Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/d2p9fI6l3625amrMaU2KkW7aN5Y.roa
File:                     d2p9fI6l3625amrMaU2KkW7aN5Y.roa (raw, json)
Hash identifier:          yRydq8akN2cfMo5gIZEKbHtBLpRWD96CTPSz9Hf2db4=
Subject key identifier:   77:6A:7D:7C:8E:A5:DF:AD:B9:6A:6A:CC:69:4D:8A:91:6E:DA:37:96
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       019CB3881B2EDFD546D19A9C301E1472831D
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/d2p9fI6l3625amrMaU2KkW7aN5Y.roa
Signing time:             Tue 03 Mar 2026 11:49:27 +0000
ROA not before:           Tue 03 Mar 2026 11:49:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213413
IP address blocks:        2a0a:79c0:1300::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Mar 2026 19:55:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b3:88:1b:2e:df:d5:46:d1:9a:9c:30:1e:14:72:83:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Mar  3 11:49:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=776a7d7c8ea5dfadb96a6acc694d8a916eda3796
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:14:db:90:c6:af:d8:b9:7e:bc:70:aa:0b:1c:
                    c6:fc:0b:c2:71:08:fc:63:0c:9e:ff:97:67:86:6f:
                    fb:b4:08:f8:90:a3:53:82:b0:9a:65:d6:4d:32:50:
                    78:37:d9:77:83:40:fe:b6:6c:6c:c2:b4:62:5d:34:
                    4b:6d:12:23:b9:81:6a:65:5a:e1:86:51:0d:8e:da:
                    a9:a4:31:b6:d3:6b:e7:60:f6:f3:d0:37:8b:e5:6a:
                    21:b8:0c:cf:9e:de:61:d0:8e:3a:7a:f0:e6:c8:38:
                    e3:f0:93:11:61:ca:77:ef:9c:fd:ff:7f:5b:b4:05:
                    3c:dd:3a:c7:8e:97:19:c9:94:51:dd:c3:56:63:cb:
                    e1:8f:60:35:90:e0:ef:cc:4b:ca:56:87:0d:af:c5:
                    13:be:3c:49:3c:bd:7b:63:e9:f9:ce:76:0e:64:32:
                    99:99:70:78:98:b2:e3:94:93:e0:45:d9:83:02:89:
                    66:4e:bc:0c:03:03:21:24:1a:9b:73:41:56:29:95:
                    14:ee:7b:13:a5:ad:47:38:96:44:0b:64:68:83:03:
                    b6:0a:67:0d:f9:f7:d5:be:15:18:a6:12:89:ba:7a:
                    07:c7:5d:7c:75:45:7c:a1:43:b3:81:5e:72:7b:fe:
                    51:34:b0:6e:02:cd:6f:4b:9c:f3:0e:71:77:ff:c9:
                    34:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:6A:7D:7C:8E:A5:DF:AD:B9:6A:6A:CC:69:4D:8A:91:6E:DA:37:96
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/d2p9fI6l3625amrMaU2KkW7aN5Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:79c0:1300::/48

    Signature Algorithm: sha256WithRSAEncryption
         b3:63:af:59:f8:6d:f9:13:1e:86:94:aa:c7:0d:27:a7:4e:6f:
         c8:f2:1f:93:c1:45:2f:b9:ee:24:cc:b0:7c:8c:b9:fe:db:2f:
         8a:ea:79:0d:ef:77:07:d0:c6:16:48:85:ed:99:1c:57:bb:62:
         35:02:9a:76:46:e3:ce:0e:58:8f:86:13:88:26:62:4f:c5:5d:
         15:58:b0:c0:76:c8:ec:52:ec:0e:e8:bb:c1:ea:b5:f5:9e:c0:
         ec:4d:1d:dc:07:e2:9f:f0:52:e1:38:1f:f2:71:32:84:04:45:
         2e:5f:fa:37:84:1d:fc:fd:92:9c:88:09:c7:9d:41:5e:dc:39:
         fa:9d:b0:07:9d:8b:44:91:9b:3e:96:c9:ec:b9:09:1c:60:4a:
         a2:16:b8:4f:19:e4:75:be:8a:31:21:61:ed:4c:37:60:e7:b4:
         2e:d2:fd:f7:c6:01:e1:c5:38:f3:6d:68:b7:6b:77:38:5b:e7:
         ff:55:e7:73:85:f6:0a:df:c1:4a:8a:ce:ec:3c:0b:58:0b:d4:
         01:68:3d:07:8d:df:d1:94:03:b7:c7:3d:21:33:ba:cb:f6:63:
         39:2e:75:e0:c9:7c:43:9d:c0:08:a4:f0:b8:4c:aa:e8:3a:bb:
         34:b7:f2:8a:bc:3b:e1:4d:c5:d8:81:ae:ac:08:7c:1e:12:52:
         15:34:8b:da
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZyziBsu39VG0ZqcMB4UcoMdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjYwMzAzMTE0OTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzZhN2Q3YzhlYTVkZmFkYjk2YTZhY2M2OTRkOGE5MTZlZGEzNzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2BTbkMav2Ll+vHCqCxzG/AvCcQj8
Ywye/5dnhm/7tAj4kKNTgrCaZdZNMlB4N9l3g0D+tmxswrRiXTRLbRIjuYFqZVrh
hlENjtqppDG202vnYPbz0DeL5WohuAzPnt5h0I46evDmyDjj8JMRYcp375z9/39b
tAU83TrHjpcZyZRR3cNWY8vhj2A1kODvzEvKVocNr8UTvjxJPL17Y+n5znYOZDKZ
mXB4mLLjlJPgRdmDAolmTrwMAwMhJBqbc0FWKZUU7nsTpa1HOJZEC2RogwO2CmcN
+ffVvhUYphKJunoHx118dUV8oUOzgV5ye/5RNLBuAs1vS5zzDnF3/8k0IQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHdqfXyOpd+tuWpqzGlNipFu2jeWMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvZDJwOWZJNmwzNjI1YW1yTWFVMktrVzdhTjVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgp5wBMA
MA0GCSqGSIb3DQEBCwUAA4IBAQCzY69Z+G35Ex6GlKrHDSenTm/I8h+TwUUvue4k
zLB8jLn+2y+K6nkN73cH0MYWSIXtmRxXu2I1App2RuPODliPhhOIJmJPxV0VWLDA
dsjsUuwO6LvB6rX1nsDsTR3cB+Kf8FLhOB/ycTKEBEUuX/o3hB38/ZKciAnHnUFe
3Dn6nbAHnYtEkZs+lsnsuQkcYEqiFrhPGeR1vooxIWHtTDdg57Qu0v33xgHhxTjz
bWi3a3c4W+f/VedzhfYK38FKis7sPAtYC9QBaD0Hjd/RlAO3xz0hM7rL9mM5LnXg
yXxDncAIpPC4TKroOrs0t/KKvDvhTcXYga6sCHweElIVNIva
-----END CERTIFICATE-----