Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/RRB7Zwnksy52qvgZ6I9Xp0jWWlg.roa
File:                     RRB7Zwnksy52qvgZ6I9Xp0jWWlg.roa (raw, json)
Hash identifier:          hlsuCsxcfM9yac6K8Me+suOwuRSN/YsWGfKp1JGJz9Q=
Subject key identifier:   45:10:7B:67:09:E4:B3:2E:76:AA:F8:19:E8:8F:57:A7:48:D6:5A:58
Certificate issuer:       /CN=d1df4803e54b084a99cb7bb044bf791327594b73
Certificate serial:       019F1291DCEACB1F37C1D3D5525FBB27C923
Authority key identifier: D1:DF:48:03:E5:4B:08:4A:99:CB:7B:B0:44:BF:79:13:27:59:4B:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0d9IA-VLCEqZy3uwRL95EydZS3M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/RRB7Zwnksy52qvgZ6I9Xp0jWWlg.roa
Signing time:             Mon 29 Jun 2026 08:49:36 +0000
ROA not before:           Mon 29 Jun 2026 08:49:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48981
IP address blocks:        2a0f:5c40::/29 maxlen: 64
                          2a0f:5c40:feed::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/0d9IA-VLCEqZy3uwRL95EydZS3M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/0d9IA-VLCEqZy3uwRL95EydZS3M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0d9IA-VLCEqZy3uwRL95EydZS3M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 01 Jul 2026 11:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:12:91:dc:ea:cb:1f:37:c1:d3:d5:52:5f:bb:27:c9:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d1df4803e54b084a99cb7bb044bf791327594b73
        Validity
            Not Before: Jun 29 08:49:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=45107b6709e4b32e76aaf819e88f57a748d65a58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:8b:f1:f1:3c:ed:b8:bb:b1:5e:23:f4:5b:b3:
                    25:ce:95:15:2f:a7:0c:d9:d0:9f:75:ca:d9:1d:2a:
                    24:31:e2:d9:e5:86:ed:42:a4:16:aa:85:ff:5c:6f:
                    fc:82:1d:23:78:86:31:30:3d:ea:47:32:5e:6f:ed:
                    76:6a:bb:48:67:cf:72:ef:88:46:1f:d5:a4:7d:78:
                    3e:1d:28:49:60:d0:a1:ad:56:bc:eb:a6:6a:6d:2b:
                    45:ae:d3:41:49:9b:35:bf:83:03:82:a1:78:0d:76:
                    61:97:9e:3f:c8:03:61:22:ce:26:22:b8:3c:a9:5a:
                    7d:8b:cd:a9:f0:a2:b4:1e:12:66:15:26:3a:72:b9:
                    10:00:fc:2f:0e:33:4d:ca:9a:68:ce:be:88:da:7e:
                    aa:d5:ae:50:af:01:8f:f1:bf:9e:1e:d9:8b:5e:81:
                    53:2c:0d:7b:d5:0c:e2:2e:b8:4d:92:92:ce:80:e7:
                    0d:42:ff:50:26:82:0c:3f:0e:e5:b6:8d:8f:26:c5:
                    fd:c5:db:92:33:7c:88:50:ce:ea:03:db:5a:d5:04:
                    68:b9:82:2d:53:63:c3:9f:fb:22:f3:e9:1e:b4:54:
                    94:90:19:64:13:29:61:ef:ce:f3:b9:de:f6:99:c9:
                    75:41:a7:4a:d5:3e:e8:d0:14:eb:84:5a:f9:59:12:
                    f1:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:10:7B:67:09:E4:B3:2E:76:AA:F8:19:E8:8F:57:A7:48:D6:5A:58
            X509v3 Authority Key Identifier:
                keyid:D1:DF:48:03:E5:4B:08:4A:99:CB:7B:B0:44:BF:79:13:27:59:4B:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d9IA-VLCEqZy3uwRL95EydZS3M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/RRB7Zwnksy52qvgZ6I9Xp0jWWlg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/0d5f53-9653-47fb-a977-48f5e8767d02/1/0d9IA-VLCEqZy3uwRL95EydZS3M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:5c40::/29

    Signature Algorithm: sha256WithRSAEncryption
         38:61:bc:d1:00:90:a4:42:88:da:1a:92:f0:47:a0:16:d1:be:
         1c:ff:82:89:89:3f:d9:00:b2:ea:e7:68:21:2c:ad:59:2b:96:
         ed:ca:a8:75:8e:ce:94:b7:96:87:91:e8:35:7e:31:49:8d:9e:
         e2:3c:a2:84:b2:c8:e2:1e:d9:07:cc:ec:94:27:53:9a:ef:b7:
         d7:80:6c:0a:d9:b1:9d:93:f5:7d:43:af:50:39:f2:86:32:18:
         e9:74:88:0d:ea:3c:23:35:6c:cf:95:87:ac:93:83:da:b3:8e:
         44:3e:83:da:3e:45:39:65:55:36:2b:ea:bc:2f:0d:22:55:12:
         8c:c6:f4:71:43:2d:d1:0c:bf:d4:b8:22:59:8c:de:9e:1e:31:
         93:b4:d0:b4:16:4d:48:73:40:f7:05:52:ef:9b:55:1a:e8:a5:
         73:e5:62:64:73:a0:14:6a:92:d1:f1:24:00:04:88:8a:d4:79:
         33:c5:20:ad:5f:16:af:7a:60:d6:4d:53:52:11:7c:05:09:f3:
         10:08:e9:fa:12:67:52:c5:44:7d:de:d8:be:18:b5:14:14:fb:
         c1:01:95:d9:a9:8d:a0:69:b0:f6:7e:66:d7:e1:3d:b5:5e:93:
         38:d5:fa:e0:53:00:a7:d8:a6:3b:05:de:cd:85:33:e1:a7:5a:
         48:df:9a:68
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ8Skdzqyx83wdPVUl+7J8kjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZGY0ODAzZTU0YjA4NGE5OWNiN2JiMDQ0YmY3OTEzMjc1
OTRiNzMwHhcNMjYwNjI5MDg0OTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTEwN2I2NzA5ZTRiMzJlNzZhYWY4MTllODhmNTdhNzQ4ZDY1YTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiIvx8TztuLuxXiP0W7MlzpUVL6cM
2dCfdcrZHSokMeLZ5YbtQqQWqoX/XG/8gh0jeIYxMD3qRzJeb+12artIZ89y74hG
H9WkfXg+HShJYNChrVa866ZqbStFrtNBSZs1v4MDgqF4DXZhl54/yANhIs4mIrg8
qVp9i82p8KK0HhJmFSY6crkQAPwvDjNNyppozr6I2n6q1a5QrwGP8b+eHtmLXoFT
LA171QziLrhNkpLOgOcNQv9QJoIMPw7lto2PJsX9xduSM3yIUM7qA9ta1QRouYIt
U2PDn/si8+ketFSUkBlkEylh787zud72mcl1QadK1T7o0BTrhFr5WRLxmwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEUQe2cJ5LMudqr4GeiPV6dI1lpYMB8GA1UdIwQY
MBaAFNHfSAPlSwhKmct7sES/eRMnWUtzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGQ5SUEtVkxDRXFaeTN1d1JMOTVFeWRaUzNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi8wZDVmNTMtOTY1My00N2ZiLWE5Nzct
NDhmNWU4NzY3ZDAyLzEvUlJCN1p3bmtzeTUycXZnWjZJOVhwMGpXV2xnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi8wZDVmNTMtOTY1My00N2ZiLWE5NzctNDhmNWU4NzY3ZDAy
LzEvMGQ5SUEtVkxDRXFaeTN1d1JMOTVFeWRaUzNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg9cQDAN
BgkqhkiG9w0BAQsFAAOCAQEAOGG80QCQpEKI2hqS8EegFtG+HP+CiYk/2QCy6udo
ISytWSuW7cqodY7OlLeWh5HoNX4xSY2e4jyihLLI4h7ZB8zslCdTmu+314BsCtmx
nZP1fUOvUDnyhjIY6XSIDeo8IzVsz5WHrJOD2rOORD6D2j5FOWVVNivqvC8NIlUS
jMb0cUMt0Qy/1LgiWYzenh4xk7TQtBZNSHNA9wVS75tVGuilc+ViZHOgFGqS0fEk
AASIitR5M8UgrV8Wr3pg1k1TUhF8BQnzEAjp+hJnUsVEfd7Yvhi1FBT7wQGV2amN
oGmw9n5m1+E9tV6TONX64FMAp9imOwXezYUz4adaSN+aaA==
-----END CERTIFICATE-----