Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/UnSYaDgDlq6mma-qSvxlxf3f7cY.roa
File:                     UnSYaDgDlq6mma-qSvxlxf3f7cY.roa (raw, json)
Hash identifier:          Vq/fmGi7ZxgEu6+2GPpPORkHD4V173NnGLUxV5LVIwU=
Subject key identifier:   52:74:98:68:38:03:96:AE:A6:99:AF:AA:4A:FC:65:C5:FD:DF:ED:C6
Certificate issuer:       /CN=137e5707444a16c68e1a1c52ac4909d0bdca62ae
Certificate serial:       019CE4AA495117BC511FA2779FE002DC6300
Authority key identifier: 13:7E:57:07:44:4A:16:C6:8E:1A:1C:52:AC:49:09:D0:BD:CA:62:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/UnSYaDgDlq6mma-qSvxlxf3f7cY.roa
Signing time:             Fri 13 Mar 2026 00:48:11 +0000
ROA not before:           Fri 13 Mar 2026 00:48:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209565
IP address blocks:        2a12:cb40::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Mar 2026 00:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e4:aa:49:51:17:bc:51:1f:a2:77:9f:e0:02:dc:63:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=137e5707444a16c68e1a1c52ac4909d0bdca62ae
        Validity
            Not Before: Mar 13 00:48:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=52749868380396aea699afaa4afc65c5fddfedc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:9f:cd:d8:8c:e6:37:f9:f0:2c:10:b1:fd:18:
                    2b:a7:a7:56:f9:bb:55:2b:65:6d:57:19:3d:5f:4f:
                    d8:cc:b5:8c:0d:e4:eb:ec:e8:aa:dd:09:9c:cb:56:
                    91:95:3c:e3:f6:16:97:d5:11:fa:bf:3b:62:fc:ed:
                    5b:46:a3:0a:b3:d5:59:ca:ec:b9:d0:2b:29:4d:59:
                    bb:b0:65:fd:5a:9b:3f:c3:f3:1b:f0:03:30:87:39:
                    37:4b:dd:82:53:2b:11:ad:b7:ff:be:5b:a8:78:8c:
                    90:7d:29:a0:98:e3:8c:88:8c:46:06:dd:33:f6:4d:
                    25:91:73:91:e2:3e:86:d0:43:40:55:50:e0:02:87:
                    3d:0d:f1:1e:68:18:b1:ba:0c:73:af:df:dc:be:2e:
                    32:b3:f3:9c:ae:31:a8:ae:ca:46:7e:81:0c:6f:53:
                    3b:c8:ba:17:21:9f:0c:1e:91:5f:fe:6e:73:18:be:
                    70:84:9d:97:90:ea:4f:df:06:bc:45:01:ed:d6:41:
                    5c:6b:2c:66:93:bf:ae:b9:83:3f:19:93:7d:c7:7c:
                    f6:dc:bf:17:57:de:ce:b4:c3:95:53:a7:a6:98:d0:
                    df:e7:2a:ad:97:e7:20:85:ed:a1:4b:ac:9e:59:ce:
                    1f:ca:1b:44:43:0d:76:37:97:cd:9a:8c:33:ab:c1:
                    76:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:74:98:68:38:03:96:AE:A6:99:AF:AA:4A:FC:65:C5:FD:DF:ED:C6
            X509v3 Authority Key Identifier:
                keyid:13:7E:57:07:44:4A:16:C6:8E:1A:1C:52:AC:49:09:D0:BD:CA:62:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/UnSYaDgDlq6mma-qSvxlxf3f7cY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:cb40::/29

    Signature Algorithm: sha256WithRSAEncryption
         0c:68:72:2d:7d:cd:39:7e:05:b5:a7:78:3c:98:4b:43:0c:86:
         ac:86:ec:65:55:a8:81:6d:d1:a5:14:84:03:3e:72:91:ab:35:
         f8:50:ae:43:0e:a0:92:81:27:76:22:01:39:89:93:4a:06:68:
         e4:0f:a1:8b:8e:f8:dc:cc:a3:68:15:db:29:ec:5b:78:d4:a4:
         77:5c:e6:2f:9e:b7:23:f7:0a:55:b0:6c:bf:69:8e:bf:78:8e:
         4a:b7:44:5a:57:6f:e5:0c:5b:e0:be:74:5a:fd:23:c6:1a:30:
         9e:d8:34:7b:4f:77:4c:cf:35:54:b9:ac:c8:5d:7c:ef:91:ab:
         03:3b:9d:77:76:ef:c3:8c:b9:f2:3f:a0:75:b5:27:43:b0:2f:
         c5:bf:0c:0f:64:8d:78:f2:7d:42:0f:86:fc:4b:63:5e:0e:2d:
         6f:55:39:06:70:ee:17:90:04:9d:62:e7:00:55:d6:12:e7:57:
         5f:5c:87:77:23:63:4c:2f:46:b3:80:b8:7c:c6:5c:33:79:51:
         07:e0:a3:b7:bf:4c:82:f8:35:32:72:50:b3:a7:3c:4b:a6:4a:
         32:49:6e:74:dc:5c:92:19:53:00:61:02:3c:e6:2f:f4:ba:52:
         f3:86:8b:c1:6d:f3:fa:bf:ae:35:24:81:b9:94:5c:30:a2:6f:
         b2:df:36:66
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZzkqklRF7xRH6J3n+AC3GMAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzN2U1NzA3NDQ0YTE2YzY4ZTFhMWM1MmFjNDkwOWQwYmRj
YTYyYWUwHhcNMjYwMzEzMDA0ODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Mjc0OTg2ODM4MDM5NmFlYTY5OWFmYWE0YWZjNjVjNWZkZGZlZGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJ/N2IzmN/nwLBCx/Rgrp6dW+btV
K2VtVxk9X0/YzLWMDeTr7Oiq3Qmcy1aRlTzj9haX1RH6vzti/O1bRqMKs9VZyuy5
0CspTVm7sGX9Wps/w/Mb8AMwhzk3S92CUysRrbf/vluoeIyQfSmgmOOMiIxGBt0z
9k0lkXOR4j6G0ENAVVDgAoc9DfEeaBixugxzr9/cvi4ys/OcrjGorspGfoEMb1M7
yLoXIZ8MHpFf/m5zGL5whJ2XkOpP3wa8RQHt1kFcayxmk7+uuYM/GZN9x3z23L8X
V97OtMOVU6emmNDf5yqtl+cghe2hS6yeWc4fyhtEQw12N5fNmowzq8F2lQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFJ0mGg4A5auppmvqkr8ZcX93+3GMB8GA1UdIwQY
MBaAFBN+VwdEShbGjhocUqxJCdC9ymKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTM1WEIwUktGc2FPR2h4U3JFa0owTDNLWXE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi82ZWFlYWUtZjQ1Yy00MzU1LTkzMmYt
YzBkMjA3YzAyZDI3LzEvVW5TWWFEZ0RscTZtbWEtcVN2eGx4ZjNmN2NZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi82ZWFlYWUtZjQ1Yy00MzU1LTkzMmYtYzBkMjA3YzAyZDI3
LzEvRTM1WEIwUktGc2FPR2h4U3JFa0owTDNLWXE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhLLQDAN
BgkqhkiG9w0BAQsFAAOCAQEADGhyLX3NOX4Ftad4PJhLQwyGrIbsZVWogW3RpRSE
Az5ykas1+FCuQw6gkoEndiIBOYmTSgZo5A+hi4743MyjaBXbKexbeNSkd1zmL563
I/cKVbBsv2mOv3iOSrdEWldv5Qxb4L50Wv0jxhowntg0e093TM81VLmsyF1875Gr
Azudd3bvw4y58j+gdbUnQ7Avxb8MD2SNePJ9Qg+G/EtjXg4tb1U5BnDuF5AEnWLn
AFXWEudXX1yHdyNjTC9Gs4C4fMZcM3lRB+Cjt79Mgvg1MnJQs6c8S6ZKMkludNxc
khlTAGECPOYv9LpS84aLwW3z+r+uNSSBuZRcMKJvst82Zg==
-----END CERTIFICATE-----