Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/044179-80dd-451a-bfd8-3e1d731dd630/1/h-_2_haIGnuOM5Z_k3IGPq-uZRU.roa
File:                     h-_2_haIGnuOM5Z_k3IGPq-uZRU.roa (raw, json)
Hash identifier:          /xPlYHLwR7UIcOUOKn8edpjARQB435zpgb21aBmOXF0=
Subject key identifier:   87:EF:F6:FE:16:88:1A:7B:8E:33:96:7F:93:72:06:3E:AF:AE:65:15
Certificate issuer:       /CN=62e5e4fed5ccaf603b46684a21553ce8626ef9c1
Certificate serial:       019E5FD68C7D2DB36096EC5455AE732F5C1F
Authority key identifier: 62:E5:E4:FE:D5:CC:AF:60:3B:46:68:4A:21:55:3C:E8:62:6E:F9:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YuXk_tXMr2A7RmhKIVU86GJu-cE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/044179-80dd-451a-bfd8-3e1d731dd630/1/h-_2_haIGnuOM5Z_k3IGPq-uZRU.roa
Signing time:             Mon 25 May 2026 15:52:36 +0000
ROA not before:           Mon 25 May 2026 15:52:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215343
IP address blocks:        2001:678:1188::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/044179-80dd-451a-bfd8-3e1d731dd630/1/YuXk_tXMr2A7RmhKIVU86GJu-cE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/044179-80dd-451a-bfd8-3e1d731dd630/1/YuXk_tXMr2A7RmhKIVU86GJu-cE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YuXk_tXMr2A7RmhKIVU86GJu-cE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5f:d6:8c:7d:2d:b3:60:96:ec:54:55:ae:73:2f:5c:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62e5e4fed5ccaf603b46684a21553ce8626ef9c1
        Validity
            Not Before: May 25 15:52:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=87eff6fe16881a7b8e33967f9372063eafae6515
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:0e:16:13:da:5e:17:b0:dd:b1:6e:ed:9e:4a:
                    fc:5d:17:a4:4c:33:12:fe:24:45:06:48:9a:f5:c8:
                    17:58:bc:6c:eb:fd:0d:ca:05:c8:76:ff:17:8b:7d:
                    46:a9:60:48:e1:56:e0:43:ae:b8:64:93:4c:f7:ad:
                    0b:c6:07:67:ef:46:5c:7c:c6:bb:11:f2:93:f5:39:
                    03:f4:40:f5:98:f2:06:90:47:64:d8:67:bf:27:d6:
                    72:0b:23:52:f8:6b:78:01:46:a0:8f:7e:17:3f:0a:
                    58:97:56:ae:bf:d4:6f:43:69:6d:09:4a:fa:9d:ca:
                    5d:e5:3b:e9:42:a8:ea:46:53:73:79:00:24:1f:ad:
                    1e:c0:74:8a:53:5f:6b:0e:29:fd:1c:ec:32:d7:53:
                    1b:3f:5d:0a:6d:90:e1:a1:5c:3a:95:38:a2:1e:9f:
                    52:b5:d2:b6:91:a2:ae:3f:3e:79:cc:fa:ed:af:3d:
                    7f:3a:11:67:f5:d9:d2:ec:2e:3c:aa:64:8f:b3:b2:
                    6d:08:c6:1c:b1:6f:60:0a:fe:76:ce:21:6e:ec:76:
                    a0:24:39:e3:fb:e4:54:63:cb:93:9c:42:e5:ad:1c:
                    11:fa:f7:d5:b1:06:c3:1f:ea:ea:0c:a8:84:aa:07:
                    29:d0:8e:1b:e8:bc:7b:56:8f:cd:96:d2:5b:ea:d3:
                    bd:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:EF:F6:FE:16:88:1A:7B:8E:33:96:7F:93:72:06:3E:AF:AE:65:15
            X509v3 Authority Key Identifier:
                keyid:62:E5:E4:FE:D5:CC:AF:60:3B:46:68:4A:21:55:3C:E8:62:6E:F9:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YuXk_tXMr2A7RmhKIVU86GJu-cE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/044179-80dd-451a-bfd8-3e1d731dd630/1/h-_2_haIGnuOM5Z_k3IGPq-uZRU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/044179-80dd-451a-bfd8-3e1d731dd630/1/YuXk_tXMr2A7RmhKIVU86GJu-cE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:1188::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:56:bd:e2:88:63:0a:03:85:e7:23:50:ff:31:57:df:de:28:
         f2:2d:68:31:62:db:1e:bc:50:4c:59:35:e4:ce:63:84:20:81:
         f2:c5:94:78:ca:cf:a6:7f:02:a5:ca:20:47:90:17:e4:80:ea:
         71:23:17:c2:bf:21:3c:d2:23:a9:3e:c1:e2:cb:9f:43:1c:3b:
         e5:8a:6a:4b:f4:89:80:cc:bc:2e:0a:21:e1:65:4b:7e:a9:fe:
         81:98:59:8e:8e:64:91:2d:48:62:5b:fb:0b:b5:a0:be:b5:0a:
         c3:7a:40:68:19:1c:8a:48:77:8b:c0:72:dc:d1:5f:04:3b:a5:
         39:43:e3:29:2f:a4:ed:63:58:12:45:09:26:09:ea:e9:4f:12:
         fd:0a:55:17:9b:f8:16:48:8b:99:68:e5:96:75:b5:ef:1a:9a:
         8e:c3:71:bf:8a:c8:8e:13:00:bc:5b:6f:87:0d:ce:b6:f9:73:
         33:ff:af:82:2d:13:c7:73:b2:14:c0:be:12:45:73:78:a4:cb:
         e8:9d:8d:d9:91:a6:35:a4:74:fb:8d:42:7a:f9:5d:b3:13:91:
         89:2b:ce:54:4f:a7:88:88:3d:3b:f5:28:90:24:bd:17:d5:30:
         c7:92:e5:3b:33:1c:53:fe:dd:23:4e:13:4b:56:d4:b9:a1:d8:
         9b:c1:12:eb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ5f1ox9LbNgluxUVa5zL1wfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZTVlNGZlZDVjY2FmNjAzYjQ2Njg0YTIxNTUzY2U4NjI2
ZWY5YzEwHhcNMjYwNTI1MTU1MjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2VmZjZmZTE2ODgxYTdiOGUzMzk2N2Y5MzcyMDYzZWFmYWU2NTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvg4WE9peF7DdsW7tnkr8XRekTDMS
/iRFBkia9cgXWLxs6/0NygXIdv8Xi31GqWBI4VbgQ664ZJNM960Lxgdn70ZcfMa7
EfKT9TkD9ED1mPIGkEdk2Ge/J9ZyCyNS+Gt4AUagj34XPwpYl1auv9RvQ2ltCUr6
ncpd5TvpQqjqRlNzeQAkH60ewHSKU19rDin9HOwy11MbP10KbZDhoVw6lTiiHp9S
tdK2kaKuPz55zPrtrz1/OhFn9dnS7C48qmSPs7JtCMYcsW9gCv52ziFu7HagJDnj
++RUY8uTnELlrRwR+vfVsQbDH+rqDKiEqgcp0I4b6Lx7Vo/NltJb6tO9gwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIfv9v4WiBp7jjOWf5NyBj6vrmUVMB8GA1UdIwQY
MBaAFGLl5P7VzK9gO0ZoSiFVPOhibvnBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXVYa190WE1yMkE3Um1oS0lWVTg2R0p1LWNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi8wNDQxNzktODBkZC00NTFhLWJmZDgt
M2UxZDczMWRkNjMwLzEvaC1fMl9oYUlHbnVPTTVaX2szSUdQcS11WlJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi8wNDQxNzktODBkZC00NTFhLWJmZDgtM2UxZDczMWRkNjMw
LzEvWXVYa190WE1yMkE3Um1oS0lWVTg2R0p1LWNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBGI
MA0GCSqGSIb3DQEBCwUAA4IBAQBqVr3iiGMKA4XnI1D/MVff3ijyLWgxYtsevFBM
WTXkzmOEIIHyxZR4ys+mfwKlyiBHkBfkgOpxIxfCvyE80iOpPsHiy59DHDvlimpL
9ImAzLwuCiHhZUt+qf6BmFmOjmSRLUhiW/sLtaC+tQrDekBoGRyKSHeLwHLc0V8E
O6U5Q+MpL6TtY1gSRQkmCerpTxL9ClUXm/gWSIuZaOWWdbXvGpqOw3G/isiOEwC8
W2+HDc62+XMz/6+CLRPHc7IUwL4SRXN4pMvonY3ZkaY1pHT7jUJ6+V2zE5GJK85U
T6eIiD079SiQJL0X1TDHkuU7MxxT/t0jThNLVtS5odibwRLr
-----END CERTIFICATE-----