Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/4c55af-5e9b-4197-86fb-37545da056bd/1/7oc8a8fS3DJKvtS40qTcpFXQvEM.roa
File:                     7oc8a8fS3DJKvtS40qTcpFXQvEM.roa (raw, json)
Hash identifier:          8aVVJ9t5PeC1jL7SS/bu2hleqTmY1JsdKhA8bRBNWso=
Subject key identifier:   EE:87:3C:6B:C7:D2:DC:32:4A:BE:D4:B8:D2:A4:DC:A4:55:D0:BC:43
Certificate issuer:       /CN=dd4748cd4714a5cc87cafb8430fb81248b094079
Certificate serial:       019B77C76142DD455A293B2E8771E0613DF2
Authority key identifier: DD:47:48:CD:47:14:A5:CC:87:CA:FB:84:30:FB:81:24:8B:09:40:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3UdIzUcUpcyHyvuEMPuBJIsJQHk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/4c55af-5e9b-4197-86fb-37545da056bd/1/7oc8a8fS3DJKvtS40qTcpFXQvEM.roa
Signing time:             Thu 01 Jan 2026 04:18:33 +0000
ROA not before:           Thu 01 Jan 2026 04:18:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     31343
IP address blocks:        2a04:1d00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/4c55af-5e9b-4197-86fb-37545da056bd/1/3UdIzUcUpcyHyvuEMPuBJIsJQHk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/4c55af-5e9b-4197-86fb-37545da056bd/1/3UdIzUcUpcyHyvuEMPuBJIsJQHk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3UdIzUcUpcyHyvuEMPuBJIsJQHk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 21:16:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c7:61:42:dd:45:5a:29:3b:2e:87:71:e0:61:3d:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd4748cd4714a5cc87cafb8430fb81248b094079
        Validity
            Not Before: Jan  1 04:18:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ee873c6bc7d2dc324abed4b8d2a4dca455d0bc43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ba:e7:ff:65:60:a4:36:f0:f0:e2:94:af:df:
                    23:23:b2:b9:5b:1b:9a:cc:04:cd:e1:2a:41:57:a7:
                    a6:f7:8e:6b:82:e5:7c:25:51:1c:8a:e6:3a:88:9a:
                    2d:9c:10:42:d3:a2:c0:80:e5:75:b1:89:3f:fb:18:
                    60:f4:37:05:e4:4c:02:fa:ac:d0:f5:62:76:c1:18:
                    9d:53:75:91:ee:6c:37:5e:89:23:73:56:d3:61:13:
                    e2:ab:ab:ce:4e:81:f1:2b:a7:88:12:cb:ab:c1:2e:
                    c8:02:fb:49:25:0b:dd:9b:f4:42:31:91:9e:d8:31:
                    0c:4f:30:f7:d7:dd:b1:e4:64:9c:26:66:2e:85:7a:
                    b1:0d:0a:46:97:ff:96:06:5d:15:8d:f8:83:d1:54:
                    87:8a:a6:43:53:50:79:ce:d3:3c:ef:cb:35:3d:e2:
                    8c:b7:13:c7:98:c5:8a:c1:12:07:16:5e:e0:70:b2:
                    f2:83:48:da:f7:86:b5:a6:ec:4f:c8:18:28:f8:85:
                    40:88:a0:4f:dd:c0:eb:af:8c:49:c4:8c:23:10:ef:
                    22:f4:a9:57:34:69:e3:b7:7f:2d:20:14:0e:08:45:
                    37:0e:7e:7b:8d:2d:f3:3b:cd:be:b8:37:8d:c1:57:
                    27:5a:ad:19:05:f9:d6:0e:90:d4:de:d0:fb:c8:65:
                    12:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:87:3C:6B:C7:D2:DC:32:4A:BE:D4:B8:D2:A4:DC:A4:55:D0:BC:43
            X509v3 Authority Key Identifier:
                keyid:DD:47:48:CD:47:14:A5:CC:87:CA:FB:84:30:FB:81:24:8B:09:40:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3UdIzUcUpcyHyvuEMPuBJIsJQHk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/4c55af-5e9b-4197-86fb-37545da056bd/1/7oc8a8fS3DJKvtS40qTcpFXQvEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/4c55af-5e9b-4197-86fb-37545da056bd/1/3UdIzUcUpcyHyvuEMPuBJIsJQHk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:1d00::/29

    Signature Algorithm: sha256WithRSAEncryption
         6e:f8:0e:8e:2b:85:ee:3e:bf:32:29:9b:db:a1:36:7d:c0:10:
         94:de:b6:b4:06:c8:40:6b:a6:5e:67:ae:a1:a6:43:cb:6e:20:
         03:e8:56:ed:6d:12:35:2e:7a:a2:c2:44:9e:cf:38:bd:d5:67:
         a3:06:30:9e:6a:14:93:7a:0f:d4:90:6a:71:15:e7:1f:ab:db:
         02:12:49:78:f7:ee:a0:d7:3f:57:f8:a9:8e:db:7a:72:17:e1:
         94:f5:5b:1a:82:0b:6f:5a:ae:5a:46:a1:7f:86:0b:9d:da:8e:
         be:4a:51:67:e0:3a:d3:09:fa:a8:4e:82:a9:01:5d:a6:25:4f:
         ec:cd:80:a7:e2:e1:b5:b6:f2:19:f9:7a:7e:e6:49:e0:df:4f:
         a0:6b:22:08:9a:cb:36:31:0d:82:df:ec:3e:3b:22:39:e6:29:
         cc:b8:d2:9d:f5:57:97:af:cb:91:2a:35:f2:ff:df:14:bc:d5:
         ea:1e:f5:1e:27:12:00:8f:d9:9c:9b:49:73:22:df:78:f3:5b:
         9a:3f:4e:c1:c7:d9:1f:2d:a9:02:66:7d:a8:b0:9a:19:ac:9f:
         7a:07:7a:5a:cd:56:16:7a:70:e9:b9:35:19:37:3d:17:94:9e:
         be:85:6c:27:2e:72:73:25:05:7e:12:e6:10:5c:c3:2e:fd:bf:
         63:0a:66:7a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt3x2FC3UVaKTsuh3HgYT3yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNDc0OGNkNDcxNGE1Y2M4N2NhZmI4NDMwZmI4MTI0OGIw
OTQwNzkwHhcNMjYwMTAxMDQxODMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTg3M2M2YmM3ZDJkYzMyNGFiZWQ0YjhkMmE0ZGNhNDU1ZDBiYzQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbrn/2VgpDbw8OKUr98jI7K5Wxua
zATN4SpBV6em945rguV8JVEciuY6iJotnBBC06LAgOV1sYk/+xhg9DcF5EwC+qzQ
9WJ2wRidU3WR7mw3Xokjc1bTYRPiq6vOToHxK6eIEsurwS7IAvtJJQvdm/RCMZGe
2DEMTzD3192x5GScJmYuhXqxDQpGl/+WBl0VjfiD0VSHiqZDU1B5ztM878s1PeKM
txPHmMWKwRIHFl7gcLLyg0ja94a1puxPyBgo+IVAiKBP3cDrr4xJxIwjEO8i9KlX
NGnjt38tIBQOCEU3Dn57jS3zO82+uDeNwVcnWq0ZBfnWDpDU3tD7yGUScQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFO6HPGvH0twySr7UuNKk3KRV0LxDMB8GA1UdIwQY
MBaAFN1HSM1HFKXMh8r7hDD7gSSLCUB5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1VkSXpVY1VwY3lIeXZ1RU1QdUJKSXNKUUhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny80YzU1YWYtNWU5Yi00MTk3LTg2ZmIt
Mzc1NDVkYTA1NmJkLzEvN29jOGE4ZlMzREpLdnRTNDBxVGNwRlhRdkVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny80YzU1YWYtNWU5Yi00MTk3LTg2ZmItMzc1NDVkYTA1NmJk
LzEvM1VkSXpVY1VwY3lIeXZ1RU1QdUJKSXNKUUhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgQdADAN
BgkqhkiG9w0BAQsFAAOCAQEAbvgOjiuF7j6/Mimb26E2fcAQlN62tAbIQGumXmeu
oaZDy24gA+hW7W0SNS56osJEns84vdVnowYwnmoUk3oP1JBqcRXnH6vbAhJJePfu
oNc/V/ipjtt6chfhlPVbGoILb1quWkahf4YLndqOvkpRZ+A60wn6qE6CqQFdpiVP
7M2Ap+LhtbbyGfl6fuZJ4N9PoGsiCJrLNjENgt/sPjsiOeYpzLjSnfVXl6/LkSo1
8v/fFLzV6h71HicSAI/ZnJtJcyLfePNbmj9OwcfZHy2pAmZ9qLCaGayfegd6Ws1W
Fnpw6bk1GTc9F5SevoVsJy5ycyUFfhLmEFzDLv2/Ywpmeg==
-----END CERTIFICATE-----