Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/q9gzmrXlePMlciZvpWWGZ4VAXJ8.roa
File:                     q9gzmrXlePMlciZvpWWGZ4VAXJ8.roa (raw, json)
Hash identifier:          +qqAYu+OXwah/VdIOZh/+D6sTDdWRFnAkpAzYg8M8r0=
Subject key identifier:   AB:D8:33:9A:B5:E5:78:F3:25:72:26:6F:A5:65:86:67:85:40:5C:9F
Certificate issuer:       /CN=137e5707444a16c68e1a1c52ac4909d0bdca62ae
Certificate serial:       019EACC069B10F32BAD272C7C8C534FB063F
Authority key identifier: 13:7E:57:07:44:4A:16:C6:8E:1A:1C:52:AC:49:09:D0:BD:CA:62:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/q9gzmrXlePMlciZvpWWGZ4VAXJ8.roa
Signing time:             Tue 09 Jun 2026 14:19:11 +0000
ROA not before:           Tue 09 Jun 2026 14:19:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219489
IP address blocks:        2a12:cb41:1200::/39 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 11:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ac:c0:69:b1:0f:32:ba:d2:72:c7:c8:c5:34:fb:06:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=137e5707444a16c68e1a1c52ac4909d0bdca62ae
        Validity
            Not Before: Jun  9 14:19:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=abd8339ab5e578f32572266fa565866785405c9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:d6:1a:cc:0c:b3:2c:21:c4:53:1a:e1:0f:e5:
                    2a:0b:05:bf:39:6f:0c:60:bc:c4:fd:86:a0:fd:74:
                    00:d2:9c:f4:13:bd:f9:4f:da:cc:60:e1:40:e2:17:
                    3f:9d:3a:d0:b8:c9:0b:86:85:af:ad:60:6d:c9:d6:
                    a2:d3:60:62:c9:d1:5c:1b:31:c8:2d:e1:0c:b8:ab:
                    40:48:91:b3:59:85:ce:d5:a7:79:e2:c6:6c:fc:90:
                    0d:3c:0c:4d:e1:ca:da:d5:59:7d:8e:8d:74:90:13:
                    1f:f7:b7:b2:51:ef:e9:ee:7c:2c:a1:ca:a7:45:c7:
                    a5:f9:71:d6:f1:0d:0b:71:82:c9:48:3b:e4:ef:6d:
                    53:bd:dd:e0:24:b7:65:fe:d2:61:6b:0e:54:e7:08:
                    3b:7c:88:7b:38:46:1b:14:57:94:78:36:9a:ad:8b:
                    2d:b3:95:5f:cc:75:8e:31:6d:ec:03:a7:e2:b4:5a:
                    8b:e9:93:c3:44:5c:ea:fc:b7:51:84:67:bc:5b:45:
                    4e:b6:10:56:16:49:0c:0a:a5:71:0d:47:27:bd:df:
                    86:a9:03:87:a7:54:ba:e5:cf:d2:74:e1:74:4a:62:
                    38:9f:b8:e8:16:8b:14:21:56:f5:99:58:77:4b:48:
                    93:64:82:1d:83:6b:4b:76:83:34:00:6c:70:cb:cd:
                    43:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:D8:33:9A:B5:E5:78:F3:25:72:26:6F:A5:65:86:67:85:40:5C:9F
            X509v3 Authority Key Identifier:
                keyid:13:7E:57:07:44:4A:16:C6:8E:1A:1C:52:AC:49:09:D0:BD:CA:62:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/q9gzmrXlePMlciZvpWWGZ4VAXJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:cb41:1200::/39

    Signature Algorithm: sha256WithRSAEncryption
         5c:5d:f3:74:3c:c8:79:37:36:4d:dc:18:78:5f:92:b2:c2:f6:
         c4:ec:a3:9b:75:7e:88:93:5f:82:2b:84:0b:06:1f:05:d7:bb:
         e2:54:9f:08:df:4a:d4:e8:19:77:ce:dd:93:9c:b2:93:14:1b:
         0d:70:21:66:60:cd:e7:1e:fc:7e:13:c4:65:95:18:6d:dd:a7:
         63:43:ae:0d:50:53:03:27:44:59:f3:51:49:2e:10:7b:9c:d8:
         9a:32:04:1c:0e:10:f9:34:7f:49:d0:81:06:11:84:52:8d:94:
         7d:15:35:10:c6:75:eb:87:38:0d:d0:5c:4b:bd:ff:aa:87:d7:
         69:75:c3:f6:64:91:06:4f:41:01:10:13:03:72:2e:6f:dc:58:
         e4:6a:82:41:c1:4d:03:d1:73:7d:78:a7:cb:f5:c7:a0:44:79:
         0e:3b:c5:f6:bd:22:21:d3:ca:65:e3:8a:f7:f8:c1:c5:c2:3d:
         eb:bd:e9:bb:59:c7:1a:dd:fe:32:f3:48:4d:a0:17:5f:55:67:
         73:c3:df:ce:2d:20:a4:9a:0a:3b:1c:3d:e4:98:05:18:dd:fe:
         6f:e7:e8:45:e8:b4:b3:a7:47:4b:28:78:c8:a7:51:94:7f:ad:
         a5:da:ec:e0:4a:03:57:93:79:b4:4d:0a:98:c3:7b:e1:12:3f:
         13:ba:8f:9d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZ6swGmxDzK60nLHyMU0+wY/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzN2U1NzA3NDQ0YTE2YzY4ZTFhMWM1MmFjNDkwOWQwYmRj
YTYyYWUwHhcNMjYwNjA5MTQxOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmQ4MzM5YWI1ZTU3OGYzMjU3MjI2NmZhNTY1ODY2Nzg1NDA1YzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAotYazAyzLCHEUxrhD+UqCwW/OW8M
YLzE/Yag/XQA0pz0E735T9rMYOFA4hc/nTrQuMkLhoWvrWBtydai02BiydFcGzHI
LeEMuKtASJGzWYXO1ad54sZs/JANPAxN4cra1Vl9jo10kBMf97eyUe/p7nwsocqn
Rcel+XHW8Q0LcYLJSDvk721Tvd3gJLdl/tJhaw5U5wg7fIh7OEYbFFeUeDaarYst
s5VfzHWOMW3sA6fitFqL6ZPDRFzq/LdRhGe8W0VOthBWFkkMCqVxDUcnvd+GqQOH
p1S65c/SdOF0SmI4n7joFosUIVb1mVh3S0iTZIIdg2tLdoM0AGxwy81D1QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKvYM5q15XjzJXImb6VlhmeFQFyfMB8GA1UdIwQY
MBaAFBN+VwdEShbGjhocUqxJCdC9ymKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTM1WEIwUktGc2FPR2h4U3JFa0owTDNLWXE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi82ZWFlYWUtZjQ1Yy00MzU1LTkzMmYt
YzBkMjA3YzAyZDI3LzEvcTlnem1yWGxlUE1sY2ladnBXV0daNFZBWEo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi82ZWFlYWUtZjQ1Yy00MzU1LTkzMmYtYzBkMjA3YzAyZDI3
LzEvRTM1WEIwUktGc2FPR2h4U3JFa0owTDNLWXE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYBKhLLQRIw
DQYJKoZIhvcNAQELBQADggEBAFxd83Q8yHk3Nk3cGHhfkrLC9sTso5t1foiTX4Ir
hAsGHwXXu+JUnwjfStToGXfO3ZOcspMUGw1wIWZgzece/H4TxGWVGG3dp2NDrg1Q
UwMnRFnzUUkuEHuc2JoyBBwOEPk0f0nQgQYRhFKNlH0VNRDGdeuHOA3QXEu9/6qH
12l1w/ZkkQZPQQEQEwNyLm/cWORqgkHBTQPRc314p8v1x6BEeQ47xfa9IiHTymXj
ivf4wcXCPeu96btZxxrd/jLzSE2gF19VZ3PD384tIKSaCjscPeSYBRjd/m/n6EXo
tLOnR0soeMinUZR/raXa7OBKA1eTebRNCpjDe+ESPxO6j50=
-----END CERTIFICATE-----