Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/8Hs9vdkh3HTGV_mCO17e1658PC0.roa
File:                     8Hs9vdkh3HTGV_mCO17e1658PC0.roa (raw, json)
Hash identifier:          4hT7V/H17FN12vKRjed/v26pxM57JJOjIgCCfg7JXwA=
Subject key identifier:   F0:7B:3D:BD:D9:21:DC:74:C6:57:F9:82:3B:5E:DE:D7:AE:7C:3C:2D
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019D891FDE2E5F86EDA825BE2F6040CEFE5E
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/8Hs9vdkh3HTGV_mCO17e1658PC0.roa
Signing time:             Mon 13 Apr 2026 23:14:20 +0000
ROA not before:           Mon 13 Apr 2026 23:14:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200558
IP address blocks:        2a06:9801:216::/48 maxlen: 48
                          2a06:9801:285::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:89:1f:de:2e:5f:86:ed:a8:25:be:2f:60:40:ce:fe:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Apr 13 23:14:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f07b3dbdd921dc74c657f9823b5eded7ae7c3c2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:f5:87:71:87:79:f5:ed:4c:f7:22:0b:63:11:
                    65:3a:e0:63:61:11:4c:43:9c:b6:5d:a1:9f:b6:9e:
                    12:99:88:d5:a8:1d:40:29:eb:b5:b8:ee:12:d7:0c:
                    82:25:bc:4e:98:9b:71:b1:9d:e2:5b:b9:2b:a7:31:
                    22:34:fc:94:1c:26:2b:a9:7f:55:8a:20:a0:a2:fc:
                    d2:ff:a4:7a:a5:cc:6a:5a:7d:36:48:5a:63:0d:8c:
                    24:0d:d9:c3:20:dd:b5:e7:bf:63:83:9a:b0:f6:df:
                    a5:c0:b3:2c:fa:fc:f5:45:a6:09:a9:75:a1:8a:2d:
                    c3:f8:9d:7b:be:e0:46:b4:3e:0c:46:2f:44:ac:07:
                    80:95:13:9c:e2:92:9d:e3:08:3a:2b:51:3c:5b:a2:
                    04:99:6b:a4:18:53:cf:5a:4d:1b:de:ce:bd:45:7e:
                    26:9f:bd:7e:d6:81:6a:49:20:2f:77:c7:e5:6e:c9:
                    80:38:9e:61:7d:66:d0:ca:dc:8c:c3:02:25:67:fb:
                    5a:9e:0f:70:21:14:2b:84:15:9b:d3:02:7f:94:a4:
                    de:66:e6:ce:0c:39:87:3c:b3:d4:eb:30:44:dc:63:
                    4f:dd:a8:dd:9e:e7:ef:c5:4e:63:22:a0:fd:65:64:
                    51:bb:49:ef:ea:30:73:57:18:1b:44:43:4b:07:80:
                    ec:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:7B:3D:BD:D9:21:DC:74:C6:57:F9:82:3B:5E:DE:D7:AE:7C:3C:2D
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/8Hs9vdkh3HTGV_mCO17e1658PC0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:216::/48
                  2a06:9801:285::/48

    Signature Algorithm: sha256WithRSAEncryption
         97:77:1f:14:94:3d:5c:05:7a:00:e4:bb:d0:ce:ab:40:eb:f9:
         5e:5a:8f:fd:9d:96:2c:e4:8a:5c:68:bc:f8:5f:4d:96:0c:d9:
         c9:63:f7:24:74:88:c0:03:71:5a:29:21:91:53:a3:db:2d:ff:
         86:71:92:79:83:d9:51:a6:3f:6e:b3:a1:be:fc:73:f5:19:1f:
         6f:d7:ed:24:90:d3:0b:86:0b:89:b2:1d:65:1b:a2:3c:a3:c6:
         80:80:db:a7:6a:bf:a6:42:a0:5b:12:82:18:93:d6:ca:ed:f7:
         b7:af:c3:28:f9:16:33:f2:4b:d5:1b:b1:04:e9:c4:62:ef:3c:
         63:44:13:68:f0:00:46:0f:79:e6:72:be:d2:b3:10:ce:c6:eb:
         1a:8b:e9:29:ea:ad:75:bd:17:60:6d:73:26:dd:af:5d:a2:05:
         55:53:78:de:91:58:dd:96:83:67:2c:f6:64:a0:f4:19:fe:4c:
         c6:01:41:70:2a:e4:cb:a9:06:a4:4e:7d:14:a3:f4:7f:34:17:
         b9:a8:03:c0:80:e7:d9:79:47:26:de:e4:9c:88:d3:00:ec:4d:
         88:f5:e1:03:70:ec:00:54:a1:4b:54:0d:fb:78:a5:28:f0:bb:
         6b:57:fd:1b:65:6e:75:d3:a4:b9:9e:61:b2:a4:44:a8:64:b9:
         42:e4:60:db
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ2JH94uX4btqCW+L2BAzv5eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNDEzMjMxNDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDdiM2RiZGQ5MjFkYzc0YzY1N2Y5ODIzYjVlZGVkN2FlN2MzYzJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0/WHcYd59e1M9yILYxFlOuBjYRFM
Q5y2XaGftp4SmYjVqB1AKeu1uO4S1wyCJbxOmJtxsZ3iW7krpzEiNPyUHCYrqX9V
iiCgovzS/6R6pcxqWn02SFpjDYwkDdnDIN21579jg5qw9t+lwLMs+vz1RaYJqXWh
ii3D+J17vuBGtD4MRi9ErAeAlROc4pKd4wg6K1E8W6IEmWukGFPPWk0b3s69RX4m
n71+1oFqSSAvd8flbsmAOJ5hfWbQytyMwwIlZ/tang9wIRQrhBWb0wJ/lKTeZubO
DDmHPLPU6zBE3GNP3ajdnufvxU5jIqD9ZWRRu0nv6jBzVxgbRENLB4DslQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPB7Pb3ZIdx0xlf5gjte3teufDwtMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvOEhzOXZka2gzSFRHVl9tQ08xN2UxNjU4UEMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgaYAQIW
AwcAKgaYAQKFMA0GCSqGSIb3DQEBCwUAA4IBAQCXdx8UlD1cBXoA5LvQzqtA6/le
Wo/9nZYs5IpcaLz4X02WDNnJY/ckdIjAA3FaKSGRU6PbLf+GcZJ5g9lRpj9us6G+
/HP1GR9v1+0kkNMLhguJsh1lG6I8o8aAgNunar+mQqBbEoIYk9bK7fe3r8Mo+RYz
8kvVG7EE6cRi7zxjRBNo8ABGD3nmcr7SsxDOxusai+kp6q11vRdgbXMm3a9dogVV
U3jekVjdloNnLPZkoPQZ/kzGAUFwKuTLqQakTn0Uo/R/NBe5qAPAgOfZeUcm3uSc
iNMA7E2I9eEDcOwAVKFLVA37eKUo8LtrV/0bZW5106S5nmGypESoZLlC5GDb
-----END CERTIFICATE-----