Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/5moX2wrcJB6jT8qLLQ_QJp1ckzc.roa
File:                     5moX2wrcJB6jT8qLLQ_QJp1ckzc.roa (raw, json)
Hash identifier:          p2CiVruG5KmzWbAz2j+j6gsgDB8+BrPeW/LlAN0kqPI=
Subject key identifier:   E6:6A:17:DB:0A:DC:24:1E:A3:4F:CA:8B:2D:0F:D0:26:9D:5C:93:37
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019D6AC888DBD099FA777F3A53B67A21A0FE
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/5moX2wrcJB6jT8qLLQ_QJp1ckzc.roa
Signing time:             Wed 08 Apr 2026 01:50:20 +0000
ROA not before:           Wed 08 Apr 2026 01:50:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199454
IP address blocks:        2a06:9801:270::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:6a:c8:88:db:d0:99:fa:77:7f:3a:53:b6:7a:21:a0:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Apr  8 01:50:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e66a17db0adc241ea34fca8b2d0fd0269d5c9337
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:b5:77:eb:a1:25:26:3f:e0:08:bd:94:36:eb:
                    00:ca:0f:e2:01:bd:65:12:87:7d:0b:9e:14:04:f0:
                    e5:0c:45:95:32:87:97:63:b4:80:3f:fe:8c:8e:2e:
                    9b:8c:e2:48:17:26:b4:ce:87:57:33:0b:77:ed:99:
                    0f:f4:37:57:29:9e:7e:ff:c2:06:4b:c7:fc:2a:0e:
                    0c:de:43:9d:00:bb:02:7b:78:60:68:f1:f1:1a:87:
                    c2:2c:5b:19:38:2e:a4:7a:20:d1:80:e3:10:2c:d7:
                    0f:16:f5:62:af:bb:d2:d6:83:cf:5b:0c:f1:f2:25:
                    4f:40:28:62:45:3f:de:84:cb:99:3e:dd:2c:b6:a3:
                    9a:3b:e2:84:bb:32:8a:53:56:d7:3b:ed:37:b1:ae:
                    b5:d7:33:c1:3a:0a:f9:f9:0d:f8:55:91:f2:1d:df:
                    5b:6d:e9:63:04:68:5c:4c:3f:d5:73:87:04:05:e9:
                    4b:10:ac:84:1a:c3:ec:c3:fb:7e:28:f8:a7:2e:fa:
                    2e:ca:5b:c7:f4:80:d0:95:d3:1c:41:8e:e9:9c:01:
                    02:a6:5c:73:eb:d3:42:99:d2:81:8b:14:03:21:16:
                    5c:d4:1c:9e:2a:87:cb:17:6a:65:48:12:33:d4:ba:
                    d5:12:f3:18:b5:0d:64:e9:2e:db:84:99:a8:12:a7:
                    47:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:6A:17:DB:0A:DC:24:1E:A3:4F:CA:8B:2D:0F:D0:26:9D:5C:93:37
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/5moX2wrcJB6jT8qLLQ_QJp1ckzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:270::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:c8:c2:d5:24:a0:ea:f0:36:45:cf:6a:f3:0e:6e:db:e8:f1:
         67:8b:3f:18:a2:0b:d8:13:98:52:3d:60:44:5b:f2:94:ee:41:
         a9:4f:45:72:c1:c4:f9:24:de:1f:95:b3:33:47:43:1b:72:ad:
         29:97:fb:83:ca:2c:7a:00:ab:af:c0:58:97:36:b3:03:31:16:
         85:df:07:49:01:5b:56:6b:ac:09:c7:41:e1:d8:2e:2e:94:6f:
         75:e9:67:e3:b0:0f:6f:18:14:19:eb:dc:32:38:ee:81:3c:91:
         68:e0:bc:ca:05:60:af:9f:e0:e7:a7:a3:4d:90:5a:d8:6c:f5:
         c2:a8:52:e9:79:6a:03:a3:ac:95:f3:70:ed:b6:6c:62:86:76:
         7e:3f:15:72:ce:63:d4:7f:96:dc:80:ae:ae:84:2d:ef:4b:4f:
         6c:2c:ee:5a:90:9f:20:37:02:02:4d:89:27:6f:94:9e:5d:56:
         b9:47:c5:6d:9c:bf:3f:4b:cf:21:04:f7:17:04:a6:66:cf:6a:
         f6:c8:12:85:9d:16:b5:ac:79:cc:f1:bc:2c:f4:5f:b0:eb:99:
         51:2a:b7:33:ac:71:ef:1c:dd:46:31:75:3b:6e:0e:8c:05:85:
         8b:e1:34:fd:9f:41:67:03:2a:db:5d:4e:2f:9c:6e:1a:a6:dc:
         11:b0:92:25
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ1qyIjb0Jn6d386U7Z6IaD+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNDA4MDE1MDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjZhMTdkYjBhZGMyNDFlYTM0ZmNhOGIyZDBmZDAyNjlkNWM5MzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLV366ElJj/gCL2UNusAyg/iAb1l
Eod9C54UBPDlDEWVMoeXY7SAP/6Mji6bjOJIFya0zodXMwt37ZkP9DdXKZ5+/8IG
S8f8Kg4M3kOdALsCe3hgaPHxGofCLFsZOC6keiDRgOMQLNcPFvVir7vS1oPPWwzx
8iVPQChiRT/ehMuZPt0stqOaO+KEuzKKU1bXO+03sa611zPBOgr5+Q34VZHyHd9b
beljBGhcTD/Vc4cEBelLEKyEGsPsw/t+KPinLvouylvH9IDQldMcQY7pnAECplxz
69NCmdKBixQDIRZc1ByeKofLF2plSBIz1LrVEvMYtQ1k6S7bhJmoEqdHjwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOZqF9sK3CQeo0/Kiy0P0CadXJM3MB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvNW1vWDJ3cmNKQjZqVDhxTExRX1FKcDFja3pjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQJw
MA0GCSqGSIb3DQEBCwUAA4IBAQBoyMLVJKDq8DZFz2rzDm7b6PFniz8YogvYE5hS
PWBEW/KU7kGpT0VywcT5JN4flbMzR0Mbcq0pl/uDyix6AKuvwFiXNrMDMRaF3wdJ
AVtWa6wJx0Hh2C4ulG916WfjsA9vGBQZ69wyOO6BPJFo4LzKBWCvn+Dnp6NNkFrY
bPXCqFLpeWoDo6yV83DttmxihnZ+PxVyzmPUf5bcgK6uhC3vS09sLO5akJ8gNwIC
TYknb5SeXVa5R8VtnL8/S88hBPcXBKZmz2r2yBKFnRa1rHnM8bws9F+w65lRKrcz
rHHvHN1GMXU7bg6MBYWL4TT9n0FnAyrbXU4vnG4aptwRsJIl
-----END CERTIFICATE-----