Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/20ad31-06d5-440e-b65d-916f82a19374/1/jXKs5yUBaq4QS9XIRNM0CZieRV8.roa
File:                     jXKs5yUBaq4QS9XIRNM0CZieRV8.roa (raw, json)
Hash identifier:          0oaOd4Xcnu2fp4RcF2Ni0LUyeVV1m4XUbLo145jzvpQ=
Subject key identifier:   8D:72:AC:E7:25:01:6A:AE:10:4B:D5:C8:44:D3:34:09:98:9E:45:5F
Certificate issuer:       /CN=93128e730fd541720809f9650a2f3ba045c78a98
Certificate serial:       019E5F018E69F7CED85264915E623150C2FE
Authority key identifier: 93:12:8E:73:0F:D5:41:72:08:09:F9:65:0A:2F:3B:A0:45:C7:8A:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kxKOcw_VQXIICfllCi87oEXHipg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/20ad31-06d5-440e-b65d-916f82a19374/1/jXKs5yUBaq4QS9XIRNM0CZieRV8.roa
Signing time:             Mon 25 May 2026 11:59:57 +0000
ROA not before:           Mon 25 May 2026 11:59:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200917
IP address blocks:        2001:67c:1104::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/20ad31-06d5-440e-b65d-916f82a19374/1/kxKOcw_VQXIICfllCi87oEXHipg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/20ad31-06d5-440e-b65d-916f82a19374/1/kxKOcw_VQXIICfllCi87oEXHipg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kxKOcw_VQXIICfllCi87oEXHipg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 22:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5f:01:8e:69:f7:ce:d8:52:64:91:5e:62:31:50:c2:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93128e730fd541720809f9650a2f3ba045c78a98
        Validity
            Not Before: May 25 11:59:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8d72ace725016aae104bd5c844d33409989e455f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:ac:73:be:b1:6b:d1:b7:4a:34:cf:2b:e7:a7:
                    f6:10:46:37:e6:53:77:ea:9a:b1:c1:ca:e5:78:68:
                    6a:50:71:a2:10:65:ad:0d:82:81:e7:42:f3:56:fd:
                    45:e3:29:0e:37:bf:ae:aa:ee:8e:71:10:eb:29:d6:
                    fc:38:ff:6a:c7:53:36:dd:df:6b:98:3f:60:15:f5:
                    ff:fe:a4:77:6f:aa:9d:28:8a:7d:3d:13:ba:fc:4f:
                    c4:53:f7:4e:b5:ca:d8:25:79:f0:f9:f2:9f:a5:5a:
                    2c:45:88:5e:4c:ef:a4:12:3b:6e:e1:3d:60:b4:0b:
                    70:78:4d:95:30:36:8b:1a:4a:4a:fd:32:f2:9c:0b:
                    87:21:46:f0:96:23:2c:d1:a9:e4:c9:ea:54:37:ca:
                    28:a0:f3:d3:51:3a:7f:b7:57:03:4e:b3:4b:8c:fe:
                    bb:87:64:17:14:8d:7e:8a:81:4b:38:28:e7:95:68:
                    01:ea:93:ef:62:75:54:ee:3f:8c:94:b4:3a:0b:87:
                    b2:12:85:5a:9f:56:bf:ab:23:70:47:10:1b:03:ad:
                    0d:eb:70:e7:87:27:7f:a9:f1:8a:f1:ab:00:b1:a5:
                    18:36:a1:56:0d:69:b0:9a:e1:d5:26:94:8c:7b:18:
                    b4:a6:0c:f1:ee:57:e0:3e:e0:4d:a2:9e:84:f7:4b:
                    1a:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:72:AC:E7:25:01:6A:AE:10:4B:D5:C8:44:D3:34:09:98:9E:45:5F
            X509v3 Authority Key Identifier:
                keyid:93:12:8E:73:0F:D5:41:72:08:09:F9:65:0A:2F:3B:A0:45:C7:8A:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kxKOcw_VQXIICfllCi87oEXHipg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/20ad31-06d5-440e-b65d-916f82a19374/1/jXKs5yUBaq4QS9XIRNM0CZieRV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/20ad31-06d5-440e-b65d-916f82a19374/1/kxKOcw_VQXIICfllCi87oEXHipg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1104::/48

    Signature Algorithm: sha256WithRSAEncryption
         ac:ef:e7:06:fb:8f:71:41:93:97:87:da:ac:99:18:e0:57:c7:
         76:11:0d:6b:78:91:16:60:75:51:f9:6d:41:c1:00:60:2a:a8:
         17:a0:8d:b4:74:6a:36:22:02:be:ac:40:82:47:e1:99:87:59:
         2a:8b:5d:54:d5:29:bf:38:5b:0b:5b:fd:68:97:41:08:8b:ce:
         b8:7d:9b:7b:92:d9:aa:0a:f5:f6:f8:84:61:c4:bb:c7:9d:ad:
         5e:3e:97:a2:15:8c:bb:28:3b:c9:16:cc:13:32:69:3c:ee:6e:
         cb:07:f0:d4:88:c5:90:b4:cd:aa:2b:bc:77:71:0c:ea:8a:e7:
         68:92:f3:79:29:05:77:e2:e7:ae:30:03:ba:d9:6e:6a:bf:1d:
         8f:b8:1c:da:46:e5:05:47:f2:97:29:b3:69:6c:eb:34:50:cb:
         15:6a:2c:b7:23:1b:0b:e3:73:db:4e:9d:89:f7:61:6c:f4:b9:
         cc:f9:8c:dd:2f:38:07:f5:de:a3:a7:3f:46:53:ab:03:c4:25:
         70:d3:57:69:dc:57:9b:cc:95:58:44:19:30:db:7b:07:4a:9a:
         9a:4b:80:e7:05:4f:76:f2:d9:6a:24:a6:89:b8:ca:6a:58:45:
         c6:b3:e9:bc:c2:b1:8e:c1:06:c3:4c:67:38:5d:82:9d:fa:fd:
         45:9e:37:af
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ5fAY5p987YUmSRXmIxUML+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzMTI4ZTczMGZkNTQxNzIwODA5Zjk2NTBhMmYzYmEwNDVj
NzhhOTgwHhcNMjYwNTI1MTE1OTU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDcyYWNlNzI1MDE2YWFlMTA0YmQ1Yzg0NGQzMzQwOTk4OWU0NTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkaxzvrFr0bdKNM8r56f2EEY35lN3
6pqxwcrleGhqUHGiEGWtDYKB50LzVv1F4ykON7+uqu6OcRDrKdb8OP9qx1M23d9r
mD9gFfX//qR3b6qdKIp9PRO6/E/EU/dOtcrYJXnw+fKfpVosRYheTO+kEjtu4T1g
tAtweE2VMDaLGkpK/TLynAuHIUbwliMs0ankyepUN8oooPPTUTp/t1cDTrNLjP67
h2QXFI1+ioFLOCjnlWgB6pPvYnVU7j+MlLQ6C4eyEoVan1a/qyNwRxAbA60N63Dn
hyd/qfGK8asAsaUYNqFWDWmwmuHVJpSMexi0pgzx7lfgPuBNop6E90saZwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFI1yrOclAWquEEvVyETTNAmYnkVfMB8GA1UdIwQY
MBaAFJMSjnMP1UFyCAn5ZQovO6BFx4qYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3hLT2N3X1ZRWElJQ2ZsbENpODdvRVhIaXBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi8yMGFkMzEtMDZkNS00NDBlLWI2NWQt
OTE2ZjgyYTE5Mzc0LzEvalhLczV5VUJhcTRRUzlYSVJOTTBDWmllUlY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi8yMGFkMzEtMDZkNS00NDBlLWI2NWQtOTE2ZjgyYTE5Mzc0
LzEva3hLT2N3X1ZRWElJQ2ZsbENpODdvRVhIaXBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfBEE
MA0GCSqGSIb3DQEBCwUAA4IBAQCs7+cG+49xQZOXh9qsmRjgV8d2EQ1reJEWYHVR
+W1BwQBgKqgXoI20dGo2IgK+rECCR+GZh1kqi11U1Sm/OFsLW/1ol0EIi864fZt7
ktmqCvX2+IRhxLvHna1ePpeiFYy7KDvJFswTMmk87m7LB/DUiMWQtM2qK7x3cQzq
iudokvN5KQV34ueuMAO62W5qvx2PuBzaRuUFR/KXKbNpbOs0UMsVaiy3IxsL43Pb
Tp2J92Fs9LnM+YzdLzgH9d6jpz9GU6sDxCVw01dp3FebzJVYRBkw23sHSpqaS4Dn
BU928tlqJKaJuMpqWEXGs+m8wrGOwQbDTGc4XYKd+v1Fnjev
-----END CERTIFICATE-----