Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/ce8943-0ea4-46a3-95fc-ad7a02f1946a/1/tUgLrvuas3A8ffagzPey3XzQQXM.roa
File:                     tUgLrvuas3A8ffagzPey3XzQQXM.roa (raw, json)
Hash identifier:          nldIcz0O0+/Bm3m2OMxGodFkGt2Ggg8SRrnW6hRBtug=
Subject key identifier:   B5:48:0B:AE:FB:9A:B3:70:3C:7D:F6:A0:CC:F7:B2:DD:7C:D0:41:73
Certificate issuer:       /CN=41fa6fa00898ad35ee67fb5a5a19105db6c1d1eb
Certificate serial:       019E7CEF21A233153A22936C63D74CDBDD0A
Authority key identifier: 41:FA:6F:A0:08:98:AD:35:EE:67:FB:5A:5A:19:10:5D:B6:C1:D1:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QfpvoAiYrTXuZ_taWhkQXbbB0es.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/ce8943-0ea4-46a3-95fc-ad7a02f1946a/1/tUgLrvuas3A8ffagzPey3XzQQXM.roa
Signing time:             Sun 31 May 2026 07:28:26 +0000
ROA not before:           Sun 31 May 2026 07:28:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213424
IP address blocks:        2001:67c:c88::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/ce8943-0ea4-46a3-95fc-ad7a02f1946a/1/QfpvoAiYrTXuZ_taWhkQXbbB0es.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/ce8943-0ea4-46a3-95fc-ad7a02f1946a/1/QfpvoAiYrTXuZ_taWhkQXbbB0es.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QfpvoAiYrTXuZ_taWhkQXbbB0es.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 07:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:7c:ef:21:a2:33:15:3a:22:93:6c:63:d7:4c:db:dd:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41fa6fa00898ad35ee67fb5a5a19105db6c1d1eb
        Validity
            Not Before: May 31 07:28:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b5480baefb9ab3703c7df6a0ccf7b2dd7cd04173
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:58:73:f9:de:5c:68:29:c0:43:ed:45:bd:e5:
                    ee:41:8c:db:39:e8:4f:56:c7:57:4b:bf:4a:f2:65:
                    ef:db:85:83:9e:d8:39:29:8a:f0:c3:c1:0f:cf:ba:
                    e6:17:7a:b1:8d:22:c5:d6:b1:f8:b5:26:53:2a:86:
                    94:1f:6e:bf:7e:7d:d2:e1:d9:c6:34:a7:51:31:aa:
                    52:c2:cb:57:aa:fa:86:d9:48:b8:06:bc:2b:ed:e0:
                    b9:49:0f:02:72:e7:63:bd:26:b8:4f:1a:71:89:28:
                    3a:b2:6f:f4:4d:5f:87:96:2a:16:b5:11:e4:7b:20:
                    c0:c5:1d:b4:2d:7f:8e:be:22:92:45:12:f7:cf:41:
                    f7:c1:f6:f7:75:56:21:2b:6a:9d:54:d6:51:94:e0:
                    2f:ca:9e:da:19:4f:93:67:c3:7d:4f:b6:b2:c1:f5:
                    7c:6c:95:ed:f7:6c:4e:23:c7:0e:5a:83:82:70:a1:
                    e9:df:06:0f:21:a0:78:27:7e:80:c1:b1:0d:0d:23:
                    fe:4a:64:a2:91:04:79:46:cd:96:cf:b1:20:90:f4:
                    41:76:4a:26:6d:a9:36:28:62:f6:bf:b1:46:95:b9:
                    da:5b:16:fa:db:e3:46:06:15:5e:c5:75:f8:46:dd:
                    c9:25:5e:fd:ed:fc:84:e0:9d:37:a9:75:76:d4:a9:
                    de:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:48:0B:AE:FB:9A:B3:70:3C:7D:F6:A0:CC:F7:B2:DD:7C:D0:41:73
            X509v3 Authority Key Identifier:
                keyid:41:FA:6F:A0:08:98:AD:35:EE:67:FB:5A:5A:19:10:5D:B6:C1:D1:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QfpvoAiYrTXuZ_taWhkQXbbB0es.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/ce8943-0ea4-46a3-95fc-ad7a02f1946a/1/tUgLrvuas3A8ffagzPey3XzQQXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/ce8943-0ea4-46a3-95fc-ad7a02f1946a/1/QfpvoAiYrTXuZ_taWhkQXbbB0es.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:c88::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:07:4f:4f:41:7c:71:29:3b:ce:62:67:ab:ae:30:e9:ef:7f:
         91:93:7e:b9:b5:55:b8:2c:9a:b2:72:21:bd:96:56:64:bf:00:
         7a:85:18:bf:61:61:27:b6:9c:a0:5b:e1:b8:c2:8d:4b:47:67:
         3c:2b:76:fb:cc:fe:fa:c2:2b:bd:ab:d6:f4:2e:3d:f7:33:a6:
         f5:c9:8d:3a:00:34:45:b7:4d:f3:c6:8b:76:b8:28:60:b7:ed:
         88:34:86:ad:97:be:b4:5f:55:cf:33:da:20:22:2e:b1:c8:68:
         68:58:e6:e9:b5:37:d7:4b:94:18:34:3c:13:df:27:f6:52:19:
         2b:3d:31:59:10:42:6e:d9:44:46:ef:f0:32:70:8b:ff:75:09:
         67:5d:7c:31:2c:6a:53:8e:0e:e1:66:41:e3:81:9a:12:58:e3:
         53:c7:c2:f1:45:b3:83:ab:e3:2f:6c:0c:6a:7a:e9:84:cf:df:
         b8:02:53:1c:f1:f1:35:68:a4:44:9b:f2:fa:c1:70:db:80:bb:
         e5:0e:f1:e5:9a:e2:db:32:fb:96:64:8c:c3:27:01:60:9b:0b:
         c9:20:93:c3:4a:ac:41:0e:9e:ba:95:a5:03:74:ab:af:a5:bb:
         9b:67:0e:fd:59:a7:90:a5:76:ce:46:62:d6:57:75:14:4c:ae:
         19:68:96:06
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ587yGiMxU6IpNsY9dM290KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxZmE2ZmEwMDg5OGFkMzVlZTY3ZmI1YTVhMTkxMDVkYjZj
MWQxZWIwHhcNMjYwNTMxMDcyODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTQ4MGJhZWZiOWFiMzcwM2M3ZGY2YTBjY2Y3YjJkZDdjZDA0MTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVhz+d5caCnAQ+1FveXuQYzbOehP
VsdXS79K8mXv24WDntg5KYrww8EPz7rmF3qxjSLF1rH4tSZTKoaUH26/fn3S4dnG
NKdRMapSwstXqvqG2Ui4Brwr7eC5SQ8CcudjvSa4TxpxiSg6sm/0TV+HlioWtRHk
eyDAxR20LX+OviKSRRL3z0H3wfb3dVYhK2qdVNZRlOAvyp7aGU+TZ8N9T7aywfV8
bJXt92xOI8cOWoOCcKHp3wYPIaB4J36AwbENDSP+SmSikQR5Rs2Wz7EgkPRBdkom
bak2KGL2v7FGlbnaWxb62+NGBhVexXX4Rt3JJV797fyE4J03qXV21KneOwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLVIC677mrNwPH32oMz3st180EFzMB8GA1UdIwQY
MBaAFEH6b6AImK017mf7WloZEF22wdHrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWZwdm9BaVlyVFh1Wl90YVdoa1FYYmJCMGVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9jZTg5NDMtMGVhNC00NmEzLTk1ZmMt
YWQ3YTAyZjE5NDZhLzEvdFVnTHJ2dWFzM0E4ZmZhZ3pQZXkzWHpRUVhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9jZTg5NDMtMGVhNC00NmEzLTk1ZmMtYWQ3YTAyZjE5NDZh
LzEvUWZwdm9BaVlyVFh1Wl90YVdoa1FYYmJCMGVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAyI
MA0GCSqGSIb3DQEBCwUAA4IBAQANB09PQXxxKTvOYmerrjDp73+Rk365tVW4LJqy
ciG9llZkvwB6hRi/YWEntpygW+G4wo1LR2c8K3b7zP76wiu9q9b0Lj33M6b1yY06
ADRFt03zxot2uChgt+2INIatl760X1XPM9ogIi6xyGhoWObptTfXS5QYNDwT3yf2
UhkrPTFZEEJu2URG7/AycIv/dQlnXXwxLGpTjg7hZkHjgZoSWONTx8LxRbODq+Mv
bAxqeumEz9+4AlMc8fE1aKREm/L6wXDbgLvlDvHlmuLbMvuWZIzDJwFgmwvJIJPD
SqxBDp66laUDdKuvpbubZw79WaeQpXbORmLWV3UUTK4ZaJYG
-----END CERTIFICATE-----