Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/K65FtJG9WPws15aCxLNx8kcSq4o.roa
File:                     K65FtJG9WPws15aCxLNx8kcSq4o.roa (raw, json)
Hash identifier:          sWdNupu5JRN43l9Mn2CYyxa89Mi5FMM2ipbcVk7cMgk=
Subject key identifier:   2B:AE:45:B4:91:BD:58:FC:2C:D7:96:82:C4:B3:71:F2:47:12:AB:8A
Certificate issuer:       /CN=137e5707444a16c68e1a1c52ac4909d0bdca62ae
Certificate serial:       019EA2AB862BBF75A5ECFBC50C8DE8268D00
Authority key identifier: 13:7E:57:07:44:4A:16:C6:8E:1A:1C:52:AC:49:09:D0:BD:CA:62:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/K65FtJG9WPws15aCxLNx8kcSq4o.roa
Signing time:             Sun 07 Jun 2026 15:20:10 +0000
ROA not before:           Sun 07 Jun 2026 15:20:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206069
IP address blocks:        2a12:cb41:1400::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 11:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a2:ab:86:2b:bf:75:a5:ec:fb:c5:0c:8d:e8:26:8d:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=137e5707444a16c68e1a1c52ac4909d0bdca62ae
        Validity
            Not Before: Jun  7 15:20:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2bae45b491bd58fc2cd79682c4b371f24712ab8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:64:40:ae:80:c1:39:de:b6:f6:ee:25:dc:c6:
                    fe:4e:12:e6:9e:f3:82:c9:62:d1:f0:d7:42:a8:8e:
                    16:81:70:e5:36:9c:c2:27:e8:13:c7:4c:1d:84:33:
                    8d:7b:a5:13:1b:4b:77:c4:e5:2a:c5:d5:d6:e6:34:
                    d5:d3:7e:c6:1e:2b:7f:15:64:b9:ad:b1:6e:50:ed:
                    8a:aa:65:9d:0e:27:6c:39:d1:ea:ff:da:c0:ab:90:
                    58:c2:47:e8:9b:b7:08:e3:d3:6c:c6:70:ba:d6:18:
                    b6:5b:60:38:de:50:95:80:93:b3:69:1e:89:78:51:
                    49:14:04:1d:54:6c:59:25:52:10:29:4e:78:42:28:
                    b5:da:07:5b:70:46:26:68:a4:a7:0a:da:3c:42:2b:
                    bb:85:c4:ec:bd:dc:b6:63:6c:15:ca:3d:73:30:82:
                    8e:66:b6:b8:f3:ac:bd:38:48:e3:b9:eb:36:13:b7:
                    cd:ec:89:ff:eb:2b:18:22:cd:ae:29:ca:a5:5e:fa:
                    3c:c4:ad:03:61:61:0e:2c:eb:ee:ae:02:2c:d8:e8:
                    cc:20:3d:8e:76:6f:fc:df:2f:97:cd:f8:6e:62:c4:
                    6e:02:4c:47:97:9b:32:23:2d:7b:0e:6e:fb:a5:4d:
                    67:35:b5:68:9f:1c:2c:13:5c:78:08:ed:ba:c1:7c:
                    9b:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:AE:45:B4:91:BD:58:FC:2C:D7:96:82:C4:B3:71:F2:47:12:AB:8A
            X509v3 Authority Key Identifier:
                keyid:13:7E:57:07:44:4A:16:C6:8E:1A:1C:52:AC:49:09:D0:BD:CA:62:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/K65FtJG9WPws15aCxLNx8kcSq4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:cb41:1400::/40

    Signature Algorithm: sha256WithRSAEncryption
         47:1b:eb:90:1b:b9:9d:89:6a:bd:1f:00:ad:6a:ae:c8:e0:69:
         d5:4d:7c:09:ae:95:5c:12:3a:d8:a0:72:c3:fa:23:57:c8:c6:
         51:1b:77:56:05:bb:fa:8e:20:b8:e4:d9:ab:1e:31:68:a1:fc:
         98:13:7c:ae:33:aa:7f:c2:88:70:6a:43:e0:6c:7f:af:87:f8:
         bb:8a:25:a9:5b:a3:55:38:bc:37:35:ed:6d:7c:c3:8b:ea:0f:
         36:a2:89:3c:7f:91:6e:20:e5:e9:c9:cd:f3:5f:40:2d:bc:18:
         55:d6:aa:ef:b8:7e:17:25:12:9d:57:12:b7:c3:63:fb:3f:21:
         0f:ca:e7:cf:ff:8d:d5:6e:53:44:6a:64:34:e5:64:f2:c8:15:
         aa:15:8a:12:5e:08:e4:82:3f:8e:cb:31:bb:01:30:a8:80:5c:
         e0:04:89:8e:76:33:76:39:77:90:72:73:38:14:b6:f8:6c:eb:
         91:0e:de:5d:0c:f5:17:b8:f4:41:94:f3:28:3b:a6:4f:85:8e:
         c3:b7:d1:89:f7:dc:4a:3e:f4:39:2e:15:8b:d1:00:5c:3b:4e:
         4c:be:3a:a1:78:42:69:33:98:a1:ad:a7:34:6e:20:aa:84:02:
         5c:32:30:b0:a0:a4:94:05:bc:63:d8:76:b0:f2:d4:3b:80:d8:
         f1:8d:64:da
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZ6iq4Yrv3Wl7PvFDI3oJo0AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzN2U1NzA3NDQ0YTE2YzY4ZTFhMWM1MmFjNDkwOWQwYmRj
YTYyYWUwHhcNMjYwNjA3MTUyMDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmFlNDViNDkxYmQ1OGZjMmNkNzk2ODJjNGIzNzFmMjQ3MTJhYjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1GRAroDBOd629u4l3Mb+ThLmnvOC
yWLR8NdCqI4WgXDlNpzCJ+gTx0wdhDONe6UTG0t3xOUqxdXW5jTV037GHit/FWS5
rbFuUO2KqmWdDidsOdHq/9rAq5BYwkfom7cI49NsxnC61hi2W2A43lCVgJOzaR6J
eFFJFAQdVGxZJVIQKU54Qii12gdbcEYmaKSnCto8Qiu7hcTsvdy2Y2wVyj1zMIKO
Zra486y9OEjjues2E7fN7In/6ysYIs2uKcqlXvo8xK0DYWEOLOvurgIs2OjMID2O
dm/83y+XzfhuYsRuAkxHl5syIy17Dm77pU1nNbVonxwsE1x4CO26wXybKQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCuuRbSRvVj8LNeWgsSzcfJHEquKMB8GA1UdIwQY
MBaAFBN+VwdEShbGjhocUqxJCdC9ymKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTM1WEIwUktGc2FPR2h4U3JFa0owTDNLWXE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi82ZWFlYWUtZjQ1Yy00MzU1LTkzMmYt
YzBkMjA3YzAyZDI3LzEvSzY1RnRKRzlXUHdzMTVhQ3hMTng4a2NTcTRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi82ZWFlYWUtZjQ1Yy00MzU1LTkzMmYtYzBkMjA3YzAyZDI3
LzEvRTM1WEIwUktGc2FPR2h4U3JFa0owTDNLWXE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhLLQRQw
DQYJKoZIhvcNAQELBQADggEBAEcb65AbuZ2Jar0fAK1qrsjgadVNfAmulVwSOtig
csP6I1fIxlEbd1YFu/qOILjk2aseMWih/JgTfK4zqn/CiHBqQ+Bsf6+H+LuKJalb
o1U4vDc17W18w4vqDzaiiTx/kW4g5enJzfNfQC28GFXWqu+4fhclEp1XErfDY/s/
IQ/K58//jdVuU0RqZDTlZPLIFaoVihJeCOSCP47LMbsBMKiAXOAEiY52M3Y5d5By
czgUtvhs65EO3l0M9Re49EGU8yg7pk+FjsO30Yn33Eo+9DkuFYvRAFw7Tky+OqF4
QmkzmKGtpzRuIKqEAlwyMLCgpJQFvGPYdrDy1DuA2PGNZNo=
-----END CERTIFICATE-----