Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/whEmfrr9BXMP7JxECGGo_gymzUU.roa
File:                     whEmfrr9BXMP7JxECGGo_gymzUU.roa (raw, json)
Hash identifier:          BCyUOggxnWmPaf0pTOdxXapoZSxMMiP0NzG7hvVz37Q=
Subject key identifier:   C2:11:26:7E:BA:FD:05:73:0F:EC:9C:44:08:61:A8:FE:0C:A6:CD:45
Certificate issuer:       /CN=4a6d2817491dd2cd0678068e35a9efc68667df02
Certificate serial:       019E6AC616326C7B8E2F510A3A2699B8AFD9
Authority key identifier: 4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/whEmfrr9BXMP7JxECGGo_gymzUU.roa
Signing time:             Wed 27 May 2026 18:50:27 +0000
ROA not before:           Wed 27 May 2026 18:50:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214961
IP address blocks:        2a10:4646:700::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 06:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:6a:c6:16:32:6c:7b:8e:2f:51:0a:3a:26:99:b8:af:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a6d2817491dd2cd0678068e35a9efc68667df02
        Validity
            Not Before: May 27 18:50:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c211267ebafd05730fec9c440861a8fe0ca6cd45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:a9:95:60:65:97:75:4a:23:51:c4:9f:32:c2:
                    35:ba:b7:ce:dc:f4:e2:c6:fe:15:c8:af:07:20:a3:
                    5d:c4:cf:f8:b8:42:5b:c6:ff:73:a3:30:72:ee:af:
                    1a:06:f9:ad:a2:c8:3f:1a:b5:3a:68:b7:09:e3:90:
                    12:8e:b5:7d:1b:ff:c5:16:21:0a:ae:14:b2:20:6a:
                    da:c1:34:fc:9c:a3:d7:f0:68:53:11:65:80:93:2c:
                    d3:74:41:a4:ee:58:a2:09:34:d1:31:4f:ef:f7:45:
                    4a:83:79:6d:ab:de:ec:51:93:23:ce:26:2c:67:ad:
                    5b:6e:45:17:03:6d:01:a3:21:af:2f:2f:dd:29:f5:
                    4f:eb:ea:36:a3:b3:46:06:9e:2b:55:a5:10:14:56:
                    12:c2:00:f1:39:2b:cf:b3:0e:16:b6:36:cb:72:bf:
                    c0:56:6b:6c:77:39:1a:ea:c8:ff:0e:d1:11:1a:95:
                    d1:8f:2f:70:c4:a8:be:41:0e:6f:3a:15:9c:d0:60:
                    5d:17:d4:89:97:7d:ae:f0:00:21:33:91:50:e9:84:
                    10:ce:af:06:fa:27:8b:05:e6:c0:03:74:7a:6e:cf:
                    86:6a:94:a4:54:a4:c6:40:a9:28:19:f5:1b:3f:66:
                    49:f2:0f:b7:8e:4e:08:86:e8:99:e6:e6:59:19:e3:
                    ad:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:11:26:7E:BA:FD:05:73:0F:EC:9C:44:08:61:A8:FE:0C:A6:CD:45
            X509v3 Authority Key Identifier:
                keyid:4A:6D:28:17:49:1D:D2:CD:06:78:06:8E:35:A9:EF:C6:86:67:DF:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sm0oF0kd0s0GeAaONanvxoZn3wI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/whEmfrr9BXMP7JxECGGo_gymzUU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/9488c7-849c-4ff1-ab4c-ae9283e7964e/1/Sm0oF0kd0s0GeAaONanvxoZn3wI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4646:700::/44

    Signature Algorithm: sha256WithRSAEncryption
         be:62:ea:d7:46:ad:01:ad:aa:0c:c5:f9:5d:96:91:8c:e1:73:
         95:c5:34:8f:cf:1b:4d:46:28:fd:ba:d3:43:54:e4:65:05:a1:
         6f:4b:0c:be:d6:e5:bf:b2:d4:66:0c:00:cd:9f:8f:72:11:b6:
         4b:9b:45:e6:20:21:11:9d:9f:46:53:c0:39:cf:27:42:ed:39:
         c4:b4:9d:4a:1a:92:00:8f:b0:8d:21:52:9d:0d:10:af:3a:f1:
         28:40:80:11:78:3b:f6:34:8a:00:20:4e:4e:34:4b:ce:cc:56:
         d6:6a:dd:c1:5c:2c:26:fb:5a:12:bc:30:c9:d0:85:90:0b:f3:
         f7:4b:a8:8a:b7:68:ac:ae:00:eb:1f:a8:cd:35:4d:21:65:4d:
         e9:2a:ce:d7:2f:ea:a9:75:4e:07:fe:e5:c0:a6:de:9a:93:48:
         64:ec:cb:5f:19:47:07:87:b6:72:2f:59:a4:ca:82:56:ce:b9:
         89:d5:e1:bf:c6:93:a3:f2:7a:7a:93:1b:f2:4b:dc:ee:38:9b:
         79:48:8a:4b:56:09:b7:1f:c9:ad:fe:75:ec:ec:43:5b:7a:92:
         c7:86:d9:17:13:3e:8b:2a:24:e2:52:d6:9b:da:46:bc:30:2a:
         45:4e:1b:74:82:12:6e:25:2b:c7:97:6b:5a:50:56:04:97:82:
         fe:bd:a4:38
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ5qxhYybHuOL1EKOiaZuK/ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNmQyODE3NDkxZGQyY2QwNjc4MDY4ZTM1YTllZmM2ODY2
N2RmMDIwHhcNMjYwNTI3MTg1MDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjExMjY3ZWJhZmQwNTczMGZlYzljNDQwODYxYThmZTBjYTZjZDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6mVYGWXdUojUcSfMsI1urfO3PTi
xv4VyK8HIKNdxM/4uEJbxv9zozBy7q8aBvmtosg/GrU6aLcJ45ASjrV9G//FFiEK
rhSyIGrawTT8nKPX8GhTEWWAkyzTdEGk7liiCTTRMU/v90VKg3ltq97sUZMjziYs
Z61bbkUXA20BoyGvLy/dKfVP6+o2o7NGBp4rVaUQFFYSwgDxOSvPsw4WtjbLcr/A
Vmtsdzka6sj/DtERGpXRjy9wxKi+QQ5vOhWc0GBdF9SJl32u8AAhM5FQ6YQQzq8G
+ieLBebAA3R6bs+GapSkVKTGQKkoGfUbP2ZJ8g+3jk4IhuiZ5uZZGeOtWQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMIRJn66/QVzD+ycRAhhqP4Mps1FMB8GA1UdIwQY
MBaAFEptKBdJHdLNBngGjjWp78aGZ98CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMt
YWU5MjgzZTc5NjRlLzEvd2hFbWZycjlCWE1QN0p4RUNHR29fZ3ltelVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC85NDg4YzctODQ5Yy00ZmYxLWFiNGMtYWU5MjgzZTc5NjRl
LzEvU20wb0Ywa2QwczBHZUFhT05hbnZ4b1puM3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhBGRgcA
MA0GCSqGSIb3DQEBCwUAA4IBAQC+YurXRq0BraoMxfldlpGM4XOVxTSPzxtNRij9
utNDVORlBaFvSwy+1uW/stRmDADNn49yEbZLm0XmICERnZ9GU8A5zydC7TnEtJ1K
GpIAj7CNIVKdDRCvOvEoQIAReDv2NIoAIE5ONEvOzFbWat3BXCwm+1oSvDDJ0IWQ
C/P3S6iKt2isrgDrH6jNNU0hZU3pKs7XL+qpdU4H/uXApt6ak0hk7MtfGUcHh7Zy
L1mkyoJWzrmJ1eG/xpOj8np6kxvyS9zuOJt5SIpLVgm3H8mt/nXs7ENbepLHhtkX
Ez6LKiTiUtab2ka8MCpFTht0ghJuJSvHl2taUFYEl4L+vaQ4
-----END CERTIFICATE-----