Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/S64PRp6HfgfeBA5dqF_nm378oSE.roa
File:                     S64PRp6HfgfeBA5dqF_nm378oSE.roa (raw, json)
Hash identifier:          KH+IlbpUNkPXeoQclXeI5i/KLaVnfhqbd5izf4u4qTc=
Subject key identifier:   4B:AE:0F:46:9E:87:7E:07:DE:04:0E:5D:A8:5F:E7:9B:7E:FC:A1:21
Certificate issuer:       /CN=f00bdcc444173f5994de34a3bf63f3ad9764c6d1
Certificate serial:       019EB8B505A6B8A2AC799FDB051A1C5B7C07
Authority key identifier: F0:0B:DC:C4:44:17:3F:59:94:DE:34:A3:BF:63:F3:AD:97:64:C6:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8AvcxEQXP1mU3jSjv2PzrZdkxtE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/S64PRp6HfgfeBA5dqF_nm378oSE.roa
Signing time:             Thu 11 Jun 2026 22:02:11 +0000
ROA not before:           Thu 11 Jun 2026 22:02:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219501
IP address blocks:        2a10:ab80:3ee::/48 maxlen: 48
                          2a10:ab80:3f4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/8AvcxEQXP1mU3jSjv2PzrZdkxtE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/8AvcxEQXP1mU3jSjv2PzrZdkxtE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8AvcxEQXP1mU3jSjv2PzrZdkxtE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b8:b5:05:a6:b8:a2:ac:79:9f:db:05:1a:1c:5b:7c:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f00bdcc444173f5994de34a3bf63f3ad9764c6d1
        Validity
            Not Before: Jun 11 22:02:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4bae0f469e877e07de040e5da85fe79b7efca121
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:bd:fb:c3:c6:ca:32:ac:1e:00:c7:a1:e2:48:
                    04:ee:4a:4e:aa:36:6b:96:24:6d:d4:86:8d:67:c9:
                    90:00:54:77:88:70:0e:85:e0:32:21:e6:2f:0b:5d:
                    46:17:5f:9c:5d:58:b8:30:9c:15:9f:c5:c8:1c:d9:
                    e6:68:7f:d2:c8:27:6a:43:25:4a:2a:37:98:62:c7:
                    60:79:2a:78:66:f1:6d:4d:25:70:a8:ac:ba:11:c6:
                    26:64:5f:75:72:30:1f:5c:7a:09:f5:34:02:2e:ef:
                    f6:72:8e:75:9c:18:29:55:12:46:79:ff:50:9e:6e:
                    e2:bf:76:1c:e0:db:7c:a0:cb:b2:f2:cb:50:d6:fc:
                    ee:f3:5d:04:bd:cb:40:83:9b:e8:3c:c8:38:49:68:
                    7e:11:78:df:d0:3a:88:e3:db:81:8e:bd:e5:e6:1f:
                    e2:b6:3c:0b:46:04:e5:44:4e:ca:23:bf:ca:76:33:
                    29:c9:29:8b:d7:cb:20:93:8b:78:93:68:7b:14:87:
                    a4:f1:58:69:7a:d2:34:bd:14:61:51:d1:ed:10:3c:
                    9b:86:f3:2b:16:26:dd:eb:13:e9:19:a7:f2:1b:c8:
                    bb:e4:8e:b5:c6:01:e9:50:7a:a0:1c:d8:1b:3c:63:
                    36:f3:54:7b:5c:f6:9f:0f:bd:19:c2:f9:e4:71:26:
                    c7:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:AE:0F:46:9E:87:7E:07:DE:04:0E:5D:A8:5F:E7:9B:7E:FC:A1:21
            X509v3 Authority Key Identifier:
                keyid:F0:0B:DC:C4:44:17:3F:59:94:DE:34:A3:BF:63:F3:AD:97:64:C6:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8AvcxEQXP1mU3jSjv2PzrZdkxtE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/S64PRp6HfgfeBA5dqF_nm378oSE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/8AvcxEQXP1mU3jSjv2PzrZdkxtE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ab80:3ee::/48
                  2a10:ab80:3f4::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:1c:78:55:24:8e:0b:7d:41:0e:b2:3f:8e:f4:e4:7b:0e:f0:
         83:66:cd:a2:c5:41:ea:af:47:a0:59:ca:24:aa:be:1c:bf:a5:
         b2:b7:1f:49:53:e1:2f:69:f5:88:9e:a3:f6:e0:af:62:89:59:
         bd:b1:d7:4c:d4:60:3b:68:61:43:e3:25:0f:54:d3:be:8a:73:
         18:09:fa:44:aa:bb:f9:95:70:98:30:82:c4:70:b4:65:fd:46:
         99:6a:b0:fd:3b:29:9a:4c:19:f4:08:8f:7f:0c:46:3c:82:69:
         5f:69:89:a1:1b:e5:3f:b9:96:a6:70:e3:ca:58:15:2e:02:3b:
         e9:1a:1f:cd:2f:06:79:45:4f:3f:8f:bb:8d:80:0e:c9:2c:c6:
         d9:12:e6:2b:e5:e3:e9:fc:44:e4:3c:f5:73:8a:74:f8:a8:49:
         84:89:97:08:89:8d:31:d0:69:3e:40:b4:7b:3c:79:0d:4a:96:
         78:c2:d7:3f:50:ca:c5:2b:6b:e3:c7:6f:93:8b:7f:2d:18:cc:
         52:f9:65:07:ee:4c:0b:3f:00:7a:e9:a4:10:df:c1:81:77:27:
         5f:fa:97:64:1a:78:52:0b:01:98:d4:b0:05:97:c1:53:47:98:
         56:38:db:b4:44:a5:a9:e4:ee:e5:fe:17:c0:aa:bf:e2:7c:97:
         91:b8:57:fc
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ64tQWmuKKseZ/bBRocW3wHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMGJkY2M0NDQxNzNmNTk5NGRlMzRhM2JmNjNmM2FkOTc2
NGM2ZDEwHhcNMjYwNjExMjIwMjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmFlMGY0NjllODc3ZTA3ZGUwNDBlNWRhODVmZTc5YjdlZmNhMTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkL37w8bKMqweAMeh4kgE7kpOqjZr
liRt1IaNZ8mQAFR3iHAOheAyIeYvC11GF1+cXVi4MJwVn8XIHNnmaH/SyCdqQyVK
KjeYYsdgeSp4ZvFtTSVwqKy6EcYmZF91cjAfXHoJ9TQCLu/2co51nBgpVRJGef9Q
nm7iv3Yc4Nt8oMuy8stQ1vzu810EvctAg5voPMg4SWh+EXjf0DqI49uBjr3l5h/i
tjwLRgTlRE7KI7/KdjMpySmL18sgk4t4k2h7FIek8VhpetI0vRRhUdHtEDybhvMr
Fibd6xPpGafyG8i75I61xgHpUHqgHNgbPGM281R7XPafD70ZwvnkcSbHkQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEuuD0aeh34H3gQOXahf55t+/KEhMB8GA1UdIwQY
MBaAFPAL3MREFz9ZlN40o79j862XZMbRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEF2Y3hFUVhQMW1VM2pTanYyUHpyWmRreHRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9kNjJkZTEtMTE3My00ODhkLWFmMTYt
Y2ZhNWE0Yjg5ODZiLzEvUzY0UFJwNkhmZ2ZlQkE1ZHFGX25tMzc4b1NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9kNjJkZTEtMTE3My00ODhkLWFmMTYtY2ZhNWE0Yjg5ODZi
LzEvOEF2Y3hFUVhQMW1VM2pTanYyUHpyWmRreHRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhCrgAPu
AwcAKhCrgAP0MA0GCSqGSIb3DQEBCwUAA4IBAQB6HHhVJI4LfUEOsj+O9OR7DvCD
Zs2ixUHqr0egWcokqr4cv6Wytx9JU+EvafWInqP24K9iiVm9sddM1GA7aGFD4yUP
VNO+inMYCfpEqrv5lXCYMILEcLRl/UaZarD9OymaTBn0CI9/DEY8gmlfaYmhG+U/
uZamcOPKWBUuAjvpGh/NLwZ5RU8/j7uNgA7JLMbZEuYr5ePp/ETkPPVzinT4qEmE
iZcIiY0x0Gk+QLR7PHkNSpZ4wtc/UMrFK2vjx2+Ti38tGMxS+WUH7kwLPwB66aQQ
38GBdydf+pdkGnhSCwGY1LAFl8FTR5hWONu0RKWp5O7l/hfAqr/ifJeRuFf8
-----END CERTIFICATE-----