Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/5d2af7-382b-4dd6-a8b4-f921db75bdf9/1/6r3WitD5t2IivvY6IDcPBOiQM5A.roa
File:                     6r3WitD5t2IivvY6IDcPBOiQM5A.roa (raw, json)
Hash identifier:          CFw3h/ZlDOXkd/OBoKFI2OoDPkqdMMoJSEOGE9GM7e4=
Subject key identifier:   EA:BD:D6:8A:D0:F9:B7:62:22:BE:F6:3A:20:37:0F:04:E8:90:33:90
Certificate issuer:       /CN=892f3ff3c0a1ffb3af20f5b95e8cb64c88043f39
Certificate serial:       019E4B330AD09EDEC7D4C1D93CE4245C4C30
Authority key identifier: 89:2F:3F:F3:C0:A1:FF:B3:AF:20:F5:B9:5E:8C:B6:4C:88:04:3F:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iS8_88Ch_7OvIPW5Xoy2TIgEPzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/5d2af7-382b-4dd6-a8b4-f921db75bdf9/1/6r3WitD5t2IivvY6IDcPBOiQM5A.roa
Signing time:             Thu 21 May 2026 15:41:36 +0000
ROA not before:           Thu 21 May 2026 15:41:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207059
IP address blocks:        2a07:bf80::/32 maxlen: 48
                          2a07:bf80:de::/48 maxlen: 112
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/5d2af7-382b-4dd6-a8b4-f921db75bdf9/1/iS8_88Ch_7OvIPW5Xoy2TIgEPzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/5d2af7-382b-4dd6-a8b4-f921db75bdf9/1/iS8_88Ch_7OvIPW5Xoy2TIgEPzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iS8_88Ch_7OvIPW5Xoy2TIgEPzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4b:33:0a:d0:9e:de:c7:d4:c1:d9:3c:e4:24:5c:4c:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=892f3ff3c0a1ffb3af20f5b95e8cb64c88043f39
        Validity
            Not Before: May 21 15:41:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eabdd68ad0f9b76222bef63a20370f04e8903390
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:b4:8d:28:28:17:ba:f7:00:20:ab:9f:68:4b:
                    d8:60:48:67:31:59:d9:9f:ea:2e:36:a5:62:08:95:
                    a7:39:4a:2a:d9:5f:4b:90:50:a2:ca:77:05:f5:98:
                    4c:4e:b3:ce:20:37:7b:24:80:cf:92:72:b1:e8:1a:
                    91:bc:8b:76:1f:52:98:07:d7:72:71:20:95:2e:6f:
                    64:d1:4e:a3:91:bb:28:5e:9f:5d:a1:96:e5:b1:67:
                    c5:e5:ba:de:0a:d3:97:4f:55:1f:c2:76:96:97:a7:
                    74:bd:ad:b1:e1:47:e0:39:51:92:70:e6:00:1e:22:
                    c2:48:4e:49:53:e4:4c:71:3a:24:bf:96:d1:73:e1:
                    c6:7e:de:bc:29:77:b8:49:38:4b:77:3f:5a:e5:8e:
                    56:15:26:90:f2:86:ac:28:45:76:f3:7c:aa:94:27:
                    2a:f1:88:05:a1:75:2e:96:1c:d3:76:f5:4f:ab:53:
                    8c:34:4d:c3:f1:f9:0a:7f:8b:26:9c:67:8c:09:89:
                    91:15:81:05:d4:c6:e7:a5:38:ec:3d:6d:29:c8:dd:
                    04:97:53:c4:78:52:91:ea:90:bc:3f:97:fb:c9:6f:
                    d0:0f:9f:90:37:c1:1b:49:b3:eb:b4:02:c2:2e:b2:
                    e7:83:01:b8:f0:74:23:eb:94:01:06:d9:a1:99:be:
                    e1:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:BD:D6:8A:D0:F9:B7:62:22:BE:F6:3A:20:37:0F:04:E8:90:33:90
            X509v3 Authority Key Identifier:
                keyid:89:2F:3F:F3:C0:A1:FF:B3:AF:20:F5:B9:5E:8C:B6:4C:88:04:3F:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iS8_88Ch_7OvIPW5Xoy2TIgEPzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/5d2af7-382b-4dd6-a8b4-f921db75bdf9/1/6r3WitD5t2IivvY6IDcPBOiQM5A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/5d2af7-382b-4dd6-a8b4-f921db75bdf9/1/iS8_88Ch_7OvIPW5Xoy2TIgEPzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:bf80::/32

    Signature Algorithm: sha256WithRSAEncryption
         25:90:8f:49:57:25:9a:18:37:62:62:1f:2f:9d:b8:77:4c:26:
         84:55:06:19:cd:6e:8e:dd:3b:0b:8c:88:10:03:77:11:3a:c3:
         99:54:6b:25:44:77:8f:fd:e3:72:1f:0d:60:65:97:6f:ba:dc:
         2a:39:7b:aa:35:ed:c0:98:68:57:a0:ac:b0:78:50:c4:a6:0b:
         8a:66:04:ee:76:8c:df:9c:96:e8:a9:de:f2:09:3f:f5:6b:f4:
         73:de:cc:76:ad:17:2d:3b:c3:c0:9a:f9:09:72:33:c9:6b:31:
         95:96:96:0e:f3:ab:c2:09:a4:06:72:e3:e3:81:87:cd:d1:04:
         64:90:9d:41:cc:88:2d:dd:0e:18:f5:95:0c:54:41:d5:44:97:
         4e:5e:b3:15:49:75:cc:2d:ca:37:6a:e8:bc:f7:9c:b9:86:b1:
         49:a8:50:19:bf:90:7b:69:14:00:73:8f:09:99:29:cb:c3:df:
         19:35:b7:e0:95:2f:f9:d3:5a:59:52:93:46:64:48:70:11:f2:
         f5:ae:39:26:20:5f:2f:7a:c7:fe:35:8f:69:a4:83:a4:f9:36:
         54:fc:25:5b:3c:0e:70:b3:64:a5:98:08:72:f7:7f:3b:5c:3c:
         41:53:84:2f:a7:4b:df:1a:e1:46:5b:6a:72:8e:7b:1e:2a:cd:
         6c:d3:fb:a5
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ5LMwrQnt7H1MHZPOQkXEwwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5MmYzZmYzYzBhMWZmYjNhZjIwZjViOTVlOGNiNjRjODgw
NDNmMzkwHhcNMjYwNTIxMTU0MTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWJkZDY4YWQwZjliNzYyMjJiZWY2M2EyMDM3MGYwNGU4OTAzMzkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLSNKCgXuvcAIKufaEvYYEhnMVnZ
n+ouNqViCJWnOUoq2V9LkFCiyncF9ZhMTrPOIDd7JIDPknKx6BqRvIt2H1KYB9dy
cSCVLm9k0U6jkbsoXp9doZblsWfF5breCtOXT1UfwnaWl6d0va2x4UfgOVGScOYA
HiLCSE5JU+RMcTokv5bRc+HGft68KXe4SThLdz9a5Y5WFSaQ8oasKEV283yqlCcq
8YgFoXUulhzTdvVPq1OMNE3D8fkKf4smnGeMCYmRFYEF1MbnpTjsPW0pyN0El1PE
eFKR6pC8P5f7yW/QD5+QN8EbSbPrtALCLrLngwG48HQj65QBBtmhmb7hmwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOq91orQ+bdiIr72OiA3DwTokDOQMB8GA1UdIwQY
MBaAFIkvP/PAof+zryD1uV6MtkyIBD85MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVM4Xzg4Q2hfN092SVBXNVhveTJUSWdFUHprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy81ZDJhZjctMzgyYi00ZGQ2LWE4YjQt
ZjkyMWRiNzViZGY5LzEvNnIzV2l0RDV0MklpdnZZNklEY1BCT2lRTTVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy81ZDJhZjctMzgyYi00ZGQ2LWE4YjQtZjkyMWRiNzViZGY5
LzEvaVM4Xzg4Q2hfN092SVBXNVhveTJUSWdFUHprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKge/gDAN
BgkqhkiG9w0BAQsFAAOCAQEAJZCPSVclmhg3YmIfL524d0wmhFUGGc1ujt07C4yI
EAN3ETrDmVRrJUR3j/3jch8NYGWXb7rcKjl7qjXtwJhoV6CssHhQxKYLimYE7naM
35yW6Kne8gk/9Wv0c97Mdq0XLTvDwJr5CXIzyWsxlZaWDvOrwgmkBnLj44GHzdEE
ZJCdQcyILd0OGPWVDFRB1USXTl6zFUl1zC3KN2rovPecuYaxSahQGb+Qe2kUAHOP
CZkpy8PfGTW34JUv+dNaWVKTRmRIcBHy9a45JiBfL3rH/jWPaaSDpPk2VPwlWzwO
cLNkpZgIcvd/O1w8QVOEL6dL3xrhRltqco57HirNbNP7pQ==
-----END CERTIFICATE-----