Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/c24ee1-2cb2-4907-8048-b0f4fbe26b61/1/de6SqIVP8alMMy8fNgVic-QA6hE.roa
File:                     de6SqIVP8alMMy8fNgVic-QA6hE.roa (raw, json)
Hash identifier:          CQCnEBgMc/4fN4+tzBcs/X0zDyrAJoufFx6PaORgCqw=
Subject key identifier:   75:EE:92:A8:85:4F:F1:A9:4C:33:2F:1F:36:05:62:73:E4:00:EA:11
Certificate issuer:       /CN=01cf2a71b2c7bf541c6cc04151cd02078d369926
Certificate serial:       019E63F4689D0F0F3E0AB8F536BF43EF9E58
Authority key identifier: 01:CF:2A:71:B2:C7:BF:54:1C:6C:C0:41:51:CD:02:07:8D:36:99:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ac8qcbLHv1QcbMBBUc0CB402mSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/c24ee1-2cb2-4907-8048-b0f4fbe26b61/1/de6SqIVP8alMMy8fNgVic-QA6hE.roa
Signing time:             Tue 26 May 2026 11:03:42 +0000
ROA not before:           Tue 26 May 2026 11:03:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207627
IP address blocks:        2a00:e700::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/c24ee1-2cb2-4907-8048-b0f4fbe26b61/1/Ac8qcbLHv1QcbMBBUc0CB402mSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/c24ee1-2cb2-4907-8048-b0f4fbe26b61/1/Ac8qcbLHv1QcbMBBUc0CB402mSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ac8qcbLHv1QcbMBBUc0CB402mSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:63:f4:68:9d:0f:0f:3e:0a:b8:f5:36:bf:43:ef:9e:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01cf2a71b2c7bf541c6cc04151cd02078d369926
        Validity
            Not Before: May 26 11:03:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=75ee92a8854ff1a94c332f1f36056273e400ea11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:f0:b7:e9:b2:f1:96:30:4e:d4:34:13:62:a5:
                    d7:b1:40:f0:75:1c:b1:d6:2d:4e:44:a3:f0:d7:fd:
                    c8:2e:56:7e:03:ef:30:07:2e:a0:8c:e2:c6:61:6c:
                    67:77:d5:6e:33:92:d4:34:c6:82:fe:9e:d4:85:f6:
                    53:c3:6f:96:31:7a:c3:e1:f0:02:20:60:2b:fc:f0:
                    ff:14:7a:7a:c7:f2:1f:8c:cd:88:71:14:80:e4:64:
                    a2:45:2c:9d:35:91:92:bb:14:0e:e7:b3:f6:c3:f9:
                    85:07:30:1f:60:53:97:ac:10:01:59:07:c0:76:2b:
                    0d:27:ba:3b:6b:da:bb:f9:2e:57:b6:dd:28:15:62:
                    a7:47:ea:0b:7b:26:75:99:ef:ce:25:22:fd:e9:04:
                    d9:8a:8d:17:4a:ce:78:29:74:41:4c:f1:41:4d:9d:
                    9a:88:b3:60:54:d5:af:33:ff:a0:05:07:ea:ce:be:
                    8a:07:a2:d8:64:32:1e:62:77:d0:0f:8e:e0:ec:43:
                    74:1a:b0:f6:17:db:93:3e:a3:75:7b:9d:cc:8f:fb:
                    e4:18:93:dc:99:32:12:86:3d:bc:b3:ca:cc:f2:c0:
                    9f:bd:fe:c3:70:92:bb:8a:1e:e6:79:84:94:82:2e:
                    d5:37:50:ac:3a:82:aa:90:79:9f:80:68:62:88:be:
                    8a:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:EE:92:A8:85:4F:F1:A9:4C:33:2F:1F:36:05:62:73:E4:00:EA:11
            X509v3 Authority Key Identifier:
                keyid:01:CF:2A:71:B2:C7:BF:54:1C:6C:C0:41:51:CD:02:07:8D:36:99:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ac8qcbLHv1QcbMBBUc0CB402mSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/c24ee1-2cb2-4907-8048-b0f4fbe26b61/1/de6SqIVP8alMMy8fNgVic-QA6hE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/c24ee1-2cb2-4907-8048-b0f4fbe26b61/1/Ac8qcbLHv1QcbMBBUc0CB402mSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:e700::/29

    Signature Algorithm: sha256WithRSAEncryption
         24:7c:96:6c:34:34:da:b5:6c:21:ca:1b:df:1c:99:2e:b0:cd:
         9c:6e:58:71:46:6e:79:26:12:44:0a:8d:bd:80:8d:b6:5a:d4:
         a4:41:4c:af:2b:5c:aa:05:fb:5c:80:09:7f:90:17:53:49:2c:
         57:a7:cd:7e:e6:7f:cf:73:16:60:3c:3c:06:ff:12:a8:85:8d:
         b2:40:40:45:03:62:77:1a:fa:d9:a2:60:77:7b:65:d5:e5:6a:
         bb:66:75:38:8a:6b:09:fe:ae:cc:1f:16:c4:d3:ee:38:d1:9e:
         ec:0e:6c:0c:c3:58:d0:f9:b5:e5:8c:84:58:9d:1e:22:dd:0d:
         5d:c0:3c:f6:27:2d:f9:c5:16:ea:18:ed:fe:2a:c6:ab:1c:cc:
         bf:7d:12:a1:cc:43:1f:bc:ab:02:d3:08:7c:17:f6:1f:ba:18:
         cc:50:cd:b2:0a:8e:2f:a7:b1:01:ec:0c:65:23:8a:77:46:ca:
         b2:99:4f:54:cc:88:30:eb:3e:05:f7:99:e5:f5:65:8c:ce:33:
         c0:9a:9e:d5:67:b2:2a:99:6e:34:00:eb:c4:86:9f:e4:d1:19:
         94:61:0b:d7:1a:cf:ce:b1:73:d6:cc:eb:8d:c2:f2:23:e1:9d:
         a4:7a:8e:45:27:26:30:66:b1:d3:a7:36:59:4d:04:b5:fd:20:
         ea:72:22:3c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ5j9GidDw8+Crj1Nr9D755YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxY2YyYTcxYjJjN2JmNTQxYzZjYzA0MTUxY2QwMjA3OGQz
Njk5MjYwHhcNMjYwNTI2MTEwMzQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWVlOTJhODg1NGZmMWE5NGMzMzJmMWYzNjA1NjI3M2U0MDBlYTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvC36bLxljBO1DQTYqXXsUDwdRyx
1i1ORKPw1/3ILlZ+A+8wBy6gjOLGYWxnd9VuM5LUNMaC/p7UhfZTw2+WMXrD4fAC
IGAr/PD/FHp6x/IfjM2IcRSA5GSiRSydNZGSuxQO57P2w/mFBzAfYFOXrBABWQfA
disNJ7o7a9q7+S5Xtt0oFWKnR+oLeyZ1me/OJSL96QTZio0XSs54KXRBTPFBTZ2a
iLNgVNWvM/+gBQfqzr6KB6LYZDIeYnfQD47g7EN0GrD2F9uTPqN1e53Mj/vkGJPc
mTIShj28s8rM8sCfvf7DcJK7ih7meYSUgi7VN1CsOoKqkHmfgGhiiL6KHwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHXukqiFT/GpTDMvHzYFYnPkAOoRMB8GA1UdIwQY
MBaAFAHPKnGyx79UHGzAQVHNAgeNNpkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWM4cWNiTEh2MVFjYk1CQlVjMENCNDAybVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9jMjRlZTEtMmNiMi00OTA3LTgwNDgt
YjBmNGZiZTI2YjYxLzEvZGU2U3FJVlA4YWxNTXk4Zk5nVmljLVFBNmhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9jMjRlZTEtMmNiMi00OTA3LTgwNDgtYjBmNGZiZTI2YjYx
LzEvQWM4cWNiTEh2MVFjYk1CQlVjMENCNDAybVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgDnADAN
BgkqhkiG9w0BAQsFAAOCAQEAJHyWbDQ02rVsIcob3xyZLrDNnG5YcUZueSYSRAqN
vYCNtlrUpEFMrytcqgX7XIAJf5AXU0ksV6fNfuZ/z3MWYDw8Bv8SqIWNskBARQNi
dxr62aJgd3tl1eVqu2Z1OIprCf6uzB8WxNPuONGe7A5sDMNY0Pm15YyEWJ0eIt0N
XcA89ict+cUW6hjt/irGqxzMv30SocxDH7yrAtMIfBf2H7oYzFDNsgqOL6exAewM
ZSOKd0bKsplPVMyIMOs+BfeZ5fVljM4zwJqe1WeyKpluNADrxIaf5NEZlGEL1xrP
zrFz1szrjcLyI+GdpHqORScmMGax06c2WU0Etf0g6nIiPA==
-----END CERTIFICATE-----