Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/2166a8-357c-4cf6-b6f2-f8d6d1a74b1d/1/8nmID8YSgejdLQDU1TdrXV697zE.roa
File:                     8nmID8YSgejdLQDU1TdrXV697zE.roa (raw, json)
Hash identifier:          KrMGBak4/fIs5j7LDuELbl6SHABXQ17c4ySNducYIik=
Subject key identifier:   F2:79:88:0F:C6:12:81:E8:DD:2D:00:D4:D5:37:6B:5D:5E:BD:EF:31
Certificate issuer:       /CN=7e39825b26775e1551072f457d1edfd9d0ebe2df
Certificate serial:       019B7C131C582DCD54BB36143E4D2EC637C7
Authority key identifier: 7E:39:82:5B:26:77:5E:15:51:07:2F:45:7D:1E:DF:D9:D0:EB:E2:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fjmCWyZ3XhVRBy9FfR7f2dDr4t8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/2166a8-357c-4cf6-b6f2-f8d6d1a74b1d/1/8nmID8YSgejdLQDU1TdrXV697zE.roa
Signing time:             Fri 02 Jan 2026 00:19:45 +0000
ROA not before:           Fri 02 Jan 2026 00:19:45 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51011
IP address blocks:        2a03:5a00:2e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/2166a8-357c-4cf6-b6f2-f8d6d1a74b1d/1/fjmCWyZ3XhVRBy9FfR7f2dDr4t8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/2166a8-357c-4cf6-b6f2-f8d6d1a74b1d/1/fjmCWyZ3XhVRBy9FfR7f2dDr4t8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fjmCWyZ3XhVRBy9FfR7f2dDr4t8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:13:1c:58:2d:cd:54:bb:36:14:3e:4d:2e:c6:37:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e39825b26775e1551072f457d1edfd9d0ebe2df
        Validity
            Not Before: Jan  2 00:19:45 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f279880fc61281e8dd2d00d4d5376b5d5ebdef31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:d9:65:5c:01:ee:50:d0:88:30:01:4e:85:06:
                    98:a1:7a:71:a0:b2:fd:22:5d:5d:11:f6:74:e1:71:
                    7d:73:0c:4e:8b:a6:cb:d6:64:3b:c9:e4:8b:bf:a2:
                    0e:42:a3:d4:1a:69:4e:d7:05:3d:86:5e:c1:82:25:
                    7c:84:86:7a:ea:75:2e:c8:34:4e:7d:49:8f:cb:8a:
                    14:2e:4a:8a:f2:85:58:c6:08:a1:bf:44:7f:d2:1b:
                    fd:d8:16:d8:be:13:5b:9a:58:be:aa:f0:0c:40:32:
                    a9:9d:0f:c4:11:c0:98:ec:b0:23:13:41:d9:f2:10:
                    ca:25:39:17:2e:9d:e2:6d:bb:93:83:df:77:73:43:
                    6c:c1:1b:95:5a:a3:54:a8:be:87:0e:42:20:7b:b8:
                    13:cb:18:42:cd:02:42:2a:45:f0:e2:ea:87:a2:14:
                    f4:dc:82:8f:4d:ba:2f:1c:69:97:2d:b4:64:21:34:
                    3b:b4:8f:ce:f6:5c:ad:19:36:59:58:b7:d1:78:7c:
                    e9:84:1e:65:85:47:da:d5:c0:fc:26:53:71:1c:58:
                    41:98:0c:84:e4:5e:9b:52:7d:79:da:f8:b7:1f:6e:
                    14:f6:cf:1e:34:21:7c:09:da:e6:66:48:a4:99:c1:
                    ee:09:d8:8c:4d:3c:1c:dd:36:18:08:b6:b0:c6:88:
                    6e:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:79:88:0F:C6:12:81:E8:DD:2D:00:D4:D5:37:6B:5D:5E:BD:EF:31
            X509v3 Authority Key Identifier:
                keyid:7E:39:82:5B:26:77:5E:15:51:07:2F:45:7D:1E:DF:D9:D0:EB:E2:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fjmCWyZ3XhVRBy9FfR7f2dDr4t8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/2166a8-357c-4cf6-b6f2-f8d6d1a74b1d/1/8nmID8YSgejdLQDU1TdrXV697zE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/2166a8-357c-4cf6-b6f2-f8d6d1a74b1d/1/fjmCWyZ3XhVRBy9FfR7f2dDr4t8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5a00:2e::/48

    Signature Algorithm: sha256WithRSAEncryption
         16:1e:de:d5:ab:b0:3d:e7:33:2b:5a:c3:48:f5:db:72:44:5f:
         a2:f2:67:6d:b9:0a:7e:d9:89:c5:46:b9:1f:ee:3e:55:61:8a:
         eb:b3:e0:3a:1d:4b:d4:68:1b:3a:b2:2a:0f:4e:5c:61:9b:ef:
         5a:12:19:0c:3c:33:d9:f4:bb:8c:f6:a4:04:b4:8d:4d:df:9c:
         74:7a:9a:bd:1a:42:53:9e:7c:7d:76:87:30:63:6a:0b:cd:42:
         88:35:80:65:7b:db:86:1a:ff:a3:85:dc:01:3b:f7:99:2f:06:
         85:4f:b6:c2:d3:f4:7f:98:6d:c2:0f:0a:51:9e:08:9b:d3:76:
         ca:8a:70:11:52:6d:7b:50:c7:5d:fa:7f:0a:5e:fe:ba:3e:38:
         5e:73:14:c2:da:7d:df:fe:a5:30:bc:ba:19:d6:0e:9a:38:75:
         d8:b6:8d:67:e5:78:1b:30:6a:b7:eb:66:bd:32:a7:4c:d2:c9:
         91:b7:99:0d:c5:14:87:41:d2:0e:55:08:c7:32:db:41:7f:e6:
         a2:64:64:c5:e6:c8:39:68:55:fa:b8:8c:e2:d0:b9:91:82:44:
         9d:4c:72:f3:e0:cb:41:cb:bb:ea:d8:91:c3:f4:b4:2c:b3:77:
         b8:4c:30:52:2e:36:28:96:a2:4b:97:61:a5:25:a9:87:e5:20:
         ea:fe:6b:9a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt8ExxYLc1UuzYUPk0uxjfHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMzk4MjViMjY3NzVlMTU1MTA3MmY0NTdkMWVkZmQ5ZDBl
YmUyZGYwHhcNMjYwMTAyMDAxOTQ1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjc5ODgwZmM2MTI4MWU4ZGQyZDAwZDRkNTM3NmI1ZDVlYmRlZjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9llXAHuUNCIMAFOhQaYoXpxoLL9
Il1dEfZ04XF9cwxOi6bL1mQ7yeSLv6IOQqPUGmlO1wU9hl7BgiV8hIZ66nUuyDRO
fUmPy4oULkqK8oVYxgihv0R/0hv92BbYvhNbmli+qvAMQDKpnQ/EEcCY7LAjE0HZ
8hDKJTkXLp3ibbuTg993c0NswRuVWqNUqL6HDkIge7gTyxhCzQJCKkXw4uqHohT0
3IKPTbovHGmXLbRkITQ7tI/O9lytGTZZWLfReHzphB5lhUfa1cD8JlNxHFhBmAyE
5F6bUn152vi3H24U9s8eNCF8CdrmZkikmcHuCdiMTTwc3TYYCLawxohuUwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPJ5iA/GEoHo3S0A1NU3a11eve8xMB8GA1UdIwQY
MBaAFH45glsmd14VUQcvRX0e39nQ6+LfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmptQ1d5WjNYaFZSQnk5RmZSN2YyZERyNHQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi8yMTY2YTgtMzU3Yy00Y2Y2LWI2ZjIt
ZjhkNmQxYTc0YjFkLzEvOG5tSUQ4WVNnZWpkTFFEVTFUZHJYVjY5N3pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi8yMTY2YTgtMzU3Yy00Y2Y2LWI2ZjItZjhkNmQxYTc0YjFk
LzEvZmptQ1d5WjNYaFZSQnk5RmZSN2YyZERyNHQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNaAAAu
MA0GCSqGSIb3DQEBCwUAA4IBAQAWHt7Vq7A95zMrWsNI9dtyRF+i8mdtuQp+2YnF
Rrkf7j5VYYrrs+A6HUvUaBs6sioPTlxhm+9aEhkMPDPZ9LuM9qQEtI1N35x0epq9
GkJTnnx9docwY2oLzUKINYBle9uGGv+jhdwBO/eZLwaFT7bC0/R/mG3CDwpRngib
03bKinARUm17UMdd+n8KXv66PjhecxTC2n3f/qUwvLoZ1g6aOHXYto1n5XgbMGq3
62a9MqdM0smRt5kNxRSHQdIOVQjHMttBf+aiZGTF5sg5aFX6uIzi0LmRgkSdTHLz
4MtBy7vq2JHD9LQss3e4TDBSLjYolqJLl2GlJamH5SDq/mua
-----END CERTIFICATE-----