Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/OxlIMVmAsJoaXxdeH-zRm0aZJmY.roa
File:                     OxlIMVmAsJoaXxdeH-zRm0aZJmY.roa (raw, json)
Hash identifier:          Ip5Y0NJgcptDCnlNShnY7k1XbFcnH0s1uGDobJEDi+g=
Subject key identifier:   3B:19:48:31:59:80:B0:9A:1A:5F:17:5E:1F:EC:D1:9B:46:99:26:66
Certificate issuer:       /CN=a38b176a7d92e501eedaef6c60e8ce3a68d75224
Certificate serial:       019D85B1F6FD619F0E3903A4D8352C734B4C
Authority key identifier: A3:8B:17:6A:7D:92:E5:01:EE:DA:EF:6C:60:E8:CE:3A:68:D7:52:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o4sXan2S5QHu2u9sYOjOOmjXUiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/OxlIMVmAsJoaXxdeH-zRm0aZJmY.roa
Signing time:             Mon 13 Apr 2026 07:15:26 +0000
ROA not before:           Mon 13 Apr 2026 07:15:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61977
IP address blocks:        2a13:1500::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/o4sXan2S5QHu2u9sYOjOOmjXUiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/o4sXan2S5QHu2u9sYOjOOmjXUiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o4sXan2S5QHu2u9sYOjOOmjXUiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:85:b1:f6:fd:61:9f:0e:39:03:a4:d8:35:2c:73:4b:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a38b176a7d92e501eedaef6c60e8ce3a68d75224
        Validity
            Not Before: Apr 13 07:15:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3b1948315980b09a1a5f175e1fecd19b46992666
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:df:34:16:02:92:d8:a5:90:74:95:57:52:72:
                    f1:8c:9f:53:57:72:b3:9a:60:74:ae:d5:c3:3d:e3:
                    77:dd:42:aa:f4:bf:2c:85:f6:35:4f:05:f2:b2:32:
                    e8:88:0c:b1:5d:a4:a5:48:81:35:3a:63:e4:3d:27:
                    18:f8:ca:5d:dd:8d:95:06:7d:03:85:f7:87:57:c5:
                    45:13:08:79:99:32:b2:0a:d0:88:18:24:31:5e:65:
                    f2:5f:1c:f0:dc:bc:f0:cc:bb:a5:7f:8e:06:3a:c9:
                    df:05:b6:9e:a0:41:7f:58:6c:7c:b0:7a:6e:5a:53:
                    5d:fd:f6:05:81:74:b5:d9:a8:1f:61:d1:30:c1:d0:
                    65:77:42:1e:69:68:e3:3c:ff:1e:fa:12:4e:7f:96:
                    46:8d:87:12:ad:29:a8:25:ac:73:dc:76:12:b7:c8:
                    a7:a5:c1:1a:03:ff:ed:ca:8d:03:e6:f3:4b:38:85:
                    6c:b5:51:76:ed:54:3a:41:35:6b:9c:7f:d0:91:01:
                    3e:83:24:18:73:88:f7:1c:c9:04:3a:86:84:a5:5d:
                    50:0a:d7:37:ce:cd:f8:a0:a0:4b:cc:87:2a:93:ed:
                    ad:c9:dd:97:86:4d:06:46:ae:d5:7e:fb:c2:46:df:
                    8b:c9:f8:30:e2:5a:81:86:f5:89:6c:0d:4e:24:7f:
                    ff:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:19:48:31:59:80:B0:9A:1A:5F:17:5E:1F:EC:D1:9B:46:99:26:66
            X509v3 Authority Key Identifier:
                keyid:A3:8B:17:6A:7D:92:E5:01:EE:DA:EF:6C:60:E8:CE:3A:68:D7:52:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o4sXan2S5QHu2u9sYOjOOmjXUiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/OxlIMVmAsJoaXxdeH-zRm0aZJmY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/o4sXan2S5QHu2u9sYOjOOmjXUiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:1500::/29

    Signature Algorithm: sha256WithRSAEncryption
         9d:88:8c:01:5d:7f:b5:25:5e:c9:78:27:1e:ae:2e:70:c6:68:
         45:66:f4:3f:2f:d2:9a:2f:fb:05:db:d1:6d:e0:c5:2d:e6:00:
         be:63:a8:1e:cf:e6:ed:72:4d:e9:ef:ef:df:2a:a1:1a:c2:98:
         0d:70:cb:ec:7d:d4:c5:0d:1e:81:a4:13:25:11:8a:79:de:ed:
         33:c5:d2:95:6f:54:b0:0f:41:24:db:63:5f:ae:fa:02:64:1c:
         ba:cf:11:63:65:17:ac:12:6f:76:f0:4c:65:59:a4:b3:16:e7:
         b5:95:58:54:6e:5a:ee:a5:f5:3f:ce:00:bb:90:69:90:1f:83:
         0a:6b:bd:82:9f:91:4e:31:c6:68:e7:e4:e7:db:a9:dc:2d:ff:
         47:74:88:37:50:86:7c:bd:11:80:ce:9a:f1:58:8a:8b:84:e8:
         48:4e:03:7c:11:25:8f:90:31:33:27:08:f6:ab:25:d6:24:c9:
         10:96:98:ae:c4:f6:15:e4:c3:ee:65:cf:d5:94:45:81:25:b0:
         73:b5:55:b1:bb:9f:e2:93:37:77:ff:84:f5:63:ba:c4:6b:81:
         fc:bf:2f:4e:d8:d8:c3:47:48:07:c0:df:d4:b9:e8:37:29:44:
         fa:9c:39:2a:c3:ae:e0:d9:b2:21:6c:18:63:67:9d:49:57:8a:
         b0:1d:ff:5c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ2Fsfb9YZ8OOQOk2DUsc0tMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzOGIxNzZhN2Q5MmU1MDFlZWRhZWY2YzYwZThjZTNhNjhk
NzUyMjQwHhcNMjYwNDEzMDcxNTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjE5NDgzMTU5ODBiMDlhMWE1ZjE3NWUxZmVjZDE5YjQ2OTkyNjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+d80FgKS2KWQdJVXUnLxjJ9TV3Kz
mmB0rtXDPeN33UKq9L8shfY1TwXysjLoiAyxXaSlSIE1OmPkPScY+Mpd3Y2VBn0D
hfeHV8VFEwh5mTKyCtCIGCQxXmXyXxzw3LzwzLulf44GOsnfBbaeoEF/WGx8sHpu
WlNd/fYFgXS12agfYdEwwdBld0IeaWjjPP8e+hJOf5ZGjYcSrSmoJaxz3HYSt8in
pcEaA//tyo0D5vNLOIVstVF27VQ6QTVrnH/QkQE+gyQYc4j3HMkEOoaEpV1QCtc3
zs34oKBLzIcqk+2tyd2Xhk0GRq7VfvvCRt+Lyfgw4lqBhvWJbA1OJH//VwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDsZSDFZgLCaGl8XXh/s0ZtGmSZmMB8GA1UdIwQY
MBaAFKOLF2p9kuUB7trvbGDozjpo11IkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzRzWGFuMlM1UUh1MnU5c1lPak9PbWpYVWlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi84MTAwZGItNDQzYS00YzdlLWJiZTIt
ZWZlNzljMjU0ZTI1LzEvT3hsSU1WbUFzSm9hWHhkZUgtelJtMGFaSm1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi84MTAwZGItNDQzYS00YzdlLWJiZTItZWZlNzljMjU0ZTI1
LzEvbzRzWGFuMlM1UUh1MnU5c1lPak9PbWpYVWlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhMVADAN
BgkqhkiG9w0BAQsFAAOCAQEAnYiMAV1/tSVeyXgnHq4ucMZoRWb0Py/Smi/7BdvR
beDFLeYAvmOoHs/m7XJN6e/v3yqhGsKYDXDL7H3UxQ0egaQTJRGKed7tM8XSlW9U
sA9BJNtjX676AmQcus8RY2UXrBJvdvBMZVmksxbntZVYVG5a7qX1P84Au5BpkB+D
Cmu9gp+RTjHGaOfk59up3C3/R3SIN1CGfL0RgM6a8ViKi4ToSE4DfBElj5AxMycI
9qsl1iTJEJaYrsT2FeTD7mXP1ZRFgSWwc7VVsbuf4pM3d/+E9WO6xGuB/L8vTtjY
w0dIB8Df1LnoNylE+pw5KsOu4NmyIWwYY2edSVeKsB3/XA==
-----END CERTIFICATE-----