Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/hDsAZMupTJ_n4u29BtW-eznu634.roa
File:                     hDsAZMupTJ_n4u29BtW-eznu634.roa (raw, json)
Hash identifier:          XsZW6i7wcM75RLPMnGlqjpXGPbDj3RWAjEuhw+VI1zI=
Subject key identifier:   84:3B:00:64:CB:A9:4C:9F:E7:E2:ED:BD:06:D5:BE:7B:39:EE:EB:7E
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019EA73F68005CB1AA49EF6764374F5AE73F
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/hDsAZMupTJ_n4u29BtW-eznu634.roa
Signing time:             Mon 08 Jun 2026 12:40:10 +0000
ROA not before:           Mon 08 Jun 2026 12:40:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219515
IP address blocks:        2a0c:b641:c80::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a7:3f:68:00:5c:b1:aa:49:ef:67:64:37:4f:5a:e7:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jun  8 12:40:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=843b0064cba94c9fe7e2edbd06d5be7b39eeeb7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:fb:9b:f9:99:1e:f5:ef:76:a4:5b:34:82:f6:
                    ea:cc:25:99:f9:2e:9d:c2:cf:a0:08:7b:50:3c:bb:
                    b5:a3:ba:ef:16:9f:4e:bc:27:34:ee:0c:77:4b:34:
                    f1:7b:47:72:25:27:0b:1b:29:f0:53:55:60:1f:d6:
                    01:c9:1c:55:e7:40:f4:b5:6f:c0:c1:8f:50:14:1b:
                    81:9d:8f:35:2f:a9:4c:8c:3a:c4:57:66:7a:26:c9:
                    ad:dc:e0:e4:f0:85:bc:4f:e0:e7:58:66:8b:fc:2b:
                    9f:50:1e:11:e8:2e:d1:56:7b:01:a6:48:a7:7f:26:
                    1d:e8:c2:f8:b9:25:77:a6:40:8f:8a:86:66:9b:01:
                    e7:2f:02:4d:9a:18:ce:26:dd:9f:63:e3:29:5f:95:
                    28:48:d7:0d:c9:49:ca:57:b5:f8:e3:4f:fa:5f:49:
                    b4:71:58:44:be:19:19:1d:cd:f5:92:ff:49:25:3a:
                    a4:05:2f:b8:d4:8a:f2:b6:7b:10:38:ac:bc:9d:09:
                    1c:c7:12:aa:3e:04:d5:48:fe:e8:9e:1e:ce:d5:24:
                    1e:e2:7f:2b:8f:c5:34:94:9b:5a:d2:9e:a8:13:4c:
                    8d:59:ca:5f:ec:87:2b:8b:f8:28:b3:b0:92:f8:df:
                    c9:19:f9:52:bd:0d:f4:c1:e1:d4:9b:94:4f:76:d3:
                    cb:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:3B:00:64:CB:A9:4C:9F:E7:E2:ED:BD:06:D5:BE:7B:39:EE:EB:7E
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/hDsAZMupTJ_n4u29BtW-eznu634.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:c80::/44

    Signature Algorithm: sha256WithRSAEncryption
         75:7d:c8:84:5e:ba:b3:5b:91:4c:9c:5c:1a:1a:2a:3d:c4:fa:
         7d:f7:25:63:41:88:6d:f2:d3:24:b8:80:cb:b4:ad:0b:3e:1d:
         8f:21:0e:96:34:a4:79:fe:c0:91:31:47:06:60:ce:e7:92:01:
         6a:84:1b:e9:c4:85:61:ac:e5:51:8d:5c:b0:9d:84:7f:2d:e0:
         80:7c:dd:6a:c6:44:ae:e8:a5:cf:62:e7:71:67:88:86:35:25:
         32:63:bd:8e:68:43:ce:c4:03:f7:00:33:8a:6e:cb:65:b2:55:
         89:bb:c7:f9:44:b2:f1:ff:85:c4:03:76:c4:44:64:0e:46:6a:
         74:b3:b9:16:76:e1:fc:33:6f:4b:34:e7:5b:aa:2d:77:56:36:
         76:61:f6:33:69:5b:21:aa:cc:ab:b1:74:10:83:74:72:a9:06:
         8f:76:49:8c:e8:9f:37:55:26:62:86:36:41:3e:c9:8a:07:a1:
         de:10:8b:c4:d4:41:e4:13:00:39:0c:09:c8:4a:c1:79:c5:5a:
         4d:e4:e0:61:f4:d0:26:48:b2:4b:0a:d1:df:fd:0b:01:44:2b:
         e0:93:ce:07:9f:ee:e6:16:dc:de:4b:c9:97:c5:ea:7a:c7:98:
         a8:3f:24:8f:c7:66:49:0c:49:12:e2:65:45:52:8c:f4:94:44:
         3c:94:50:c0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ6nP2gAXLGqSe9nZDdPWuc/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwNjA4MTI0MDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDNiMDA2NGNiYTk0YzlmZTdlMmVkYmQwNmQ1YmU3YjM5ZWVlYjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy/ub+Zke9e92pFs0gvbqzCWZ+S6d
ws+gCHtQPLu1o7rvFp9OvCc07gx3SzTxe0dyJScLGynwU1VgH9YByRxV50D0tW/A
wY9QFBuBnY81L6lMjDrEV2Z6Jsmt3ODk8IW8T+DnWGaL/CufUB4R6C7RVnsBpkin
fyYd6ML4uSV3pkCPioZmmwHnLwJNmhjOJt2fY+MpX5UoSNcNyUnKV7X440/6X0m0
cVhEvhkZHc31kv9JJTqkBS+41IrytnsQOKy8nQkcxxKqPgTVSP7onh7O1SQe4n8r
j8U0lJta0p6oE0yNWcpf7Icri/gos7CS+N/JGflSvQ30weHUm5RPdtPLHwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIQ7AGTLqUyf5+LtvQbVvns57ut+MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvaERzQVpNdXBUSl9uNHUyOUJ0Vy1lem51NjM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQyA
MA0GCSqGSIb3DQEBCwUAA4IBAQB1fciEXrqzW5FMnFwaGio9xPp99yVjQYht8tMk
uIDLtK0LPh2PIQ6WNKR5/sCRMUcGYM7nkgFqhBvpxIVhrOVRjVywnYR/LeCAfN1q
xkSu6KXPYudxZ4iGNSUyY72OaEPOxAP3ADOKbstlslWJu8f5RLLx/4XEA3bERGQO
Rmp0s7kWduH8M29LNOdbqi13VjZ2YfYzaVshqsyrsXQQg3RyqQaPdkmM6J83VSZi
hjZBPsmKB6HeEIvE1EHkEwA5DAnISsF5xVpN5OBh9NAmSLJLCtHf/QsBRCvgk84H
n+7mFtzeS8mXxep6x5ioPySPx2ZJDEkS4mVFUoz0lEQ8lFDA
-----END CERTIFICATE-----