Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/g2dtR6UU6YbyOvJ87zvLD53mIJA.roa
File:                     g2dtR6UU6YbyOvJ87zvLD53mIJA.roa (raw, json)
Hash identifier:          OjJY/mSN+MIiT4fZ4kWjc3+KYFQldFou7Yv+HnbjSaQ=
Subject key identifier:   83:67:6D:47:A5:14:E9:86:F2:3A:F2:7C:EF:3B:CB:0F:9D:E6:20:90
Certificate issuer:       /CN=05d4d49da3e14855a7b883603ff148c1bb21f690
Certificate serial:       019C06543ED849709F10A78DA45B351C2399
Authority key identifier: 05:D4:D4:9D:A3:E1:48:55:A7:B8:83:60:3F:F1:48:C1:BB:21:F6:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BdTUnaPhSFWnuINgP_FIwbsh9pA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/g2dtR6UU6YbyOvJ87zvLD53mIJA.roa
Signing time:             Wed 28 Jan 2026 20:38:30 +0000
ROA not before:           Wed 28 Jan 2026 20:38:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214141
IP address blocks:        2a0e:5380::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/BdTUnaPhSFWnuINgP_FIwbsh9pA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/BdTUnaPhSFWnuINgP_FIwbsh9pA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BdTUnaPhSFWnuINgP_FIwbsh9pA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:06:54:3e:d8:49:70:9f:10:a7:8d:a4:5b:35:1c:23:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05d4d49da3e14855a7b883603ff148c1bb21f690
        Validity
            Not Before: Jan 28 20:38:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=83676d47a514e986f23af27cef3bcb0f9de62090
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:c1:3c:a6:e3:f9:21:4c:90:a2:9b:dc:42:3b:
                    70:df:79:d1:35:65:bf:d4:5f:dd:8d:eb:6c:9d:53:
                    cc:2b:a8:6b:0a:46:46:07:b7:4e:e6:f9:af:b1:e9:
                    0f:59:02:d9:b5:00:8a:7d:93:7e:06:ac:80:1a:df:
                    15:af:23:0e:12:0e:f8:28:b6:69:c5:b0:1d:e2:39:
                    bb:03:c6:01:eb:4a:a3:a9:f1:69:ef:ca:aa:4a:c7:
                    6f:28:47:44:a2:d9:69:d2:cd:61:9c:f2:14:79:3f:
                    8c:94:11:96:ba:b9:a3:ff:75:2c:20:21:b2:38:16:
                    0d:b1:05:b5:da:e7:a6:fe:4e:25:64:b9:96:39:bf:
                    16:5f:c8:bc:23:ee:96:17:ad:84:5e:49:e1:fc:33:
                    3f:e2:cc:41:15:15:1c:0c:2a:81:73:d7:c2:e2:7f:
                    06:1b:ca:92:69:37:30:79:31:96:5f:5a:16:a5:5d:
                    5e:cb:d3:e2:c9:fd:71:41:a3:e7:df:c0:7a:ab:91:
                    95:cb:ed:25:9b:5b:46:2e:e0:14:9b:9d:9f:a1:43:
                    ce:c3:5b:ee:47:da:11:5c:83:cb:b5:42:c1:bb:95:
                    5b:7e:04:43:13:f1:39:45:f1:49:f7:ba:9a:58:52:
                    41:bc:5c:30:ad:80:c4:b2:c5:3a:54:73:3d:70:69:
                    25:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:67:6D:47:A5:14:E9:86:F2:3A:F2:7C:EF:3B:CB:0F:9D:E6:20:90
            X509v3 Authority Key Identifier:
                keyid:05:D4:D4:9D:A3:E1:48:55:A7:B8:83:60:3F:F1:48:C1:BB:21:F6:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BdTUnaPhSFWnuINgP_FIwbsh9pA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/g2dtR6UU6YbyOvJ87zvLD53mIJA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/BdTUnaPhSFWnuINgP_FIwbsh9pA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:5380::/32

    Signature Algorithm: sha256WithRSAEncryption
         73:f1:43:e1:75:bb:f3:df:17:87:08:f3:96:96:23:0d:6c:d2:
         49:26:a8:69:95:18:81:e2:eb:af:4f:d8:7a:94:41:e4:02:83:
         5d:65:e4:bf:30:ed:cd:37:e7:36:98:42:6d:11:ab:1a:74:23:
         17:3e:d3:7e:07:45:f3:ba:bf:94:f6:45:a2:6d:7f:d9:70:78:
         ea:9c:76:b7:6d:54:1c:e5:55:26:1f:f9:ad:4b:2f:a5:80:d9:
         ee:d2:cf:52:5f:22:aa:97:f7:4a:c2:88:5a:e0:84:82:94:08:
         28:6e:28:60:bf:14:c8:b9:f6:6b:df:c6:6f:e0:fa:fe:d4:b3:
         e8:0a:c8:1d:a6:33:ea:24:ef:27:5b:6a:f8:bd:b4:ee:bc:72:
         15:24:d9:e3:07:d2:b2:1e:99:01:90:ce:76:32:9a:4d:48:81:
         c1:8d:4f:c6:b0:51:14:c7:9d:9c:ff:73:9f:39:d4:53:b0:2c:
         48:02:73:f7:40:58:26:d2:ae:17:98:8b:d4:a6:b6:f8:13:0f:
         96:59:d7:a7:c6:20:e7:ae:94:ea:69:50:dc:e0:aa:78:94:b9:
         3a:6e:c6:64:5a:0e:eb:58:df:05:22:b7:55:bb:f4:ec:da:8a:
         d1:35:3c:6e:34:02:07:5f:ea:05:1e:f1:33:d1:e3:e7:40:49:
         2c:3a:89:b2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZwGVD7YSXCfEKeNpFs1HCOZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZDRkNDlkYTNlMTQ4NTVhN2I4ODM2MDNmZjE0OGMxYmIy
MWY2OTAwHhcNMjYwMTI4MjAzODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzY3NmQ0N2E1MTRlOTg2ZjIzYWYyN2NlZjNiY2IwZjlkZTYyMDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7ME8puP5IUyQopvcQjtw33nRNWW/
1F/djetsnVPMK6hrCkZGB7dO5vmvsekPWQLZtQCKfZN+BqyAGt8VryMOEg74KLZp
xbAd4jm7A8YB60qjqfFp78qqSsdvKEdEotlp0s1hnPIUeT+MlBGWurmj/3UsICGy
OBYNsQW12uem/k4lZLmWOb8WX8i8I+6WF62EXknh/DM/4sxBFRUcDCqBc9fC4n8G
G8qSaTcweTGWX1oWpV1ey9Piyf1xQaPn38B6q5GVy+0lm1tGLuAUm52foUPOw1vu
R9oRXIPLtULBu5VbfgRDE/E5RfFJ97qaWFJBvFwwrYDEssU6VHM9cGkl7wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFINnbUelFOmG8jryfO87yw+d5iCQMB8GA1UdIwQY
MBaAFAXU1J2j4UhVp7iDYD/xSMG7IfaQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmRUVW5hUGhTRldudUlOZ1BfRkl3YnNoOXBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC8xYTNmOTEtMTViYy00ZWI4LTk3ZGQt
NThmMWNiZjNjYWMzLzEvZzJkdFI2VVU2WWJ5T3ZKODd6dkxENTNtSUpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC8xYTNmOTEtMTViYy00ZWI4LTk3ZGQtNThmMWNiZjNjYWMz
LzEvQmRUVW5hUGhTRldudUlOZ1BfRkl3YnNoOXBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg5TgDAN
BgkqhkiG9w0BAQsFAAOCAQEAc/FD4XW7898XhwjzlpYjDWzSSSaoaZUYgeLrr0/Y
epRB5AKDXWXkvzDtzTfnNphCbRGrGnQjFz7TfgdF87q/lPZFom1/2XB46px2t21U
HOVVJh/5rUsvpYDZ7tLPUl8iqpf3SsKIWuCEgpQIKG4oYL8UyLn2a9/Gb+D6/tSz
6ArIHaYz6iTvJ1tq+L207rxyFSTZ4wfSsh6ZAZDOdjKaTUiBwY1PxrBRFMednP9z
nznUU7AsSAJz90BYJtKuF5iL1Ka2+BMPllnXp8Yg566U6mlQ3OCqeJS5Om7GZFoO
61jfBSK3Vbv07NqK0TU8bjQCB1/qBR7xM9Hj50BJLDqJsg==
-----END CERTIFICATE-----