Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/33b36a-fd49-44d0-9018-d56719df6399/1/iXdCxqONjbFxErLs984fDtPPuP0.roa
File:                     iXdCxqONjbFxErLs984fDtPPuP0.roa (raw, json)
Hash identifier:          kOe2FaHNUJoqh8TvxUecRv4MaU6ezmauA8mPBQq+gXs=
Subject key identifier:   89:77:42:C6:A3:8D:8D:B1:71:12:B2:EC:F7:CE:1F:0E:D3:CF:B8:FD
Certificate issuer:       /CN=666bb22ab64acea6248e3eecd4d600797046e8b9
Certificate serial:       019D9AED5DF50A8D4C13615E456F2C572147
Authority key identifier: 66:6B:B2:2A:B6:4A:CE:A6:24:8E:3E:EC:D4:D6:00:79:70:46:E8:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZmuyKrZKzqYkjj7s1NYAeXBG6Lk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/33b36a-fd49-44d0-9018-d56719df6399/1/iXdCxqONjbFxErLs984fDtPPuP0.roa
Signing time:             Fri 17 Apr 2026 10:12:20 +0000
ROA not before:           Fri 17 Apr 2026 10:12:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212233
IP address blocks:        2001:678:1224::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/33b36a-fd49-44d0-9018-d56719df6399/1/ZmuyKrZKzqYkjj7s1NYAeXBG6Lk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/33b36a-fd49-44d0-9018-d56719df6399/1/ZmuyKrZKzqYkjj7s1NYAeXBG6Lk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZmuyKrZKzqYkjj7s1NYAeXBG6Lk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9a:ed:5d:f5:0a:8d:4c:13:61:5e:45:6f:2c:57:21:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=666bb22ab64acea6248e3eecd4d600797046e8b9
        Validity
            Not Before: Apr 17 10:12:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=897742c6a38d8db17112b2ecf7ce1f0ed3cfb8fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:b8:cf:ba:4b:ed:20:90:09:1b:08:dd:a9:f7:
                    f9:df:db:f4:44:64:46:1c:c0:f9:eb:1f:d9:55:c7:
                    91:d6:b9:23:1c:b9:19:17:b4:8e:28:55:01:18:15:
                    1f:58:84:15:dd:61:79:67:fd:f2:b1:2f:c0:56:ca:
                    24:7d:9a:a6:7a:06:17:55:62:8e:d5:79:ea:8e:8b:
                    12:27:f3:e5:a0:50:cb:33:98:be:5e:a7:0b:de:dd:
                    66:53:83:98:9c:5d:70:d9:1c:64:34:8d:76:d9:3f:
                    93:52:14:d1:60:77:a3:f0:1e:ff:15:85:e4:2b:3d:
                    8c:e7:9c:5d:90:3c:aa:d3:c1:fb:52:26:0c:0d:ca:
                    5c:ae:95:6c:a2:a5:3d:fc:4b:87:ac:65:91:44:93:
                    d5:21:6e:3c:3e:f5:b0:bc:33:e6:48:8d:14:62:dc:
                    90:0a:5c:42:64:31:35:f5:6a:1e:f6:f0:86:19:39:
                    c8:fe:c9:9a:1d:e4:6d:e7:ca:1b:1e:f9:d0:b9:62:
                    71:60:ae:bb:09:ac:83:ae:aa:b1:cb:b0:e6:72:68:
                    2e:c2:fd:a8:78:ef:d9:73:bd:f2:68:87:d6:69:50:
                    1d:e4:88:f6:7b:53:ca:0a:6e:01:b4:c4:5d:93:de:
                    3f:ed:d1:70:a3:73:eb:6a:a8:b7:08:32:40:ae:55:
                    2d:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:77:42:C6:A3:8D:8D:B1:71:12:B2:EC:F7:CE:1F:0E:D3:CF:B8:FD
            X509v3 Authority Key Identifier:
                keyid:66:6B:B2:2A:B6:4A:CE:A6:24:8E:3E:EC:D4:D6:00:79:70:46:E8:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZmuyKrZKzqYkjj7s1NYAeXBG6Lk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/33b36a-fd49-44d0-9018-d56719df6399/1/iXdCxqONjbFxErLs984fDtPPuP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/33b36a-fd49-44d0-9018-d56719df6399/1/ZmuyKrZKzqYkjj7s1NYAeXBG6Lk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:1224::/48

    Signature Algorithm: sha256WithRSAEncryption
         70:04:af:54:84:3e:fb:ad:1e:1c:7d:05:0b:dd:8a:62:25:77:
         2c:5b:0c:72:aa:1a:5d:17:02:42:f6:d6:d7:84:74:85:98:d0:
         f4:85:60:19:ae:64:f9:45:66:59:7f:34:3c:1c:da:dd:e5:02:
         7b:da:4f:ac:fe:d5:70:8c:d4:36:10:62:40:c6:df:55:35:da:
         f8:3a:46:2d:7f:9b:42:67:c0:c4:ff:f9:5f:bb:0f:5f:77:fb:
         ed:d3:67:cd:d2:10:e5:6b:80:55:44:85:11:a6:cc:f2:fc:53:
         6c:9e:f7:06:9a:2c:08:e0:57:fe:e5:ee:32:31:f0:cd:76:6f:
         4b:f9:18:2e:cf:3c:6e:14:b1:01:cd:e0:98:78:00:bb:43:21:
         68:37:5f:b0:19:42:ac:46:ec:76:33:ba:4f:19:db:e8:26:d3:
         90:6e:a0:b8:49:0d:da:69:aa:24:ad:95:c8:08:73:b5:32:ac:
         29:22:ad:53:6f:06:73:58:b1:40:b8:59:c3:91:d1:6e:09:10:
         9d:07:6c:83:b7:51:9e:21:a8:19:51:90:b6:28:06:d6:e6:6f:
         96:10:6d:a2:2d:31:03:e7:05:91:a9:80:f4:a9:36:dd:4f:5b:
         01:52:e3:a1:30:15:99:f2:51:d0:75:20:45:a7:91:86:5b:90:
         4a:84:48:05
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ2a7V31Co1ME2FeRW8sVyFHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NmJiMjJhYjY0YWNlYTYyNDhlM2VlY2Q0ZDYwMDc5NzA0
NmU4YjkwHhcNMjYwNDE3MTAxMjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTc3NDJjNmEzOGQ4ZGIxNzExMmIyZWNmN2NlMWYwZWQzY2ZiOGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1bjPukvtIJAJGwjdqff539v0RGRG
HMD56x/ZVceR1rkjHLkZF7SOKFUBGBUfWIQV3WF5Z/3ysS/AVsokfZqmegYXVWKO
1XnqjosSJ/PloFDLM5i+XqcL3t1mU4OYnF1w2RxkNI122T+TUhTRYHej8B7/FYXk
Kz2M55xdkDyq08H7UiYMDcpcrpVsoqU9/EuHrGWRRJPVIW48PvWwvDPmSI0UYtyQ
ClxCZDE19Woe9vCGGTnI/smaHeRt58obHvnQuWJxYK67CayDrqqxy7Dmcmguwv2o
eO/Zc73yaIfWaVAd5Ij2e1PKCm4BtMRdk94/7dFwo3Praqi3CDJArlUtswIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIl3QsajjY2xcRKy7PfOHw7Tz7j9MB8GA1UdIwQY
MBaAFGZrsiq2Ss6mJI4+7NTWAHlwRui5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWm11eUtyWkt6cVlramo3czFOWUFlWEJHNkxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC8zM2IzNmEtZmQ0OS00NGQwLTkwMTgt
ZDU2NzE5ZGY2Mzk5LzEvaVhkQ3hxT05qYkZ4RXJMczk4NGZEdFBQdVAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC8zM2IzNmEtZmQ0OS00NGQwLTkwMTgtZDU2NzE5ZGY2Mzk5
LzEvWm11eUtyWkt6cVlramo3czFOWUFlWEJHNkxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBIk
MA0GCSqGSIb3DQEBCwUAA4IBAQBwBK9UhD77rR4cfQUL3YpiJXcsWwxyqhpdFwJC
9tbXhHSFmND0hWAZrmT5RWZZfzQ8HNrd5QJ72k+s/tVwjNQ2EGJAxt9VNdr4OkYt
f5tCZ8DE//lfuw9fd/vt02fN0hDla4BVRIURpszy/FNsnvcGmiwI4Ff+5e4yMfDN
dm9L+RguzzxuFLEBzeCYeAC7QyFoN1+wGUKsRux2M7pPGdvoJtOQbqC4SQ3aaaok
rZXICHO1MqwpIq1TbwZzWLFAuFnDkdFuCRCdB2yDt1GeIagZUZC2KAbW5m+WEG2i
LTED5wWRqYD0qTbdT1sBUuOhMBWZ8lHQdSBFp5GGW5BKhEgF
-----END CERTIFICATE-----