Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/kLj1xLV04Kw6vh31YZd8cWK3B2E.roa
File:                     kLj1xLV04Kw6vh31YZd8cWK3B2E.roa (raw, json)
Hash identifier:          T1lxc2Vof5EEeyhF6qJbUM8h5A56LfDbKYfQM08lWb0=
Subject key identifier:   90:B8:F5:C4:B5:74:E0:AC:3A:BE:1D:F5:61:97:7C:71:62:B7:07:61
Certificate issuer:       /CN=5659b0ba8407be11cfc911bd31ed140cd1c6046c
Certificate serial:       019E2C77EB3000FC0190A7A6261AB97A1223
Authority key identifier: 56:59:B0:BA:84:07:BE:11:CF:C9:11:BD:31:ED:14:0C:D1:C6:04:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VlmwuoQHvhHPyRG9Me0UDNHGBGw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/kLj1xLV04Kw6vh31YZd8cWK3B2E.roa
Signing time:             Fri 15 May 2026 16:28:36 +0000
ROA not before:           Fri 15 May 2026 16:28:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201345
IP address blocks:        2a10:fa81:500::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/VlmwuoQHvhHPyRG9Me0UDNHGBGw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/VlmwuoQHvhHPyRG9Me0UDNHGBGw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VlmwuoQHvhHPyRG9Me0UDNHGBGw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2c:77:eb:30:00:fc:01:90:a7:a6:26:1a:b9:7a:12:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5659b0ba8407be11cfc911bd31ed140cd1c6046c
        Validity
            Not Before: May 15 16:28:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=90b8f5c4b574e0ac3abe1df561977c7162b70761
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:fa:0b:51:d6:f4:d1:86:24:55:fc:b7:d2:b9:
                    a7:3f:98:32:19:9a:95:29:47:10:6c:e3:4e:48:76:
                    85:5d:8b:c8:96:52:45:c9:ac:02:11:e0:ab:7f:c6:
                    ec:66:03:d8:dd:a5:b3:85:16:4f:b5:f0:d6:9a:95:
                    b8:f7:5b:31:0b:cb:76:da:0f:cc:9e:6e:2a:d3:ab:
                    cc:2c:fb:67:0d:c3:8b:39:13:1d:ba:25:1a:26:69:
                    8c:77:6d:26:b5:8a:83:2d:52:d5:0d:f0:67:da:13:
                    f5:3a:63:1b:5a:25:9b:1e:0d:45:26:29:41:12:e5:
                    00:e9:c0:99:f6:cd:4f:38:ab:74:b3:ac:67:83:1c:
                    66:11:5d:9e:5c:56:77:58:32:7a:53:07:c4:86:81:
                    25:3c:35:e7:46:ea:17:d1:06:34:dc:9a:b6:b0:8a:
                    2d:f3:ab:1c:f4:52:59:df:09:6d:e9:c1:0c:28:00:
                    a2:a8:5b:ee:56:41:63:97:3d:8c:f9:ea:a4:46:46:
                    d5:da:1c:7d:36:d8:d1:c1:53:9c:eb:e9:d3:05:eb:
                    a0:0e:07:3a:81:b0:08:97:51:72:d1:dc:62:69:6d:
                    1b:3e:fe:be:04:7c:be:c8:fb:5a:b9:24:68:31:22:
                    76:28:c8:37:76:6a:71:a1:44:49:82:5a:b0:df:a1:
                    df:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:B8:F5:C4:B5:74:E0:AC:3A:BE:1D:F5:61:97:7C:71:62:B7:07:61
            X509v3 Authority Key Identifier:
                keyid:56:59:B0:BA:84:07:BE:11:CF:C9:11:BD:31:ED:14:0C:D1:C6:04:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VlmwuoQHvhHPyRG9Me0UDNHGBGw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/kLj1xLV04Kw6vh31YZd8cWK3B2E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/VlmwuoQHvhHPyRG9Me0UDNHGBGw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:fa81:500::/40

    Signature Algorithm: sha256WithRSAEncryption
         08:24:9b:db:d5:0a:2e:28:f7:d3:7a:10:b1:65:a9:49:17:20:
         c8:19:12:92:a3:74:42:ab:a6:81:56:f8:d0:7d:02:9d:4d:a9:
         62:c1:0f:4c:22:3b:be:a4:fb:9e:02:c6:fc:23:ac:65:11:34:
         a2:6b:88:89:79:0b:84:40:4d:35:22:3e:f1:e6:75:98:3b:0d:
         d7:2d:58:8f:03:4d:a8:35:b8:97:e0:64:e4:9d:83:29:d3:62:
         09:49:28:c2:64:f8:24:e3:2f:32:6f:eb:57:70:f6:7c:14:b0:
         a2:97:53:a7:1e:3a:e7:8e:fc:ac:57:2f:a7:c5:3f:00:91:a0:
         18:75:0d:2f:fe:4b:c6:d2:4d:14:0b:4c:e1:43:67:e2:bc:95:
         6b:73:83:68:65:29:90:94:8a:f3:ef:39:29:c6:ce:6c:73:d5:
         59:30:bf:13:fa:e9:1f:b4:55:66:0d:ed:b3:70:40:4c:56:a2:
         68:f2:0b:cb:86:52:9a:0f:cd:88:de:96:a2:a2:a0:f7:5e:b3:
         ca:d3:e2:73:c6:ea:cd:2e:e8:04:66:26:26:c3:7d:5f:ab:3b:
         df:60:cc:e1:e0:e0:ff:1d:9a:08:52:10:94:69:82:e3:38:a2:
         02:54:3c:94:24:bd:7f:d0:0f:64:af:4f:a6:e0:26:a3:f8:7b:
         98:81:b7:44
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZ4sd+swAPwBkKemJhq5ehIjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2NTliMGJhODQwN2JlMTFjZmM5MTFiZDMxZWQxNDBjZDFj
NjA0NmMwHhcNMjYwNTE1MTYyODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGI4ZjVjNGI1NzRlMGFjM2FiZTFkZjU2MTk3N2M3MTYyYjcwNzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPoLUdb00YYkVfy30rmnP5gyGZqV
KUcQbONOSHaFXYvIllJFyawCEeCrf8bsZgPY3aWzhRZPtfDWmpW491sxC8t22g/M
nm4q06vMLPtnDcOLORMduiUaJmmMd20mtYqDLVLVDfBn2hP1OmMbWiWbHg1FJilB
EuUA6cCZ9s1POKt0s6xngxxmEV2eXFZ3WDJ6UwfEhoElPDXnRuoX0QY03Jq2sIot
86sc9FJZ3wlt6cEMKACiqFvuVkFjlz2M+eqkRkbV2hx9NtjRwVOc6+nTBeugDgc6
gbAIl1Fy0dxiaW0bPv6+BHy+yPtauSRoMSJ2KMg3dmpxoURJglqw36HfjQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFJC49cS1dOCsOr4d9WGXfHFitwdhMB8GA1UdIwQY
MBaAFFZZsLqEB74Rz8kRvTHtFAzRxgRsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmxtd3VvUUh2aEhQeVJHOU1lMFVETkhHQkd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9kZDhlMzEtMDBiNS00MjEyLTllMDEt
MjM5NGM2NjAwMDIyLzEva0xqMXhMVjA0S3c2dmgzMVlaZDhjV0szQjJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9kZDhlMzEtMDBiNS00MjEyLTllMDEtMjM5NGM2NjAwMDIy
LzEvVmxtd3VvUUh2aEhQeVJHOU1lMFVETkhHQkd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhD6gQUw
DQYJKoZIhvcNAQELBQADggEBAAgkm9vVCi4o99N6ELFlqUkXIMgZEpKjdEKrpoFW
+NB9Ap1NqWLBD0wiO76k+54CxvwjrGURNKJriIl5C4RATTUiPvHmdZg7DdctWI8D
Tag1uJfgZOSdgynTYglJKMJk+CTjLzJv61dw9nwUsKKXU6ceOueO/KxXL6fFPwCR
oBh1DS/+S8bSTRQLTOFDZ+K8lWtzg2hlKZCUivPvOSnGzmxz1VkwvxP66R+0VWYN
7bNwQExWomjyC8uGUpoPzYjelqKioPdes8rT4nPG6s0u6ARmJibDfV+rO99gzOHg
4P8dmghSEJRpguM4ogJUPJQkvX/QD2SvT6bgJqP4e5iBt0Q=
-----END CERTIFICATE-----