Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/8ObEKibwq26UqCjG8z1mEOOM-Ck.roa
File:                     8ObEKibwq26UqCjG8z1mEOOM-Ck.roa (raw, json)
Hash identifier:          ZtL+gf3fG+Ogg8wIiJDbQc7NtWJehnRsDMOPXHp9qdw=
Subject key identifier:   F0:E6:C4:2A:26:F0:AB:6E:94:A8:28:C6:F3:3D:66:10:E3:8C:F8:29
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019D89447CEE40979E78C8C77F111597EBCC
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/8ObEKibwq26UqCjG8z1mEOOM-Ck.roa
Signing time:             Mon 13 Apr 2026 23:54:20 +0000
ROA not before:           Mon 13 Apr 2026 23:54:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215030
IP address blocks:        2a06:9801:1a::/48 maxlen: 48
                          2a06:9801:223::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:89:44:7c:ee:40:97:9e:78:c8:c7:7f:11:15:97:eb:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Apr 13 23:54:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f0e6c42a26f0ab6e94a828c6f33d6610e38cf829
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:10:3f:69:22:8f:3f:84:32:a8:ac:da:46:65:
                    72:dd:15:be:2a:ee:c2:74:7e:76:61:e0:38:66:26:
                    75:b8:69:18:9a:57:4d:e3:27:09:50:4b:7c:1a:07:
                    01:e1:29:ea:a2:66:d9:b2:b3:4c:94:b2:a6:1e:f9:
                    04:35:f9:7f:42:a4:09:d2:a3:28:e5:ad:75:2d:85:
                    ce:21:46:9e:e4:f5:50:55:ce:e2:df:92:34:3a:c1:
                    49:f7:80:1d:aa:a1:be:77:88:fa:5b:6c:45:d8:06:
                    6d:b7:43:1c:f6:54:20:88:52:8d:39:a0:0c:95:02:
                    5e:db:73:83:10:e0:7d:47:e7:2a:a9:7a:f8:f7:4e:
                    c4:78:b9:68:05:63:d2:ea:0c:10:60:8d:c6:c7:96:
                    aa:16:7c:46:01:68:28:5d:be:df:1a:7f:8d:f2:c2:
                    93:d8:52:f7:21:42:15:c2:14:ec:75:3f:58:bd:cc:
                    ad:c3:89:c1:72:86:11:9c:92:1c:11:15:ef:30:4e:
                    92:a0:db:fd:5e:2f:82:0d:99:86:6b:04:3e:b7:3b:
                    e3:de:f2:18:89:53:d8:46:4f:87:2a:be:2c:b4:af:
                    c9:fa:d5:9e:1a:96:e8:24:f7:a6:60:0f:d7:dc:4c:
                    ce:24:54:bd:5c:49:a5:be:09:d1:e0:42:c5:ff:7d:
                    52:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:E6:C4:2A:26:F0:AB:6E:94:A8:28:C6:F3:3D:66:10:E3:8C:F8:29
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/8ObEKibwq26UqCjG8z1mEOOM-Ck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:1a::/48
                  2a06:9801:223::/48

    Signature Algorithm: sha256WithRSAEncryption
         b7:84:8a:15:8c:55:75:00:a3:66:bc:e8:75:55:de:50:d2:e7:
         1f:43:1e:35:ba:ec:7a:43:85:62:0d:d6:77:ad:95:1b:dc:be:
         d3:71:be:e0:c3:04:f5:77:c0:56:28:d3:63:c0:5f:39:70:a2:
         c8:6d:38:f2:fc:4f:62:b2:14:b9:ec:7f:9c:46:14:e0:69:34:
         78:13:0e:9a:5d:57:d5:cc:3c:66:a7:72:e6:48:e2:fd:49:e9:
         e6:60:cc:15:67:30:70:a2:61:e2:c0:5c:11:e7:18:67:4e:ae:
         13:98:0a:65:a2:8e:7e:b9:3c:ce:ff:cf:b9:a6:46:51:9d:b9:
         ac:03:1e:a8:48:5e:34:bd:bb:02:8b:43:a5:ec:2e:67:e5:8c:
         75:e5:73:67:0b:9a:47:b8:82:e5:94:3d:62:db:fe:80:86:3b:
         96:2b:9d:cb:28:c9:6e:f3:b4:ff:76:fa:89:f0:a0:c9:d3:a9:
         3c:6d:87:de:1d:8d:4d:dd:6d:08:09:bc:91:0f:e1:86:6c:9e:
         68:bf:c5:e2:47:fb:71:fe:bf:24:88:b4:4a:f2:cf:a4:98:93:
         07:a3:29:a7:89:e3:4f:93:67:b6:7d:3b:56:cd:d3:e7:62:17:
         5c:4b:0c:df:d5:21:20:8e:20:0d:a1:cb:bf:fa:93:48:88:00:
         6f:5b:7b:a8
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ2JRHzuQJeeeMjHfxEVl+vMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNDEzMjM1NDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGU2YzQyYTI2ZjBhYjZlOTRhODI4YzZmMzNkNjYxMGUzOGNmODI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRA/aSKPP4QyqKzaRmVy3RW+Ku7C
dH52YeA4ZiZ1uGkYmldN4ycJUEt8GgcB4SnqombZsrNMlLKmHvkENfl/QqQJ0qMo
5a11LYXOIUae5PVQVc7i35I0OsFJ94AdqqG+d4j6W2xF2AZtt0Mc9lQgiFKNOaAM
lQJe23ODEOB9R+cqqXr4907EeLloBWPS6gwQYI3Gx5aqFnxGAWgoXb7fGn+N8sKT
2FL3IUIVwhTsdT9Yvcytw4nBcoYRnJIcERXvME6SoNv9Xi+CDZmGawQ+tzvj3vIY
iVPYRk+HKr4stK/J+tWeGpboJPemYA/X3EzOJFS9XEmlvgnR4ELF/31SHQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPDmxCom8KtulKgoxvM9ZhDjjPgpMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvOE9iRUtpYndxMjZVcUNqRzh6MW1FT09NLUNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgaYAQAa
AwcAKgaYAQIjMA0GCSqGSIb3DQEBCwUAA4IBAQC3hIoVjFV1AKNmvOh1Vd5Q0ucf
Qx41uux6Q4ViDdZ3rZUb3L7Tcb7gwwT1d8BWKNNjwF85cKLIbTjy/E9ishS57H+c
RhTgaTR4Ew6aXVfVzDxmp3LmSOL9SenmYMwVZzBwomHiwFwR5xhnTq4TmAploo5+
uTzO/8+5pkZRnbmsAx6oSF40vbsCi0Ol7C5n5Yx15XNnC5pHuILllD1i2/6AhjuW
K53LKMlu87T/dvqJ8KDJ06k8bYfeHY1N3W0ICbyRD+GGbJ5ov8XiR/tx/r8kiLRK
8s+kmJMHoymnieNPk2e2fTtWzdPnYhdcSwzf1SEgjiANocu/+pNIiABvW3uo
-----END CERTIFICATE-----