Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/eaa787-a249-485f-b750-67062faef802/1/HIyIUJSBJUIjO3Nq8uFKc2lakKE.roa
File:                     HIyIUJSBJUIjO3Nq8uFKc2lakKE.roa (raw, json)
Hash identifier:          H/aTQCtUo9ZsKqh3rYnzy03zPhA2U/tPcSPNzM5Lhas=
Subject key identifier:   1C:8C:88:50:94:81:25:42:23:3B:73:6A:F2:E1:4A:73:69:5A:90:A1
Certificate issuer:       /CN=1afbd4488916faecfde27af63cf98451b9672ff6
Certificate serial:       019CDA1A1CAEF818C769B8ABA006C450F9F3
Authority key identifier: 1A:FB:D4:48:89:16:FA:EC:FD:E2:7A:F6:3C:F9:84:51:B9:67:2F:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GvvUSIkW-uz94nr2PPmEUblnL_Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/eaa787-a249-485f-b750-67062faef802/1/HIyIUJSBJUIjO3Nq8uFKc2lakKE.roa
Signing time:             Tue 10 Mar 2026 23:34:30 +0000
ROA not before:           Tue 10 Mar 2026 23:34:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212396
IP address blocks:        2a0d:9840::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/eaa787-a249-485f-b750-67062faef802/1/GvvUSIkW-uz94nr2PPmEUblnL_Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/eaa787-a249-485f-b750-67062faef802/1/GvvUSIkW-uz94nr2PPmEUblnL_Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GvvUSIkW-uz94nr2PPmEUblnL_Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 24 Mar 2026 16:19:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:da:1a:1c:ae:f8:18:c7:69:b8:ab:a0:06:c4:50:f9:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1afbd4488916faecfde27af63cf98451b9672ff6
        Validity
            Not Before: Mar 10 23:34:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1c8c885094812542233b736af2e14a73695a90a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:38:de:e2:5d:c2:17:88:03:d9:14:07:54:9f:
                    23:44:0d:89:71:49:a4:48:93:77:33:7e:65:ac:32:
                    4c:bc:c9:da:52:17:d6:d4:ef:62:73:b3:a1:a1:a4:
                    b5:96:a8:88:14:0d:73:8a:87:85:f0:69:f6:eb:c2:
                    49:a2:b3:29:a1:9a:d4:01:31:43:4a:94:2d:29:79:
                    4d:e6:cd:68:67:de:f3:3c:cc:48:96:56:70:7d:68:
                    52:0f:98:d1:dc:b5:fa:ff:04:16:16:6d:82:18:cb:
                    03:fb:eb:3b:42:43:9b:dc:1f:18:2d:21:ef:d8:4d:
                    11:e4:e8:ba:a5:81:12:00:ff:b2:cb:4b:6c:89:93:
                    b3:e3:4a:2d:d6:58:39:cf:66:aa:17:7f:c9:de:b2:
                    76:17:7c:06:11:73:dd:d0:0d:c1:fa:a1:f0:47:66:
                    fb:2d:29:41:e8:85:47:b1:88:98:40:ad:49:be:56:
                    48:67:28:2c:ba:1a:c9:bc:b8:2b:4a:42:c7:d4:44:
                    40:48:9c:a0:fc:97:d7:b5:d3:98:44:60:f6:46:3b:
                    99:98:89:2c:cd:fe:17:ff:e4:57:00:ca:24:de:f4:
                    5f:b8:e5:97:d3:72:b2:4c:62:da:a8:69:bf:4a:d6:
                    73:95:34:f1:09:1a:42:b3:3e:75:3f:73:b0:80:fd:
                    de:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:8C:88:50:94:81:25:42:23:3B:73:6A:F2:E1:4A:73:69:5A:90:A1
            X509v3 Authority Key Identifier:
                keyid:1A:FB:D4:48:89:16:FA:EC:FD:E2:7A:F6:3C:F9:84:51:B9:67:2F:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GvvUSIkW-uz94nr2PPmEUblnL_Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/eaa787-a249-485f-b750-67062faef802/1/HIyIUJSBJUIjO3Nq8uFKc2lakKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/eaa787-a249-485f-b750-67062faef802/1/GvvUSIkW-uz94nr2PPmEUblnL_Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:9840::/48

    Signature Algorithm: sha256WithRSAEncryption
         8f:7e:15:a8:d7:ea:3a:04:09:1d:ae:7c:73:01:38:aa:d7:fd:
         6d:13:e0:5d:66:a3:9f:d5:22:de:04:da:e5:85:81:03:18:8a:
         d7:65:20:b4:27:20:04:9e:b6:bc:74:76:76:d9:64:91:04:8e:
         1e:00:cd:5e:f0:82:f0:c0:4d:c0:8a:83:be:9a:55:54:bd:41:
         36:2b:17:fe:b4:58:98:2d:9c:b4:a2:57:75:4f:dd:33:cc:a0:
         b3:7a:da:0e:f4:7f:94:31:03:2f:c3:1f:c3:a9:f5:9c:8d:0a:
         a6:d9:6b:58:3e:52:73:20:e8:ac:9b:8f:65:e6:68:6a:ca:d9:
         15:d6:02:47:68:bc:c4:7b:1a:f0:02:17:3e:2a:81:b4:53:3c:
         fb:af:e0:a5:8a:8f:47:d7:11:8b:db:8d:9a:00:9f:75:ff:f7:
         33:1e:6f:3a:ed:de:23:c1:29:04:20:52:65:21:06:55:2e:2e:
         63:2b:f2:3d:a5:49:3d:7c:be:25:b7:c6:1c:f3:82:10:84:7e:
         ff:ee:fd:47:d4:2c:09:6e:b5:7b:4e:10:2d:6b:80:08:2a:af:
         92:1f:60:a4:27:82:d5:8c:52:c7:8b:a9:93:71:91:bb:e0:ba:
         98:88:c6:07:59:fa:90:8f:ec:9e:4a:c7:ed:af:08:81:47:88:
         f6:6a:6b:1d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZzaGhyu+BjHabiroAbEUPnzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhZmJkNDQ4ODkxNmZhZWNmZGUyN2FmNjNjZjk4NDUxYjk2
NzJmZjYwHhcNMjYwMzEwMjMzNDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzhjODg1MDk0ODEyNTQyMjMzYjczNmFmMmUxNGE3MzY5NWE5MGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAljje4l3CF4gD2RQHVJ8jRA2JcUmk
SJN3M35lrDJMvMnaUhfW1O9ic7OhoaS1lqiIFA1zioeF8Gn268JJorMpoZrUATFD
SpQtKXlN5s1oZ97zPMxIllZwfWhSD5jR3LX6/wQWFm2CGMsD++s7QkOb3B8YLSHv
2E0R5Oi6pYESAP+yy0tsiZOz40ot1lg5z2aqF3/J3rJ2F3wGEXPd0A3B+qHwR2b7
LSlB6IVHsYiYQK1JvlZIZygsuhrJvLgrSkLH1ERASJyg/JfXtdOYRGD2RjuZmIks
zf4X/+RXAMok3vRfuOWX03KyTGLaqGm/StZzlTTxCRpCsz51P3OwgP3eAwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFByMiFCUgSVCIztzavLhSnNpWpChMB8GA1UdIwQY
MBaAFBr71EiJFvrs/eJ69jz5hFG5Zy/2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3Z2VVNJa1ctdXo5NG5yMlBQbUVVYmxuTF9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9lYWE3ODctYTI0OS00ODVmLWI3NTAt
NjcwNjJmYWVmODAyLzEvSEl5SVVKU0JKVUlqTzNOcTh1RktjMmxha0tFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9lYWE3ODctYTI0OS00ODVmLWI3NTAtNjcwNjJmYWVmODAy
LzEvR3Z2VVNJa1ctdXo5NG5yMlBQbUVVYmxuTF9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg2YQAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQCPfhWo1+o6BAkdrnxzATiq1/1tE+BdZqOf1SLe
BNrlhYEDGIrXZSC0JyAEnra8dHZ22WSRBI4eAM1e8ILwwE3AioO+mlVUvUE2Kxf+
tFiYLZy0old1T90zzKCzetoO9H+UMQMvwx/DqfWcjQqm2WtYPlJzIOism49l5mhq
ytkV1gJHaLzEexrwAhc+KoG0Uzz7r+Clio9H1xGL242aAJ91//czHm867d4jwSkE
IFJlIQZVLi5jK/I9pUk9fL4lt8Yc84IQhH7/7v1H1CwJbrV7ThAta4AIKq+SH2Ck
J4LVjFLHi6mTcZG74LqYiMYHWfqQj+yeSsftrwiBR4j2amsd
-----END CERTIFICATE-----