Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/aXqn4kbdTiISCg3qjch21kWiAS0.roa
File:                     aXqn4kbdTiISCg3qjch21kWiAS0.roa (raw, json)
Hash identifier:          fWTEPBg8GhRwpF6veTh6PUPLm3Q1obhdo3c/16/83Z4=
Subject key identifier:   69:7A:A7:E2:46:DD:4E:22:12:0A:0D:EA:8D:C8:76:D6:45:A2:01:2D
Certificate issuer:       /CN=992b86095ce558d2e9618728a44228a27be9098f
Certificate serial:       019B78355B0A12BE1AC7F2F6A051D5040074
Authority key identifier: 99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/aXqn4kbdTiISCg3qjch21kWiAS0.roa
Signing time:             Thu 01 Jan 2026 06:18:41 +0000
ROA not before:           Thu 01 Jan 2026 06:18:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     50628
IP address blocks:        2a0e:d500::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:35:5b:0a:12:be:1a:c7:f2:f6:a0:51:d5:04:00:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=992b86095ce558d2e9618728a44228a27be9098f
        Validity
            Not Before: Jan  1 06:18:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=697aa7e246dd4e22120a0dea8dc876d645a2012d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:1d:a2:d9:0e:03:a1:d1:cc:a3:33:1a:9a:79:
                    be:15:e0:23:88:6b:b8:39:29:90:f5:cb:36:aa:94:
                    21:47:d0:19:a3:33:26:5c:7b:52:e9:fd:ce:bd:c8:
                    0e:49:f4:63:3b:e6:e0:b9:98:02:7e:24:1c:90:d0:
                    f2:54:b5:e1:af:80:64:08:06:26:a8:9b:68:22:43:
                    77:06:a4:d5:1e:1d:86:d5:e1:1d:4f:ed:ee:02:09:
                    38:7d:6f:27:68:73:dc:f2:64:7d:57:d1:73:f1:22:
                    92:e9:35:8b:a2:6a:5f:67:c8:60:2d:af:17:2f:28:
                    57:c8:26:9d:c3:48:04:3e:1d:01:85:41:ad:2b:60:
                    2a:cd:41:05:ce:96:0a:d6:9b:c9:f3:0f:d8:69:d6:
                    c5:6e:53:2b:cc:c2:52:f8:1e:03:8b:59:fd:79:9a:
                    11:06:fc:48:9d:e5:a6:3a:7f:2b:91:2b:9e:9f:cd:
                    f0:9e:b3:26:36:d0:c5:8f:f6:e6:38:ed:a4:af:50:
                    c0:9d:10:bd:5a:e7:39:96:6e:b0:a2:b1:d8:3e:73:
                    de:40:8a:d0:59:2b:8f:ca:93:29:79:02:e5:27:be:
                    1a:65:2c:c6:b9:d1:29:7c:50:53:d0:dc:e1:6f:7b:
                    42:ad:c8:df:15:01:d8:42:96:e5:50:3a:a7:f9:c2:
                    77:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:7A:A7:E2:46:DD:4E:22:12:0A:0D:EA:8D:C8:76:D6:45:A2:01:2D
            X509v3 Authority Key Identifier:
                keyid:99:2B:86:09:5C:E5:58:D2:E9:61:87:28:A4:42:28:A2:7B:E9:09:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mSuGCVzlWNLpYYcopEIoonvpCY8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/aXqn4kbdTiISCg3qjch21kWiAS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/8ea9b9-3b6e-4fdf-b5d1-f04fdcc09e51/1/mSuGCVzlWNLpYYcopEIoonvpCY8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:d500::/29

    Signature Algorithm: sha256WithRSAEncryption
         0a:1e:fa:31:d0:a6:44:cf:c1:66:61:b5:da:18:43:b9:55:33:
         34:47:de:33:bd:73:de:41:e0:be:e7:7d:8b:12:ee:3e:ba:3f:
         97:99:dc:1e:06:33:88:51:45:c5:52:68:ee:0e:c7:3d:28:25:
         1f:7f:ba:f0:be:70:e0:45:c4:d3:af:a8:25:ef:95:0b:c1:99:
         8a:cd:6b:14:25:78:da:27:44:69:0c:9d:82:05:51:7f:1a:03:
         18:67:6b:d7:57:44:f3:e1:b8:76:a5:f6:1b:e2:30:29:1a:00:
         75:68:0b:de:8d:fa:43:a3:62:bf:c8:57:b8:7b:d6:88:89:b9:
         6d:68:da:cc:b6:2d:4b:a5:4c:b9:1b:ee:fd:41:88:3e:55:da:
         b8:85:86:9c:08:58:41:42:e6:22:39:74:17:c1:3a:2e:97:8d:
         40:b5:46:94:4f:74:6a:8d:d7:01:3a:58:9a:a5:a9:9c:d3:e4:
         75:3f:c3:78:eb:f4:6f:db:f7:da:3e:ab:95:79:ed:8d:2d:65:
         0d:55:58:98:03:c3:00:7d:f7:f6:ac:7e:30:6e:6a:db:e7:0a:
         b6:ee:2b:8d:e2:c4:ec:5a:27:87:08:cf:22:e8:9c:50:7f:63:
         ca:4e:93:3d:e1:ea:f5:96:7c:4e:d3:40:00:89:ae:2a:57:a7:
         78:b1:7e:f2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt4NVsKEr4ax/L2oFHVBAB0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5MmI4NjA5NWNlNTU4ZDJlOTYxODcyOGE0NDIyOGEyN2Jl
OTA5OGYwHhcNMjYwMTAxMDYxODQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTdhYTdlMjQ2ZGQ0ZTIyMTIwYTBkZWE4ZGM4NzZkNjQ1YTIwMTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxx2i2Q4DodHMozMamnm+FeAjiGu4
OSmQ9cs2qpQhR9AZozMmXHtS6f3OvcgOSfRjO+bguZgCfiQckNDyVLXhr4BkCAYm
qJtoIkN3BqTVHh2G1eEdT+3uAgk4fW8naHPc8mR9V9Fz8SKS6TWLompfZ8hgLa8X
LyhXyCadw0gEPh0BhUGtK2AqzUEFzpYK1pvJ8w/YadbFblMrzMJS+B4Di1n9eZoR
BvxIneWmOn8rkSuen83wnrMmNtDFj/bmOO2kr1DAnRC9Wuc5lm6worHYPnPeQIrQ
WSuPypMpeQLlJ74aZSzGudEpfFBT0Nzhb3tCrcjfFQHYQpblUDqn+cJ3+QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGl6p+JG3U4iEgoN6o3IdtZFogEtMB8GA1UdIwQY
MBaAFJkrhglc5VjS6WGHKKRCKKJ76QmPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEt
ZjA0ZmRjYzA5ZTUxLzEvYVhxbjRrYmRUaUlTQ2czcWpjaDIxa1dpQVMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS84ZWE5YjktM2I2ZS00ZmRmLWI1ZDEtZjA0ZmRjYzA5ZTUx
LzEvbVN1R0NWemxXTkxwWVljb3BFSW9vbnZwQ1k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg7VADAN
BgkqhkiG9w0BAQsFAAOCAQEACh76MdCmRM/BZmG12hhDuVUzNEfeM71z3kHgvud9
ixLuPro/l5ncHgYziFFFxVJo7g7HPSglH3+68L5w4EXE06+oJe+VC8GZis1rFCV4
2idEaQydggVRfxoDGGdr11dE8+G4dqX2G+IwKRoAdWgL3o36Q6Niv8hXuHvWiIm5
bWjazLYtS6VMuRvu/UGIPlXauIWGnAhYQULmIjl0F8E6LpeNQLVGlE90ao3XATpY
mqWpnNPkdT/DeOv0b9v32j6rlXntjS1lDVVYmAPDAH339qx+MG5q2+cKtu4rjeLE
7FonhwjPIuicUH9jyk6TPeHq9ZZ8TtNAAImuKleneLF+8g==
-----END CERTIFICATE-----