Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/5Vec4L15iMfgBNHZtNysNXjW5CI.roa
File:                     5Vec4L15iMfgBNHZtNysNXjW5CI.roa (raw, json)
Hash identifier:          94eeEblh2iYuSElODZv4BdbOkdbDK4pfMmcdIag5+tY=
Subject key identifier:   E5:57:9C:E0:BD:79:88:C7:E0:04:D1:D9:B4:DC:AC:35:78:D6:E4:22
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019EBD8294F8A41FA69D8D679B86E30D5ED6
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/5Vec4L15iMfgBNHZtNysNXjW5CI.roa
Signing time:             Fri 12 Jun 2026 20:25:12 +0000
ROA not before:           Fri 12 Jun 2026 20:25:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197402
IP address blocks:        2a06:9801:740::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:bd:82:94:f8:a4:1f:a6:9d:8d:67:9b:86:e3:0d:5e:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Jun 12 20:25:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e5579ce0bd7988c7e004d1d9b4dcac3578d6e422
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:e2:f8:e1:ab:f3:66:1e:a8:a6:84:ad:95:32:
                    89:ee:76:21:d1:a4:f0:13:c9:50:bd:ff:0b:73:fa:
                    f2:6c:f5:ae:9c:05:ea:7e:8c:ea:fa:19:be:10:37:
                    de:ee:4a:16:8d:49:b3:37:af:a7:ad:94:65:4f:6c:
                    eb:de:31:12:2a:66:02:0f:8c:31:80:21:ed:75:7d:
                    94:ba:a2:0d:83:65:53:18:1b:16:c5:8f:27:02:87:
                    6b:a9:28:2e:b0:22:41:ab:d2:ac:28:0b:73:dc:b5:
                    ec:98:07:15:3a:3f:8c:f9:21:74:0d:e4:f1:41:fa:
                    68:ab:56:9a:6e:7a:03:41:97:4e:ef:6f:eb:f3:d4:
                    10:8d:6e:41:77:9f:23:19:c4:fd:c1:94:94:93:6b:
                    d2:98:47:0a:11:e8:1d:f5:17:f8:46:cd:b2:52:c7:
                    66:30:92:3c:e0:27:f1:20:b7:12:b3:c9:00:8b:c6:
                    7c:3f:1b:21:f1:ea:90:72:42:a9:9a:5e:32:90:0d:
                    3f:8c:71:fc:b2:8e:18:29:e1:ce:7d:0b:12:6c:45:
                    f1:46:44:86:f7:15:2b:05:78:a6:26:cd:c6:fa:e4:
                    99:75:b5:e2:26:89:dc:7b:c9:44:0a:0d:43:00:12:
                    63:92:3a:d0:95:59:d1:6f:10:dc:65:20:d8:74:c8:
                    3d:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:57:9C:E0:BD:79:88:C7:E0:04:D1:D9:B4:DC:AC:35:78:D6:E4:22
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/5Vec4L15iMfgBNHZtNysNXjW5CI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:740::/48

    Signature Algorithm: sha256WithRSAEncryption
         42:ed:a5:89:b4:fe:b0:61:e3:33:5f:18:3d:b0:b5:26:bc:31:
         2a:68:b0:b4:24:25:7e:eb:23:00:56:9f:9b:f8:04:46:07:10:
         ce:b6:cd:52:36:bb:05:03:e3:56:78:3a:03:df:c0:87:cd:0e:
         04:47:f3:04:44:ee:b0:2b:3b:1e:dc:96:c4:9c:74:9b:14:cb:
         e7:e1:3b:25:d8:31:48:45:8e:ca:a3:27:7c:d9:7d:90:9c:7a:
         96:ba:16:58:da:ca:43:43:73:b5:2c:91:3d:fb:0a:0a:1c:ce:
         61:c3:42:94:d3:2e:08:5b:99:2f:26:66:c5:1f:05:50:99:21:
         4b:cc:7a:0d:89:e5:a8:f8:0c:80:87:61:52:f3:13:4e:dd:81:
         41:67:ed:88:fe:6d:f1:a9:a9:23:11:c6:be:41:62:a8:9a:c2:
         ce:c3:68:db:1e:92:62:cc:b0:a0:76:6f:c7:12:68:c2:52:18:
         f0:51:c9:4a:4b:56:3e:be:13:b0:7a:43:df:df:fc:b7:78:d6:
         30:a7:98:8e:b5:f5:42:31:f9:84:7c:b8:27:2e:31:25:29:b1:
         bf:02:c3:0a:0e:48:12:2c:9f:62:ba:51:a4:c2:96:5a:00:7d:
         51:e4:b0:ce:5e:1c:5a:b8:fa:20:db:d6:20:9b:ca:64:1e:8e:
         32:d4:ac:0d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ69gpT4pB+mnY1nm4bjDV7WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNjEyMjAyNTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTU3OWNlMGJkNzk4OGM3ZTAwNGQxZDliNGRjYWMzNTc4ZDZlNDIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAluL44avzZh6opoStlTKJ7nYh0aTw
E8lQvf8Lc/rybPWunAXqfozq+hm+EDfe7koWjUmzN6+nrZRlT2zr3jESKmYCD4wx
gCHtdX2UuqINg2VTGBsWxY8nAodrqSgusCJBq9KsKAtz3LXsmAcVOj+M+SF0DeTx
Qfpoq1aabnoDQZdO72/r89QQjW5Bd58jGcT9wZSUk2vSmEcKEegd9Rf4Rs2yUsdm
MJI84CfxILcSs8kAi8Z8Pxsh8eqQckKpml4ykA0/jHH8so4YKeHOfQsSbEXxRkSG
9xUrBXimJs3G+uSZdbXiJonce8lECg1DABJjkjrQlVnRbxDcZSDYdMg9gQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOVXnOC9eYjH4ATR2bTcrDV41uQiMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvNVZlYzRMMTVpTWZnQk5IWnROeXNOWGpXNUNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQdA
MA0GCSqGSIb3DQEBCwUAA4IBAQBC7aWJtP6wYeMzXxg9sLUmvDEqaLC0JCV+6yMA
Vp+b+ARGBxDOts1SNrsFA+NWeDoD38CHzQ4ER/MERO6wKzse3JbEnHSbFMvn4Tsl
2DFIRY7Koyd82X2QnHqWuhZY2spDQ3O1LJE9+woKHM5hw0KU0y4IW5kvJmbFHwVQ
mSFLzHoNieWo+AyAh2FS8xNO3YFBZ+2I/m3xqakjEca+QWKomsLOw2jbHpJizLCg
dm/HEmjCUhjwUclKS1Y+vhOwekPf3/y3eNYwp5iOtfVCMfmEfLgnLjElKbG/AsMK
DkgSLJ9iulGkwpZaAH1R5LDOXhxauPog29Ygm8pkHo4y1KwN
-----END CERTIFICATE-----