Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/mXL232jaE8hHl94HpGjqNMFjV6Q.roa
File:                     mXL232jaE8hHl94HpGjqNMFjV6Q.roa (raw, json)
Hash identifier:          Yu7AZcfQo5q0cdm8Mi2QwZnGcNNBc5O+ChKe97tJRHQ=
Subject key identifier:   99:72:F6:DF:68:DA:13:C8:47:97:DE:07:A4:68:EA:34:C1:63:57:A4
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       019D819C57F8DE262C65BD3E68575D7BEED7
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/mXL232jaE8hHl94HpGjqNMFjV6Q.roa
Signing time:             Sun 12 Apr 2026 12:13:20 +0000
ROA not before:           Sun 12 Apr 2026 12:13:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199277
IP address blocks:        2a0d:d940:2011::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:81:9c:57:f8:de:26:2c:65:bd:3e:68:57:5d:7b:ee:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Apr 12 12:13:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9972f6df68da13c84797de07a468ea34c16357a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:02:4d:91:04:05:00:f2:a3:60:bc:54:8e:ed:
                    4d:67:ac:5f:15:34:b5:0f:55:03:92:aa:e2:47:98:
                    71:c6:b5:41:6b:db:4b:16:c8:60:8e:8f:ac:db:34:
                    2b:15:cb:01:cc:74:4a:8f:b9:eb:49:fa:9c:5e:8b:
                    21:8f:3d:3d:58:27:84:1a:3d:e1:68:1c:5d:31:5c:
                    d8:a8:3e:a4:fe:3d:f5:80:3e:38:35:1d:2c:1c:fe:
                    fc:53:0e:bd:de:bc:d7:ea:9a:fb:6e:22:b2:d0:87:
                    b4:a7:a3:cb:91:8d:db:90:4d:a8:5b:04:6a:36:35:
                    e7:c8:33:ea:51:32:94:98:8e:ab:13:49:26:95:aa:
                    1c:7f:5f:26:6f:2d:1b:99:a5:1a:c0:37:01:93:fd:
                    ab:b1:cb:8d:d6:4d:52:a3:44:7f:14:38:ac:fc:6d:
                    84:52:55:0e:9f:41:1b:a7:43:d6:d2:ee:7c:41:fb:
                    eb:b2:ec:d3:9f:5e:f9:8e:a0:eb:b9:6b:73:a3:88:
                    e8:1f:2b:86:d8:4b:13:d0:95:49:b7:e1:05:15:6c:
                    a3:82:73:26:55:30:34:2f:0b:ac:ff:bb:b3:a6:40:
                    b9:9e:f7:74:30:b5:82:13:e1:b0:83:06:77:12:e5:
                    6c:91:92:84:3e:87:a6:cf:b0:83:c4:97:71:f3:e2:
                    55:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:72:F6:DF:68:DA:13:C8:47:97:DE:07:A4:68:EA:34:C1:63:57:A4
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/mXL232jaE8hHl94HpGjqNMFjV6Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:2011::/48

    Signature Algorithm: sha256WithRSAEncryption
         e3:f6:a0:6c:c4:d4:a2:ec:1d:cc:0b:15:07:5c:83:d9:79:4a:
         95:36:2f:b7:10:da:f4:89:43:cc:0e:fd:38:e4:59:70:6c:57:
         5c:57:b7:5a:b3:19:e9:09:4c:8d:d2:dd:19:ca:70:d4:2e:ca:
         7e:28:5a:37:55:56:40:46:27:f3:fb:79:97:00:18:a5:64:c8:
         8c:e4:44:94:3b:ec:15:e9:e9:53:9f:a0:f9:cc:da:2a:24:aa:
         09:49:9d:09:8a:90:40:00:81:11:5d:d1:56:e3:76:60:2b:54:
         00:fe:22:fb:ff:e0:e1:09:57:0d:9f:e3:24:df:f6:a0:aa:56:
         bf:ee:b0:73:58:79:0e:80:29:f4:8e:ab:01:4a:fa:7b:48:05:
         9a:08:98:d8:25:1a:c8:32:b3:69:a9:c0:25:06:05:fd:ce:20:
         78:89:cc:24:14:99:99:9f:18:f0:9b:63:14:f8:c6:23:fb:61:
         2a:af:b8:c5:8e:37:0d:04:ab:04:b8:b4:a3:16:4c:ff:55:6d:
         7c:80:b5:65:8a:85:c7:9f:31:6e:c3:a0:1d:9d:56:54:f7:9f:
         b0:a9:c5:b3:8c:31:f3:88:68:b8:c0:63:11:49:79:fc:51:cb:
         46:32:34:ca:7e:35:c5:b5:0f:3f:bb:1b:4d:76:c6:dd:12:7f:
         ea:c6:ac:e6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ2BnFf43iYsZb0+aFdde+7XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjYwNDEyMTIxMzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTcyZjZkZjY4ZGExM2M4NDc5N2RlMDdhNDY4ZWEzNGMxNjM1N2E0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwJNkQQFAPKjYLxUju1NZ6xfFTS1
D1UDkqriR5hxxrVBa9tLFshgjo+s2zQrFcsBzHRKj7nrSfqcXoshjz09WCeEGj3h
aBxdMVzYqD6k/j31gD44NR0sHP78Uw693rzX6pr7biKy0Ie0p6PLkY3bkE2oWwRq
NjXnyDPqUTKUmI6rE0kmlaocf18mby0bmaUawDcBk/2rscuN1k1So0R/FDis/G2E
UlUOn0Ebp0PW0u58QfvrsuzTn175jqDruWtzo4joHyuG2EsT0JVJt+EFFWyjgnMm
VTA0Lwus/7uzpkC5nvd0MLWCE+GwgwZ3EuVskZKEPoemz7CDxJdx8+JVkwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJly9t9o2hPIR5feB6Ro6jTBY1ekMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvbVhMMjMyamFFOGhIbDk0SHBHanFOTUZqVjZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg3ZQCAR
MA0GCSqGSIb3DQEBCwUAA4IBAQDj9qBsxNSi7B3MCxUHXIPZeUqVNi+3ENr0iUPM
Dv045FlwbFdcV7dasxnpCUyN0t0ZynDULsp+KFo3VVZARifz+3mXABilZMiM5ESU
O+wV6elTn6D5zNoqJKoJSZ0JipBAAIERXdFW43ZgK1QA/iL7/+DhCVcNn+Mk3/ag
qla/7rBzWHkOgCn0jqsBSvp7SAWaCJjYJRrIMrNpqcAlBgX9ziB4icwkFJmZnxjw
m2MU+MYj+2Eqr7jFjjcNBKsEuLSjFkz/VW18gLVlioXHnzFuw6AdnVZU95+wqcWz
jDHziGi4wGMRSXn8UctGMjTKfjXFtQ8/uxtNdsbdEn/qxqzm
-----END CERTIFICATE-----