Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/kR435wmWIR3POPSkhvuwY7LHnyU.roa
File:                     kR435wmWIR3POPSkhvuwY7LHnyU.roa (raw, json)
Hash identifier:          P+t8d1X/83Jtvdac/hXKsX74pnVuVk0EELmCtBin0HM=
Subject key identifier:   91:1E:37:E7:09:96:21:1D:CF:38:F4:A4:86:FB:B0:63:B2:C7:9F:25
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       019E4F899472D86061873978CE673CB76FCB
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/kR435wmWIR3POPSkhvuwY7LHnyU.roa
Signing time:             Fri 22 May 2026 11:54:36 +0000
ROA not before:           Fri 22 May 2026 11:54:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199972
IP address blocks:        2a13:a440:6::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4f:89:94:72:d8:60:61:87:39:78:ce:67:3c:b7:6f:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: May 22 11:54:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=911e37e70996211dcf38f4a486fbb063b2c79f25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f7:bd:82:2d:35:55:e7:f3:9f:e1:00:0c:c7:
                    2b:c5:7b:ac:9a:8e:75:23:3e:0f:90:29:56:b1:41:
                    a3:52:20:82:09:3c:d9:d6:02:0c:04:69:97:7f:b0:
                    5f:d6:e4:c4:56:2f:6b:02:da:6a:f4:64:13:92:5d:
                    26:d3:78:54:aa:83:65:43:32:03:c5:fa:eb:9b:b2:
                    b6:25:ca:88:b8:a2:97:31:82:1b:47:ad:bb:53:7b:
                    1b:ad:d2:0f:96:2f:f0:77:07:10:86:9c:98:1f:e1:
                    83:70:69:8e:94:32:7d:9d:bf:1c:ce:07:01:d5:99:
                    a3:65:eb:89:60:1f:95:24:85:9f:df:a9:29:7e:25:
                    9a:c0:98:ed:3b:8a:35:8e:b0:1c:b6:fe:8b:0e:46:
                    e3:9f:49:72:b7:3e:c1:f1:06:28:eb:74:b6:77:ed:
                    c0:4b:c6:73:04:95:9b:f6:8b:36:06:d7:e4:e1:d0:
                    c3:4b:e1:91:da:e5:9f:c5:04:05:0b:e6:89:cc:1d:
                    b5:ed:9e:d1:a8:38:f9:2d:57:eb:63:e9:0a:de:f7:
                    ad:8a:fa:33:5f:f5:72:6f:f9:e4:ef:4a:85:6e:8d:
                    7f:21:1f:62:67:58:46:d1:fa:3f:30:f1:5e:0a:96:
                    65:8a:cb:fe:be:3f:9c:f6:5d:01:78:82:99:7a:6c:
                    ce:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:1E:37:E7:09:96:21:1D:CF:38:F4:A4:86:FB:B0:63:B2:C7:9F:25
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/kR435wmWIR3POPSkhvuwY7LHnyU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a440:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         07:e3:dd:c1:42:eb:29:6b:25:2e:4c:fd:52:fd:00:bf:57:1d:
         55:b1:c1:34:dd:be:42:ff:e5:22:80:e5:04:8c:e9:d5:74:2f:
         6f:d8:35:10:98:40:0b:07:20:e1:91:9d:26:4a:a5:c1:da:ea:
         f8:b8:4d:6e:87:93:65:5f:fc:d5:c9:7e:2b:e7:c5:af:ba:13:
         d3:6a:d2:bc:49:17:0c:e9:07:cb:4c:eb:16:3c:64:98:83:f8:
         20:7c:66:71:04:fb:46:bd:ad:ca:8f:59:f7:f9:cd:e9:1a:d5:
         80:95:17:b5:85:92:12:a4:95:f4:bc:2b:39:6a:af:27:fd:56:
         ad:5e:dc:38:79:b0:c1:4b:b0:8e:c8:1b:0c:7d:f2:e1:41:86:
         f2:67:34:4c:0f:74:3a:8b:25:f6:df:65:75:67:39:f6:cc:0b:
         58:9c:e3:1e:a5:90:13:22:50:bd:c0:77:17:75:43:fb:7d:e7:
         42:ea:3e:41:f2:0e:15:a9:e7:a1:2d:69:22:2f:71:69:7d:51:
         6f:d0:fe:f1:34:7d:de:44:e9:10:31:13:bb:55:f7:87:67:f8:
         c2:99:c4:78:7a:3c:91:6b:fa:18:ac:d8:cf:b9:03:17:9d:2f:
         72:58:68:83:da:af:15:88:3c:00:7c:63:2b:f9:6f:f6:c6:90:
         70:30:f1:b8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ5PiZRy2GBhhzl4zmc8t2/LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjYwNTIyMTE1NDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTFlMzdlNzA5OTYyMTFkY2YzOGY0YTQ4NmZiYjA2M2IyYzc5ZjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfe9gi01Vefzn+EADMcrxXusmo51
Iz4PkClWsUGjUiCCCTzZ1gIMBGmXf7Bf1uTEVi9rAtpq9GQTkl0m03hUqoNlQzID
xfrrm7K2JcqIuKKXMYIbR627U3sbrdIPli/wdwcQhpyYH+GDcGmOlDJ9nb8czgcB
1ZmjZeuJYB+VJIWf36kpfiWawJjtO4o1jrActv6LDkbjn0lytz7B8QYo63S2d+3A
S8ZzBJWb9os2Btfk4dDDS+GR2uWfxQQFC+aJzB217Z7RqDj5LVfrY+kK3vetivoz
X/Vyb/nk70qFbo1/IR9iZ1hG0fo/MPFeCpZlisv+vj+c9l0BeIKZemzOuQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJEeN+cJliEdzzj0pIb7sGOyx58lMB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEva1I0MzV3bVdJUjNQT1BTa2h2dXdZN0xIbnlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOkQAAG
MA0GCSqGSIb3DQEBCwUAA4IBAQAH493BQuspayUuTP1S/QC/Vx1VscE03b5C/+Ui
gOUEjOnVdC9v2DUQmEALByDhkZ0mSqXB2ur4uE1uh5NlX/zVyX4r58WvuhPTatK8
SRcM6QfLTOsWPGSYg/ggfGZxBPtGva3Kj1n3+c3pGtWAlRe1hZISpJX0vCs5aq8n
/VatXtw4ebDBS7COyBsMffLhQYbyZzRMD3Q6iyX232V1Zzn2zAtYnOMepZATIlC9
wHcXdUP7fedC6j5B8g4VqeehLWkiL3FpfVFv0P7xNH3eROkQMRO7VfeHZ/jCmcR4
ejyRa/oYrNjPuQMXnS9yWGiD2q8ViDwAfGMr+W/2xpBwMPG4
-----END CERTIFICATE-----