Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/13b451-9e86-4bf5-b651-296b59f6d2b5/1/HXp2yl8CcctEYFf-SbEVW8usejY.roa
File:                     HXp2yl8CcctEYFf-SbEVW8usejY.roa (raw, json)
Hash identifier:          ICCLYm8ogyONUQBR09bvk3yeGyG9hrCQ2LhYQ/hIOY8=
Subject key identifier:   1D:7A:76:CA:5F:02:71:CB:44:60:57:FE:49:B1:15:5B:CB:AC:7A:36
Certificate issuer:       /CN=98dce5a79cb31b148b2e636905a70422fb65c660
Certificate serial:       019D54A1D77573AFFFB0DB9F938D6EDBEB42
Authority key identifier: 98:DC:E5:A7:9C:B3:1B:14:8B:2E:63:69:05:A7:04:22:FB:65:C6:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mNzlp5yzGxSLLmNpBacEIvtlxmA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/13b451-9e86-4bf5-b651-296b59f6d2b5/1/HXp2yl8CcctEYFf-SbEVW8usejY.roa
Signing time:             Fri 03 Apr 2026 18:36:25 +0000
ROA not before:           Fri 03 Apr 2026 18:36:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13213
IP address blocks:        2a07:4841::/48 maxlen: 48
                          2a07:4842::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/13b451-9e86-4bf5-b651-296b59f6d2b5/1/mNzlp5yzGxSLLmNpBacEIvtlxmA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/13b451-9e86-4bf5-b651-296b59f6d2b5/1/mNzlp5yzGxSLLmNpBacEIvtlxmA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mNzlp5yzGxSLLmNpBacEIvtlxmA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 Apr 2026 09:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:54:a1:d7:75:73:af:ff:b0:db:9f:93:8d:6e:db:eb:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=98dce5a79cb31b148b2e636905a70422fb65c660
        Validity
            Not Before: Apr  3 18:36:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1d7a76ca5f0271cb446057fe49b1155bcbac7a36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:68:d8:0c:53:0d:63:c7:4f:84:6f:c9:fe:a4:
                    20:7b:ed:15:e4:db:a1:22:51:3d:22:38:69:99:f4:
                    d0:0f:d8:8b:eb:fe:ea:32:04:01:61:3c:da:d9:07:
                    53:9a:3e:a1:a7:0f:aa:3b:f4:76:a9:92:02:53:72:
                    55:f5:01:60:db:da:90:16:28:25:f0:57:21:c5:c3:
                    b4:4e:9e:17:1c:87:d5:df:ce:59:e7:36:8b:44:f6:
                    73:a4:a4:c2:50:1d:c3:4c:5b:16:41:87:9b:02:75:
                    37:6e:fc:3c:7f:0a:d0:39:d8:3d:15:a7:da:ac:66:
                    43:06:8e:28:80:d4:77:27:4c:ec:a4:e0:03:21:63:
                    de:f0:08:3c:90:76:12:66:a9:11:5e:c4:7a:ce:4d:
                    0b:cf:d3:7b:39:7f:60:7f:5f:b7:c2:24:3f:50:91:
                    c6:c4:95:93:5a:5f:b7:f9:92:58:7d:c9:22:05:44:
                    db:72:59:7e:ba:85:00:38:07:80:b0:5d:23:81:9c:
                    42:73:57:b7:46:f0:83:9f:c2:8f:2a:eb:8b:04:4a:
                    d3:c4:40:6e:b1:41:7b:17:3e:fe:41:8f:91:8e:78:
                    ef:59:5f:e4:ea:1c:5d:1b:33:83:ec:4e:23:da:70:
                    5a:67:33:17:d3:26:aa:9e:93:32:2f:11:9a:f4:93:
                    28:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:7A:76:CA:5F:02:71:CB:44:60:57:FE:49:B1:15:5B:CB:AC:7A:36
            X509v3 Authority Key Identifier:
                keyid:98:DC:E5:A7:9C:B3:1B:14:8B:2E:63:69:05:A7:04:22:FB:65:C6:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mNzlp5yzGxSLLmNpBacEIvtlxmA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/13b451-9e86-4bf5-b651-296b59f6d2b5/1/HXp2yl8CcctEYFf-SbEVW8usejY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/13b451-9e86-4bf5-b651-296b59f6d2b5/1/mNzlp5yzGxSLLmNpBacEIvtlxmA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:4841::/48
                  2a07:4842::/48

    Signature Algorithm: sha256WithRSAEncryption
         0e:9d:2d:aa:f4:90:85:e0:a0:42:0b:6b:e7:22:92:39:7d:e6:
         66:a5:12:7f:8a:d4:92:19:e0:8a:9e:27:7a:6c:bc:cb:77:3d:
         3c:8b:53:92:a3:38:77:86:b8:71:cc:2c:26:2a:20:6b:4a:4b:
         8f:cf:ca:46:82:0e:9f:13:5b:3b:8a:d1:17:f2:5c:2e:e4:eb:
         23:ca:b9:42:06:31:a0:d7:66:f7:b9:74:55:5c:d8:55:91:a6:
         c7:58:d3:6a:10:94:03:34:25:35:5d:42:15:66:06:7a:11:e8:
         57:d7:9a:bd:dd:14:a8:f6:d8:ae:29:02:ec:fe:33:02:4a:e9:
         70:c1:71:14:ab:69:f9:d2:c7:58:09:41:1d:c3:4a:4b:3a:20:
         ec:1b:e4:3f:1b:04:2d:63:c5:43:9e:03:4d:a0:f4:b9:2f:ca:
         5c:45:57:84:27:f9:62:44:f6:dd:7e:d7:1a:f6:0c:be:d4:3b:
         0f:47:7e:30:d7:c5:9c:fd:6f:f7:1d:05:1d:f9:5e:97:e6:27:
         f4:8e:26:52:07:13:65:de:0e:71:92:df:ae:f9:88:fe:f1:b2:
         f7:51:b3:33:d5:02:b6:be:81:68:ae:99:af:2b:28:99:ee:45:
         1f:8e:f6:9a:96:23:4f:b2:a4:79:f0:c4:11:94:2d:8f:8a:57:
         3f:fc:9e:81
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ1Uodd1c6//sNufk41u2+tCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4ZGNlNWE3OWNiMzFiMTQ4YjJlNjM2OTA1YTcwNDIyZmI2
NWM2NjAwHhcNMjYwNDAzMTgzNjI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDdhNzZjYTVmMDI3MWNiNDQ2MDU3ZmU0OWIxMTU1YmNiYWM3YTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWjYDFMNY8dPhG/J/qQge+0V5Nuh
IlE9IjhpmfTQD9iL6/7qMgQBYTza2QdTmj6hpw+qO/R2qZICU3JV9QFg29qQFigl
8FchxcO0Tp4XHIfV385Z5zaLRPZzpKTCUB3DTFsWQYebAnU3bvw8fwrQOdg9Fafa
rGZDBo4ogNR3J0zspOADIWPe8Ag8kHYSZqkRXsR6zk0Lz9N7OX9gf1+3wiQ/UJHG
xJWTWl+3+ZJYfckiBUTbcll+uoUAOAeAsF0jgZxCc1e3RvCDn8KPKuuLBErTxEBu
sUF7Fz7+QY+RjnjvWV/k6hxdGzOD7E4j2nBaZzMX0yaqnpMyLxGa9JMofQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFB16dspfAnHLRGBX/kmxFVvLrHo2MB8GA1UdIwQY
MBaAFJjc5aecsxsUiy5jaQWnBCL7ZcZgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbU56bHA1eXpHeFNMTG1OcEJhY0VJdnRseG1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy8xM2I0NTEtOWU4Ni00YmY1LWI2NTEt
Mjk2YjU5ZjZkMmI1LzEvSFhwMnlsOENjY3RFWUZmLVNiRVZXOHVzZWpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy8xM2I0NTEtOWU4Ni00YmY1LWI2NTEtMjk2YjU5ZjZkMmI1
LzEvbU56bHA1eXpHeFNMTG1OcEJhY0VJdnRseG1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgdIQQAA
AwcAKgdIQgAAMA0GCSqGSIb3DQEBCwUAA4IBAQAOnS2q9JCF4KBCC2vnIpI5feZm
pRJ/itSSGeCKnid6bLzLdz08i1OSozh3hrhxzCwmKiBrSkuPz8pGgg6fE1s7itEX
8lwu5OsjyrlCBjGg12b3uXRVXNhVkabHWNNqEJQDNCU1XUIVZgZ6EehX15q93RSo
9tiuKQLs/jMCSulwwXEUq2n50sdYCUEdw0pLOiDsG+Q/GwQtY8VDngNNoPS5L8pc
RVeEJ/liRPbdftca9gy+1DsPR34w18Wc/W/3HQUd+V6X5if0jiZSBxNl3g5xkt+u
+Yj+8bL3UbMz1QK2voForpmvKyiZ7kUfjvaaliNPsqR58MQRlC2Pilc//J6B
-----END CERTIFICATE-----