Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/XmOJsEGeK1X1k4sjTD8axMQNgIo.roa
File:                     XmOJsEGeK1X1k4sjTD8axMQNgIo.roa (raw, json)
Hash identifier:          62rzs7DtWMOgiQjH9Y4WSH2h0Vk4tGyGCEaC6rrLo7A=
Subject key identifier:   5E:63:89:B0:41:9E:2B:55:F5:93:8B:23:4C:3F:1A:C4:C4:0D:80:8A
Certificate issuer:       /CN=b0b56d10ccad9d69c01856be0afaa17ec682acbf
Certificate serial:       019CB829B4D0FF6DED65841E9F34DB702762
Authority key identifier: B0:B5:6D:10:CC:AD:9D:69:C0:18:56:BE:0A:FA:A1:7E:C6:82:AC:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sLVtEMytnWnAGFa-CvqhfsaCrL8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/XmOJsEGeK1X1k4sjTD8axMQNgIo.roa
Signing time:             Wed 04 Mar 2026 09:24:26 +0000
ROA not before:           Wed 04 Mar 2026 09:24:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215238
IP address blocks:        2a01:f900:201::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/sLVtEMytnWnAGFa-CvqhfsaCrL8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/sLVtEMytnWnAGFa-CvqhfsaCrL8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sLVtEMytnWnAGFa-CvqhfsaCrL8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Mar 2026 18:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b8:29:b4:d0:ff:6d:ed:65:84:1e:9f:34:db:70:27:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0b56d10ccad9d69c01856be0afaa17ec682acbf
        Validity
            Not Before: Mar  4 09:24:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5e6389b0419e2b55f5938b234c3f1ac4c40d808a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:6e:ea:67:06:0f:67:8c:3e:6d:b7:de:02:ff:
                    78:ea:f2:ae:ca:cd:bc:78:a4:d7:0c:b1:be:cc:d3:
                    10:40:2a:ae:ea:6f:7a:d8:0e:e5:f9:7f:27:7f:90:
                    41:19:4e:dd:19:7a:70:41:70:50:fc:c5:91:f8:a4:
                    59:22:15:78:51:8f:d1:69:d6:80:e4:72:3e:51:85:
                    07:3b:b5:ee:ce:a7:14:f1:25:09:37:34:bd:5e:1e:
                    21:fc:df:63:6e:2c:bf:c7:c4:18:a8:93:a8:85:c9:
                    66:67:d3:a6:2e:36:0f:6f:ca:d0:59:d4:4b:78:87:
                    aa:f3:77:71:e5:2a:b1:99:33:aa:28:16:94:ab:1a:
                    ed:05:a1:51:c8:9c:8c:bd:7c:07:15:29:4c:dc:26:
                    bf:52:fa:9c:81:34:2b:7d:3d:aa:ee:1b:a3:48:91:
                    d8:26:bc:f8:1f:f7:91:5d:ed:d9:11:f8:9b:c3:dd:
                    ff:f5:31:62:c7:ef:20:ea:1a:38:72:22:70:9b:cb:
                    55:e7:e1:11:96:ac:64:7c:e2:ad:00:12:ec:df:64:
                    60:dd:3b:82:93:5b:f6:0b:39:86:7b:bf:22:f9:37:
                    60:2e:8f:2a:48:9f:47:9b:5e:af:f4:84:44:0b:5a:
                    86:d5:4f:58:aa:99:08:bf:5a:e3:ca:17:18:7a:a3:
                    f7:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:63:89:B0:41:9E:2B:55:F5:93:8B:23:4C:3F:1A:C4:C4:0D:80:8A
            X509v3 Authority Key Identifier:
                keyid:B0:B5:6D:10:CC:AD:9D:69:C0:18:56:BE:0A:FA:A1:7E:C6:82:AC:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sLVtEMytnWnAGFa-CvqhfsaCrL8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/XmOJsEGeK1X1k4sjTD8axMQNgIo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/sLVtEMytnWnAGFa-CvqhfsaCrL8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f900:201::/48

    Signature Algorithm: sha256WithRSAEncryption
         94:5a:96:ba:ca:63:e4:a9:e6:df:48:3a:0c:93:c9:b1:71:6c:
         47:3b:54:c6:c1:65:b5:f9:11:a8:f6:32:6f:27:6b:59:6f:74:
         85:b4:21:89:b8:25:55:c5:80:dd:49:49:05:ef:2b:b5:fb:c3:
         02:ff:56:29:93:9c:fd:14:ae:72:aa:bd:f2:d6:76:59:7c:72:
         5e:80:73:2a:df:64:18:0f:8d:0b:3a:9a:3c:6b:93:ec:ef:87:
         f4:40:c3:92:4d:e1:d1:a7:5f:0d:1f:6c:37:77:40:48:18:c6:
         4f:b1:67:c2:2e:74:04:bd:28:8e:f9:ad:16:23:58:45:32:be:
         84:30:c9:16:9f:45:32:0f:70:3b:23:b8:ad:57:2f:78:fc:23:
         f6:b7:a3:08:20:a7:11:ec:14:08:47:98:f4:bb:cb:b0:11:3f:
         7b:0e:7a:d0:8a:9a:a6:fa:02:87:5e:67:81:03:a9:63:bd:34:
         bf:72:8f:2e:b9:50:36:43:b6:53:df:b0:fe:a5:7b:70:91:8b:
         56:59:40:22:6d:cc:b3:f5:bc:e2:4d:15:19:d1:bb:80:37:d1:
         f2:5a:0d:62:c3:a7:36:ee:7a:84:28:9b:9c:82:b6:61:3c:87:
         ee:f6:29:08:48:20:16:30:e9:67:66:e4:b4:05:0a:9d:50:0f:
         ca:a9:18:f9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZy4KbTQ/23tZYQenzTbcCdiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYjU2ZDEwY2NhZDlkNjljMDE4NTZiZTBhZmFhMTdlYzY4
MmFjYmYwHhcNMjYwMzA0MDkyNDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTYzODliMDQxOWUyYjU1ZjU5MzhiMjM0YzNmMWFjNGM0MGQ4MDhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2m7qZwYPZ4w+bbfeAv946vKuys28
eKTXDLG+zNMQQCqu6m962A7l+X8nf5BBGU7dGXpwQXBQ/MWR+KRZIhV4UY/RadaA
5HI+UYUHO7XuzqcU8SUJNzS9Xh4h/N9jbiy/x8QYqJOohclmZ9OmLjYPb8rQWdRL
eIeq83dx5SqxmTOqKBaUqxrtBaFRyJyMvXwHFSlM3Ca/UvqcgTQrfT2q7hujSJHY
Jrz4H/eRXe3ZEfibw93/9TFix+8g6ho4ciJwm8tV5+ERlqxkfOKtABLs32Rg3TuC
k1v2CzmGe78i+TdgLo8qSJ9Hm16v9IREC1qG1U9YqpkIv1rjyhcYeqP3UwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF5jibBBnitV9ZOLI0w/GsTEDYCKMB8GA1UdIwQY
MBaAFLC1bRDMrZ1pwBhWvgr6oX7Ggqy/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0xWdEVNeXRuV25BR0ZhLUN2cWhmc2FDckw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC82OTQwOWUtMWVjNC00ODlkLWI2MWYt
YTE5Y2M4YTc2ZDA0LzEvWG1PSnNFR2VLMVgxazRzalREOGF4TVFOZ0lvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC82OTQwOWUtMWVjNC00ODlkLWI2MWYtYTE5Y2M4YTc2ZDA0
LzEvc0xWdEVNeXRuV25BR0ZhLUN2cWhmc2FDckw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgH5AAIB
MA0GCSqGSIb3DQEBCwUAA4IBAQCUWpa6ymPkqebfSDoMk8mxcWxHO1TGwWW1+RGo
9jJvJ2tZb3SFtCGJuCVVxYDdSUkF7yu1+8MC/1Ypk5z9FK5yqr3y1nZZfHJegHMq
32QYD40LOpo8a5Ps74f0QMOSTeHRp18NH2w3d0BIGMZPsWfCLnQEvSiO+a0WI1hF
Mr6EMMkWn0UyD3A7I7itVy94/CP2t6MIIKcR7BQIR5j0u8uwET97DnrQipqm+gKH
XmeBA6ljvTS/co8uuVA2Q7ZT37D+pXtwkYtWWUAibcyz9bziTRUZ0buAN9HyWg1i
w6c27nqEKJucgrZhPIfu9ikISCAWMOlnZuS0BQqdUA/KqRj5
-----END CERTIFICATE-----