Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/MMfImLwXkpf8klG1MzI8QyIWYNs.roa
File:                     MMfImLwXkpf8klG1MzI8QyIWYNs.roa (raw, json)
Hash identifier:          /dOuqPOohIph5KLhxjBT71a56JFrTzDMnHJBEa+DRrM=
Subject key identifier:   30:C7:C8:98:BC:17:92:97:FC:92:51:B5:33:32:3C:43:22:16:60:DB
Certificate issuer:       /CN=137e5707444a16c68e1a1c52ac4909d0bdca62ae
Certificate serial:       019EA2AB852AA4B2377742A0FF2354E8C506
Authority key identifier: 13:7E:57:07:44:4A:16:C6:8E:1A:1C:52:AC:49:09:D0:BD:CA:62:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/MMfImLwXkpf8klG1MzI8QyIWYNs.roa
Signing time:             Sun 07 Jun 2026 15:20:10 +0000
ROA not before:           Sun 07 Jun 2026 15:20:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204211
IP address blocks:        2a12:cb41:1400::/40 maxlen: 48
                          2a12:cb47:ffff::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 11:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a2:ab:85:2a:a4:b2:37:77:42:a0:ff:23:54:e8:c5:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=137e5707444a16c68e1a1c52ac4909d0bdca62ae
        Validity
            Not Before: Jun  7 15:20:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=30c7c898bc179297fc9251b533323c43221660db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:9b:0f:f0:82:9f:a1:d2:d0:15:5b:82:8d:f6:
                    12:07:72:e8:bf:6b:82:84:32:b2:ff:c4:71:c5:8d:
                    58:cf:03:3b:4f:28:20:1f:88:d0:b9:da:80:7d:7f:
                    2e:45:b9:eb:22:e1:d1:95:fd:aa:7d:38:3a:02:f1:
                    6b:fe:57:9d:7c:1d:9e:28:7e:a1:a8:c7:c2:ab:30:
                    dc:50:91:78:91:a9:43:73:95:6b:a5:24:92:5f:43:
                    fe:b8:24:d4:19:b4:61:be:fb:c1:ed:36:d3:ab:22:
                    9e:12:1b:d7:f7:0e:f1:76:f3:27:96:c6:1f:ff:8d:
                    95:d6:98:ab:9f:dc:70:7d:47:98:6e:e7:6a:03:54:
                    4a:ad:2f:1c:12:d2:f6:52:22:8f:7d:a1:c7:88:ed:
                    44:72:6d:39:c2:0d:db:a5:f9:34:9a:7a:9b:aa:20:
                    59:c2:5d:7d:18:13:5f:b8:6d:1c:fc:d3:e2:37:d8:
                    30:ae:75:77:80:ef:c6:e0:cc:ad:fe:ec:24:0a:c7:
                    84:7b:5f:01:42:1e:11:34:89:8c:48:52:4f:a8:37:
                    e6:06:c6:a4:0f:37:9c:3f:64:d7:ab:b4:b8:83:cd:
                    c8:93:cc:09:5f:3f:58:63:69:5a:4b:23:e4:54:6a:
                    70:c3:ef:e5:91:17:1e:75:2a:3c:d0:46:d4:c7:ad:
                    1c:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:C7:C8:98:BC:17:92:97:FC:92:51:B5:33:32:3C:43:22:16:60:DB
            X509v3 Authority Key Identifier:
                keyid:13:7E:57:07:44:4A:16:C6:8E:1A:1C:52:AC:49:09:D0:BD:CA:62:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/MMfImLwXkpf8klG1MzI8QyIWYNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:cb41:1400::/40
                  2a12:cb47:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:b0:2f:10:9b:61:d5:ff:6b:94:60:b6:4b:f5:cd:f0:2a:5e:
         ac:81:b9:9d:ed:51:c3:55:6a:3d:cc:59:51:f1:58:a9:92:a9:
         c3:24:56:e4:79:78:99:7e:4b:8e:db:de:3e:4c:26:5c:11:92:
         4a:b4:4c:02:d4:e1:fe:82:71:6e:3a:7c:3b:f3:48:34:23:f2:
         21:15:91:ce:17:4e:86:da:9c:9a:cd:85:7e:ce:4b:05:28:1a:
         5a:e4:e4:a9:22:31:4b:c0:df:57:0c:2d:18:dc:02:64:55:40:
         66:72:61:c4:f2:e2:4c:d6:8f:ec:2b:7a:a2:38:0b:e6:77:54:
         97:33:de:69:94:40:97:7c:4a:ef:82:c7:ce:ec:d6:93:45:fb:
         30:19:26:29:92:09:f8:c2:ba:61:a1:4e:6b:fe:7f:1a:5f:b5:
         96:0d:45:b8:4f:d0:7d:da:bf:2e:97:68:85:4d:af:7f:e9:b7:
         91:63:a6:98:98:1a:84:ea:2f:18:73:a9:0b:65:c6:c7:04:c3:
         e5:47:91:79:95:63:80:d7:9a:57:52:96:8c:87:88:42:9b:b1:
         4b:22:2c:05:8e:1d:34:e2:1f:d3:f1:24:b1:7e:91:3b:28:0a:
         c6:54:2f:9d:84:46:fc:22:75:b1:b3:92:ba:9e:53:76:af:60:
         f4:74:7c:e3
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZ6iq4UqpLI3d0Kg/yNU6MUGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzN2U1NzA3NDQ0YTE2YzY4ZTFhMWM1MmFjNDkwOWQwYmRj
YTYyYWUwHhcNMjYwNjA3MTUyMDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGM3Yzg5OGJjMTc5Mjk3ZmM5MjUxYjUzMzMyM2M0MzIyMTY2MGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpsP8IKfodLQFVuCjfYSB3Lov2uC
hDKy/8RxxY1YzwM7TyggH4jQudqAfX8uRbnrIuHRlf2qfTg6AvFr/ledfB2eKH6h
qMfCqzDcUJF4kalDc5VrpSSSX0P+uCTUGbRhvvvB7TbTqyKeEhvX9w7xdvMnlsYf
/42V1pirn9xwfUeYbudqA1RKrS8cEtL2UiKPfaHHiO1Ecm05wg3bpfk0mnqbqiBZ
wl19GBNfuG0c/NPiN9gwrnV3gO/G4Myt/uwkCseEe18BQh4RNImMSFJPqDfmBsak
DzecP2TXq7S4g83Ik8wJXz9YY2laSyPkVGpww+/lkRcedSo80EbUx60cMwIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFDDHyJi8F5KX/JJRtTMyPEMiFmDbMB8GA1UdIwQY
MBaAFBN+VwdEShbGjhocUqxJCdC9ymKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTM1WEIwUktGc2FPR2h4U3JFa0owTDNLWXE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi82ZWFlYWUtZjQ1Yy00MzU1LTkzMmYt
YzBkMjA3YzAyZDI3LzEvTU1mSW1Md1hrcGY4a2xHMU16SThReUlXWU5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi82ZWFlYWUtZjQ1Yy00MzU1LTkzMmYtYzBkMjA3YzAyZDI3
LzEvRTM1WEIwUktGc2FPR2h4U3JFa0owTDNLWXE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwYAKhLLQRQD
BwAqEstH//8wDQYJKoZIhvcNAQELBQADggEBAFawLxCbYdX/a5Rgtkv1zfAqXqyB
uZ3tUcNVaj3MWVHxWKmSqcMkVuR5eJl+S47b3j5MJlwRkkq0TALU4f6CcW46fDvz
SDQj8iEVkc4XTobanJrNhX7OSwUoGlrk5KkiMUvA31cMLRjcAmRVQGZyYcTy4kzW
j+wreqI4C+Z3VJcz3mmUQJd8Su+Cx87s1pNF+zAZJimSCfjCumGhTmv+fxpftZYN
RbhP0H3avy6XaIVNr3/pt5FjppiYGoTqLxhzqQtlxscEw+VHkXmVY4DXmldSloyH
iEKbsUsiLAWOHTTiH9PxJLF+kTsoCsZUL52ERvwidbGzkrqeU3avYPR0fOM=
-----END CERTIFICATE-----