Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/tYUQAX2bb8bIk5CWPfYOSCaCmQc.roa
File:                     tYUQAX2bb8bIk5CWPfYOSCaCmQc.roa (raw, json)
Hash identifier:          1YtLVTh98vkeJgwJwdXvd2of5vStIlloCB8fhiERQG0=
Subject key identifier:   B5:85:10:01:7D:9B:6F:C6:C8:93:90:96:3D:F6:0E:48:26:82:99:07
Certificate issuer:       /CN=c2919334ad2ad53616c34fece96ce29230f86349
Certificate serial:       019E596A44881668B25BFCB57A0F346B87E6
Authority key identifier: C2:91:93:34:AD:2A:D5:36:16:C3:4F:EC:E9:6C:E2:92:30:F8:63:49
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wpGTNK0q1TYWw0_s6WzikjD4Y0k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/tYUQAX2bb8bIk5CWPfYOSCaCmQc.roa
Signing time:             Sun 24 May 2026 09:56:37 +0000
ROA not before:           Sun 24 May 2026 09:56:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        2a01:f040::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/wpGTNK0q1TYWw0_s6WzikjD4Y0k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/wpGTNK0q1TYWw0_s6WzikjD4Y0k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wpGTNK0q1TYWw0_s6WzikjD4Y0k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:59:6a:44:88:16:68:b2:5b:fc:b5:7a:0f:34:6b:87:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2919334ad2ad53616c34fece96ce29230f86349
        Validity
            Not Before: May 24 09:56:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b58510017d9b6fc6c89390963df60e4826829907
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:10:7c:b9:6a:d9:45:97:f3:d4:ea:b5:11:cc:
                    c9:91:ae:e8:dc:f8:db:09:cc:08:89:a1:c5:b4:a7:
                    cf:23:e4:b0:95:96:88:9a:3d:05:0b:cb:21:dd:0c:
                    5c:42:88:44:2b:af:25:ca:c2:50:db:09:fe:2e:a7:
                    3a:3d:27:c8:d5:8c:5b:eb:d5:31:5f:77:91:12:e8:
                    5f:77:cd:1d:9e:4c:4c:7d:ef:3c:0d:a0:7f:50:ec:
                    af:31:6c:78:6f:7b:42:f7:39:57:99:2b:b3:f4:95:
                    6c:fb:ff:f3:3c:04:20:a9:2b:92:c2:ec:59:76:03:
                    a2:fa:15:63:67:30:b7:74:d0:d0:67:f8:69:f2:98:
                    e1:b6:b4:6e:e5:82:e4:34:80:ec:a6:40:7b:19:a2:
                    8e:58:a9:fb:93:b0:0f:ec:c8:96:31:6e:7e:25:f3:
                    1c:f3:80:1e:b3:b0:4b:be:94:ff:b1:9b:d2:6e:e2:
                    eb:d8:83:4c:5c:ff:b7:b5:d6:e5:4c:58:5f:7b:33:
                    45:d1:f1:7e:25:27:5e:01:20:9f:80:4a:9b:35:d3:
                    4d:e8:0b:06:45:f4:29:6e:db:69:89:92:80:63:e1:
                    16:11:ab:f3:6d:35:6c:00:0e:d8:b2:9a:42:64:4c:
                    50:40:31:cb:1f:dd:b7:be:00:29:96:21:fd:39:7b:
                    77:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:85:10:01:7D:9B:6F:C6:C8:93:90:96:3D:F6:0E:48:26:82:99:07
            X509v3 Authority Key Identifier:
                keyid:C2:91:93:34:AD:2A:D5:36:16:C3:4F:EC:E9:6C:E2:92:30:F8:63:49

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wpGTNK0q1TYWw0_s6WzikjD4Y0k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/tYUQAX2bb8bIk5CWPfYOSCaCmQc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/894bdc-28a6-4c36-ba42-1653188d8126/1/wpGTNK0q1TYWw0_s6WzikjD4Y0k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f040::/29

    Signature Algorithm: sha256WithRSAEncryption
         85:b3:72:94:93:71:63:be:4e:a9:e3:dc:99:ea:5c:44:0b:88:
         4d:2d:34:f4:3c:55:5b:56:c0:80:71:64:20:a4:de:8b:69:aa:
         93:a8:b4:58:bb:09:b6:09:fe:22:bd:a2:d8:7d:7d:65:f0:71:
         a4:6b:72:66:6f:a0:e5:43:a0:cf:60:d1:e3:9a:4e:ad:10:e1:
         6d:ab:d4:47:65:e8:04:fe:5f:f2:9d:7c:44:4e:80:6c:b8:32:
         5f:fe:40:a7:5e:63:0c:6a:4c:64:d3:1b:7c:e6:b1:c8:f4:34:
         ef:fb:87:9c:7d:41:65:bf:15:71:f6:a0:1a:c0:d9:71:43:e4:
         fa:92:34:d4:68:e7:4e:f0:39:fc:13:c4:8e:83:5d:cd:3a:f9:
         d7:99:d2:b9:74:7a:bf:75:56:b5:24:ff:a8:81:d7:f5:22:a1:
         9c:f3:4c:34:f9:94:15:4c:d2:91:c0:61:eb:f4:a2:de:d0:59:
         cb:52:8d:a5:c5:3b:c8:f8:6e:3f:f0:e2:bc:99:36:13:b0:c4:
         f1:2d:23:1f:fc:7d:51:64:bb:2e:8f:39:19:5c:1b:43:b9:02:
         9b:54:b0:77:02:99:2a:3c:b8:4d:e2:0f:e4:75:86:56:ea:7b:
         40:09:60:2c:ea:98:fc:8a:96:d6:09:2d:ed:0e:e5:81:17:76:
         25:54:8a:9e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ5ZakSIFmiyW/y1eg80a4fmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyOTE5MzM0YWQyYWQ1MzYxNmMzNGZlY2U5NmNlMjkyMzBm
ODYzNDkwHhcNMjYwNTI0MDk1NjM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTg1MTAwMTdkOWI2ZmM2Yzg5MzkwOTYzZGY2MGU0ODI2ODI5OTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxB8uWrZRZfz1Oq1EczJka7o3Pjb
CcwIiaHFtKfPI+SwlZaImj0FC8sh3QxcQohEK68lysJQ2wn+Lqc6PSfI1Yxb69Ux
X3eREuhfd80dnkxMfe88DaB/UOyvMWx4b3tC9zlXmSuz9JVs+//zPAQgqSuSwuxZ
dgOi+hVjZzC3dNDQZ/hp8pjhtrRu5YLkNIDspkB7GaKOWKn7k7AP7MiWMW5+JfMc
84Aes7BLvpT/sZvSbuLr2INMXP+3tdblTFhfezNF0fF+JSdeASCfgEqbNdNN6AsG
RfQpbttpiZKAY+EWEavzbTVsAA7YsppCZExQQDHLH923vgApliH9OXt3ZQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLWFEAF9m2/GyJOQlj32DkgmgpkHMB8GA1UdIwQY
MBaAFMKRkzStKtU2FsNP7Ols4pIw+GNJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3BHVE5LMHExVFlXdzBfczZXemlrakQ0WTBrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi84OTRiZGMtMjhhNi00YzM2LWJhNDIt
MTY1MzE4OGQ4MTI2LzEvdFlVUUFYMmJiOGJJazVDV1BmWU9TQ2FDbVFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi84OTRiZGMtMjhhNi00YzM2LWJhNDItMTY1MzE4OGQ4MTI2
LzEvd3BHVE5LMHExVFlXdzBfczZXemlrakQ0WTBrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgHwQDAN
BgkqhkiG9w0BAQsFAAOCAQEAhbNylJNxY75OqePcmepcRAuITS009DxVW1bAgHFk
IKTei2mqk6i0WLsJtgn+Ir2i2H19ZfBxpGtyZm+g5UOgz2DR45pOrRDhbavUR2Xo
BP5f8p18RE6AbLgyX/5Ap15jDGpMZNMbfOaxyPQ07/uHnH1BZb8VcfagGsDZcUPk
+pI01GjnTvA5/BPEjoNdzTr515nSuXR6v3VWtST/qIHX9SKhnPNMNPmUFUzSkcBh
6/Si3tBZy1KNpcU7yPhuP/DivJk2E7DE8S0jH/x9UWS7Lo85GVwbQ7kCm1SwdwKZ
Kjy4TeIP5HWGVup7QAlgLOqY/IqW1gkt7Q7lgRd2JVSKng==
-----END CERTIFICATE-----