Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/v0ktEALprjuYyYztKF7oiuux4Yc.roa
File:                     v0ktEALprjuYyYztKF7oiuux4Yc.roa (raw, json)
Hash identifier:          uoK2ToELcvQ/V62kgkj3wD/DyJ0aXYt2dIxjN0uwM8E=
Subject key identifier:   BF:49:2D:10:02:E9:AE:3B:98:C9:8C:ED:28:5E:E8:8A:EB:B1:E1:87
Certificate issuer:       /CN=137e5707444a16c68e1a1c52ac4909d0bdca62ae
Certificate serial:       019CD110473231FBB8C039511CC346DB8F48
Authority key identifier: 13:7E:57:07:44:4A:16:C6:8E:1A:1C:52:AC:49:09:D0:BD:CA:62:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/v0ktEALprjuYyYztKF7oiuux4Yc.roa
Signing time:             Mon 09 Mar 2026 05:27:10 +0000
ROA not before:           Mon 09 Mar 2026 05:27:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215172
IP address blocks:        2001:678:11a4::/48 maxlen: 48
                          2a12:cb40::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 09:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d1:10:47:32:31:fb:b8:c0:39:51:1c:c3:46:db:8f:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=137e5707444a16c68e1a1c52ac4909d0bdca62ae
        Validity
            Not Before: Mar  9 05:27:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bf492d1002e9ae3b98c98ced285ee88aebb1e187
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:f9:cc:04:6a:d7:18:22:64:d3:50:93:92:53:
                    77:18:76:75:ee:7f:78:b2:7b:0a:0c:b8:6f:b2:59:
                    9a:96:85:9a:a6:13:b5:d3:e5:7e:7b:d4:a8:f0:31:
                    46:a6:23:13:bc:f4:02:bf:fa:17:86:46:54:9d:c6:
                    d2:77:65:dc:77:95:4f:cd:46:c6:bf:b5:00:5a:ae:
                    f8:32:9d:84:55:f6:05:03:6e:0e:6c:34:23:95:19:
                    6e:19:6b:1e:e6:40:85:db:12:71:7c:a6:7c:48:dc:
                    3e:91:fa:8e:26:5b:f3:9b:29:ad:5a:a9:c5:87:20:
                    db:c7:3e:e8:48:4f:6c:c9:63:68:77:f7:81:82:6a:
                    05:18:3d:b8:62:36:86:c5:12:1a:d3:0d:15:6e:c9:
                    45:00:7a:10:fe:ee:eb:7f:7b:fb:74:a9:6b:cc:63:
                    27:97:28:e6:92:a3:59:a5:12:8e:7c:32:d9:c0:c9:
                    33:e4:ee:26:48:4b:90:bf:51:d9:f1:70:f4:20:75:
                    f1:17:76:07:d3:0d:b5:47:e6:e4:76:e0:59:7a:4e:
                    a0:20:92:60:f2:e4:db:6f:62:0c:bc:c3:6f:70:81:
                    aa:85:9a:23:4c:94:b8:3c:98:62:e4:8a:44:81:cb:
                    fd:76:8c:5a:ae:2c:26:c5:ad:41:85:9d:b1:a2:88:
                    b5:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:49:2D:10:02:E9:AE:3B:98:C9:8C:ED:28:5E:E8:8A:EB:B1:E1:87
            X509v3 Authority Key Identifier:
                keyid:13:7E:57:07:44:4A:16:C6:8E:1A:1C:52:AC:49:09:D0:BD:CA:62:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/v0ktEALprjuYyYztKF7oiuux4Yc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:11a4::/48
                  2a12:cb40::/29

    Signature Algorithm: sha256WithRSAEncryption
         ab:3f:94:db:46:fc:57:7c:58:24:02:d6:90:e9:e5:bc:3a:97:
         81:39:be:c6:86:4a:eb:c6:26:32:f7:67:35:e8:0e:9d:eb:1f:
         3b:31:21:9c:8c:9c:3f:a8:35:b4:61:0f:fd:4a:a9:b4:3d:82:
         2e:96:ad:d2:12:dc:f1:cc:a3:1e:c6:07:d2:55:9d:cc:5f:ce:
         11:17:ce:87:ec:7e:09:6f:d7:66:ac:5b:27:89:f4:77:55:9d:
         0a:da:b8:c6:6f:69:4a:bf:87:93:f9:dc:42:0b:29:68:47:a4:
         e2:b4:7e:01:b2:a5:f7:8b:38:cd:a8:eb:72:35:e0:63:be:b5:
         9a:5c:23:69:eb:54:4d:46:7b:50:fb:92:24:cd:d4:69:ef:e5:
         74:c4:b5:86:0b:73:c4:76:73:24:ce:26:a2:5a:9a:f0:c1:a4:
         e5:51:5b:c5:de:8a:f9:39:92:a9:8e:22:56:5e:e1:93:1a:26:
         de:06:4e:3f:e9:9d:58:31:8c:11:91:0d:6d:5f:8c:da:ee:2f:
         84:27:84:c8:71:27:6c:40:9b:5e:b0:f8:bf:a8:ce:3f:fd:11:
         46:29:1c:ea:1e:6f:76:a0:90:7e:45:30:c6:29:33:a5:95:92:
         cf:9d:e7:86:be:5f:5a:fe:bd:1c:e3:1e:82:0f:c3:d8:2a:5c:
         17:db:fa:8e
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZzREEcyMfu4wDlRHMNG249IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzN2U1NzA3NDQ0YTE2YzY4ZTFhMWM1MmFjNDkwOWQwYmRj
YTYyYWUwHhcNMjYwMzA5MDUyNzEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjQ5MmQxMDAyZTlhZTNiOThjOThjZWQyODVlZTg4YWViYjFlMTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1PnMBGrXGCJk01CTklN3GHZ17n94
snsKDLhvslmaloWaphO10+V+e9So8DFGpiMTvPQCv/oXhkZUncbSd2Xcd5VPzUbG
v7UAWq74Mp2EVfYFA24ObDQjlRluGWse5kCF2xJxfKZ8SNw+kfqOJlvzmymtWqnF
hyDbxz7oSE9syWNod/eBgmoFGD24YjaGxRIa0w0VbslFAHoQ/u7rf3v7dKlrzGMn
lyjmkqNZpRKOfDLZwMkz5O4mSEuQv1HZ8XD0IHXxF3YH0w21R+bkduBZek6gIJJg
8uTbb2IMvMNvcIGqhZojTJS4PJhi5IpEgcv9doxariwmxa1BhZ2xooi1ZQIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFL9JLRAC6a47mMmM7She6IrrseGHMB8GA1UdIwQY
MBaAFBN+VwdEShbGjhocUqxJCdC9ymKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTM1WEIwUktGc2FPR2h4U3JFa0owTDNLWXE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi82ZWFlYWUtZjQ1Yy00MzU1LTkzMmYt
YzBkMjA3YzAyZDI3LzEvdjBrdEVBTHByanVZeVl6dEtGN29pdXV4NFljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi82ZWFlYWUtZjQ1Yy00MzU1LTkzMmYtYzBkMjA3YzAyZDI3
LzEvRTM1WEIwUktGc2FPR2h4U3JFa0owTDNLWXE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwcAIAEGeBGk
AwUDKhLLQDANBgkqhkiG9w0BAQsFAAOCAQEAqz+U20b8V3xYJALWkOnlvDqXgTm+
xoZK68YmMvdnNegOnesfOzEhnIycP6g1tGEP/UqptD2CLpat0hLc8cyjHsYH0lWd
zF/OERfOh+x+CW/XZqxbJ4n0d1WdCtq4xm9pSr+Hk/ncQgspaEek4rR+AbKl94s4
zajrcjXgY761mlwjaetUTUZ7UPuSJM3Uae/ldMS1hgtzxHZzJM4molqa8MGk5VFb
xd6K+TmSqY4iVl7hkxom3gZOP+mdWDGMEZENbV+M2u4vhCeEyHEnbECbXrD4v6jO
P/0RRikc6h5vdqCQfkUwxikzpZWSz53nhr5fWv69HOMegg/D2CpcF9v6jg==
-----END CERTIFICATE-----