Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/eYgKDbyuDok_MRQXzd4eNNFpzP8.roa
File:                     eYgKDbyuDok_MRQXzd4eNNFpzP8.roa (raw, json)
Hash identifier:          dhj8EgxJhAbb/Jm0+w6Zc3ESU7n61Si/FPGonX6l//g=
Subject key identifier:   79:88:0A:0D:BC:AE:0E:89:3F:31:14:17:CD:DE:1E:34:D1:69:CC:FF
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       019D62469674C50F70CEC9FDAF4C523CC523
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/eYgKDbyuDok_MRQXzd4eNNFpzP8.roa
Signing time:             Mon 06 Apr 2026 10:11:26 +0000
ROA not before:           Mon 06 Apr 2026 10:11:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206675
IP address blocks:        2a0c:9a40:8f90::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:62:46:96:74:c5:0f:70:ce:c9:fd:af:4c:52:3c:c5:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Apr  6 10:11:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=79880a0dbcae0e893f311417cdde1e34d169ccff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:69:21:ab:49:25:f2:50:1b:cf:23:09:bf:8c:
                    ad:ff:8b:c7:43:9c:f6:0d:c9:98:de:02:89:14:2c:
                    af:88:86:9d:8c:31:60:70:02:8b:5b:2d:03:43:63:
                    85:41:5c:56:56:0f:cd:59:bc:71:3c:17:5b:19:bc:
                    03:b5:ff:a5:b2:7f:71:b0:21:3b:a0:da:27:a7:63:
                    91:9f:ad:17:1a:e9:ab:d4:3e:b0:e2:b3:da:bb:b9:
                    4c:a7:6e:7a:87:de:8c:9e:c4:71:39:28:dc:0d:06:
                    e7:dd:a8:ff:61:cc:57:de:7b:5e:b5:23:52:9f:59:
                    11:a9:b2:d9:63:a4:d7:cc:cf:c3:3d:c2:95:81:af:
                    5c:ec:37:32:14:7f:28:32:50:80:3a:d8:46:89:e9:
                    0a:5e:db:fe:b8:b4:72:e4:70:cd:6b:6d:02:81:3a:
                    56:5d:a0:68:01:8f:67:d3:fd:cc:4e:0c:60:e7:a0:
                    46:ab:74:50:8d:52:38:0e:e4:02:bc:68:8d:16:17:
                    46:2b:b0:45:6c:82:83:ae:25:c8:be:08:73:bd:5b:
                    55:80:5b:eb:88:62:6a:f4:98:8a:fb:a8:35:12:31:
                    9d:79:b0:ac:61:48:1a:26:4d:76:95:9f:94:c4:4c:
                    f7:6a:7f:b8:68:66:2d:c6:f4:67:6e:e0:30:e3:b0:
                    cf:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:88:0A:0D:BC:AE:0E:89:3F:31:14:17:CD:DE:1E:34:D1:69:CC:FF
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/eYgKDbyuDok_MRQXzd4eNNFpzP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8f90::/44

    Signature Algorithm: sha256WithRSAEncryption
         ce:e7:ad:76:ea:0a:60:54:99:bc:70:13:a3:3f:1d:bb:8f:0b:
         92:bc:61:02:d1:1c:b7:e7:54:37:c1:8d:2f:90:64:5e:c9:ae:
         ac:e1:49:1c:8d:e9:4c:05:fc:04:5c:cf:fb:7d:46:3d:3e:f8:
         67:ad:c9:cc:4e:33:d1:1a:50:dc:ca:97:78:72:ac:c2:ba:53:
         b4:ef:ac:3c:00:62:ab:e6:20:9c:e1:fe:16:20:c1:06:f9:79:
         84:2b:8b:16:f1:9f:10:c0:41:25:fb:bf:a1:68:17:b9:91:f6:
         71:67:31:c8:2c:40:6c:5f:87:6c:8a:90:dc:02:fa:16:5d:96:
         d8:76:9b:4e:14:7f:2d:be:94:d5:20:36:0e:83:6d:66:86:ef:
         e1:bf:d1:83:1a:5f:97:2a:90:89:6e:71:bd:4d:94:c8:c1:58:
         c9:7c:7c:d1:2a:03:f5:b1:86:84:0e:f7:44:89:be:7b:1c:f3:
         1e:a4:c3:98:a8:fd:22:13:f5:b2:83:22:ba:2a:8c:86:33:7a:
         b0:4e:00:01:be:0e:70:20:40:13:9b:b4:b2:0a:ca:21:fa:e6:
         6d:e7:7c:52:59:5d:bb:3a:a6:84:07:cf:3e:22:c0:a4:d7:94:
         2a:ee:db:a5:b4:6d:6c:31:09:38:e9:ad:0f:10:09:62:a2:cd:
         22:17:94:82
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ1iRpZ0xQ9wzsn9r0xSPMUjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjYwNDA2MTAxMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTg4MGEwZGJjYWUwZTg5M2YzMTE0MTdjZGRlMWUzNGQxNjljY2ZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1mkhq0kl8lAbzyMJv4yt/4vHQ5z2
DcmY3gKJFCyviIadjDFgcAKLWy0DQ2OFQVxWVg/NWbxxPBdbGbwDtf+lsn9xsCE7
oNonp2ORn60XGumr1D6w4rPau7lMp256h96MnsRxOSjcDQbn3aj/YcxX3ntetSNS
n1kRqbLZY6TXzM/DPcKVga9c7DcyFH8oMlCAOthGiekKXtv+uLRy5HDNa20CgTpW
XaBoAY9n0/3MTgxg56BGq3RQjVI4DuQCvGiNFhdGK7BFbIKDriXIvghzvVtVgFvr
iGJq9JiK+6g1EjGdebCsYUgaJk12lZ+UxEz3an+4aGYtxvRnbuAw47DPkwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHmICg28rg6JPzEUF83eHjTRacz/MB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvZVlnS0RieXVEb2tfTVJRWHpkNGVOTkZwelA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgyaQI+Q
MA0GCSqGSIb3DQEBCwUAA4IBAQDO56126gpgVJm8cBOjPx27jwuSvGEC0Ry351Q3
wY0vkGReya6s4UkcjelMBfwEXM/7fUY9PvhnrcnMTjPRGlDcypd4cqzCulO076w8
AGKr5iCc4f4WIMEG+XmEK4sW8Z8QwEEl+7+haBe5kfZxZzHILEBsX4dsipDcAvoW
XZbYdptOFH8tvpTVIDYOg21mhu/hv9GDGl+XKpCJbnG9TZTIwVjJfHzRKgP1sYaE
DvdEib57HPMepMOYqP0iE/WygyK6KoyGM3qwTgABvg5wIEATm7SyCsoh+uZt53xS
WV27OqaEB88+IsCk15Qq7tultG1sMQk46a0PEAlios0iF5SC
-----END CERTIFICATE-----