Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/03325f-234e-42d8-bccc-ae65f0e6d866/1/FROPYkM5ktQTS4wOQF6SJwJLwig.roa
File:                     FROPYkM5ktQTS4wOQF6SJwJLwig.roa (raw, json)
Hash identifier:          AuHjIMdxNo/GZjrCi+DZLonZ7eKRGgLWjts+JzfgAeI=
Subject key identifier:   15:13:8F:62:43:39:92:D4:13:4B:8C:0E:40:5E:92:27:02:4B:C2:28
Certificate issuer:       /CN=240b32cd6b5797bba8de75710d2263858909f386
Certificate serial:       019ED5E35E267AB7CD61E14D9F0FC0EE226E
Authority key identifier: 24:0B:32:CD:6B:57:97:BB:A8:DE:75:71:0D:22:63:85:89:09:F3:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JAsyzWtXl7uo3nVxDSJjhYkJ84Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/03325f-234e-42d8-bccc-ae65f0e6d866/1/FROPYkM5ktQTS4wOQF6SJwJLwig.roa
Signing time:             Wed 17 Jun 2026 14:01:48 +0000
ROA not before:           Wed 17 Jun 2026 14:01:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219422
IP address blocks:        2001:678:12ac::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/03325f-234e-42d8-bccc-ae65f0e6d866/1/JAsyzWtXl7uo3nVxDSJjhYkJ84Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/03325f-234e-42d8-bccc-ae65f0e6d866/1/JAsyzWtXl7uo3nVxDSJjhYkJ84Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JAsyzWtXl7uo3nVxDSJjhYkJ84Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 24 Jun 2026 13:08:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:d5:e3:5e:26:7a:b7:cd:61:e1:4d:9f:0f:c0:ee:22:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=240b32cd6b5797bba8de75710d2263858909f386
        Validity
            Not Before: Jun 17 14:01:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=15138f62433992d4134b8c0e405e9227024bc228
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:69:9c:ee:47:d3:0e:bf:bf:eb:8b:69:34:b2:
                    1a:90:f2:29:34:e4:7c:ae:7f:39:3d:42:1b:a3:ba:
                    37:20:83:34:c2:c8:5c:62:b4:2c:42:cb:63:19:92:
                    4d:1f:9e:bd:9f:49:c7:fa:dc:df:72:76:ea:e5:d5:
                    41:7e:1b:e6:4e:76:22:09:a8:85:41:08:9f:ef:aa:
                    ac:61:5b:df:35:a4:f1:4d:bf:5b:5c:4b:a8:e2:8c:
                    0c:cd:dc:59:f1:7a:c7:a3:47:9d:23:d0:e6:d3:5c:
                    1b:17:a6:e8:94:b8:ce:76:c5:66:e9:73:20:86:28:
                    09:e5:06:5d:fc:94:f5:a8:bf:52:a8:2f:41:a6:d7:
                    d5:fb:8b:23:2b:fc:1e:28:60:d0:64:83:2f:95:c1:
                    38:55:3c:2c:d5:8e:73:56:8d:95:d6:ff:03:da:12:
                    2c:d9:19:99:51:c2:1f:a2:ae:b0:bf:03:e2:86:ad:
                    d4:2a:cb:a3:d3:e4:47:21:06:0a:e5:b0:37:fa:5e:
                    ef:35:1d:5b:60:08:e5:b9:76:75:6c:07:ea:0e:6c:
                    5b:68:44:ef:4c:ed:ef:a0:51:cb:ee:57:f9:83:c6:
                    09:8d:fb:5f:0e:99:16:77:6b:0b:0c:14:ef:32:d4:
                    f6:e2:0f:82:38:ad:6a:6e:40:0a:01:98:6e:e8:cb:
                    2c:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:13:8F:62:43:39:92:D4:13:4B:8C:0E:40:5E:92:27:02:4B:C2:28
            X509v3 Authority Key Identifier:
                keyid:24:0B:32:CD:6B:57:97:BB:A8:DE:75:71:0D:22:63:85:89:09:F3:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JAsyzWtXl7uo3nVxDSJjhYkJ84Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/03325f-234e-42d8-bccc-ae65f0e6d866/1/FROPYkM5ktQTS4wOQF6SJwJLwig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/03325f-234e-42d8-bccc-ae65f0e6d866/1/JAsyzWtXl7uo3nVxDSJjhYkJ84Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:12ac::/48

    Signature Algorithm: sha256WithRSAEncryption
         41:2d:b5:04:30:00:e1:6a:f1:7a:59:ac:b3:9d:a3:a8:d9:1e:
         22:18:58:fa:44:25:6c:5c:b3:e7:b2:c9:34:3c:b1:b9:f4:61:
         56:7e:3f:10:ee:b3:21:3b:58:14:d8:3a:67:de:c2:9b:f9:7c:
         02:2f:7d:79:11:85:ca:91:1e:ae:a5:fd:93:9e:3d:af:c8:32:
         c1:d0:aa:be:bd:fb:c8:97:74:64:52:c8:eb:56:13:30:4c:62:
         df:24:d6:82:1a:fb:34:c0:0a:d8:e5:96:e9:cd:e7:91:40:cd:
         54:64:0e:9d:8e:e5:4c:e4:24:b2:fc:dc:fe:cf:22:c4:1f:1c:
         88:f1:53:a8:33:9e:f8:ea:a2:9d:5e:6f:4a:67:27:69:48:aa:
         86:59:37:b6:8a:87:6d:e4:ac:f3:50:39:27:c3:60:87:33:75:
         66:80:6b:10:ca:d1:d9:6b:d3:6a:02:b0:78:f8:d6:56:6c:0a:
         d0:2d:64:d3:20:b1:0d:4c:34:d1:72:4a:65:f4:c7:b1:d7:19:
         59:81:53:92:07:a5:a1:e0:b0:ed:58:6a:83:25:e5:cc:66:60:
         4e:f7:e5:5f:5b:f7:76:81:95:00:e3:3e:86:f4:73:5b:e3:d7:
         7f:91:6b:de:66:70:08:38:53:e4:06:f6:b8:72:cb:45:b0:ce:
         22:69:75:ef
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ7V414merfNYeFNnw/A7iJuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0MGIzMmNkNmI1Nzk3YmJhOGRlNzU3MTBkMjI2Mzg1ODkw
OWYzODYwHhcNMjYwNjE3MTQwMTQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTEzOGY2MjQzMzk5MmQ0MTM0YjhjMGU0MDVlOTIyNzAyNGJjMjI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2mc7kfTDr+/64tpNLIakPIpNOR8
rn85PUIbo7o3IIM0wshcYrQsQstjGZJNH569n0nH+tzfcnbq5dVBfhvmTnYiCaiF
QQif76qsYVvfNaTxTb9bXEuo4owMzdxZ8XrHo0edI9Dm01wbF6bolLjOdsVm6XMg
higJ5QZd/JT1qL9SqC9BptfV+4sjK/weKGDQZIMvlcE4VTws1Y5zVo2V1v8D2hIs
2RmZUcIfoq6wvwPihq3UKsuj0+RHIQYK5bA3+l7vNR1bYAjluXZ1bAfqDmxbaETv
TO3voFHL7lf5g8YJjftfDpkWd2sLDBTvMtT24g+COK1qbkAKAZhu6MssGQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBUTj2JDOZLUE0uMDkBekicCS8IoMB8GA1UdIwQY
MBaAFCQLMs1rV5e7qN51cQ0iY4WJCfOGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkFzeXpXdFhsN3VvM25WeERTSmpoWWtKODRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8wMzMyNWYtMjM0ZS00MmQ4LWJjY2Mt
YWU2NWYwZTZkODY2LzEvRlJPUFlrTTVrdFFUUzR3T1FGNlNKd0pMd2lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8wMzMyNWYtMjM0ZS00MmQ4LWJjY2MtYWU2NWYwZTZkODY2
LzEvSkFzeXpXdFhsN3VvM25WeERTSmpoWWtKODRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBKs
MA0GCSqGSIb3DQEBCwUAA4IBAQBBLbUEMADhavF6WayznaOo2R4iGFj6RCVsXLPn
ssk0PLG59GFWfj8Q7rMhO1gU2Dpn3sKb+XwCL315EYXKkR6upf2Tnj2vyDLB0Kq+
vfvIl3RkUsjrVhMwTGLfJNaCGvs0wArY5ZbpzeeRQM1UZA6djuVM5CSy/Nz+zyLE
HxyI8VOoM5746qKdXm9KZydpSKqGWTe2iodt5KzzUDknw2CHM3VmgGsQytHZa9Nq
ArB4+NZWbArQLWTTILENTDTRckpl9Mex1xlZgVOSB6Wh4LDtWGqDJeXMZmBO9+Vf
W/d2gZUA4z6G9HNb49d/kWveZnAIOFPkBva4cstFsM4iaXXv
-----END CERTIFICATE-----