Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/KClfXxgk0wRzsCWY2cBjE-9OUBw.roa
File:                     KClfXxgk0wRzsCWY2cBjE-9OUBw.roa (raw, json)
Hash identifier:          mZTkzVHUlv75y3/sF2jX1yQ3NF8yk3kbKCgMEXnClVc=
Subject key identifier:   28:29:5F:5F:18:24:D3:04:73:B0:25:98:D9:C0:63:13:EF:4E:50:1C
Certificate issuer:       /CN=7d04c25c2f8b47e5daf52d1c4c5a50999dd0a0a9
Certificate serial:       019CA9DF44A2FF33D355689B8702DE139E0A
Authority key identifier: 7D:04:C2:5C:2F:8B:47:E5:DA:F5:2D:1C:4C:5A:50:99:9D:D0:A0:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/KClfXxgk0wRzsCWY2cBjE-9OUBw.roa
Signing time:             Sun 01 Mar 2026 14:48:27 +0000
ROA not before:           Sun 01 Mar 2026 14:48:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204543
IP address blocks:        2a04:ff00:103::/48 maxlen: 48
                          2a04:ff00:104::/48 maxlen: 48
                          2a04:ff00:105::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:a9:df:44:a2:ff:33:d3:55:68:9b:87:02:de:13:9e:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d04c25c2f8b47e5daf52d1c4c5a50999dd0a0a9
        Validity
            Not Before: Mar  1 14:48:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=28295f5f1824d30473b02598d9c06313ef4e501c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:d0:1a:63:45:28:95:0b:52:98:e9:69:ff:a1:
                    08:cb:73:02:9b:10:59:9a:9f:1e:56:35:7d:04:4a:
                    f4:bd:09:ff:25:16:4d:dc:eb:b0:40:28:e5:e4:74:
                    5d:ce:80:10:fa:69:e7:55:06:3a:92:1c:e6:dc:dc:
                    00:0c:01:02:e8:e3:b1:ee:60:6b:7e:f3:95:07:a8:
                    d1:99:32:48:9b:72:86:bf:69:e4:4a:e6:e6:8f:a2:
                    72:a0:46:7f:6b:e4:f4:b7:4c:61:87:25:75:93:ef:
                    2a:92:63:81:ab:22:ff:34:9f:49:e0:c1:01:20:33:
                    7b:12:83:48:e9:67:91:c1:4a:47:eb:30:21:52:ca:
                    04:e5:f9:3e:59:11:18:1a:32:d9:6d:d3:9d:ae:78:
                    90:09:07:76:36:42:e8:5a:13:fe:e1:ca:15:6c:ea:
                    f5:ac:5c:4e:f5:62:46:e2:25:51:4a:0e:e1:26:eb:
                    e2:66:27:a7:f0:b3:1e:75:89:a8:c4:a0:a8:a1:8e:
                    61:6a:dc:72:47:14:fd:8d:6c:eb:38:6f:2f:d3:2f:
                    31:12:93:dc:71:3b:4b:0f:32:fb:91:74:95:c3:31:
                    d8:9c:f9:57:40:a7:70:d2:75:26:75:c3:c0:44:6f:
                    09:6e:08:fd:9f:22:25:cf:a4:4d:75:61:9a:e9:58:
                    73:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:29:5F:5F:18:24:D3:04:73:B0:25:98:D9:C0:63:13:EF:4E:50:1C
            X509v3 Authority Key Identifier:
                keyid:7D:04:C2:5C:2F:8B:47:E5:DA:F5:2D:1C:4C:5A:50:99:9D:D0:A0:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/KClfXxgk0wRzsCWY2cBjE-9OUBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/971cc4-54d5-4c28-a1c3-e63e94cba09f/1/fQTCXC-LR-Xa9S0cTFpQmZ3QoKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:ff00:103::-2a04:ff00:105:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         2a:19:72:5b:51:b8:41:81:40:6a:ba:53:ac:2f:41:4a:08:29:
         25:6d:31:92:1e:78:30:16:27:9f:4e:9c:11:35:06:46:6e:a2:
         20:6f:e8:d3:c0:89:7f:d4:1f:2c:8f:24:db:bc:c6:cc:55:e0:
         9d:21:64:d6:11:31:ac:8f:c2:50:d3:56:03:0f:e6:8d:cc:d2:
         fc:3f:7e:68:68:3b:e4:f2:1c:f7:08:65:35:74:e1:b7:0b:36:
         9e:ac:dd:4a:08:c7:58:95:cd:b8:90:83:b3:1a:ed:dd:35:7f:
         27:d4:1f:e5:d9:08:07:11:c3:c0:05:d0:61:10:8f:76:c5:ff:
         23:20:44:11:94:34:1c:15:31:56:20:23:af:f8:7d:50:b4:28:
         3b:eb:9b:09:ae:aa:ec:ce:94:3b:5b:f6:20:06:35:a1:e4:01:
         3c:8b:60:bb:60:33:fd:d2:45:82:bf:76:f5:6c:f4:e9:7e:3a:
         56:85:ab:cc:63:36:bf:52:c6:fd:82:cc:08:a4:a4:67:9a:51:
         af:6a:61:d6:43:34:60:d7:24:00:7f:8b:c6:1a:59:3f:49:34:
         ca:ab:44:dc:72:39:28:93:2a:8a:91:9d:02:fb:a7:e0:9e:78:
         d8:d8:4d:dd:e7:ef:65:08:ad:6b:7a:70:6b:c7:ae:c5:97:9d:
         b3:48:bf:8d
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZyp30Si/zPTVWibhwLeE54KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDRjMjVjMmY4YjQ3ZTVkYWY1MmQxYzRjNWE1MDk5OWRk
MGEwYTkwHhcNMjYwMzAxMTQ0ODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODI5NWY1ZjE4MjRkMzA0NzNiMDI1OThkOWMwNjMxM2VmNGU1MDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7NAaY0UolQtSmOlp/6EIy3MCmxBZ
mp8eVjV9BEr0vQn/JRZN3OuwQCjl5HRdzoAQ+mnnVQY6khzm3NwADAEC6OOx7mBr
fvOVB6jRmTJIm3KGv2nkSubmj6JyoEZ/a+T0t0xhhyV1k+8qkmOBqyL/NJ9J4MEB
IDN7EoNI6WeRwUpH6zAhUsoE5fk+WREYGjLZbdOdrniQCQd2NkLoWhP+4coVbOr1
rFxO9WJG4iVRSg7hJuviZien8LMedYmoxKCooY5hatxyRxT9jWzrOG8v0y8xEpPc
cTtLDzL7kXSVwzHYnPlXQKdw0nUmdcPARG8Jbgj9nyIlz6RNdWGa6Vhz0QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFCgpX18YJNMEc7AlmNnAYxPvTlAcMB8GA1UdIwQY
MBaAFH0Ewlwvi0fl2vUtHExaUJmd0KCpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFUQ1hDLUxSLVhhOVMwY1RGcFFtWjNRb0trLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC85NzFjYzQtNTRkNS00YzI4LWExYzMt
ZTYzZTk0Y2JhMDlmLzEvS0NsZlh4Z2swd1J6c0NXWTJjQmpFLTlPVUJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC85NzFjYzQtNTRkNS00YzI4LWExYzMtZTYzZTk0Y2JhMDlm
LzEvZlFUQ1hDLUxSLVhhOVMwY1RGcFFtWjNRb0trLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAqBP8A
AQMDBwEqBP8AAQQwDQYJKoZIhvcNAQELBQADggEBACoZcltRuEGBQGq6U6wvQUoI
KSVtMZIeeDAWJ59OnBE1BkZuoiBv6NPAiX/UHyyPJNu8xsxV4J0hZNYRMayPwlDT
VgMP5o3M0vw/fmhoO+TyHPcIZTV04bcLNp6s3UoIx1iVzbiQg7Ma7d01fyfUH+XZ
CAcRw8AF0GEQj3bF/yMgRBGUNBwVMVYgI6/4fVC0KDvrmwmuquzOlDtb9iAGNaHk
ATyLYLtgM/3SRYK/dvVs9Ol+OlaFq8xjNr9Sxv2CzAikpGeaUa9qYdZDNGDXJAB/
i8YaWT9JNMqrRNxyOSiTKoqRnQL7p+CeeNjYTd3n72UIrWt6cGvHrsWXnbNIv40=
-----END CERTIFICATE-----