Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/7_KuEvRi_14zb6ajXHwy-1HJpm0.roa
File:                     7_KuEvRi_14zb6ajXHwy-1HJpm0.roa (raw, json)
Hash identifier:          y9zbrYx6KIqniGx302kiI/eIzCLca5mKO3xeDDaCZf0=
Subject key identifier:   EF:F2:AE:12:F4:62:FF:5E:33:6F:A6:A3:5C:7C:32:FB:51:C9:A6:6D
Certificate issuer:       /CN=baa0f258eef4b2bf4bbaa8430c1e58ca8c188ea7
Certificate serial:       019D8673F8185CD0832740B971F3C8CF792A
Authority key identifier: BA:A0:F2:58:EE:F4:B2:BF:4B:BA:A8:43:0C:1E:58:CA:8C:18:8E:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uqDyWO70sr9LuqhDDB5YyowYjqc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/7_KuEvRi_14zb6ajXHwy-1HJpm0.roa
Signing time:             Mon 13 Apr 2026 10:47:20 +0000
ROA not before:           Mon 13 Apr 2026 10:47:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211211
IP address blocks:        2a06:1301:4100::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/uqDyWO70sr9LuqhDDB5YyowYjqc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/uqDyWO70sr9LuqhDDB5YyowYjqc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uqDyWO70sr9LuqhDDB5YyowYjqc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 15:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:86:73:f8:18:5c:d0:83:27:40:b9:71:f3:c8:cf:79:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=baa0f258eef4b2bf4bbaa8430c1e58ca8c188ea7
        Validity
            Not Before: Apr 13 10:47:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eff2ae12f462ff5e336fa6a35c7c32fb51c9a66d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:1d:50:8c:0a:7a:6e:ee:fa:e9:e7:e9:e9:cd:
                    87:90:19:f2:c5:98:54:f4:df:4c:e9:68:cd:7c:b3:
                    ba:9e:48:bd:51:29:62:ff:4a:0c:d1:08:ef:81:08:
                    de:3e:4c:ee:7a:09:c3:ae:6e:75:f2:0e:34:1f:93:
                    c0:0e:25:f9:ba:30:9c:6f:41:0a:e6:35:8e:5d:a2:
                    b5:d8:68:ef:22:e7:ce:81:0d:00:a2:2e:e5:2d:55:
                    a8:3d:f8:ec:37:a3:c8:30:01:60:e7:a3:ca:ab:c6:
                    26:89:a2:e5:47:2d:27:a1:d7:90:cf:b0:5b:f5:ed:
                    3f:77:d8:30:93:47:0e:90:50:c8:b7:60:18:c8:75:
                    0b:2a:65:5d:0f:4b:3c:df:9a:f7:df:92:45:9f:6f:
                    7d:19:c1:14:a6:7f:dd:2a:88:0b:1f:27:e4:a3:21:
                    cb:ed:3f:07:5d:c2:ad:c1:21:85:19:a0:7d:cf:c9:
                    8e:ae:53:25:ca:e1:22:54:22:a1:ee:c2:e0:69:15:
                    d4:d0:de:06:fa:b1:00:8f:b4:3a:b2:9c:52:35:f7:
                    2a:6c:1e:10:82:86:ec:43:b3:49:f7:07:db:2b:a7:
                    21:5a:2f:92:07:f3:f6:df:d0:6f:66:b1:99:ae:b9:
                    6f:e6:9e:70:12:48:38:7b:09:c2:8e:b2:37:2c:9e:
                    be:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:F2:AE:12:F4:62:FF:5E:33:6F:A6:A3:5C:7C:32:FB:51:C9:A6:6D
            X509v3 Authority Key Identifier:
                keyid:BA:A0:F2:58:EE:F4:B2:BF:4B:BA:A8:43:0C:1E:58:CA:8C:18:8E:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uqDyWO70sr9LuqhDDB5YyowYjqc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/7_KuEvRi_14zb6ajXHwy-1HJpm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/5e0ee1-c833-4241-960a-e5768d6b182c/1/uqDyWO70sr9LuqhDDB5YyowYjqc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:1301:4100::/48

    Signature Algorithm: sha256WithRSAEncryption
         00:90:df:5a:45:4e:4e:b0:a9:73:63:99:c3:14:88:d3:37:8e:
         b8:a5:7a:87:74:fd:ed:89:f7:c0:e8:9e:f4:d6:c1:24:01:67:
         5b:f0:36:07:f0:9b:f6:ed:cf:92:17:e2:00:2f:f1:98:db:81:
         31:18:97:47:61:e9:df:54:36:d5:22:8f:fc:c0:98:08:74:78:
         00:70:81:2f:ec:c0:eb:e7:96:b9:f3:88:c2:2a:57:eb:69:d2:
         3d:cc:22:52:a9:c1:bd:dc:01:0a:92:9e:fc:44:9a:39:63:50:
         7d:45:fb:98:ce:b9:fc:f2:52:8c:ab:8e:fe:76:67:0d:df:bb:
         98:dd:4d:33:14:ca:2d:e4:69:a3:16:3e:23:1d:58:bc:47:df:
         7c:24:96:60:f1:97:01:37:48:cc:a6:17:f1:d5:fa:23:65:ed:
         e8:48:21:d6:0d:e2:1f:1d:e3:1c:38:d4:d8:f9:e9:33:1b:8c:
         22:f2:bd:36:62:68:fb:93:33:1b:82:f4:53:f9:2a:b9:e7:c4:
         05:4e:68:17:15:88:17:ae:ca:da:6f:a6:e4:c6:73:0d:d5:fe:
         68:be:e6:04:f1:4d:3b:7b:62:e5:35:9a:b0:be:d6:f5:1d:ec:
         ca:3d:37:07:6f:da:d2:1d:b2:be:34:2e:2a:9d:d6:65:7a:59:
         e7:a7:9d:36
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ2Gc/gYXNCDJ0C5cfPIz3kqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhYTBmMjU4ZWVmNGIyYmY0YmJhYTg0MzBjMWU1OGNhOGMx
ODhlYTcwHhcNMjYwNDEzMTA0NzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmYyYWUxMmY0NjJmZjVlMzM2ZmE2YTM1YzdjMzJmYjUxYzlhNjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAth1QjAp6bu766efp6c2HkBnyxZhU
9N9M6WjNfLO6nki9USli/0oM0QjvgQjePkzuegnDrm518g40H5PADiX5ujCcb0EK
5jWOXaK12GjvIufOgQ0Aoi7lLVWoPfjsN6PIMAFg56PKq8YmiaLlRy0nodeQz7Bb
9e0/d9gwk0cOkFDIt2AYyHULKmVdD0s835r335JFn299GcEUpn/dKogLHyfkoyHL
7T8HXcKtwSGFGaB9z8mOrlMlyuEiVCKh7sLgaRXU0N4G+rEAj7Q6spxSNfcqbB4Q
gobsQ7NJ9wfbK6chWi+SB/P239BvZrGZrrlv5p5wEkg4ewnCjrI3LJ6+8wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFO/yrhL0Yv9eM2+mo1x8MvtRyaZtMB8GA1UdIwQY
MBaAFLqg8lju9LK/S7qoQwweWMqMGI6nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXFEeVdPNzBzcjlMdXFoRERCNVl5b3dZanFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS81ZTBlZTEtYzgzMy00MjQxLTk2MGEt
ZTU3NjhkNmIxODJjLzEvN19LdUV2UmlfMTR6YjZhalhId3ktMUhKcG0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS81ZTBlZTEtYzgzMy00MjQxLTk2MGEtZTU3NjhkNmIxODJj
LzEvdXFEeVdPNzBzcjlMdXFoRERCNVl5b3dZanFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgYTAUEA
MA0GCSqGSIb3DQEBCwUAA4IBAQAAkN9aRU5OsKlzY5nDFIjTN464pXqHdP3tiffA
6J701sEkAWdb8DYH8Jv27c+SF+IAL/GY24ExGJdHYenfVDbVIo/8wJgIdHgAcIEv
7MDr55a584jCKlfradI9zCJSqcG93AEKkp78RJo5Y1B9RfuYzrn88lKMq47+dmcN
37uY3U0zFMot5GmjFj4jHVi8R998JJZg8ZcBN0jMphfx1fojZe3oSCHWDeIfHeMc
ONTY+ekzG4wi8r02Ymj7kzMbgvRT+Sq558QFTmgXFYgXrsrab6bkxnMN1f5ovuYE
8U07e2LlNZqwvtb1HezKPTcHb9rSHbK+NC4qndZlelnnp502
-----END CERTIFICATE-----