Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/Sys74inxmHsTD-24x8cXG7XhIWk.roa
File:                     Sys74inxmHsTD-24x8cXG7XhIWk.roa (raw, json)
Hash identifier:          prkMfCY6DvrjovG/ulEdn0jdpwuNeSIcwdVPSrysQBk=
Subject key identifier:   4B:2B:3B:E2:29:F1:98:7B:13:0F:ED:B8:C7:C7:17:1B:B5:E1:21:69
Certificate issuer:       /CN=5659b0ba8407be11cfc911bd31ed140cd1c6046c
Certificate serial:       019EFBD052E3FB7B9726BC40BAE44041E987
Authority key identifier: 56:59:B0:BA:84:07:BE:11:CF:C9:11:BD:31:ED:14:0C:D1:C6:04:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VlmwuoQHvhHPyRG9Me0UDNHGBGw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/Sys74inxmHsTD-24x8cXG7XhIWk.roa
Signing time:             Wed 24 Jun 2026 22:46:34 +0000
ROA not before:           Wed 24 Jun 2026 22:46:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197959
IP address blocks:        2a10:fa80:8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/VlmwuoQHvhHPyRG9Me0UDNHGBGw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/VlmwuoQHvhHPyRG9Me0UDNHGBGw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VlmwuoQHvhHPyRG9Me0UDNHGBGw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 18:43:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:fb:d0:52:e3:fb:7b:97:26:bc:40:ba:e4:40:41:e9:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5659b0ba8407be11cfc911bd31ed140cd1c6046c
        Validity
            Not Before: Jun 24 22:46:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4b2b3be229f1987b130fedb8c7c7171bb5e12169
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:64:84:08:8b:c4:0f:64:26:98:1b:77:1b:b1:
                    f8:ef:2f:53:9b:39:d3:ec:25:6a:19:c2:fa:ca:48:
                    9d:b2:20:1b:4c:0d:c5:76:41:8e:b6:c5:14:ec:40:
                    2e:e5:7e:aa:92:a2:40:b8:5a:50:de:12:0f:ef:60:
                    fe:5b:78:21:3e:6e:78:93:07:fd:01:6e:ef:6a:a2:
                    c4:de:b6:f5:74:ff:e2:91:7d:4f:57:50:2c:97:bd:
                    9c:c8:24:da:47:0b:12:76:44:31:26:a1:e9:f0:b2:
                    27:5b:0c:fa:00:fa:bb:e3:b9:2d:93:72:2e:4f:4e:
                    17:a4:ab:76:bf:22:f0:f8:b4:92:15:ce:c8:0b:0b:
                    e7:0d:be:23:76:8c:fe:e8:c0:c3:8b:fa:05:91:cf:
                    8d:96:1c:cd:d0:50:f9:9c:41:72:f2:7f:68:5b:a6:
                    79:49:9e:21:f8:d4:a4:7f:25:15:54:a7:b2:7d:78:
                    26:bd:f4:65:22:33:22:ec:bf:44:48:5d:47:c8:c2:
                    3a:08:de:68:4e:49:cb:fe:25:76:75:85:92:15:33:
                    28:c5:07:a1:dc:2d:34:6a:0d:db:3f:16:e8:5d:b7:
                    aa:6f:d9:44:ae:ce:c8:e6:c8:b0:73:9f:38:53:97:
                    63:c1:2f:88:33:bf:39:cf:5e:0a:74:83:8c:10:0f:
                    71:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:2B:3B:E2:29:F1:98:7B:13:0F:ED:B8:C7:C7:17:1B:B5:E1:21:69
            X509v3 Authority Key Identifier:
                keyid:56:59:B0:BA:84:07:BE:11:CF:C9:11:BD:31:ED:14:0C:D1:C6:04:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VlmwuoQHvhHPyRG9Me0UDNHGBGw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/Sys74inxmHsTD-24x8cXG7XhIWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/VlmwuoQHvhHPyRG9Me0UDNHGBGw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:fa80:8::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:9e:18:70:36:f6:ff:41:1a:d3:b0:52:7e:9b:30:83:42:a7:
         c7:80:15:ca:79:6b:d3:b4:51:e9:27:03:62:7b:4f:b0:3a:82:
         53:e4:76:ac:d1:6e:e6:e3:c4:0c:77:ac:b1:a0:cd:27:be:bd:
         3f:94:b9:25:41:0c:e0:77:98:14:a4:53:0d:bb:bb:c2:ce:1f:
         42:71:6a:03:26:d9:a2:be:bc:40:5d:99:58:e4:cf:31:e4:2f:
         70:61:b7:d6:91:e0:d6:82:3b:53:f3:f7:d9:02:c3:c8:21:37:
         90:1d:7e:1f:b8:4c:54:a2:d8:bc:2b:56:92:08:f0:4a:8e:83:
         63:e2:c0:16:36:28:5e:63:5a:16:9a:f5:73:9a:41:50:01:a3:
         e9:cc:bb:1f:89:6c:d3:f8:7d:7f:ef:68:8b:b6:a2:04:d8:f2:
         8c:28:1d:1a:0b:2e:cd:12:b3:dd:5a:31:f5:7b:39:c2:94:f5:
         f0:9f:ae:c7:59:9d:fe:0f:b6:b4:76:b2:38:e1:d5:e9:ff:70:
         b3:91:f9:7a:bb:67:4f:22:7f:59:12:ac:6f:e5:21:bf:b2:2d:
         a6:5c:45:9f:08:79:0b:b3:fe:ab:67:45:d7:01:94:1f:84:27:
         9e:32:0d:c7:71:97:1d:8c:f6:4c:40:55:31:12:94:2f:8d:37:
         db:c0:48:70
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ770FLj+3uXJrxAuuRAQemHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2NTliMGJhODQwN2JlMTFjZmM5MTFiZDMxZWQxNDBjZDFj
NjA0NmMwHhcNMjYwNjI0MjI0NjM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjJiM2JlMjI5ZjE5ODdiMTMwZmVkYjhjN2M3MTcxYmI1ZTEyMTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2SECIvED2QmmBt3G7H47y9TmznT
7CVqGcL6ykidsiAbTA3FdkGOtsUU7EAu5X6qkqJAuFpQ3hIP72D+W3ghPm54kwf9
AW7vaqLE3rb1dP/ikX1PV1Asl72cyCTaRwsSdkQxJqHp8LInWwz6APq747ktk3Iu
T04XpKt2vyLw+LSSFc7ICwvnDb4jdoz+6MDDi/oFkc+NlhzN0FD5nEFy8n9oW6Z5
SZ4h+NSkfyUVVKeyfXgmvfRlIjMi7L9ESF1HyMI6CN5oTknL/iV2dYWSFTMoxQeh
3C00ag3bPxboXbeqb9lErs7I5siwc584U5djwS+IM785z14KdIOMEA9xqQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEsrO+Ip8Zh7Ew/tuMfHFxu14SFpMB8GA1UdIwQY
MBaAFFZZsLqEB74Rz8kRvTHtFAzRxgRsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmxtd3VvUUh2aEhQeVJHOU1lMFVETkhHQkd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9kZDhlMzEtMDBiNS00MjEyLTllMDEt
MjM5NGM2NjAwMDIyLzEvU3lzNzRpbnhtSHNURC0yNHg4Y1hHN1hoSVdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9kZDhlMzEtMDBiNS00MjEyLTllMDEtMjM5NGM2NjAwMDIy
LzEvVmxtd3VvUUh2aEhQeVJHOU1lMFVETkhHQkd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhD6gAAI
MA0GCSqGSIb3DQEBCwUAA4IBAQAPnhhwNvb/QRrTsFJ+mzCDQqfHgBXKeWvTtFHp
JwNie0+wOoJT5Has0W7m48QMd6yxoM0nvr0/lLklQQzgd5gUpFMNu7vCzh9CcWoD
JtmivrxAXZlY5M8x5C9wYbfWkeDWgjtT8/fZAsPIITeQHX4fuExUoti8K1aSCPBK
joNj4sAWNiheY1oWmvVzmkFQAaPpzLsfiWzT+H1/72iLtqIE2PKMKB0aCy7NErPd
WjH1eznClPXwn67HWZ3+D7a0drI44dXp/3Czkfl6u2dPIn9ZEqxv5SG/si2mXEWf
CHkLs/6rZ0XXAZQfhCeeMg3HcZcdjPZMQFUxEpQvjTfbwEhw
-----END CERTIFICATE-----