Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/q4i5k9Gu1RxSTWy_dfR2P08Lm9Q.roa
File:                     q4i5k9Gu1RxSTWy_dfR2P08Lm9Q.roa (raw, json)
Hash identifier:          6/UkyZQoLEguWvE7O0YtwMZBKa0sGnvYZ31b5T2JgOo=
Subject key identifier:   AB:88:B9:93:D1:AE:D5:1C:52:4D:6C:BF:75:F4:76:3F:4F:0B:9B:D4
Certificate issuer:       /CN=5659b0ba8407be11cfc911bd31ed140cd1c6046c
Certificate serial:       019E2C77EA9D9D1D52612FFCDA660DB74572
Authority key identifier: 56:59:B0:BA:84:07:BE:11:CF:C9:11:BD:31:ED:14:0C:D1:C6:04:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VlmwuoQHvhHPyRG9Me0UDNHGBGw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/q4i5k9Gu1RxSTWy_dfR2P08Lm9Q.roa
Signing time:             Fri 15 May 2026 16:28:36 +0000
ROA not before:           Fri 15 May 2026 16:28:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31898
IP address blocks:        2a10:fa80:2::/48 maxlen: 48
                          2a10:fa81:500::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/VlmwuoQHvhHPyRG9Me0UDNHGBGw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/VlmwuoQHvhHPyRG9Me0UDNHGBGw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VlmwuoQHvhHPyRG9Me0UDNHGBGw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 29 May 2026 10:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2c:77:ea:9d:9d:1d:52:61:2f:fc:da:66:0d:b7:45:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5659b0ba8407be11cfc911bd31ed140cd1c6046c
        Validity
            Not Before: May 15 16:28:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ab88b993d1aed51c524d6cbf75f4763f4f0b9bd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:5a:98:3f:43:d6:78:16:23:e4:a7:29:89:36:
                    7a:18:13:be:4c:04:e9:46:2d:1c:35:fe:15:3a:41:
                    62:5a:01:8c:ef:ce:97:3a:9d:69:20:f9:f3:a3:73:
                    75:cc:3e:e2:2b:57:5d:aa:3e:72:c1:20:51:2f:11:
                    10:f3:2c:bd:f5:47:af:69:ca:1a:89:76:35:74:9a:
                    55:ea:43:6e:e3:a7:75:fd:15:16:0b:c1:cf:eb:78:
                    34:1e:f7:2d:c3:af:dc:1e:fe:ad:8e:85:cf:93:e5:
                    b3:c5:49:9a:56:2a:8d:14:94:ad:d0:e6:e6:1f:26:
                    fd:59:9c:71:8c:81:99:69:dc:93:14:79:15:04:a4:
                    c7:9d:1a:ca:76:83:1e:0c:ed:a1:bd:42:98:f5:1e:
                    36:4e:6a:e9:16:33:b0:7e:c5:e3:59:2d:b2:36:4f:
                    9c:d4:1b:67:b5:fa:dc:94:9c:48:13:7f:d8:03:6b:
                    97:96:31:32:25:ce:ee:c2:4a:c5:7a:ef:ff:c2:34:
                    ba:e4:10:b4:18:c8:45:7b:81:04:ca:5b:58:4c:cb:
                    b8:f4:7f:13:db:2c:b1:50:87:7f:7b:34:3e:bf:dc:
                    f7:4f:f5:75:0b:45:0f:b2:86:ed:74:04:f4:d2:d2:
                    1d:0b:6e:7e:06:7f:e3:1b:0d:46:32:e7:4b:28:0c:
                    5b:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:88:B9:93:D1:AE:D5:1C:52:4D:6C:BF:75:F4:76:3F:4F:0B:9B:D4
            X509v3 Authority Key Identifier:
                keyid:56:59:B0:BA:84:07:BE:11:CF:C9:11:BD:31:ED:14:0C:D1:C6:04:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VlmwuoQHvhHPyRG9Me0UDNHGBGw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/q4i5k9Gu1RxSTWy_dfR2P08Lm9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/VlmwuoQHvhHPyRG9Me0UDNHGBGw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:fa80:2::/48
                  2a10:fa81:500::/40

    Signature Algorithm: sha256WithRSAEncryption
         84:ea:87:50:fa:6e:cb:1c:15:bf:2e:df:e5:e3:1f:3e:ca:dd:
         b1:4c:75:31:2c:0a:ba:a8:02:4a:9a:b8:df:b2:ef:23:6e:a1:
         a7:35:c3:cf:99:63:c9:7f:7b:ef:ef:09:cc:fa:ca:42:11:34:
         44:b0:3e:6b:16:7e:de:0f:dc:59:59:29:f7:75:74:a4:c2:12:
         89:c8:0c:04:55:65:ca:2b:04:7f:11:c6:0f:a1:94:8f:0a:cf:
         99:e1:cb:18:12:e2:57:c0:d8:47:a5:60:c3:16:e7:42:ea:83:
         2c:85:d0:e7:f5:57:7e:ce:99:3d:de:7a:64:cd:70:02:d4:62:
         67:1d:fe:9e:fd:a6:df:a8:31:cd:e1:1a:34:b3:e4:42:af:9d:
         73:d0:2d:e1:ff:67:7f:65:39:e9:42:ad:a2:ac:bf:25:d5:50:
         63:06:f6:90:54:1a:32:12:08:7b:5f:d3:b8:a7:f4:00:b4:d9:
         b4:a5:53:f1:8d:6b:64:f0:51:40:5b:a7:e2:af:16:59:49:2d:
         58:b8:14:da:86:ea:0d:24:fa:1c:8d:9c:7f:fb:d0:d4:6f:bc:
         a7:06:78:99:43:c1:07:91:65:ed:de:cf:f3:7d:47:1b:38:c0:
         bc:a4:38:f2:d1:47:3f:77:07:d1:74:49:4f:e1:79:3e:e0:bb:
         2e:8c:19:f6
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZ4sd+qdnR1SYS/82mYNt0VyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2NTliMGJhODQwN2JlMTFjZmM5MTFiZDMxZWQxNDBjZDFj
NjA0NmMwHhcNMjYwNTE1MTYyODM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjg4Yjk5M2QxYWVkNTFjNTI0ZDZjYmY3NWY0NzYzZjRmMGI5YmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx1qYP0PWeBYj5KcpiTZ6GBO+TATp
Ri0cNf4VOkFiWgGM786XOp1pIPnzo3N1zD7iK1ddqj5ywSBRLxEQ8yy99Uevacoa
iXY1dJpV6kNu46d1/RUWC8HP63g0Hvctw6/cHv6tjoXPk+WzxUmaViqNFJSt0Obm
Hyb9WZxxjIGZadyTFHkVBKTHnRrKdoMeDO2hvUKY9R42TmrpFjOwfsXjWS2yNk+c
1BtntfrclJxIE3/YA2uXljEyJc7uwkrFeu//wjS65BC0GMhFe4EEyltYTMu49H8T
2yyxUId/ezQ+v9z3T/V1C0UPsobtdAT00tIdC25+Bn/jGw1GMudLKAxbEQIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFKuIuZPRrtUcUk1sv3X0dj9PC5vUMB8GA1UdIwQY
MBaAFFZZsLqEB74Rz8kRvTHtFAzRxgRsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmxtd3VvUUh2aEhQeVJHOU1lMFVETkhHQkd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9kZDhlMzEtMDBiNS00MjEyLTllMDEt
MjM5NGM2NjAwMDIyLzEvcTRpNWs5R3UxUnhTVFd5X2RmUjJQMDhMbTlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9kZDhlMzEtMDBiNS00MjEyLTllMDEtMjM5NGM2NjAwMDIy
LzEvVmxtd3VvUUh2aEhQeVJHOU1lMFVETkhHQkd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcAKhD6gAAC
AwYAKhD6gQUwDQYJKoZIhvcNAQELBQADggEBAITqh1D6bsscFb8u3+XjHz7K3bFM
dTEsCrqoAkqauN+y7yNuoac1w8+ZY8l/e+/vCcz6ykIRNESwPmsWft4P3FlZKfd1
dKTCEonIDARVZcorBH8Rxg+hlI8Kz5nhyxgS4lfA2EelYMMW50LqgyyF0Of1V37O
mT3eemTNcALUYmcd/p79pt+oMc3hGjSz5EKvnXPQLeH/Z39lOelCraKsvyXVUGMG
9pBUGjISCHtf07in9AC02bSlU/GNa2TwUUBbp+KvFllJLVi4FNqG6g0k+hyNnH/7
0NRvvKcGeJlDwQeRZe3ez/N9Rxs4wLykOPLRRz93B9F0SU/heT7guy6MGfY=
-----END CERTIFICATE-----