Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/CAL-xYUUfvA6jJ-FAzNXspIkdVQ.roa
File:                     CAL-xYUUfvA6jJ-FAzNXspIkdVQ.roa (raw, json)
Hash identifier:          BABLo9lV+to8qkyjreXzr8Jp3fnTRnEzHxGr+0isxO8=
Subject key identifier:   08:02:FE:C5:85:14:7E:F0:3A:8C:9F:85:03:33:57:B2:92:24:75:54
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019D4152CA2F9E844FFA749396E83F6CC5A8
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/CAL-xYUUfvA6jJ-FAzNXspIkdVQ.roa
Signing time:             Tue 31 Mar 2026 00:37:17 +0000
ROA not before:           Tue 31 Mar 2026 00:37:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199626
IP address blocks:        2a06:9801:26b::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:41:52:ca:2f:9e:84:4f:fa:74:93:96:e8:3f:6c:c5:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Mar 31 00:37:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0802fec585147ef03a8c9f85033357b292247554
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:6d:94:e0:e8:b8:93:81:78:f6:1c:2d:10:53:
                    03:47:25:e8:c8:e0:c9:33:9c:2f:8f:44:7f:6e:66:
                    45:02:18:0e:c7:e5:40:b6:12:e8:e2:ff:f3:ca:a0:
                    bd:da:83:ae:92:c1:fd:88:21:6c:f0:08:74:9d:09:
                    94:08:81:96:fe:84:4d:66:27:4f:24:3e:ca:6a:a7:
                    d5:cb:e8:46:58:f9:e7:8a:f9:68:88:94:22:eb:41:
                    d2:59:87:ae:20:68:8c:5c:29:13:be:70:84:bd:da:
                    43:05:f7:2d:4b:c6:e6:f5:05:5e:73:46:04:bf:d7:
                    cb:89:28:18:8f:9e:cb:cb:fe:96:b5:3b:40:5c:fa:
                    bd:14:ec:a6:d1:25:97:6f:ef:22:26:ea:f0:dd:06:
                    0b:7f:37:fa:76:c2:1a:6a:d4:4f:cd:2f:3a:3d:98:
                    40:4d:4f:04:ca:35:c9:fb:15:2b:06:42:fe:69:4b:
                    45:3b:5f:ec:c8:df:f9:64:5f:a0:d7:a6:dc:e5:91:
                    d4:b6:86:e8:dd:51:f5:dc:03:0e:1f:ea:57:dd:5c:
                    5e:81:8e:75:c1:82:a1:d1:0d:5c:d5:40:9a:68:49:
                    bd:83:0a:9e:b6:a3:c2:92:a6:30:a0:db:45:6d:1e:
                    32:b7:5b:9e:69:08:7d:ee:55:28:65:89:48:cc:11:
                    43:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:02:FE:C5:85:14:7E:F0:3A:8C:9F:85:03:33:57:B2:92:24:75:54
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/CAL-xYUUfvA6jJ-FAzNXspIkdVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:26b::/48

    Signature Algorithm: sha256WithRSAEncryption
         b6:ae:4a:16:6a:ba:4a:21:3a:2e:02:54:37:6a:1b:20:ea:4f:
         31:ae:f6:23:70:85:73:cc:9c:de:c6:17:e0:67:a0:7f:f3:bc:
         9a:4a:2e:26:37:17:7d:d4:72:63:03:0f:7d:ab:5b:a4:8b:24:
         6a:20:69:2e:02:7f:05:db:6a:fd:c6:13:8e:2c:87:18:0c:70:
         a1:13:64:f8:b6:38:23:37:8a:02:10:cd:de:17:86:d3:ce:b6:
         a8:07:53:6d:44:96:6e:74:e1:8f:d7:95:61:60:64:a5:df:37:
         6d:f7:4d:85:c7:8b:44:02:72:98:34:6f:cf:bc:ec:2d:a7:89:
         fb:7d:49:e5:c4:62:3e:fc:4b:78:a0:b8:24:19:bf:e8:2d:61:
         8e:bf:94:a2:4d:02:71:91:a4:70:4a:51:e0:aa:2d:f4:23:43:
         70:5d:e7:1f:70:99:3d:62:54:ce:ef:eb:bc:37:c2:38:25:8c:
         1c:d8:92:1b:3e:cb:05:c6:51:4c:fa:3b:71:39:48:b9:fc:57:
         ab:63:7e:af:4e:2d:0f:b4:ba:e4:53:d3:e3:2a:4c:82:30:0f:
         39:b5:d7:a6:3f:be:7d:b2:97:d0:f0:b1:d2:2a:17:64:07:4b:
         e5:ab:31:af:0b:14:b8:9f:b6:21:5c:cd:69:e1:60:00:4a:be:
         80:a9:15:af
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ1BUsovnoRP+nSTlug/bMWoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwMzMxMDAzNzE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODAyZmVjNTg1MTQ3ZWYwM2E4YzlmODUwMzMzNTdiMjkyMjQ3NTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3W2U4Oi4k4F49hwtEFMDRyXoyODJ
M5wvj0R/bmZFAhgOx+VAthLo4v/zyqC92oOuksH9iCFs8Ah0nQmUCIGW/oRNZidP
JD7KaqfVy+hGWPnnivloiJQi60HSWYeuIGiMXCkTvnCEvdpDBfctS8bm9QVec0YE
v9fLiSgYj57Ly/6WtTtAXPq9FOym0SWXb+8iJurw3QYLfzf6dsIaatRPzS86PZhA
TU8EyjXJ+xUrBkL+aUtFO1/syN/5ZF+g16bc5ZHUtobo3VH13AMOH+pX3VxegY51
wYKh0Q1c1UCaaEm9gwqetqPCkqYwoNtFbR4yt1ueaQh97lUoZYlIzBFDFwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAgC/sWFFH7wOoyfhQMzV7KSJHVUMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvQ0FMLXhZVVVmdkE2akotRkF6TlhzcElrZFZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQJr
MA0GCSqGSIb3DQEBCwUAA4IBAQC2rkoWarpKITouAlQ3ahsg6k8xrvYjcIVzzJze
xhfgZ6B/87yaSi4mNxd91HJjAw99q1ukiyRqIGkuAn8F22r9xhOOLIcYDHChE2T4
tjgjN4oCEM3eF4bTzraoB1NtRJZudOGP15VhYGSl3zdt902Fx4tEAnKYNG/PvOwt
p4n7fUnlxGI+/Et4oLgkGb/oLWGOv5SiTQJxkaRwSlHgqi30I0NwXecfcJk9YlTO
7+u8N8I4JYwc2JIbPssFxlFM+jtxOUi5/FerY36vTi0PtLrkU9PjKkyCMA85tdem
P759spfQ8LHSKhdkB0vlqzGvCxS4n7YhXM1p4WAASr6AqRWv
-----END CERTIFICATE-----