Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/kuVGI1y4gjiz_-PZpcJ849FqFQ4.roa
File:                     kuVGI1y4gjiz_-PZpcJ849FqFQ4.roa (raw, json)
Hash identifier:          d+w8h3JoJhRWDuiafvQSd3RpIsJGs63LA6BMAbp5OFE=
Subject key identifier:   92:E5:46:23:5C:B8:82:38:B3:FF:E3:D9:A5:C2:7C:E3:D1:6A:15:0E
Certificate issuer:       /CN=706d3abbb478b74ef2adef9bb7c4336e34111d51
Certificate serial:       019EB18091D53400A923AEDA526F6BE0A957
Authority key identifier: 70:6D:3A:BB:B4:78:B7:4E:F2:AD:EF:9B:B7:C4:33:6E:34:11:1D:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cG06u7R4t07yre-bt8QzbjQRHVE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/kuVGI1y4gjiz_-PZpcJ849FqFQ4.roa
Signing time:             Wed 10 Jun 2026 12:27:33 +0000
ROA not before:           Wed 10 Jun 2026 12:27:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62610
IP address blocks:        2a12:da80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/cG06u7R4t07yre-bt8QzbjQRHVE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/cG06u7R4t07yre-bt8QzbjQRHVE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cG06u7R4t07yre-bt8QzbjQRHVE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b1:80:91:d5:34:00:a9:23:ae:da:52:6f:6b:e0:a9:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=706d3abbb478b74ef2adef9bb7c4336e34111d51
        Validity
            Not Before: Jun 10 12:27:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=92e546235cb88238b3ffe3d9a5c27ce3d16a150e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:59:3b:e0:f0:de:05:43:1c:0d:61:9d:b0:19:
                    1b:a8:aa:18:9c:ab:b4:36:6a:77:9c:49:c9:57:c7:
                    8d:9b:e4:5e:c8:48:f7:1e:b2:84:a2:a1:b3:02:4e:
                    85:f9:5f:01:97:22:b2:bb:75:45:fb:b4:ab:9f:79:
                    49:4e:cb:48:33:6f:f1:ff:cb:19:30:59:52:e5:9d:
                    50:0a:19:2a:7f:9e:e0:13:ba:5f:8c:97:47:11:02:
                    7a:0b:20:41:80:f6:d7:07:e3:ab:36:51:30:1e:db:
                    85:e7:e3:bd:0d:6a:eb:4c:86:89:05:5f:1e:7a:db:
                    b5:d9:fd:0e:25:c8:7f:37:51:b4:87:46:38:7a:b2:
                    7b:5f:7f:41:43:4a:36:07:cf:24:09:03:56:04:07:
                    c9:ca:ad:5c:f7:4e:d5:f7:c0:9c:cc:bc:53:2f:29:
                    ce:b2:17:ae:b3:c2:1d:88:67:e8:b5:23:e7:b8:06:
                    8a:fc:63:90:51:eb:26:52:29:05:d2:96:57:8e:70:
                    b0:ae:98:35:d0:83:da:1c:8a:60:75:34:59:ce:b3:
                    f3:48:56:20:6b:92:eb:b4:7f:76:b3:ba:fc:ae:52:
                    e6:18:34:b4:a9:e7:cc:be:9e:31:e2:6f:cf:06:a2:
                    e3:09:e6:e4:b0:ea:ec:f5:85:f2:90:a5:4e:7f:f9:
                    dd:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:E5:46:23:5C:B8:82:38:B3:FF:E3:D9:A5:C2:7C:E3:D1:6A:15:0E
            X509v3 Authority Key Identifier:
                keyid:70:6D:3A:BB:B4:78:B7:4E:F2:AD:EF:9B:B7:C4:33:6E:34:11:1D:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cG06u7R4t07yre-bt8QzbjQRHVE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/kuVGI1y4gjiz_-PZpcJ849FqFQ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/cG06u7R4t07yre-bt8QzbjQRHVE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:da80::/29

    Signature Algorithm: sha256WithRSAEncryption
         06:6d:c0:e5:a8:90:55:48:79:3b:15:51:05:7c:11:7d:90:30:
         ef:bb:4c:fa:86:ca:ad:f9:2a:18:ec:59:70:78:a9:40:4b:a4:
         eb:25:44:17:e8:6e:1a:88:00:b1:fb:ac:22:2a:01:0f:04:bb:
         10:c3:1f:f9:f6:dc:41:c9:82:d0:31:12:99:54:22:f2:72:65:
         b7:7e:1b:0a:86:45:14:0a:c9:af:07:60:76:04:f8:e4:dd:81:
         01:4d:70:52:0a:55:8b:a9:11:17:ba:ab:76:07:89:ac:21:0e:
         4d:cc:13:42:bc:f8:3e:20:4a:db:a9:c9:ab:b0:46:83:19:2a:
         5f:d0:fa:3c:0a:dd:ba:9b:7d:27:8d:7e:63:71:05:cf:f6:82:
         ac:81:ac:cd:bd:12:f4:cc:da:da:ad:7e:d7:50:64:b0:67:de:
         9a:d2:a1:db:06:5f:d5:da:16:5a:82:bb:81:85:57:90:15:e0:
         c6:44:d6:04:b4:0e:54:34:19:af:f6:40:a7:83:2b:e3:4d:84:
         ea:65:d1:99:98:18:d0:5f:5b:b1:45:a5:2a:7e:e0:3e:e7:2e:
         c3:3d:33:72:e3:6e:8d:73:1d:c4:40:c7:52:91:00:ee:f5:2b:
         f6:88:72:1f:37:77:12:2f:67:58:1f:1c:54:a0:48:8e:1d:23:
         b1:83:d5:8b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ6xgJHVNACpI67aUm9r4KlXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNmQzYWJiYjQ3OGI3NGVmMmFkZWY5YmI3YzQzMzZlMzQx
MTFkNTEwHhcNMjYwNjEwMTIyNzMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmU1NDYyMzVjYjg4MjM4YjNmZmUzZDlhNWMyN2NlM2QxNmExNTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw1k74PDeBUMcDWGdsBkbqKoYnKu0
Nmp3nEnJV8eNm+ReyEj3HrKEoqGzAk6F+V8BlyKyu3VF+7Srn3lJTstIM2/x/8sZ
MFlS5Z1QChkqf57gE7pfjJdHEQJ6CyBBgPbXB+OrNlEwHtuF5+O9DWrrTIaJBV8e
etu12f0OJch/N1G0h0Y4erJ7X39BQ0o2B88kCQNWBAfJyq1c907V98CczLxTLynO
sheus8IdiGfotSPnuAaK/GOQUesmUikF0pZXjnCwrpg10IPaHIpgdTRZzrPzSFYg
a5LrtH92s7r8rlLmGDS0qefMvp4x4m/PBqLjCebksOrs9YXykKVOf/ndmQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJLlRiNcuII4s//j2aXCfOPRahUOMB8GA1UdIwQY
MBaAFHBtOru0eLdO8q3vm7fEM240ER1RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0cwNnU3UjR0MDd5cmUtYnQ4UXpialFSSFZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wYzZmNDctNDcxMy00NDcxLWIwOGYt
YTQyMTNjOTNmMWY3LzEva3VWR0kxeTRnaml6Xy1QWnBjSjg0OUZxRlE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wYzZmNDctNDcxMy00NDcxLWIwOGYtYTQyMTNjOTNmMWY3
LzEvY0cwNnU3UjR0MDd5cmUtYnQ4UXpialFSSFZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhLagDAN
BgkqhkiG9w0BAQsFAAOCAQEABm3A5aiQVUh5OxVRBXwRfZAw77tM+obKrfkqGOxZ
cHipQEuk6yVEF+huGogAsfusIioBDwS7EMMf+fbcQcmC0DESmVQi8nJlt34bCoZF
FArJrwdgdgT45N2BAU1wUgpVi6kRF7qrdgeJrCEOTcwTQrz4PiBK26nJq7BGgxkq
X9D6PArdupt9J41+Y3EFz/aCrIGszb0S9Mza2q1+11BksGfemtKh2wZf1doWWoK7
gYVXkBXgxkTWBLQOVDQZr/ZAp4Mr402E6mXRmZgY0F9bsUWlKn7gPucuwz0zcuNu
jXMdxEDHUpEA7vUr9ohyHzd3Ei9nWB8cVKBIjh0jsYPViw==
-----END CERTIFICATE-----