Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/f462dc-9e59-4e8d-9c6d-f46887df9863/1/KlL1K6iOrdNgSybgFClw1upWqbU.roa
File:                     KlL1K6iOrdNgSybgFClw1upWqbU.roa (raw, json)
Hash identifier:          W7OttyGx9EuMgenKXewm+r+hTp3kZdfJ3JB/6T3yysg=
Subject key identifier:   2A:52:F5:2B:A8:8E:AD:D3:60:4B:26:E0:14:29:70:D6:EA:56:A9:B5
Certificate issuer:       /CN=525b705a91dbc30ed10eb7222b7797b834e01863
Certificate serial:       019B7A5A847E8E8F0F956F520277B1D95E2C
Authority key identifier: 52:5B:70:5A:91:DB:C3:0E:D1:0E:B7:22:2B:77:97:B8:34:E0:18:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UltwWpHbww7RDrciK3eXuDTgGGM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/f462dc-9e59-4e8d-9c6d-f46887df9863/1/KlL1K6iOrdNgSybgFClw1upWqbU.roa
Signing time:             Thu 01 Jan 2026 16:18:31 +0000
ROA not before:           Thu 01 Jan 2026 16:18:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213169
IP address blocks:        2a0d:eb04:8::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/f462dc-9e59-4e8d-9c6d-f46887df9863/1/UltwWpHbww7RDrciK3eXuDTgGGM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/f462dc-9e59-4e8d-9c6d-f46887df9863/1/UltwWpHbww7RDrciK3eXuDTgGGM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UltwWpHbww7RDrciK3eXuDTgGGM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Feb 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:5a:84:7e:8e:8f:0f:95:6f:52:02:77:b1:d9:5e:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=525b705a91dbc30ed10eb7222b7797b834e01863
        Validity
            Not Before: Jan  1 16:18:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2a52f52ba88eadd3604b26e0142970d6ea56a9b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:8e:38:e0:33:8f:e8:25:fb:50:29:ea:c6:75:
                    60:ae:ab:c9:6f:96:37:01:a9:f9:12:fe:2b:a8:27:
                    c7:09:69:96:09:d5:c2:3a:c2:f4:5b:a4:04:0c:6e:
                    ec:7e:40:03:e2:9c:b4:65:f9:c7:ce:3d:3b:c4:ab:
                    71:4c:d4:0c:35:06:d9:b0:63:4a:a1:bd:a0:a1:7d:
                    31:58:28:b2:ef:be:7e:87:76:df:d4:0e:67:22:39:
                    b6:cc:e1:8d:bd:ca:72:93:66:eb:ed:74:a6:a9:28:
                    bb:41:a5:83:e3:8d:60:1a:4d:ca:6d:3b:f6:2d:00:
                    3f:4d:1a:fa:67:f6:60:68:1c:b8:ff:c1:77:c2:cb:
                    3e:18:9e:7e:b6:1c:47:9a:9f:36:84:96:33:d1:6b:
                    26:e1:5b:71:8c:83:d4:32:6c:18:09:aa:9b:e7:e2:
                    82:6c:3b:72:41:a4:fc:ea:c9:4c:25:88:05:63:ad:
                    3b:8d:a7:bf:b3:ff:37:a1:78:57:2c:7d:15:84:ee:
                    21:11:1c:6a:1f:5f:0d:da:37:f3:43:35:40:b8:ef:
                    b1:2e:37:11:95:0d:c6:88:74:a5:70:90:64:0b:07:
                    cf:54:10:9d:08:f6:9d:ec:e6:de:b9:54:85:ff:81:
                    0e:91:62:cc:13:ae:57:fd:06:65:f2:07:c9:42:a0:
                    c3:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:52:F5:2B:A8:8E:AD:D3:60:4B:26:E0:14:29:70:D6:EA:56:A9:B5
            X509v3 Authority Key Identifier:
                keyid:52:5B:70:5A:91:DB:C3:0E:D1:0E:B7:22:2B:77:97:B8:34:E0:18:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UltwWpHbww7RDrciK3eXuDTgGGM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f462dc-9e59-4e8d-9c6d-f46887df9863/1/KlL1K6iOrdNgSybgFClw1upWqbU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/f462dc-9e59-4e8d-9c6d-f46887df9863/1/UltwWpHbww7RDrciK3eXuDTgGGM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:eb04:8::/46

    Signature Algorithm: sha256WithRSAEncryption
         37:dd:01:d5:2c:57:dc:d1:7e:b8:28:5b:3d:e3:7a:a7:1f:3b:
         65:64:c7:0d:8c:8e:6e:1f:a7:81:8e:92:31:c5:32:78:a6:90:
         6f:4f:43:3e:e6:39:18:57:22:a9:f2:d6:a9:b3:21:30:e9:16:
         b4:e6:b3:7d:f2:c7:df:35:a4:9c:c1:39:af:e5:8b:bf:7a:f3:
         07:00:1f:83:c3:cf:e7:81:3c:66:b3:f5:b7:84:e7:a0:a7:75:
         ca:38:fc:c8:5a:14:d7:c1:f7:f3:fd:a5:51:85:3a:a6:a1:7c:
         2c:c3:56:05:e3:a5:1f:35:d9:31:12:ab:e2:7f:e8:6e:14:df:
         93:87:d7:b0:e4:55:f1:96:7e:8f:a4:37:c6:cc:f5:e3:6d:80:
         2b:47:0f:63:0d:be:b2:c0:b8:b5:43:7f:8a:d7:d1:6c:f7:64:
         68:c5:41:fe:d9:f9:28:3b:05:0f:89:da:85:98:c9:2a:45:d1:
         b5:f1:ea:b6:f6:51:50:47:d7:6d:94:4b:57:6a:93:fd:09:d9:
         d5:7c:77:56:60:0f:9b:b0:93:90:ae:08:be:ff:a9:88:e9:ab:
         91:08:dc:aa:d9:ee:be:0c:84:96:9d:b9:d7:c5:b5:73:b8:fc:
         9a:98:73:40:1c:63:fa:d6:88:82:16:fb:d5:93:c8:ff:cd:cc:
         5c:74:57:b8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt6WoR+jo8PlW9SAnex2V4sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyNWI3MDVhOTFkYmMzMGVkMTBlYjcyMjJiNzc5N2I4MzRl
MDE4NjMwHhcNMjYwMTAxMTYxODMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTUyZjUyYmE4OGVhZGQzNjA0YjI2ZTAxNDI5NzBkNmVhNTZhOWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0I444DOP6CX7UCnqxnVgrqvJb5Y3
Aan5Ev4rqCfHCWmWCdXCOsL0W6QEDG7sfkAD4py0ZfnHzj07xKtxTNQMNQbZsGNK
ob2goX0xWCiy775+h3bf1A5nIjm2zOGNvcpyk2br7XSmqSi7QaWD441gGk3KbTv2
LQA/TRr6Z/ZgaBy4/8F3wss+GJ5+thxHmp82hJYz0Wsm4VtxjIPUMmwYCaqb5+KC
bDtyQaT86slMJYgFY607jae/s/83oXhXLH0VhO4hERxqH18N2jfzQzVAuO+xLjcR
lQ3GiHSlcJBkCwfPVBCdCPad7ObeuVSF/4EOkWLME65X/QZl8gfJQqDDqQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCpS9Suojq3TYEsm4BQpcNbqVqm1MB8GA1UdIwQY
MBaAFFJbcFqR28MO0Q63Iit3l7g04BhjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWx0d1dwSGJ3dzdSRHJjaUszZVh1RFRnR0dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9mNDYyZGMtOWU1OS00ZThkLTljNmQt
ZjQ2ODg3ZGY5ODYzLzEvS2xMMUs2aU9yZE5nU3liZ0ZDbHcxdXBXcWJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9mNDYyZGMtOWU1OS00ZThkLTljNmQtZjQ2ODg3ZGY5ODYz
LzEvVWx0d1dwSGJ3dzdSRHJjaUszZVh1RFRnR0dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKg3rBAAI
MA0GCSqGSIb3DQEBCwUAA4IBAQA33QHVLFfc0X64KFs943qnHztlZMcNjI5uH6eB
jpIxxTJ4ppBvT0M+5jkYVyKp8tapsyEw6Ra05rN98sffNaScwTmv5Yu/evMHAB+D
w8/ngTxms/W3hOegp3XKOPzIWhTXwffz/aVRhTqmoXwsw1YF46UfNdkxEqvif+hu
FN+Th9ew5FXxln6PpDfGzPXjbYArRw9jDb6ywLi1Q3+K19Fs92RoxUH+2fkoOwUP
idqFmMkqRdG18eq29lFQR9dtlEtXapP9CdnVfHdWYA+bsJOQrgi+/6mI6auRCNyq
2e6+DISWnbnXxbVzuPyamHNAHGP61oiCFvvVk8j/zcxcdFe4
-----END CERTIFICATE-----