Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/d38221-4771-46dd-b92e-45109f0bec54/1/syhTH2wX3u_tD7zBh6--t1G7aME.roa
File:                     syhTH2wX3u_tD7zBh6--t1G7aME.roa (raw, json)
Hash identifier:          su6NeICTH9HcdREPe6tfxxbXZnMHIW68+G5rwPESiIs=
Subject key identifier:   B3:28:53:1F:6C:17:DE:EF:ED:0F:BC:C1:87:AF:BE:B7:51:BB:68:C1
Certificate issuer:       /CN=17cb0f5779d782fbf398258d599abfbb17d47757
Certificate serial:       019E72A7E8D72780504A9ED84A04F5BC4E72
Authority key identifier: 17:CB:0F:57:79:D7:82:FB:F3:98:25:8D:59:9A:BF:BB:17:D4:77:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F8sPV3nXgvvzmCWNWZq_uxfUd1c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/d38221-4771-46dd-b92e-45109f0bec54/1/syhTH2wX3u_tD7zBh6--t1G7aME.roa
Signing time:             Fri 29 May 2026 07:34:27 +0000
ROA not before:           Fri 29 May 2026 07:34:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8981
IP address blocks:        2001:67c:418::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/d38221-4771-46dd-b92e-45109f0bec54/1/F8sPV3nXgvvzmCWNWZq_uxfUd1c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/d38221-4771-46dd-b92e-45109f0bec54/1/F8sPV3nXgvvzmCWNWZq_uxfUd1c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F8sPV3nXgvvzmCWNWZq_uxfUd1c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 19:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:72:a7:e8:d7:27:80:50:4a:9e:d8:4a:04:f5:bc:4e:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17cb0f5779d782fbf398258d599abfbb17d47757
        Validity
            Not Before: May 29 07:34:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b328531f6c17deefed0fbcc187afbeb751bb68c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:76:f4:18:a7:fc:c0:9f:14:9f:69:58:98:fb:
                    26:57:26:c4:2d:7b:a1:16:eb:2f:5f:94:85:26:23:
                    2c:ab:6a:aa:b6:ae:1e:0b:52:11:c0:3a:22:a0:bd:
                    8e:dc:d8:a2:8b:5b:99:9b:2c:4e:46:03:5c:7c:10:
                    c1:7f:56:91:90:72:89:c5:4d:09:e5:03:dc:9b:13:
                    c7:50:40:20:0a:db:63:3f:f7:26:08:e6:d3:76:68:
                    4c:17:bc:77:3f:2a:3d:71:67:ae:2e:24:fe:5b:53:
                    e8:f9:9e:89:6c:38:75:46:e9:9c:6f:43:f9:ec:21:
                    69:78:61:42:e7:63:a5:7c:e9:d1:fc:40:e7:8c:64:
                    39:f0:be:a7:0b:2f:9e:46:37:53:db:f4:1e:97:eb:
                    5e:c2:96:01:a6:bf:3a:fc:02:0e:27:b1:2d:01:24:
                    07:54:e7:90:72:70:7a:c3:e9:be:2c:7c:94:06:fe:
                    e4:55:f9:d6:8a:01:09:d0:72:cf:b0:97:38:da:1f:
                    ea:a2:f6:76:52:ea:dd:e0:f6:a6:d5:0c:be:3a:73:
                    bc:d3:bb:2a:0d:ff:04:33:31:ee:68:c2:d9:14:6b:
                    66:ee:bd:31:f3:cd:9d:3f:4e:6f:12:37:48:ca:a1:
                    70:ea:a5:90:f5:e4:56:be:46:b5:92:fd:57:3b:56:
                    ef:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:28:53:1F:6C:17:DE:EF:ED:0F:BC:C1:87:AF:BE:B7:51:BB:68:C1
            X509v3 Authority Key Identifier:
                keyid:17:CB:0F:57:79:D7:82:FB:F3:98:25:8D:59:9A:BF:BB:17:D4:77:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F8sPV3nXgvvzmCWNWZq_uxfUd1c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/d38221-4771-46dd-b92e-45109f0bec54/1/syhTH2wX3u_tD7zBh6--t1G7aME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/d38221-4771-46dd-b92e-45109f0bec54/1/F8sPV3nXgvvzmCWNWZq_uxfUd1c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:418::/48

    Signature Algorithm: sha256WithRSAEncryption
         a5:e7:4e:3b:ce:38:f6:e3:b8:52:ad:9d:8e:0f:fd:fb:bf:46:
         28:64:70:46:1a:b5:5a:50:27:ce:0e:78:9d:3a:1d:e1:77:6e:
         34:bb:f2:45:79:6e:3f:56:4c:37:be:e1:2b:14:47:51:14:54:
         fe:83:71:1d:c9:3f:68:db:f3:c3:1e:3d:31:a0:d0:3a:49:54:
         c8:c0:b2:aa:ce:0f:97:57:8e:7f:ed:6f:01:26:64:88:fd:05:
         9a:96:7b:06:e3:cf:9b:ed:64:61:5c:96:ef:63:29:1c:a9:57:
         d3:b5:a2:b4:4f:44:ab:23:0d:26:e2:54:7b:e4:61:61:89:a4:
         db:ef:66:0c:c1:f7:57:59:1e:d3:ce:34:cf:d5:5a:4e:f5:7c:
         bd:3f:88:a9:b8:0e:8a:14:c8:50:ab:e8:47:2e:ca:90:cd:a4:
         a7:52:9c:c4:56:ee:14:ef:d1:21:f1:96:89:9b:77:68:28:68:
         37:3a:46:c8:39:d6:f8:2d:0f:35:27:28:50:80:37:7e:e3:73:
         df:44:4d:7a:6c:82:44:9b:99:e9:db:d7:6e:f6:f2:03:cb:b0:
         3b:e2:7f:b6:60:1f:2e:a8:a6:a2:83:5f:0f:bc:9e:fb:73:00:
         8d:99:49:94:91:93:1d:f5:a3:14:97:8d:c0:4f:73:9a:56:19:
         60:00:3d:19
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ5yp+jXJ4BQSp7YSgT1vE5yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3Y2IwZjU3NzlkNzgyZmJmMzk4MjU4ZDU5OWFiZmJiMTdk
NDc3NTcwHhcNMjYwNTI5MDczNDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzI4NTMxZjZjMTdkZWVmZWQwZmJjYzE4N2FmYmViNzUxYmI2OGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnb0GKf8wJ8Un2lYmPsmVybELXuh
FusvX5SFJiMsq2qqtq4eC1IRwDoioL2O3Niii1uZmyxORgNcfBDBf1aRkHKJxU0J
5QPcmxPHUEAgCttjP/cmCObTdmhMF7x3Pyo9cWeuLiT+W1Po+Z6JbDh1Rumcb0P5
7CFpeGFC52OlfOnR/EDnjGQ58L6nCy+eRjdT2/Qel+tewpYBpr86/AIOJ7EtASQH
VOeQcnB6w+m+LHyUBv7kVfnWigEJ0HLPsJc42h/qovZ2Uurd4Pam1Qy+OnO807sq
Df8EMzHuaMLZFGtm7r0x882dP05vEjdIyqFw6qWQ9eRWvka1kv1XO1bvrQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLMoUx9sF97v7Q+8wYevvrdRu2jBMB8GA1UdIwQY
MBaAFBfLD1d514L785gljVmav7sX1HdXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjhzUFYzblhndnZ6bUNXTldacV91eGZVZDFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9kMzgyMjEtNDc3MS00NmRkLWI5MmUt
NDUxMDlmMGJlYzU0LzEvc3loVEgyd1gzdV90RDd6Qmg2LS10MUc3YU1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9kMzgyMjEtNDc3MS00NmRkLWI5MmUtNDUxMDlmMGJlYzU0
LzEvRjhzUFYzblhndnZ6bUNXTldacV91eGZVZDFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAQY
MA0GCSqGSIb3DQEBCwUAA4IBAQCl5047zjj247hSrZ2OD/37v0YoZHBGGrVaUCfO
DnidOh3hd240u/JFeW4/Vkw3vuErFEdRFFT+g3EdyT9o2/PDHj0xoNA6SVTIwLKq
zg+XV45/7W8BJmSI/QWalnsG48+b7WRhXJbvYykcqVfTtaK0T0SrIw0m4lR75GFh
iaTb72YMwfdXWR7TzjTP1VpO9Xy9P4ipuA6KFMhQq+hHLsqQzaSnUpzEVu4U79Eh
8ZaJm3doKGg3OkbIOdb4LQ81JyhQgDd+43PfRE16bIJEm5np29du9vIDy7A74n+2
YB8uqKaig18PvJ77cwCNmUmUkZMd9aMUl43AT3OaVhlgAD0Z
-----END CERTIFICATE-----