Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/tvfeZLCG6lzy5qRBU1yLCkJ55KI.roa
File:                     tvfeZLCG6lzy5qRBU1yLCkJ55KI.roa (raw, json)
Hash identifier:          uedDNdnBeB/AoMLTtEK38Li/WuXVA8H+uPKPlBZvMrI=
Subject key identifier:   B6:F7:DE:64:B0:86:EA:5C:F2:E6:A4:41:53:5C:8B:0A:42:79:E4:A2
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019E97DF8D636E54822416DF5F1BD4A88F27
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/tvfeZLCG6lzy5qRBU1yLCkJ55KI.roa
Signing time:             Fri 05 Jun 2026 13:01:10 +0000
ROA not before:           Fri 05 Jun 2026 13:01:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44547
IP address blocks:        2a02:2fc0:12::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:97:df:8d:63:6e:54:82:24:16:df:5f:1b:d4:a8:8f:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Jun  5 13:01:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b6f7de64b086ea5cf2e6a441535c8b0a4279e4a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:bb:18:08:99:b2:dd:0e:47:f9:88:a6:49:97:
                    7f:4c:6f:42:87:11:18:5d:06:2f:72:ff:ec:47:dd:
                    d7:c3:18:f1:50:20:89:3a:aa:64:2b:1e:1c:de:10:
                    ac:43:ae:dc:89:28:51:f9:c8:9f:5f:1f:95:b7:93:
                    55:7a:4c:76:fa:81:2a:e3:65:ab:8c:c9:6d:54:ca:
                    b0:3c:73:5a:0b:45:c3:53:35:6b:57:b7:59:4b:16:
                    5f:cb:a8:5d:54:29:9c:a1:fa:a1:7b:67:90:ae:2e:
                    97:fc:0a:45:3b:f7:a1:bf:60:f4:02:80:ce:a7:93:
                    ce:1b:ec:37:55:10:7a:a4:0d:ab:c2:b5:6b:35:a3:
                    0c:e5:01:10:c4:45:14:f5:1c:b0:ba:d6:58:cc:f5:
                    b3:01:65:3b:7f:a5:bc:0b:e5:22:23:28:dd:9e:4e:
                    51:61:3d:0a:2f:90:0d:13:92:21:92:38:45:5a:ce:
                    01:36:93:65:3e:81:33:f2:dd:48:92:dd:ce:9f:61:
                    2b:36:3a:75:8a:c6:c6:c8:7c:65:7e:0c:0b:bf:02:
                    f5:62:0e:85:8f:a8:86:a0:67:33:c7:6e:d9:7b:23:
                    e3:fa:17:83:f8:f2:66:32:35:04:c8:29:2b:8d:24:
                    2c:6a:ca:39:5a:86:7f:be:a8:57:c7:6a:0b:dd:18:
                    95:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:F7:DE:64:B0:86:EA:5C:F2:E6:A4:41:53:5C:8B:0A:42:79:E4:A2
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/tvfeZLCG6lzy5qRBU1yLCkJ55KI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:2fc0:12::/48

    Signature Algorithm: sha256WithRSAEncryption
         72:02:1a:27:05:25:1b:06:37:7e:e6:f7:af:08:b0:55:87:16:
         22:8b:80:07:cc:b1:1e:87:1d:10:84:e6:db:30:8d:73:e5:2a:
         e6:92:b4:25:fe:23:6d:4d:d1:f4:c9:ff:8e:23:71:e4:ee:84:
         b1:00:d6:47:8e:bb:1f:17:5c:f1:4f:4c:ca:b3:72:cc:8c:b1:
         eb:d7:e7:9c:f1:9e:85:3a:46:24:d1:96:ca:e4:68:81:af:49:
         82:2f:7d:4f:1d:30:96:38:83:f5:02:83:6f:ef:bf:89:41:e3:
         e2:a0:f7:9b:c5:17:e1:ce:60:f0:62:ab:3b:42:df:96:3c:b3:
         c2:4f:23:42:ba:42:48:a6:6e:53:06:6d:c0:62:61:51:00:b0:
         c3:e2:72:eb:c5:72:77:9f:a7:ad:07:d2:6b:d2:15:b0:fd:0e:
         cc:94:73:43:66:80:ea:fb:8c:79:a3:16:51:55:90:2c:08:71:
         d5:1d:ee:38:82:31:61:58:91:ff:cc:c3:e2:6e:d2:f9:e6:70:
         43:f3:6f:5c:0d:dd:d6:2f:f9:cd:48:c8:0d:3d:e9:6b:26:f8:
         96:d0:df:d8:ea:66:ed:e5:1f:ef:38:23:0a:0b:6b:b7:ea:79:
         28:b8:ba:3e:bc:a5:11:51:e6:a2:8e:e2:b3:7b:f0:f8:dd:f9:
         d2:db:96:6f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ6X341jblSCJBbfXxvUqI8nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjYwNjA1MTMwMTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmY3ZGU2NGIwODZlYTVjZjJlNmE0NDE1MzVjOGIwYTQyNzllNGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLsYCJmy3Q5H+YimSZd/TG9ChxEY
XQYvcv/sR93XwxjxUCCJOqpkKx4c3hCsQ67ciShR+cifXx+Vt5NVekx2+oEq42Wr
jMltVMqwPHNaC0XDUzVrV7dZSxZfy6hdVCmcofqhe2eQri6X/ApFO/ehv2D0AoDO
p5POG+w3VRB6pA2rwrVrNaMM5QEQxEUU9RywutZYzPWzAWU7f6W8C+UiIyjdnk5R
YT0KL5ANE5IhkjhFWs4BNpNlPoEz8t1Ikt3On2ErNjp1isbGyHxlfgwLvwL1Yg6F
j6iGoGczx27ZeyPj+heD+PJmMjUEyCkrjSQsaso5WoZ/vqhXx2oL3RiVHwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLb33mSwhupc8uakQVNciwpCeeSiMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvdHZmZVpMQ0c2bHp5NXFSQlUxeUxDa0o1NUtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIvwAAS
MA0GCSqGSIb3DQEBCwUAA4IBAQByAhonBSUbBjd+5vevCLBVhxYii4AHzLEehx0Q
hObbMI1z5SrmkrQl/iNtTdH0yf+OI3Hk7oSxANZHjrsfF1zxT0zKs3LMjLHr1+ec
8Z6FOkYk0ZbK5GiBr0mCL31PHTCWOIP1AoNv77+JQePioPebxRfhzmDwYqs7Qt+W
PLPCTyNCukJIpm5TBm3AYmFRALDD4nLrxXJ3n6etB9Jr0hWw/Q7MlHNDZoDq+4x5
oxZRVZAsCHHVHe44gjFhWJH/zMPibtL55nBD829cDd3WL/nNSMgNPelrJviW0N/Y
6mbt5R/vOCMKC2u36nkouLo+vKURUeaijuKze/D43fnS25Zv
-----END CERTIFICATE-----