Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/DuR8R9YJWEDaCvnw-8235RrAPAI.roa
File:                     DuR8R9YJWEDaCvnw-8235RrAPAI.roa (raw, json)
Hash identifier:          nwr1wP+HSbTaiN0zlgVNEhTYrOWHjDVW/mSXRxlqdg0=
Subject key identifier:   0E:E4:7C:47:D6:09:58:40:DA:0A:F9:F0:FB:CD:B7:E5:1A:C0:3C:02
Certificate issuer:       /CN=137e5707444a16c68e1a1c52ac4909d0bdca62ae
Certificate serial:       019CD387FE2B9C2E862A48EBF32F8215F5F5
Authority key identifier: 13:7E:57:07:44:4A:16:C6:8E:1A:1C:52:AC:49:09:D0:BD:CA:62:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/DuR8R9YJWEDaCvnw-8235RrAPAI.roa
Signing time:             Mon 09 Mar 2026 16:57:10 +0000
ROA not before:           Mon 09 Mar 2026 16:57:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201944
IP address blocks:        2a12:cb44::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 09:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d3:87:fe:2b:9c:2e:86:2a:48:eb:f3:2f:82:15:f5:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=137e5707444a16c68e1a1c52ac4909d0bdca62ae
        Validity
            Not Before: Mar  9 16:57:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0ee47c47d6095840da0af9f0fbcdb7e51ac03c02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:b6:30:9b:00:62:6c:49:24:80:75:88:d1:e2:
                    44:de:16:1b:e5:71:d6:e4:16:5d:e9:ab:5f:64:66:
                    d1:9b:b2:31:9d:12:e0:ca:1f:ac:16:ef:02:64:9b:
                    f1:78:25:73:87:91:f4:39:00:a3:7a:7a:1d:7e:b3:
                    d6:0b:99:de:43:c8:79:93:b1:9b:bb:51:04:b6:3c:
                    ff:bb:38:4c:45:f5:a4:02:be:38:f1:79:c5:2e:75:
                    96:04:9f:d9:1f:f7:c7:53:2d:20:a4:13:31:49:b4:
                    dd:98:83:7f:b2:f3:df:1b:c7:90:bd:e9:04:f9:ca:
                    24:82:a7:e9:da:ae:3d:a5:f7:20:61:b1:b6:fc:e2:
                    df:ed:2c:48:f8:51:20:e3:25:39:91:3d:3a:24:34:
                    86:49:e8:7a:c7:d3:10:19:d3:fa:07:8d:e7:41:41:
                    75:8a:b6:45:08:db:08:05:48:0c:f3:7d:5c:c8:01:
                    9e:8a:9a:b3:c5:6d:ca:29:23:dd:c3:f0:b1:9c:38:
                    e8:76:81:8a:fc:55:2d:3d:00:f7:82:6c:2e:a3:bf:
                    63:2c:e7:b1:42:c0:e6:a0:e3:4e:f5:2f:e8:1d:17:
                    fb:c6:c4:d7:b3:8c:a2:a8:aa:2b:53:bc:82:15:9a:
                    f5:59:5f:63:20:b6:c6:fe:56:ea:3f:dc:e0:72:2f:
                    ac:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:E4:7C:47:D6:09:58:40:DA:0A:F9:F0:FB:CD:B7:E5:1A:C0:3C:02
            X509v3 Authority Key Identifier:
                keyid:13:7E:57:07:44:4A:16:C6:8E:1A:1C:52:AC:49:09:D0:BD:CA:62:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/DuR8R9YJWEDaCvnw-8235RrAPAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:cb44::/32

    Signature Algorithm: sha256WithRSAEncryption
         62:3f:36:a1:9f:44:49:4c:56:bb:b2:af:0c:53:1c:31:72:c7:
         b7:fa:1f:d8:39:0e:69:a9:87:b3:46:44:49:c8:54:e4:c6:83:
         38:7e:68:0f:c9:f8:ed:27:be:15:e4:25:25:0d:16:81:c2:c5:
         89:5b:47:52:8a:81:c1:26:a6:b5:3d:cd:cd:c4:2b:f0:66:a2:
         1c:3d:ec:55:92:a1:7c:79:9b:e4:1f:11:8a:54:54:2a:c4:e8:
         00:1a:3d:07:4d:96:64:9f:66:c7:ee:6c:20:1b:ad:29:a2:43:
         44:c7:25:80:c2:74:c9:7d:25:86:b0:99:0e:a1:de:c3:23:48:
         3b:fb:e0:e4:31:44:29:8d:75:b3:d1:0b:fc:f4:84:4a:9b:23:
         a6:68:99:2e:b8:2e:f7:16:e0:19:13:70:15:9e:b6:30:99:ba:
         35:d7:76:cd:63:73:9d:89:fe:2e:e8:fe:47:53:a2:b7:61:2d:
         fc:29:ca:bb:45:ed:0f:39:7b:2a:32:46:c1:e8:56:59:bf:fb:
         cb:fa:8c:73:13:fe:4d:3c:d9:f5:ee:43:13:b2:2d:6b:a8:6a:
         63:80:a4:be:c8:46:89:c7:63:92:ff:71:d6:47:0f:ae:5f:45:
         71:01:ed:77:ef:56:62:52:83:19:83:a2:6b:19:86:c0:e6:f9:
         0a:5b:b3:6d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZzTh/4rnC6GKkjr8y+CFfX1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzN2U1NzA3NDQ0YTE2YzY4ZTFhMWM1MmFjNDkwOWQwYmRj
YTYyYWUwHhcNMjYwMzA5MTY1NzEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWU0N2M0N2Q2MDk1ODQwZGEwYWY5ZjBmYmNkYjdlNTFhYzAzYzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo7YwmwBibEkkgHWI0eJE3hYb5XHW
5BZd6atfZGbRm7IxnRLgyh+sFu8CZJvxeCVzh5H0OQCjenodfrPWC5neQ8h5k7Gb
u1EEtjz/uzhMRfWkAr448XnFLnWWBJ/ZH/fHUy0gpBMxSbTdmIN/svPfG8eQvekE
+cokgqfp2q49pfcgYbG2/OLf7SxI+FEg4yU5kT06JDSGSeh6x9MQGdP6B43nQUF1
irZFCNsIBUgM831cyAGeipqzxW3KKSPdw/CxnDjodoGK/FUtPQD3gmwuo79jLOex
QsDmoONO9S/oHRf7xsTXs4yiqKorU7yCFZr1WV9jILbG/lbqP9zgci+sewIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFA7kfEfWCVhA2gr58PvNt+UawDwCMB8GA1UdIwQY
MBaAFBN+VwdEShbGjhocUqxJCdC9ymKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTM1WEIwUktGc2FPR2h4U3JFa0owTDNLWXE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi82ZWFlYWUtZjQ1Yy00MzU1LTkzMmYt
YzBkMjA3YzAyZDI3LzEvRHVSOFI5WUpXRURhQ3Zudy04MjM1UnJBUEFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi82ZWFlYWUtZjQ1Yy00MzU1LTkzMmYtYzBkMjA3YzAyZDI3
LzEvRTM1WEIwUktGc2FPR2h4U3JFa0owTDNLWXE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhLLRDAN
BgkqhkiG9w0BAQsFAAOCAQEAYj82oZ9ESUxWu7KvDFMcMXLHt/of2DkOaamHs0ZE
SchU5MaDOH5oD8n47Se+FeQlJQ0WgcLFiVtHUoqBwSamtT3NzcQr8GaiHD3sVZKh
fHmb5B8RilRUKsToABo9B02WZJ9mx+5sIButKaJDRMclgMJ0yX0lhrCZDqHewyNI
O/vg5DFEKY11s9EL/PSESpsjpmiZLrgu9xbgGRNwFZ62MJm6Ndd2zWNznYn+Luj+
R1Oit2Et/CnKu0XtDzl7KjJGwehWWb/7y/qMcxP+TTzZ9e5DE7Ita6hqY4CkvshG
icdjkv9x1kcPrl9FcQHtd+9WYlKDGYOiaxmGwOb5CluzbQ==
-----END CERTIFICATE-----