Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/8npSmn_scB2wLQ2YEj1EAqdopNo.roa
File:                     8npSmn_scB2wLQ2YEj1EAqdopNo.roa (raw, json)
Hash identifier:          rojG/0MSLlJ7Ienq8rqriwOAmJKTFFlaZmLGfHu1JW4=
Subject key identifier:   F2:7A:52:9A:7F:EC:70:1D:B0:2D:0D:98:12:3D:44:02:A7:68:A4:DA
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019C0A987AF750522E6E05FBD251D64649BE
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/8npSmn_scB2wLQ2YEj1EAqdopNo.roa
Signing time:             Thu 29 Jan 2026 16:31:30 +0000
ROA not before:           Thu 29 Jan 2026 16:31:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201853
IP address blocks:        2a0c:b641:930::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:0a:98:7a:f7:50:52:2e:6e:05:fb:d2:51:d6:46:49:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan 29 16:31:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f27a529a7fec701db02d0d98123d4402a768a4da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:18:13:1a:f5:a3:6d:b5:ec:1a:98:6e:aa:68:
                    d9:04:6b:dc:1c:8b:12:71:ad:05:71:91:20:14:ed:
                    0a:43:55:db:7c:7d:e7:47:44:32:e3:a2:a5:d9:ed:
                    2c:e7:dd:57:6d:2b:6c:b2:e8:7f:56:f9:5b:05:b6:
                    40:82:c4:96:ed:40:f3:9e:c7:d8:2b:47:7b:7d:36:
                    be:e6:c6:c6:e5:f7:1f:c4:dc:f6:7f:87:72:ef:24:
                    eb:c7:95:b2:cd:0b:75:6c:73:fc:79:1a:38:6b:08:
                    9f:f6:f3:1b:59:5d:3a:76:08:a0:e2:81:f7:5e:e0:
                    36:35:37:4e:4a:07:bc:c4:97:cd:f6:d3:68:98:5a:
                    9d:02:e2:37:96:02:9b:d9:a5:c6:04:c2:48:91:e7:
                    33:16:9e:aa:b8:37:36:f6:bc:19:2f:31:2a:06:dd:
                    b2:f4:e9:af:1b:3f:ab:5a:2f:84:b1:05:fa:ab:ce:
                    dd:1a:10:80:67:41:93:e2:6b:c8:c5:b1:4c:80:a2:
                    fc:93:4e:2c:78:e6:f6:92:cc:df:2e:ff:a1:6d:5a:
                    1d:0c:3c:f1:eb:45:7c:e9:62:06:c2:00:48:27:2e:
                    4e:4a:19:19:b6:50:df:d1:3b:d4:36:5b:44:02:21:
                    d2:90:46:75:b0:1f:aa:c0:7e:8f:51:03:bc:61:5a:
                    59:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:7A:52:9A:7F:EC:70:1D:B0:2D:0D:98:12:3D:44:02:A7:68:A4:DA
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/8npSmn_scB2wLQ2YEj1EAqdopNo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:930::/44

    Signature Algorithm: sha256WithRSAEncryption
         7c:78:67:e3:24:9a:5e:6d:50:84:69:83:9d:0d:6d:40:e6:24:
         69:8e:7c:fa:c1:9d:88:20:46:67:53:69:8a:c2:a9:50:8d:75:
         ce:00:95:84:ee:82:1b:14:7b:55:a8:de:93:63:dd:b0:1b:5e:
         59:41:10:8e:7f:80:da:8b:7c:d2:72:2c:12:17:58:ee:80:5c:
         29:25:f9:a9:57:61:fd:48:67:8b:71:a6:7e:90:ad:aa:61:15:
         8d:d4:a4:9d:e9:57:21:08:8a:9f:3d:2b:6b:91:a1:7d:42:a4:
         dd:6f:ae:53:7f:00:a2:d9:67:1a:ad:9b:a8:30:85:33:46:21:
         4c:7d:b4:08:49:ae:8a:07:33:cf:d9:dc:0a:20:36:2b:5b:23:
         c3:31:2c:07:92:cf:e8:a7:af:d7:b1:b1:3d:57:2c:b5:42:eb:
         0d:7c:28:b9:63:d4:bf:ac:69:e6:80:72:fe:2a:21:24:61:83:
         2c:cf:df:b3:66:ae:76:a2:82:00:b1:ab:b3:0d:46:c3:54:df:
         69:f4:ad:5c:af:a8:49:d2:70:08:7e:45:39:9b:c3:6c:01:dc:
         be:45:c9:45:4d:90:50:0d:e7:dc:7a:50:33:e7:8a:a9:d8:a3:
         de:cb:9b:fc:17:1e:48:65:20:0d:3d:5f:89:27:60:6f:30:8f:
         47:95:30:9b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZwKmHr3UFIubgX70lHWRkm+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwMTI5MTYzMTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjdhNTI5YTdmZWM3MDFkYjAyZDBkOTgxMjNkNDQwMmE3NjhhNGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlxgTGvWjbbXsGphuqmjZBGvcHIsS
ca0FcZEgFO0KQ1XbfH3nR0Qy46Kl2e0s591XbStssuh/VvlbBbZAgsSW7UDznsfY
K0d7fTa+5sbG5fcfxNz2f4dy7yTrx5WyzQt1bHP8eRo4awif9vMbWV06dgig4oH3
XuA2NTdOSge8xJfN9tNomFqdAuI3lgKb2aXGBMJIkeczFp6quDc29rwZLzEqBt2y
9OmvGz+rWi+EsQX6q87dGhCAZ0GT4mvIxbFMgKL8k04seOb2kszfLv+hbVodDDzx
60V86WIGwgBIJy5OShkZtlDf0TvUNltEAiHSkEZ1sB+qwH6PUQO8YVpZXwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPJ6Upp/7HAdsC0NmBI9RAKnaKTaMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvOG5wU21uX3NjQjJ3TFEyWUVqMUVBcWRvcE5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQkw
MA0GCSqGSIb3DQEBCwUAA4IBAQB8eGfjJJpebVCEaYOdDW1A5iRpjnz6wZ2IIEZn
U2mKwqlQjXXOAJWE7oIbFHtVqN6TY92wG15ZQRCOf4Dai3zSciwSF1jugFwpJfmp
V2H9SGeLcaZ+kK2qYRWN1KSd6VchCIqfPStrkaF9QqTdb65TfwCi2WcarZuoMIUz
RiFMfbQISa6KBzPP2dwKIDYrWyPDMSwHks/op6/XsbE9Vyy1QusNfCi5Y9S/rGnm
gHL+KiEkYYMsz9+zZq52ooIAsauzDUbDVN9p9K1cr6hJ0nAIfkU5m8NsAdy+RclF
TZBQDefcelAz54qp2KPey5v8Fx5IZSANPV+JJ2BvMI9HlTCb
-----END CERTIFICATE-----