Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/g9eBBErf7cGntKTfm3PnpI6Ysa8.roa
File:                     g9eBBErf7cGntKTfm3PnpI6Ysa8.roa (raw, json)
Hash identifier:          L1Y5INt4k++fXqtaolFcZdxOvA8W927R6H65T4L/Fcg=
Subject key identifier:   83:D7:81:04:4A:DF:ED:C1:A7:B4:A4:DF:9B:73:E7:A4:8E:98:B1:AF
Certificate issuer:       /CN=f00bdcc444173f5994de34a3bf63f3ad9764c6d1
Certificate serial:       019EB6AFBF12E120AC44C3AA2537D465A144
Authority key identifier: F0:0B:DC:C4:44:17:3F:59:94:DE:34:A3:BF:63:F3:AD:97:64:C6:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8AvcxEQXP1mU3jSjv2PzrZdkxtE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/g9eBBErf7cGntKTfm3PnpI6Ysa8.roa
Signing time:             Thu 11 Jun 2026 12:37:11 +0000
ROA not before:           Thu 11 Jun 2026 12:37:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199417
IP address blocks:        2a10:ab80:3f1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/8AvcxEQXP1mU3jSjv2PzrZdkxtE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/8AvcxEQXP1mU3jSjv2PzrZdkxtE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8AvcxEQXP1mU3jSjv2PzrZdkxtE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b6:af:bf:12:e1:20:ac:44:c3:aa:25:37:d4:65:a1:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f00bdcc444173f5994de34a3bf63f3ad9764c6d1
        Validity
            Not Before: Jun 11 12:37:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=83d781044adfedc1a7b4a4df9b73e7a48e98b1af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:02:fc:cd:fe:2e:cc:b6:f0:8f:d0:01:35:36:
                    0d:03:55:fb:bb:2d:8e:47:8b:e2:22:6c:b6:78:78:
                    e9:6b:72:62:be:d2:0b:9e:d8:54:2b:7b:fb:fd:72:
                    a2:b0:a0:ff:08:c8:7a:87:97:e2:b3:26:07:14:23:
                    b6:4e:fc:7d:6c:23:b6:9f:f4:65:8f:2f:b7:c0:2b:
                    67:c6:fd:58:a1:58:07:8a:0e:93:80:fa:b0:a7:c6:
                    38:1d:f7:1b:03:73:08:9f:a2:f9:7e:c5:7e:cf:b2:
                    33:5c:e2:2a:17:af:1c:16:c2:4a:17:28:11:04:72:
                    cc:31:61:6c:81:f0:b1:f0:63:54:76:00:31:79:a8:
                    7f:e3:45:15:88:fd:26:c0:33:17:b7:13:37:02:68:
                    98:41:80:7c:ec:75:6f:c6:1b:be:d7:17:69:30:ca:
                    fd:5a:e7:67:2e:85:56:40:42:40:9d:ca:35:a3:bd:
                    57:1b:05:54:21:ed:53:3e:9e:1c:86:f7:09:a1:d2:
                    e0:eb:f6:4c:83:8e:83:2a:0d:87:1c:0d:ea:fe:ee:
                    c8:e1:b5:62:30:2d:ec:64:4e:69:f9:23:8f:62:d4:
                    e3:c9:1b:b1:1f:a9:fe:00:11:b6:6c:96:f0:4b:b2:
                    e6:c6:89:d6:38:ae:1c:85:bd:49:63:a0:7d:2a:ea:
                    a2:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:D7:81:04:4A:DF:ED:C1:A7:B4:A4:DF:9B:73:E7:A4:8E:98:B1:AF
            X509v3 Authority Key Identifier:
                keyid:F0:0B:DC:C4:44:17:3F:59:94:DE:34:A3:BF:63:F3:AD:97:64:C6:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8AvcxEQXP1mU3jSjv2PzrZdkxtE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/g9eBBErf7cGntKTfm3PnpI6Ysa8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/8AvcxEQXP1mU3jSjv2PzrZdkxtE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ab80:3f1::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:e8:fc:85:77:29:7c:39:83:58:37:60:68:cd:d1:2c:41:6b:
         51:da:0e:6e:e7:27:7e:2b:98:5f:27:a4:5c:ad:38:86:0a:78:
         22:1c:7b:00:9a:8f:c1:5e:e7:a2:fb:e5:06:27:e6:67:42:62:
         e5:e9:a4:71:4f:b3:88:9e:76:64:2d:fe:6f:e8:10:dc:c3:e7:
         06:59:05:79:1d:e6:b6:f6:3b:72:da:c1:2c:3c:ab:68:b8:ff:
         02:0c:1e:16:96:7f:ed:95:ef:de:a3:48:ae:d0:a8:d9:20:a6:
         0c:c7:a5:22:b3:e8:71:02:af:b3:3a:b1:bb:0f:01:04:25:e7:
         40:7a:af:92:55:a5:bf:f0:71:ab:39:e6:9a:fb:28:57:db:9e:
         43:c0:0a:ed:2d:28:bd:b5:f9:56:9d:8a:e5:25:91:f8:22:d9:
         24:f9:cb:31:b7:df:8a:b8:7c:76:56:cc:e9:1e:1a:4f:63:e5:
         a9:51:a8:a8:30:7b:ff:6c:49:7d:e3:68:bc:e0:72:c6:d6:8e:
         d0:40:9e:53:ed:58:10:d9:b8:31:f2:34:c0:28:79:77:41:05:
         3e:70:45:84:46:80:2e:cf:e2:07:9e:48:99:0d:8a:eb:71:1b:
         60:b3:fd:36:cb:c6:d7:4e:f2:4a:59:b7:22:38:86:44:93:6b:
         14:91:a1:78
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ62r78S4SCsRMOqJTfUZaFEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMGJkY2M0NDQxNzNmNTk5NGRlMzRhM2JmNjNmM2FkOTc2
NGM2ZDEwHhcNMjYwNjExMTIzNzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2Q3ODEwNDRhZGZlZGMxYTdiNGE0ZGY5YjczZTdhNDhlOThiMWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAL8zf4uzLbwj9ABNTYNA1X7uy2O
R4viImy2eHjpa3JivtILnthUK3v7/XKisKD/CMh6h5fisyYHFCO2Tvx9bCO2n/Rl
jy+3wCtnxv1YoVgHig6TgPqwp8Y4HfcbA3MIn6L5fsV+z7IzXOIqF68cFsJKFygR
BHLMMWFsgfCx8GNUdgAxeah/40UViP0mwDMXtxM3AmiYQYB87HVvxhu+1xdpMMr9
WudnLoVWQEJAnco1o71XGwVUIe1TPp4chvcJodLg6/ZMg46DKg2HHA3q/u7I4bVi
MC3sZE5p+SOPYtTjyRuxH6n+ABG2bJbwS7LmxonWOK4chb1JY6B9Kuqi2QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIPXgQRK3+3Bp7Sk35tz56SOmLGvMB8GA1UdIwQY
MBaAFPAL3MREFz9ZlN40o79j862XZMbRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEF2Y3hFUVhQMW1VM2pTanYyUHpyWmRreHRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9kNjJkZTEtMTE3My00ODhkLWFmMTYt
Y2ZhNWE0Yjg5ODZiLzEvZzllQkJFcmY3Y0dudEtUZm0zUG5wSTZZc2E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9kNjJkZTEtMTE3My00ODhkLWFmMTYtY2ZhNWE0Yjg5ODZi
LzEvOEF2Y3hFUVhQMW1VM2pTanYyUHpyWmRreHRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhCrgAPx
MA0GCSqGSIb3DQEBCwUAA4IBAQAy6PyFdyl8OYNYN2BozdEsQWtR2g5u5yd+K5hf
J6RcrTiGCngiHHsAmo/BXuei++UGJ+ZnQmLl6aRxT7OInnZkLf5v6BDcw+cGWQV5
Hea29jty2sEsPKtouP8CDB4Wln/tle/eo0iu0KjZIKYMx6Uis+hxAq+zOrG7DwEE
JedAeq+SVaW/8HGrOeaa+yhX255DwArtLSi9tflWnYrlJZH4Itkk+csxt9+KuHx2
VszpHhpPY+WpUaioMHv/bEl942i84HLG1o7QQJ5T7VgQ2bgx8jTAKHl3QQU+cEWE
RoAuz+IHnkiZDYrrcRtgs/02y8bXTvJKWbciOIZEk2sUkaF4
-----END CERTIFICATE-----