Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/df1a2e-2901-4f27-a2f1-2c18010fbfbf/1/Jhd8dVo4qeXLNKgQxWEaEIThO1U.roa
File:                     Jhd8dVo4qeXLNKgQxWEaEIThO1U.roa (raw, json)
Hash identifier:          Kzdyj7wpQhhcqBAlT0S5dvR8EKgyhHXnHpsN0XUZRx4=
Subject key identifier:   26:17:7C:75:5A:38:A9:E5:CB:34:A8:10:C5:61:1A:10:84:E1:3B:55
Certificate issuer:       /CN=2747c171786e883167d862be101f352135b923b4
Certificate serial:       019D77ADEC27A455B9B85DC39B0614FA63D9
Authority key identifier: 27:47:C1:71:78:6E:88:31:67:D8:62:BE:10:1F:35:21:35:B9:23:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J0fBcXhuiDFn2GK-EB81ITW5I7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/df1a2e-2901-4f27-a2f1-2c18010fbfbf/1/Jhd8dVo4qeXLNKgQxWEaEIThO1U.roa
Signing time:             Fri 10 Apr 2026 13:56:20 +0000
ROA not before:           Fri 10 Apr 2026 13:56:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199211
IP address blocks:        2a13:bc40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/df1a2e-2901-4f27-a2f1-2c18010fbfbf/1/J0fBcXhuiDFn2GK-EB81ITW5I7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/df1a2e-2901-4f27-a2f1-2c18010fbfbf/1/J0fBcXhuiDFn2GK-EB81ITW5I7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J0fBcXhuiDFn2GK-EB81ITW5I7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 04:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:77:ad:ec:27:a4:55:b9:b8:5d:c3:9b:06:14:fa:63:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2747c171786e883167d862be101f352135b923b4
        Validity
            Not Before: Apr 10 13:56:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=26177c755a38a9e5cb34a810c5611a1084e13b55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:1f:b8:3b:67:64:10:0d:29:1f:92:be:03:a9:
                    f6:60:98:77:d9:c2:ad:40:df:e2:b9:8a:a6:03:c2:
                    a9:56:dd:62:b2:5d:b6:99:0c:6c:8e:9b:ab:f6:6f:
                    de:0b:6c:65:1c:00:27:1b:da:db:dc:fa:f2:9b:7d:
                    2a:86:dc:8d:51:42:ba:86:fa:56:f9:fd:82:90:4a:
                    37:45:8d:8d:65:64:21:de:e2:0c:11:da:d8:31:e5:
                    e8:8a:ab:5d:1f:67:04:47:a6:b9:9a:e9:02:d6:c3:
                    c5:dd:dc:89:9b:65:18:02:91:99:6a:96:73:58:b6:
                    c1:56:11:87:1b:56:ab:c1:a4:13:c9:a4:e8:15:78:
                    65:87:ee:77:0c:92:6e:b5:79:39:a5:c8:bd:cb:77:
                    4b:05:44:d1:23:00:52:f7:db:35:19:d3:25:a7:48:
                    4b:64:ff:94:5e:57:37:12:a3:01:16:66:0c:2d:f4:
                    31:aa:e6:5b:66:40:78:41:dd:ed:43:41:a4:ff:39:
                    23:8c:47:51:88:c0:e3:bc:51:ae:de:d3:6a:33:95:
                    e4:29:c0:04:1e:ff:b6:86:6d:49:b3:ed:6f:f5:f3:
                    55:04:27:fe:b2:4c:6b:ba:18:1f:3b:49:b8:7c:57:
                    6f:2e:5b:2b:16:ab:13:5c:63:d0:a1:a6:b1:84:c6:
                    e9:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:17:7C:75:5A:38:A9:E5:CB:34:A8:10:C5:61:1A:10:84:E1:3B:55
            X509v3 Authority Key Identifier:
                keyid:27:47:C1:71:78:6E:88:31:67:D8:62:BE:10:1F:35:21:35:B9:23:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J0fBcXhuiDFn2GK-EB81ITW5I7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/df1a2e-2901-4f27-a2f1-2c18010fbfbf/1/Jhd8dVo4qeXLNKgQxWEaEIThO1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/df1a2e-2901-4f27-a2f1-2c18010fbfbf/1/J0fBcXhuiDFn2GK-EB81ITW5I7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:bc40::/29

    Signature Algorithm: sha256WithRSAEncryption
         2a:e5:fa:ca:87:db:32:4c:88:a0:90:93:b1:06:2e:15:fc:cf:
         ec:93:3b:8b:22:1f:91:01:34:88:57:c6:7e:36:ed:30:75:b2:
         a0:d5:ef:37:9f:46:35:b3:fa:81:3e:82:b7:7e:ab:6e:10:93:
         48:e3:a5:e4:65:d8:72:be:41:bc:47:be:95:e3:a6:43:f2:dc:
         65:20:68:2f:99:78:22:6a:d9:a9:ea:24:9a:55:5f:7f:c8:11:
         7f:e3:b6:16:40:9b:98:bd:3e:98:d9:5e:82:6a:d4:80:2b:1d:
         70:ab:81:fb:09:1a:42:df:a5:9d:9c:10:b8:b2:6a:a2:23:f4:
         dc:ab:b0:ba:58:47:d4:56:d4:87:6b:05:1e:62:cb:7e:d0:7f:
         59:a6:9c:30:27:3c:60:fb:35:65:f7:44:8d:f7:75:44:89:15:
         e2:6d:73:62:9b:56:ea:6e:54:c9:cb:0f:38:7f:e6:e5:90:58:
         35:bc:0a:08:52:89:40:55:83:aa:d1:f4:e0:25:9b:37:d4:be:
         fe:06:cd:18:61:ed:e7:ca:53:22:4b:75:3d:62:c5:44:e2:61:
         d8:a3:ce:04:14:bb:fc:75:d2:06:3c:07:6a:62:94:cd:d9:d9:
         a7:2d:44:45:b7:f7:7a:d1:fe:9b:f2:0c:40:ee:42:8c:17:1e:
         24:30:d7:88
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ13rewnpFW5uF3DmwYU+mPZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3NDdjMTcxNzg2ZTg4MzE2N2Q4NjJiZTEwMWYzNTIxMzVi
OTIzYjQwHhcNMjYwNDEwMTM1NjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjE3N2M3NTVhMzhhOWU1Y2IzNGE4MTBjNTYxMWExMDg0ZTEzYjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2B+4O2dkEA0pH5K+A6n2YJh32cKt
QN/iuYqmA8KpVt1isl22mQxsjpur9m/eC2xlHAAnG9rb3Prym30qhtyNUUK6hvpW
+f2CkEo3RY2NZWQh3uIMEdrYMeXoiqtdH2cER6a5mukC1sPF3dyJm2UYApGZapZz
WLbBVhGHG1arwaQTyaToFXhlh+53DJJutXk5pci9y3dLBUTRIwBS99s1GdMlp0hL
ZP+UXlc3EqMBFmYMLfQxquZbZkB4Qd3tQ0Gk/zkjjEdRiMDjvFGu3tNqM5XkKcAE
Hv+2hm1Js+1v9fNVBCf+skxruhgfO0m4fFdvLlsrFqsTXGPQoaaxhMbpYQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCYXfHVaOKnlyzSoEMVhGhCE4TtVMB8GA1UdIwQY
MBaAFCdHwXF4bogxZ9hivhAfNSE1uSO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjBmQmNYaHVpREZuMkdLLUVCODFJVFc1STdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9kZjFhMmUtMjkwMS00ZjI3LWEyZjEt
MmMxODAxMGZiZmJmLzEvSmhkOGRWbzRxZVhMTktnUXhXRWFFSVRoTzFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9kZjFhMmUtMjkwMS00ZjI3LWEyZjEtMmMxODAxMGZiZmJm
LzEvSjBmQmNYaHVpREZuMkdLLUVCODFJVFc1STdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhO8QDAN
BgkqhkiG9w0BAQsFAAOCAQEAKuX6yofbMkyIoJCTsQYuFfzP7JM7iyIfkQE0iFfG
fjbtMHWyoNXvN59GNbP6gT6Ct36rbhCTSOOl5GXYcr5BvEe+leOmQ/LcZSBoL5l4
ImrZqeokmlVff8gRf+O2FkCbmL0+mNlegmrUgCsdcKuB+wkaQt+lnZwQuLJqoiP0
3KuwulhH1FbUh2sFHmLLftB/WaacMCc8YPs1ZfdEjfd1RIkV4m1zYptW6m5UycsP
OH/m5ZBYNbwKCFKJQFWDqtH04CWbN9S+/gbNGGHt58pTIkt1PWLFROJh2KPOBBS7
/HXSBjwHamKUzdnZpy1ERbf3etH+m/IMQO5CjBceJDDXiA==
-----END CERTIFICATE-----