Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/322ec7-2131-4db4-8755-8b8b2ac56c9b/1/pDxvXe3a32lO1NISlgOpoFBfO2I.roa
File:                     pDxvXe3a32lO1NISlgOpoFBfO2I.roa (raw, json)
Hash identifier:          n5TlNrP7KfQcI8KmIHRMz3tdzAXvzrJ5zqcs16HQe7c=
Subject key identifier:   A4:3C:6F:5D:ED:DA:DF:69:4E:D4:D2:12:96:03:A9:A0:50:5F:3B:62
Certificate issuer:       /CN=7cc8bacbe73a40ce818a4bafa393a85297c19c0d
Certificate serial:       019D81F6FA61D0F2FE8E360F1880C90C5F2F
Authority key identifier: 7C:C8:BA:CB:E7:3A:40:CE:81:8A:4B:AF:A3:93:A8:52:97:C1:9C:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fMi6y-c6QM6Bikuvo5OoUpfBnA0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/322ec7-2131-4db4-8755-8b8b2ac56c9b/1/pDxvXe3a32lO1NISlgOpoFBfO2I.roa
Signing time:             Sun 12 Apr 2026 13:52:20 +0000
ROA not before:           Sun 12 Apr 2026 13:52:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56718
IP address blocks:        2a05:9780::/40 maxlen: 40
                          2a05:9780:200::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/322ec7-2131-4db4-8755-8b8b2ac56c9b/1/fMi6y-c6QM6Bikuvo5OoUpfBnA0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/322ec7-2131-4db4-8755-8b8b2ac56c9b/1/fMi6y-c6QM6Bikuvo5OoUpfBnA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fMi6y-c6QM6Bikuvo5OoUpfBnA0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 10:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:81:f6:fa:61:d0:f2:fe:8e:36:0f:18:80:c9:0c:5f:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7cc8bacbe73a40ce818a4bafa393a85297c19c0d
        Validity
            Not Before: Apr 12 13:52:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a43c6f5deddadf694ed4d2129603a9a0505f3b62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:8a:92:db:3f:c6:41:56:30:0d:e5:ba:1f:37:
                    89:cb:f5:89:5e:e5:b1:8d:90:e3:1c:e0:4d:0d:10:
                    1e:39:60:2c:9e:ca:08:cc:bc:11:9c:98:5b:9f:69:
                    04:4a:df:3e:ca:84:21:7a:f1:37:08:f8:26:da:76:
                    f8:b3:9c:cf:d5:c5:b8:23:6e:7d:41:dc:da:fe:f5:
                    90:e0:b1:84:e8:44:ab:56:13:a8:e5:e3:14:6e:cf:
                    b5:b3:00:18:95:f5:a3:b2:cf:ef:8b:95:3f:80:05:
                    e2:bd:9a:69:be:ac:49:2c:0a:d4:7e:cb:75:81:34:
                    75:0b:43:e3:a5:d6:93:12:b0:76:7b:81:c4:8f:29:
                    42:32:68:6a:25:4e:c7:5e:05:92:24:67:1d:03:c4:
                    e9:5a:e4:bb:1b:03:be:c7:f9:e2:d2:4b:03:30:9e:
                    7e:97:ce:3a:32:ae:81:4a:4e:6d:54:bb:6c:d6:f2:
                    4d:8c:59:4f:f5:1c:70:99:b1:51:52:14:9f:e9:95:
                    09:9d:90:19:ba:3e:ad:cb:1c:78:fc:a2:f5:fc:9c:
                    74:dc:d6:21:57:8f:65:6a:79:b0:d6:6e:fc:5c:5b:
                    ee:a1:22:fe:90:02:46:b1:42:0b:03:4f:73:68:d2:
                    a9:7c:d1:01:a9:34:85:ca:56:ec:1c:27:49:3a:00:
                    44:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:3C:6F:5D:ED:DA:DF:69:4E:D4:D2:12:96:03:A9:A0:50:5F:3B:62
            X509v3 Authority Key Identifier:
                keyid:7C:C8:BA:CB:E7:3A:40:CE:81:8A:4B:AF:A3:93:A8:52:97:C1:9C:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fMi6y-c6QM6Bikuvo5OoUpfBnA0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/322ec7-2131-4db4-8755-8b8b2ac56c9b/1/pDxvXe3a32lO1NISlgOpoFBfO2I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/322ec7-2131-4db4-8755-8b8b2ac56c9b/1/fMi6y-c6QM6Bikuvo5OoUpfBnA0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:9780::/40
                  2a05:9780:200::/40

    Signature Algorithm: sha256WithRSAEncryption
         72:8a:f6:ed:79:b7:92:b5:b0:88:9c:d5:66:76:99:e6:89:ec:
         dd:b1:e4:fb:66:b2:21:c9:fd:00:de:ce:61:0d:45:ab:5d:fe:
         93:c0:24:fb:d4:df:c5:83:3a:e0:bc:f4:9f:c0:39:27:68:0c:
         61:10:a9:d2:b9:40:80:8c:7e:7f:f5:d3:9f:26:5a:6a:da:67:
         67:29:1a:e5:8e:3e:47:9f:35:f7:78:ea:8d:4a:eb:b2:ea:1f:
         3b:93:15:2a:5d:a6:d9:af:77:cf:c7:7f:98:af:12:83:92:2a:
         6b:cd:d6:59:85:35:b3:ea:43:2c:56:6a:91:82:67:d7:29:0a:
         ca:86:d8:df:d1:2a:02:bd:3d:1d:34:90:7f:55:7b:0c:80:de:
         50:56:09:ee:c1:ef:c8:a2:86:0e:d1:ec:88:32:1a:2c:fb:06:
         94:97:3e:46:54:98:d9:39:6d:2e:38:e7:55:d8:5e:08:56:b8:
         a7:fe:0b:ef:cf:4a:50:49:46:99:60:5a:8d:b6:50:fb:86:55:
         97:62:ea:48:92:cb:d4:8e:6e:5c:52:a1:93:e1:8c:03:05:33:
         d3:d3:03:ab:07:21:7f:7e:26:4a:15:8b:e8:11:d6:a6:ac:96:
         dd:52:54:42:23:8b:87:de:4f:fc:12:d1:96:e8:bb:d8:86:c2:
         03:c0:2a:26
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZ2B9vph0PL+jjYPGIDJDF8vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjYzhiYWNiZTczYTQwY2U4MThhNGJhZmEzOTNhODUyOTdj
MTljMGQwHhcNMjYwNDEyMTM1MjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDNjNmY1ZGVkZGFkZjY5NGVkNGQyMTI5NjAzYTlhMDUwNWYzYjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA24qS2z/GQVYwDeW6HzeJy/WJXuWx
jZDjHOBNDRAeOWAsnsoIzLwRnJhbn2kESt8+yoQhevE3CPgm2nb4s5zP1cW4I259
Qdza/vWQ4LGE6ESrVhOo5eMUbs+1swAYlfWjss/vi5U/gAXivZppvqxJLArUfst1
gTR1C0PjpdaTErB2e4HEjylCMmhqJU7HXgWSJGcdA8TpWuS7GwO+x/ni0ksDMJ5+
l846Mq6BSk5tVLts1vJNjFlP9RxwmbFRUhSf6ZUJnZAZuj6tyxx4/KL1/Jx03NYh
V49lanmw1m78XFvuoSL+kAJGsUILA09zaNKpfNEBqTSFylbsHCdJOgBE5QIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFKQ8b13t2t9pTtTSEpYDqaBQXztiMB8GA1UdIwQY
MBaAFHzIusvnOkDOgYpLr6OTqFKXwZwNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZk1pNnktYzZRTTZCaWt1dm81T29VcGZCbkEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi8zMjJlYzctMjEzMS00ZGI0LTg3NTUt
OGI4YjJhYzU2YzliLzEvcER4dlhlM2EzMmxPMU5JU2xnT3BvRkJmTzJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi8zMjJlYzctMjEzMS00ZGI0LTg3NTUtOGI4YjJhYzU2Yzli
LzEvZk1pNnktYzZRTTZCaWt1dm81T29VcGZCbkEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYAKgWXgAAD
BgAqBZeAAjANBgkqhkiG9w0BAQsFAAOCAQEAcor27Xm3krWwiJzVZnaZ5ons3bHk
+2ayIcn9AN7OYQ1Fq13+k8Ak+9TfxYM64Lz0n8A5J2gMYRCp0rlAgIx+f/XTnyZa
atpnZyka5Y4+R58193jqjUrrsuofO5MVKl2m2a93z8d/mK8Sg5Iqa83WWYU1s+pD
LFZqkYJn1ykKyobY39EqAr09HTSQf1V7DIDeUFYJ7sHvyKKGDtHsiDIaLPsGlJc+
RlSY2TltLjjnVdheCFa4p/4L789KUElGmWBajbZQ+4ZVl2LqSJLL1I5uXFKhk+GM
AwUz09MDqwchf34mShWL6BHWpqyW3VJUQiOLh95P/BLRlui72IbCA8AqJg==
-----END CERTIFICATE-----