Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/YhLDm5Ce0BvL20OlK_DJ3XluMvQ.roa
File:                     YhLDm5Ce0BvL20OlK_DJ3XluMvQ.roa (raw, json)
Hash identifier:          a/DUt7th7DoduXNQ3o8GbpNtKAw3KBcPk7la6IbcmHQ=
Subject key identifier:   62:12:C3:9B:90:9E:D0:1B:CB:DB:43:A5:2B:F0:C9:DD:79:6E:32:F4
Certificate issuer:       /CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
Certificate serial:       019D110F03B969F5472328EF9D9D7B7D400B
Authority key identifier: 7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/YhLDm5Ce0BvL20OlK_DJ3XluMvQ.roa
Signing time:             Sat 21 Mar 2026 15:41:29 +0000
ROA not before:           Sat 21 Mar 2026 15:41:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        2a05:9080:13::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 23:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:11:0f:03:b9:69:f5:47:23:28:ef:9d:9d:7b:7d:40:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3d022a240ce71e0a6e1e9aae0112da840cc34b
        Validity
            Not Before: Mar 21 15:41:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6212c39b909ed01bcbdb43a52bf0c9dd796e32f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:69:52:37:01:73:b5:6a:bb:ff:1b:77:02:16:
                    74:0f:ac:91:4a:5b:07:94:fe:c4:0a:36:4f:60:9d:
                    75:24:57:7d:7f:a1:7d:4a:b5:28:74:bf:89:cb:32:
                    35:1b:2b:2d:fc:72:6d:48:e3:50:ca:be:5a:b3:aa:
                    32:fe:c7:fb:aa:a6:bb:77:dd:1f:6a:28:d6:3d:2b:
                    03:68:12:47:a5:b5:bf:dc:aa:f6:88:86:e2:de:46:
                    a6:e0:c6:7e:76:39:74:c8:78:a0:df:10:ee:5e:b6:
                    09:c6:f1:a9:b9:b0:a0:4a:e5:46:78:5b:76:aa:d7:
                    31:a4:fd:27:e2:a8:d6:00:71:70:36:08:95:0b:29:
                    98:93:79:70:c3:6c:b1:f8:27:46:47:20:8a:77:5f:
                    2f:01:68:61:72:50:92:c2:27:e0:13:40:a8:3f:30:
                    1f:ed:06:7f:e1:6c:23:31:01:fc:db:dc:b9:da:b5:
                    7a:50:b7:23:b5:5e:c2:ef:0f:c9:4d:55:16:34:8f:
                    78:dd:ef:e5:e8:70:93:13:c6:a6:0b:1e:05:29:8c:
                    25:70:b9:7e:64:e0:37:aa:80:a0:80:b7:1c:35:4e:
                    61:d0:8b:ec:1e:39:5e:5a:50:7a:d5:11:2a:04:9b:
                    74:6f:4e:21:6e:1e:9d:a2:0a:5c:93:00:1b:4a:b8:
                    e7:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:12:C3:9B:90:9E:D0:1B:CB:DB:43:A5:2B:F0:C9:DD:79:6E:32:F4
            X509v3 Authority Key Identifier:
                keyid:7C:3D:02:2A:24:0C:E7:1E:0A:6E:1E:9A:AE:01:12:DA:84:0C:C3:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fD0CKiQM5x4Kbh6argES2oQMw0s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/YhLDm5Ce0BvL20OlK_DJ3XluMvQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/fd362f-afcb-4cf5-98c6-0948989e6d55/1/fD0CKiQM5x4Kbh6argES2oQMw0s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:9080:13::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:2d:3b:0e:74:c6:33:02:2c:45:a1:f2:81:1d:1a:48:10:1f:
         1f:ab:ae:ff:bb:26:41:d8:a1:d8:52:90:ac:89:f5:6f:cc:3d:
         dc:28:be:76:92:7e:c7:1b:3d:21:63:ed:a9:46:da:cf:46:28:
         df:68:cc:8c:d2:f1:1f:7e:db:54:8b:80:f5:df:ed:4f:46:ff:
         9d:86:94:23:81:25:d0:c3:89:06:33:40:1b:a7:c2:4c:95:28:
         0d:68:d2:5d:50:d0:3c:6a:44:67:27:c0:41:3f:85:22:e3:40:
         f2:89:dd:8f:43:a5:94:b0:48:fd:55:78:72:7b:2d:f8:36:80:
         ce:9a:71:ed:b2:e7:6f:02:59:63:8b:54:55:44:09:4e:ff:d9:
         da:ee:f4:c8:c2:d3:c9:4a:9b:41:cc:bd:e4:40:a1:e3:a3:66:
         40:ea:d8:a9:47:8e:19:c9:82:dd:6c:88:4e:72:a8:11:31:1a:
         08:cd:27:c5:c0:35:1d:70:5b:05:70:7b:d7:1a:00:cd:6b:fd:
         ab:02:c7:9c:7f:10:37:45:09:1f:48:71:66:c4:51:a0:b6:3e:
         90:d5:15:cb:33:eb:fa:6d:77:8c:fd:a2:61:55:bd:10:4a:e6:
         89:00:bb:81:0d:3f:2d:cb:49:e7:63:db:a1:15:f8:b9:88:e6:
         a7:90:9d:be
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ0RDwO5afVHIyjvnZ17fUALMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2QwMjJhMjQwY2U3MWUwYTZlMWU5YWFlMDExMmRhODQw
Y2MzNGIwHhcNMjYwMzIxMTU0MTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjEyYzM5YjkwOWVkMDFiY2JkYjQzYTUyYmYwYzlkZDc5NmUzMmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtWlSNwFztWq7/xt3AhZ0D6yRSlsH
lP7ECjZPYJ11JFd9f6F9SrUodL+JyzI1Gyst/HJtSONQyr5as6oy/sf7qqa7d90f
aijWPSsDaBJHpbW/3Kr2iIbi3kam4MZ+djl0yHig3xDuXrYJxvGpubCgSuVGeFt2
qtcxpP0n4qjWAHFwNgiVCymYk3lww2yx+CdGRyCKd18vAWhhclCSwifgE0CoPzAf
7QZ/4WwjMQH829y52rV6ULcjtV7C7w/JTVUWNI943e/l6HCTE8amCx4FKYwlcLl+
ZOA3qoCggLccNU5h0IvsHjleWlB61REqBJt0b04hbh6dogpckwAbSrjnqQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGISw5uQntAby9tDpSvwyd15bjL0MB8GA1UdIwQY
MBaAFHw9AiokDOceCm4emq4BEtqEDMNLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYt
MDk0ODk4OWU2ZDU1LzEvWWhMRG01Q2UwQnZMMjBPbEtfREozWGx1TXZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9mZDM2MmYtYWZjYi00Y2Y1LTk4YzYtMDk0ODk4OWU2ZDU1
LzEvZkQwQ0tpUU01eDRLYmg2YXJnRVMyb1FNdzBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgWQgAAT
MA0GCSqGSIb3DQEBCwUAA4IBAQAVLTsOdMYzAixFofKBHRpIEB8fq67/uyZB2KHY
UpCsifVvzD3cKL52kn7HGz0hY+2pRtrPRijfaMyM0vEffttUi4D13+1PRv+dhpQj
gSXQw4kGM0Abp8JMlSgNaNJdUNA8akRnJ8BBP4Ui40Dyid2PQ6WUsEj9VXhyey34
NoDOmnHtsudvAllji1RVRAlO/9na7vTIwtPJSptBzL3kQKHjo2ZA6tipR44ZyYLd
bIhOcqgRMRoIzSfFwDUdcFsFcHvXGgDNa/2rAsecfxA3RQkfSHFmxFGgtj6Q1RXL
M+v6bXeM/aJhVb0QSuaJALuBDT8ty0nnY9uhFfi5iOankJ2+
-----END CERTIFICATE-----