Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/yiuDmYNujJ-3-dV-G5Ddrmhk35g.roa
File:                     yiuDmYNujJ-3-dV-G5Ddrmhk35g.roa (raw, json)
Hash identifier:          mFYBV1S9iVKj+qr4DTYJKjQm9npiVBRmX1CGpKIQS90=
Subject key identifier:   CA:2B:83:99:83:6E:8C:9F:B7:F9:D5:7E:1B:90:DD:AE:68:64:DF:98
Certificate issuer:       /CN=f00bdcc444173f5994de34a3bf63f3ad9764c6d1
Certificate serial:       019E3C4DDF00F1F957374DA9F41DE0DEB4F4
Authority key identifier: F0:0B:DC:C4:44:17:3F:59:94:DE:34:A3:BF:63:F3:AD:97:64:C6:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8AvcxEQXP1mU3jSjv2PzrZdkxtE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/yiuDmYNujJ-3-dV-G5Ddrmhk35g.roa
Signing time:             Mon 18 May 2026 18:16:36 +0000
ROA not before:           Mon 18 May 2026 18:16:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212112
IP address blocks:        2a10:ab80:3e3::/48 maxlen: 48
                          2a10:ab80:3e8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/8AvcxEQXP1mU3jSjv2PzrZdkxtE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/8AvcxEQXP1mU3jSjv2PzrZdkxtE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8AvcxEQXP1mU3jSjv2PzrZdkxtE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 07:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:3c:4d:df:00:f1:f9:57:37:4d:a9:f4:1d:e0:de:b4:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f00bdcc444173f5994de34a3bf63f3ad9764c6d1
        Validity
            Not Before: May 18 18:16:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ca2b8399836e8c9fb7f9d57e1b90ddae6864df98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:26:2b:d1:5e:59:70:64:20:53:9a:eb:72:c6:
                    d3:dd:04:58:7f:cc:8a:6f:1a:f8:54:63:5c:ff:64:
                    ee:a3:d6:68:fc:47:a6:8d:f4:a2:6a:1f:df:7f:0f:
                    6d:54:c8:ff:ad:38:56:1b:39:e4:32:d8:f6:b7:7b:
                    98:52:cd:c9:e1:49:00:fe:b0:8b:16:1f:16:0c:0e:
                    43:d8:a1:13:61:7b:31:8b:da:46:bc:40:94:b4:ef:
                    ba:30:ee:43:c5:be:ff:7b:ae:2f:59:f6:90:91:45:
                    6a:c8:99:12:3f:67:d3:64:25:35:da:e8:99:b2:0d:
                    bd:a5:a8:0a:ee:8f:9b:4e:bd:d9:7b:72:a1:05:f0:
                    c1:f1:1a:db:34:6d:5d:9d:9f:55:de:26:5e:c7:61:
                    92:c7:e1:09:9d:bb:84:3a:26:79:7a:10:35:80:41:
                    8d:da:58:af:33:f2:2c:40:9c:34:8f:cf:ca:28:4f:
                    14:7b:7f:37:93:40:1a:e5:63:b0:0c:72:6e:00:2f:
                    a2:1c:c4:36:d1:fd:02:d8:b8:d6:46:4b:f6:e2:82:
                    81:a6:4c:46:06:cc:18:ef:01:50:e4:a8:81:01:93:
                    0c:3b:b2:33:14:ad:c3:d1:f4:96:89:44:5f:61:f5:
                    c6:80:d6:10:39:23:fa:7e:83:71:af:9c:38:0f:e0:
                    10:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:2B:83:99:83:6E:8C:9F:B7:F9:D5:7E:1B:90:DD:AE:68:64:DF:98
            X509v3 Authority Key Identifier:
                keyid:F0:0B:DC:C4:44:17:3F:59:94:DE:34:A3:BF:63:F3:AD:97:64:C6:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8AvcxEQXP1mU3jSjv2PzrZdkxtE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/yiuDmYNujJ-3-dV-G5Ddrmhk35g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/8AvcxEQXP1mU3jSjv2PzrZdkxtE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ab80:3e3::/48
                  2a10:ab80:3e8::/48

    Signature Algorithm: sha256WithRSAEncryption
         3a:9a:86:3e:47:b8:53:22:88:32:ec:12:2b:17:ec:fb:d2:0f:
         89:6a:f1:4b:6d:12:db:68:93:f0:d7:2a:94:9a:8a:39:b0:ef:
         ac:94:55:e4:1b:00:90:47:78:74:ad:dc:c7:18:e7:57:97:21:
         75:82:d1:ef:21:a9:a1:5f:d7:33:26:0b:2c:ea:78:26:2b:8d:
         3c:74:01:7f:f4:85:9f:06:f0:cd:88:1f:e4:e3:15:b5:80:9d:
         24:f8:6a:41:43:ea:0c:fd:0a:11:8a:06:12:ba:8f:35:df:46:
         13:12:c7:fc:85:9e:ca:df:d0:4f:2b:55:33:98:b5:75:60:4b:
         0e:e7:02:62:4e:cd:31:df:f6:fa:35:75:03:b5:db:7d:45:68:
         a8:ae:09:52:f8:f4:63:6f:8d:7d:70:f7:32:27:02:4e:12:51:
         99:22:8c:8e:9e:99:fb:37:a7:50:c2:e0:e8:cc:4d:ed:25:6d:
         51:da:14:85:f7:f4:11:ea:e8:51:be:fb:26:2d:d0:fe:b1:b6:
         48:5f:09:c3:de:c9:6d:ca:ac:b3:df:0c:59:12:2e:22:96:c9:
         7d:dc:a3:56:7c:48:fe:dc:f8:a6:65:c4:2e:6d:21:f5:31:43:
         3e:32:b5:e2:51:e1:39:87:97:49:f2:0e:35:e7:de:2e:da:75:
         68:2c:d8:d3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ48Td8A8flXN02p9B3g3rT0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMGJkY2M0NDQxNzNmNTk5NGRlMzRhM2JmNjNmM2FkOTc2
NGM2ZDEwHhcNMjYwNTE4MTgxNjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTJiODM5OTgzNmU4YzlmYjdmOWQ1N2UxYjkwZGRhZTY4NjRkZjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCYr0V5ZcGQgU5rrcsbT3QRYf8yK
bxr4VGNc/2Tuo9Zo/EemjfSiah/ffw9tVMj/rThWGznkMtj2t3uYUs3J4UkA/rCL
Fh8WDA5D2KETYXsxi9pGvECUtO+6MO5Dxb7/e64vWfaQkUVqyJkSP2fTZCU12uiZ
sg29pagK7o+bTr3Ze3KhBfDB8RrbNG1dnZ9V3iZex2GSx+EJnbuEOiZ5ehA1gEGN
2livM/IsQJw0j8/KKE8Ue383k0Aa5WOwDHJuAC+iHMQ20f0C2LjWRkv24oKBpkxG
BswY7wFQ5KiBAZMMO7IzFK3D0fSWiURfYfXGgNYQOSP6foNxr5w4D+AQPwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMorg5mDboyft/nVfhuQ3a5oZN+YMB8GA1UdIwQY
MBaAFPAL3MREFz9ZlN40o79j862XZMbRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEF2Y3hFUVhQMW1VM2pTanYyUHpyWmRreHRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9kNjJkZTEtMTE3My00ODhkLWFmMTYt
Y2ZhNWE0Yjg5ODZiLzEveWl1RG1ZTnVqSi0zLWRWLUc1RGRybWhrMzVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9kNjJkZTEtMTE3My00ODhkLWFmMTYtY2ZhNWE0Yjg5ODZi
LzEvOEF2Y3hFUVhQMW1VM2pTanYyUHpyWmRreHRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhCrgAPj
AwcAKhCrgAPoMA0GCSqGSIb3DQEBCwUAA4IBAQA6moY+R7hTIogy7BIrF+z70g+J
avFLbRLbaJPw1yqUmoo5sO+slFXkGwCQR3h0rdzHGOdXlyF1gtHvIamhX9czJgss
6ngmK408dAF/9IWfBvDNiB/k4xW1gJ0k+GpBQ+oM/QoRigYSuo8130YTEsf8hZ7K
39BPK1UzmLV1YEsO5wJiTs0x3/b6NXUDtdt9RWiorglS+PRjb419cPcyJwJOElGZ
IoyOnpn7N6dQwuDozE3tJW1R2hSF9/QR6uhRvvsmLdD+sbZIXwnD3sltyqyz3wxZ
Ei4ilsl93KNWfEj+3PimZcQubSH1MUM+MrXiUeE5h5dJ8g41594u2nVoLNjT
-----END CERTIFICATE-----