Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/vsRZs78l22h0vnp-DI6scU3LKUA.roa
File:                     vsRZs78l22h0vnp-DI6scU3LKUA.roa (raw, json)
Hash identifier:          4WpHfFl6tIuHybFbUi60kzMtYBl55u5TXUCckR5iGfg=
Subject key identifier:   BE:C4:59:B3:BF:25:DB:68:74:BE:7A:7E:0C:8E:AC:71:4D:CB:29:40
Certificate issuer:       /CN=255876412d20fbb6cab823481782ac47703b4404
Certificate serial:       019D58F94AB3D273F3F63B937174D0FD32B4
Authority key identifier: 25:58:76:41:2D:20:FB:B6:CA:B8:23:48:17:82:AC:47:70:3B:44:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/vsRZs78l22h0vnp-DI6scU3LKUA.roa
Signing time:             Sat 04 Apr 2026 14:50:25 +0000
ROA not before:           Sat 04 Apr 2026 14:50:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199935
IP address blocks:        2a01:ffc7:302::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:58:f9:4a:b3:d2:73:f3:f6:3b:93:71:74:d0:fd:32:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=255876412d20fbb6cab823481782ac47703b4404
        Validity
            Not Before: Apr  4 14:50:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bec459b3bf25db6874be7a7e0c8eac714dcb2940
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:74:27:d0:7f:88:b7:0a:e7:2f:06:c0:5b:00:
                    03:8e:7f:8e:82:1e:95:7d:a6:a4:c9:7e:bd:6f:b3:
                    f9:72:66:1a:fe:50:6e:3a:8b:89:e5:1d:25:1e:ca:
                    bf:28:7c:4a:09:fd:47:a7:b3:9e:63:a7:72:ef:b1:
                    37:36:cc:f8:eb:82:22:64:6a:3c:4a:7f:a2:9e:ad:
                    0b:98:0e:c0:75:08:6e:bc:e7:a0:38:b1:aa:9e:14:
                    1c:e3:31:88:34:e7:63:53:ca:29:88:b2:e4:45:7c:
                    f3:e6:f8:34:69:2d:c4:c0:20:e0:11:2e:5f:c8:25:
                    a1:09:be:10:49:3b:15:43:b0:b0:61:2c:85:01:d8:
                    51:a9:0b:83:2f:db:c5:4c:53:4b:b8:68:92:a0:3e:
                    bb:5e:f9:02:f8:be:50:e0:e3:a1:43:e7:7a:79:b7:
                    d9:dd:b6:fa:11:1c:66:87:f3:ab:18:f6:c6:39:28:
                    88:4d:fd:df:a0:43:63:e0:43:dc:f7:2a:0c:fa:8a:
                    70:0b:31:a1:8b:40:06:6b:c8:ad:87:72:88:34:b3:
                    68:08:1f:08:bb:82:b1:9d:db:2b:f6:52:d6:96:3c:
                    36:9f:80:18:02:15:3b:9e:31:05:24:1e:05:b0:f1:
                    b0:ed:7a:15:94:b1:43:22:b5:8c:8d:12:b5:fc:e1:
                    26:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:C4:59:B3:BF:25:DB:68:74:BE:7A:7E:0C:8E:AC:71:4D:CB:29:40
            X509v3 Authority Key Identifier:
                keyid:25:58:76:41:2D:20:FB:B6:CA:B8:23:48:17:82:AC:47:70:3B:44:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/vsRZs78l22h0vnp-DI6scU3LKUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/dd062a-1319-4019-a551-876c7fca4b34/1/JVh2QS0g-7bKuCNIF4KsR3A7RAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ffc7:302::/48

    Signature Algorithm: sha256WithRSAEncryption
         77:60:db:62:e5:e8:fd:8a:2d:aa:85:e3:d1:8d:95:04:4c:b8:
         02:44:42:33:2e:57:25:8d:53:a7:db:5f:0b:72:09:ca:da:c8:
         30:31:42:fb:68:8f:64:9f:bf:15:53:6d:56:1d:ab:2a:99:3a:
         e3:9c:d2:4f:1f:a1:ec:82:2d:2a:9c:54:d2:72:55:55:20:17:
         f3:c6:0f:ba:4d:f3:65:7a:90:dc:c0:e2:8d:89:dc:e8:5a:fc:
         81:84:27:0a:88:3f:66:12:f2:62:27:2e:ef:1d:1d:cf:a3:fc:
         7d:12:65:4d:2b:2b:2b:da:89:ee:a8:0f:6c:e5:01:2a:03:54:
         79:0d:df:45:23:05:56:69:a7:63:12:61:28:93:0f:b8:61:28:
         30:40:12:27:b4:0c:55:14:9e:57:1e:90:11:4a:ca:3d:37:ad:
         ef:1a:c6:de:c3:5d:f0:31:34:58:3c:3a:ff:55:22:8d:2b:5b:
         d0:26:10:6c:1b:45:57:fc:09:af:01:f5:c1:4c:9d:39:7a:05:
         6a:3b:7d:ca:78:0f:da:43:ad:32:4e:15:91:8e:13:39:c1:e9:
         38:77:31:54:e9:80:e4:c5:34:29:5a:28:3d:8c:62:81:d2:12:
         39:45:0c:c1:05:05:65:32:2a:89:cd:14:10:31:4d:8f:a4:44:
         c3:cc:5a:06
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ1Y+Uqz0nPz9juTcXTQ/TK0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1NTg3NjQxMmQyMGZiYjZjYWI4MjM0ODE3ODJhYzQ3NzAz
YjQ0MDQwHhcNMjYwNDA0MTQ1MDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWM0NTliM2JmMjVkYjY4NzRiZTdhN2UwYzhlYWM3MTRkY2IyOTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqHQn0H+ItwrnLwbAWwADjn+Ogh6V
faakyX69b7P5cmYa/lBuOouJ5R0lHsq/KHxKCf1Hp7OeY6dy77E3Nsz464IiZGo8
Sn+inq0LmA7AdQhuvOegOLGqnhQc4zGINOdjU8opiLLkRXzz5vg0aS3EwCDgES5f
yCWhCb4QSTsVQ7CwYSyFAdhRqQuDL9vFTFNLuGiSoD67XvkC+L5Q4OOhQ+d6ebfZ
3bb6ERxmh/OrGPbGOSiITf3foENj4EPc9yoM+opwCzGhi0AGa8ith3KINLNoCB8I
u4Kxndsr9lLWljw2n4AYAhU7njEFJB4FsPGw7XoVlLFDIrWMjRK1/OEmmQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFL7EWbO/JdtodL56fgyOrHFNyylAMB8GA1UdIwQY
MBaAFCVYdkEtIPu2yrgjSBeCrEdwO0QEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlZoMlFTMGctN2JLdUNOSUY0S3NSM0E3UkFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9kZDA2MmEtMTMxOS00MDE5LWE1NTEt
ODc2YzdmY2E0YjM0LzEvdnNSWnM3OGwyMmgwdm5wLURJNnNjVTNMS1VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9kZDA2MmEtMTMxOS00MDE5LWE1NTEtODc2YzdmY2E0YjM0
LzEvSlZoMlFTMGctN2JLdUNOSUY0S3NSM0E3UkFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgH/xwMC
MA0GCSqGSIb3DQEBCwUAA4IBAQB3YNti5ej9ii2qhePRjZUETLgCREIzLlcljVOn
218LcgnK2sgwMUL7aI9kn78VU21WHasqmTrjnNJPH6Hsgi0qnFTSclVVIBfzxg+6
TfNlepDcwOKNidzoWvyBhCcKiD9mEvJiJy7vHR3Po/x9EmVNKysr2onuqA9s5QEq
A1R5Dd9FIwVWaadjEmEokw+4YSgwQBIntAxVFJ5XHpARSso9N63vGsbew13wMTRY
PDr/VSKNK1vQJhBsG0VX/AmvAfXBTJ05egVqO33KeA/aQ60yThWRjhM5wek4dzFU
6YDkxTQpWig9jGKB0hI5RQzBBQVlMiqJzRQQMU2PpETDzFoG
-----END CERTIFICATE-----