Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/DXKMNNa0Hs5_15oyh49q-Vn6PxM.roa
File:                     DXKMNNa0Hs5_15oyh49q-Vn6PxM.roa (raw, json)
Hash identifier:          VBa7xt+v+8bs4B8yDFTakTjnLlzPlUnnwe59tL4QPoA=
Subject key identifier:   0D:72:8C:34:D6:B4:1E:CE:7F:D7:9A:32:87:8F:6A:F9:59:FA:3F:13
Certificate issuer:       /CN=137e5707444a16c68e1a1c52ac4909d0bdca62ae
Certificate serial:       019E96F43FE13A4EBAA400495D24345D680E
Authority key identifier: 13:7E:57:07:44:4A:16:C6:8E:1A:1C:52:AC:49:09:D0:BD:CA:62:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/DXKMNNa0Hs5_15oyh49q-Vn6PxM.roa
Signing time:             Fri 05 Jun 2026 08:44:10 +0000
ROA not before:           Fri 05 Jun 2026 08:44:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31898
IP address blocks:        2a12:cb41:1100::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 11:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:96:f4:3f:e1:3a:4e:ba:a4:00:49:5d:24:34:5d:68:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=137e5707444a16c68e1a1c52ac4909d0bdca62ae
        Validity
            Not Before: Jun  5 08:44:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0d728c34d6b41ece7fd79a32878f6af959fa3f13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:38:8e:48:6f:d2:5f:bd:ad:b9:17:4c:1f:94:
                    a1:c6:ce:9a:ad:0c:30:d1:ba:50:87:16:ec:82:55:
                    f0:44:1c:a0:6b:c3:2f:31:d0:10:da:39:ae:f2:17:
                    67:b7:20:37:f3:e0:3a:9d:7d:bc:c0:8b:e0:00:dd:
                    63:6d:f4:b8:f5:6d:d4:a9:ac:55:21:c8:83:7d:35:
                    da:32:06:04:d3:23:20:22:4b:ea:7b:ce:1f:23:e2:
                    6b:85:f4:a8:39:5b:e3:4b:7e:00:0f:9e:e8:df:e4:
                    92:61:bc:3f:fd:dc:48:ec:d1:12:d5:2d:aa:2e:be:
                    36:1d:e0:ea:df:24:d9:0f:aa:bc:61:7f:b2:a6:40:
                    90:5e:a0:8e:af:af:ae:04:f1:55:69:f9:fc:23:96:
                    f8:57:3c:1c:44:04:85:5c:6f:9a:a0:91:24:6a:11:
                    86:c0:15:20:b0:69:f1:82:65:c5:a3:fa:ac:a8:7d:
                    03:15:cd:2b:e5:b9:5c:5b:d5:40:f2:e1:88:1e:b3:
                    f2:ff:e0:e6:35:96:1e:b3:f1:07:a7:88:0b:d5:0f:
                    90:48:7e:e5:be:c4:87:65:1d:6a:87:ba:9e:8c:8e:
                    85:34:61:82:e1:41:6f:e8:30:4f:d3:47:7e:64:d4:
                    fd:5d:06:9b:d4:b7:dc:d4:9d:af:e4:95:f7:e6:5e:
                    fb:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:72:8C:34:D6:B4:1E:CE:7F:D7:9A:32:87:8F:6A:F9:59:FA:3F:13
            X509v3 Authority Key Identifier:
                keyid:13:7E:57:07:44:4A:16:C6:8E:1A:1C:52:AC:49:09:D0:BD:CA:62:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/DXKMNNa0Hs5_15oyh49q-Vn6PxM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:cb41:1100::/44

    Signature Algorithm: sha256WithRSAEncryption
         33:e3:33:c6:12:79:22:a5:30:78:ca:ea:66:62:f8:5d:02:e7:
         44:15:59:2f:f0:2e:2c:8d:81:c6:69:ad:17:83:bb:f9:1a:a8:
         bb:c9:80:4d:5b:cd:3b:9b:65:8e:58:82:a0:ae:46:58:1a:d4:
         2a:47:c8:5c:d1:d7:17:7e:8c:b6:d7:0f:4d:00:da:5d:90:04:
         f6:e4:75:37:fc:22:ef:7d:24:88:6e:e8:a8:b9:dd:ac:0b:cf:
         c4:24:3d:4a:8a:85:eb:11:b9:52:9d:f9:20:78:35:c8:48:eb:
         00:15:10:d0:cd:81:01:3e:d9:2c:99:1f:c0:6d:73:ed:40:c7:
         6d:1d:b1:30:fc:f3:e7:37:6d:31:89:8b:8d:52:0d:d5:d1:f2:
         6c:4e:6d:79:d4:77:94:e7:09:d3:67:bc:8e:c9:82:48:56:97:
         0c:2c:ad:c6:13:85:16:b3:76:ff:98:90:40:21:51:23:d7:8e:
         84:f5:92:d5:13:92:bf:48:41:5e:ad:fb:4e:b4:e0:c6:91:ca:
         13:a3:c0:4f:04:fc:86:67:be:a3:c1:3f:c5:3d:a1:92:f8:58:
         10:90:1c:50:e0:1d:00:56:3c:27:e3:17:54:89:fb:d4:c1:17:
         4f:81:71:f4:e1:04:c5:97:8e:c3:e9:7e:30:ea:f1:aa:c4:0a:
         d2:87:f1:d9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ6W9D/hOk66pABJXSQ0XWgOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzN2U1NzA3NDQ0YTE2YzY4ZTFhMWM1MmFjNDkwOWQwYmRj
YTYyYWUwHhcNMjYwNjA1MDg0NDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDcyOGMzNGQ2YjQxZWNlN2ZkNzlhMzI4NzhmNmFmOTU5ZmEzZjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjiOSG/SX72tuRdMH5Shxs6arQww
0bpQhxbsglXwRByga8MvMdAQ2jmu8hdntyA38+A6nX28wIvgAN1jbfS49W3UqaxV
IciDfTXaMgYE0yMgIkvqe84fI+JrhfSoOVvjS34AD57o3+SSYbw//dxI7NES1S2q
Lr42HeDq3yTZD6q8YX+ypkCQXqCOr6+uBPFVafn8I5b4VzwcRASFXG+aoJEkahGG
wBUgsGnxgmXFo/qsqH0DFc0r5blcW9VA8uGIHrPy/+DmNZYes/EHp4gL1Q+QSH7l
vsSHZR1qh7qejI6FNGGC4UFv6DBP00d+ZNT9XQab1Lfc1J2v5JX35l772QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA1yjDTWtB7Of9eaMoePavlZ+j8TMB8GA1UdIwQY
MBaAFBN+VwdEShbGjhocUqxJCdC9ymKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTM1WEIwUktGc2FPR2h4U3JFa0owTDNLWXE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi82ZWFlYWUtZjQ1Yy00MzU1LTkzMmYt
YzBkMjA3YzAyZDI3LzEvRFhLTU5OYTBIczVfMTVveWg0OXEtVm42UHhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi82ZWFlYWUtZjQ1Yy00MzU1LTkzMmYtYzBkMjA3YzAyZDI3
LzEvRTM1WEIwUktGc2FPR2h4U3JFa0owTDNLWXE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhLLQREA
MA0GCSqGSIb3DQEBCwUAA4IBAQAz4zPGEnkipTB4yupmYvhdAudEFVkv8C4sjYHG
aa0Xg7v5Gqi7yYBNW807m2WOWIKgrkZYGtQqR8hc0dcXfoy21w9NANpdkAT25HU3
/CLvfSSIbuioud2sC8/EJD1KioXrEblSnfkgeDXISOsAFRDQzYEBPtksmR/AbXPt
QMdtHbEw/PPnN20xiYuNUg3V0fJsTm151HeU5wnTZ7yOyYJIVpcMLK3GE4UWs3b/
mJBAIVEj146E9ZLVE5K/SEFerftOtODGkcoTo8BPBPyGZ76jwT/FPaGS+FgQkBxQ
4B0AVjwn4xdUifvUwRdPgXH04QTFl47D6X4w6vGqxArSh/HZ
-----END CERTIFICATE-----