMnhFmeJWbipR4_Op8o8BgMQIWI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:64:ffff:0:19e:da2f:ee0a/128

    Signature Algorithm: sha256WithRSAEncryption
         4e:42:fc:05:ed:25:de:cf:93:8c:86:1a:0a:a2:8e:a3:7e:a3:
         47:29:91:dd:36:d8:a2:96:58:f8:d1:ab:4d:68:22:6c:70:5e:
         c8:c4:2f:fb:7d:45:ed:b4:19:3f:c6:07:47:53:5b:0d:47:ae:
         38:21:5e:de:49:16:2b:f7:ba:5e:93:92:92:26:0b:81:37:ac:
         6a:6f:f6:67:d1:d7:8c:14:d4:99:60:d3:f2:3f:bf:da:85:c6:
         e5:b7:52:fa:4a:ec:58:bc:f0:f5:08:79:7a:ee:ef:05:ae:92:
         5a:7b:9a:1d:fb:6e:50:bd:bf:88:9a:16:c5:80:1a:da:1c:21:
         55:90:6d:06:47:0b:e8:a6:4a:b1:7f:79:bf:19:9f:2a:9f:b8:
         8a:8e:ca:18:96:c5:9e:0b:c3:d5:8b:fe:de:ce:7a:cf:fc:bc:
         3f:73:a0:79:52:0e:4a:62:ad:08:3e:4a:67:a4:c8:fb:5c:80:
         65:74:2e:67:e3:1f:56:db:a7:6e:f2:91:4f:2a:44:23:68:97:
         db:1a:5b:de:2c:52:b7:60:d0:a6:38:30:51:d0:43:e4:1b:dd:
         05:c5:e5:97:37:71:38:b5:45:d0:9f:db:e2:85:00:b1:a5:db:
         08:aa:6c:5b:b6:e6:dd:de:3b:61:98:2e:19:f5:24:49:13:3e:
         cd:ee:30:9f
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAZ8SpRQATlEWRI6dAcdP2Hu2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYzllMTE2Njc4OTU5YjhhOTQ3OGZjZWE3Y2EzYzA2MDMx
MDIxNjIwHhcNMjYwNjI5MDkxMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjhjMzAyZTdmNWYwZTAyMjRlOThmNDU1MWRlMzRlMzYyZjZjYTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiHOCXckHyWzWu5WjoanijhuVewU2
+GkLJfY8mdZGIMqW5HIF65nGjGCoTB7j3kMqEUd9ff7oFZLTuTs5s+j12nphySJZ
tHx4AF9lNm0EKOseIBUHvztDBp+cYjTLG6QKseGTbhNklIHrru0igmuUP7SUG/z3
W+f58qskRKcy/zlQYoivcaNp1MxIDwxDaVHTM6/K8j6W97NfzJ9Hh73ca4eSmrlb
ycxNple9LYxxFIvQ57flyEFVlrhi8xO8SENHdfqeJmLfJSgfkI1XGOaLR6zXwgsp
S/AYO8yKOOSq9nIccArJozm8rw+cymSXHeO0ZJugFCjs4jiV/z4/WaIuYQIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFEuMMC5/Xw4CJOmPRVHeNONi9spyMB8GA1UdIwQY
MBaAFLDJ4RZniVm4qUePzqfKPAYDECFiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc01uaEZtZUpXYmlwUjRfT3A4bzhCZ01RSVdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC82OGJmMWQtNmU1MC00OTk2LTgyYWYt
MGFjNTgxYTU4Y2QxLzEvUzR3d0xuOWZEZ0lrNlk5RlVkNDA0MkwyeW5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC82OGJmMWQtNmU1MC00OTk2LTgyYWYtMGFjNTgxYTU4Y2Qx
LzEvc01uaEZtZUpXYmlwUjRfT3A4bzhCZ01RSVdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCwGCCsGAQUFBwEHAQH/BB0wGzAZBAIAAjATAxEAIAEGfABk
//8AAAGe2i/uCjANBgkqhkiG9w0BAQsFAAOCAQEATkL8Be0l3s+TjIYaCqKOo36j
RymR3TbYopZY+NGrTWgibHBeyMQv+31F7bQZP8YHR1NbDUeuOCFe3kkWK/e6XpOS
kiYLgTesam/2Z9HXjBTUmWDT8j+/2oXG5bdS+krsWLzw9Qh5eu7vBa6SWnuaHftu
UL2/iJoWxYAa2hwhVZBtBkcL6KZKsX95vxmfKp+4io7KGJbFngvD1Yv+3s56z/y8
P3OgeVIOSmKtCD5KZ6TI+1yAZXQuZ+MfVtunbvKRTypEI2iX2xpb3ixSt2DQpjgw
UdBD5BvdBcXllzdxOLVF0J/b4oUAsaXbCKpsW7bm3d47YZguGfUkSRM+ze4wnw==
-----END CERTIFICATE-----