Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/Fxk6WigsX4MnDEFMvSlDK_8mnBA.roa
File:                     Fxk6WigsX4MnDEFMvSlDK_8mnBA.roa (raw, json)
Hash identifier:          HYodtTr2rGPA2oVajf4A7Arrm6JUy/8wjDGdGhZazJI=
Subject key identifier:   17:19:3A:5A:28:2C:5F:83:27:0C:41:4C:BD:29:43:2B:FF:26:9C:10
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019EB5008AD6FA47F6A6B7A8721C4F4538A0
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/Fxk6WigsX4MnDEFMvSlDK_8mnBA.roa
Signing time:             Thu 11 Jun 2026 04:46:11 +0000
ROA not before:           Thu 11 Jun 2026 04:46:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219519
IP address blocks:        2a06:9801:74c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b5:00:8a:d6:fa:47:f6:a6:b7:a8:72:1c:4f:45:38:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Jun 11 04:46:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=17193a5a282c5f83270c414cbd29432bff269c10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:31:79:a0:87:20:ec:ae:50:fb:f9:cf:e7:0b:
                    01:3d:97:49:62:5d:47:af:a7:03:11:09:7b:f5:13:
                    65:ff:77:42:e7:bf:6d:cb:25:4e:2b:1e:f2:eb:fa:
                    58:70:bf:ba:22:fb:ef:17:e4:a4:71:60:e7:b1:b3:
                    13:04:de:47:97:95:88:54:87:77:b7:b6:42:e2:e6:
                    58:96:56:a9:b3:36:16:06:c6:26:03:41:ea:98:d9:
                    ba:1a:fd:08:91:34:13:d0:55:ac:64:c8:7c:25:09:
                    f1:a3:a5:67:78:26:91:2c:39:dd:87:9c:ea:ae:85:
                    3f:79:8b:04:df:e8:4f:1b:2a:01:ed:1b:47:92:e6:
                    6b:ce:e0:28:b4:9c:98:8b:c9:47:47:d7:ee:64:eb:
                    e5:d2:f3:d9:1e:a1:f4:1d:ee:f7:aa:8b:97:90:80:
                    45:48:6b:e9:c5:7e:43:1c:66:be:98:fe:45:9a:1f:
                    b6:8f:1f:57:4d:34:c3:b2:f8:5c:05:43:a4:13:89:
                    7f:1e:41:34:04:00:fe:00:20:32:26:e8:bf:be:c0:
                    e3:81:23:79:85:ad:95:4c:ea:88:8c:70:38:db:1d:
                    af:44:53:54:92:4b:40:c4:ed:22:26:3f:86:39:86:
                    77:7c:8d:f2:42:88:d8:01:73:94:d2:e6:c8:f6:0d:
                    77:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:19:3A:5A:28:2C:5F:83:27:0C:41:4C:BD:29:43:2B:FF:26:9C:10
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/Fxk6WigsX4MnDEFMvSlDK_8mnBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:74c::/48

    Signature Algorithm: sha256WithRSAEncryption
         12:ee:ab:8c:9d:9a:63:62:ee:d3:4f:a7:1f:dd:98:4e:a2:32:
         f8:e8:57:da:ae:7a:e4:4e:e9:df:de:47:67:e7:b8:b8:93:ca:
         ff:96:6d:07:ce:4b:6a:64:2e:2c:c9:d8:03:4c:7f:67:b8:1e:
         52:81:09:5a:11:d7:ce:d2:95:66:49:97:cf:ad:8a:57:ea:1d:
         55:2f:32:48:8a:6b:0c:bb:7e:42:7d:c9:8c:26:12:30:c8:c9:
         10:e0:b1:dc:93:74:ea:1a:cb:cf:89:e0:03:90:a2:b2:d2:be:
         53:50:65:36:d3:59:b6:66:ac:f8:5d:58:5b:78:f2:94:59:db:
         b9:1b:cf:a7:5f:1b:5c:9a:3f:74:d2:27:d3:20:19:d2:5d:6f:
         4f:b7:76:d2:50:37:ed:6c:b3:e2:6c:61:79:17:41:e8:0c:9e:
         9c:dc:f7:61:c9:34:0e:ed:ee:bc:0b:3f:51:90:4d:c0:3c:84:
         75:e6:7a:ae:36:50:c8:79:1d:cd:90:1d:bb:db:68:80:dd:4b:
         53:a8:68:26:64:0f:5f:75:8b:3b:6a:6c:3a:e6:61:6c:ba:f9:
         2a:77:63:1a:67:cb:9d:3a:9f:06:7c:11:2c:ca:04:33:1d:fd:
         8b:fe:37:a5:bf:64:1e:17:60:dc:89:ac:4e:c6:b2:18:fb:fe:
         27:77:fb:5b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ61AIrW+kf2preochxPRTigMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNjExMDQ0NjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzE5M2E1YTI4MmM1ZjgzMjcwYzQxNGNiZDI5NDMyYmZmMjY5YzEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwjF5oIcg7K5Q+/nP5wsBPZdJYl1H
r6cDEQl79RNl/3dC579tyyVOKx7y6/pYcL+6IvvvF+SkcWDnsbMTBN5Hl5WIVId3
t7ZC4uZYllapszYWBsYmA0HqmNm6Gv0IkTQT0FWsZMh8JQnxo6VneCaRLDndh5zq
roU/eYsE3+hPGyoB7RtHkuZrzuAotJyYi8lHR9fuZOvl0vPZHqH0He73qouXkIBF
SGvpxX5DHGa+mP5Fmh+2jx9XTTTDsvhcBUOkE4l/HkE0BAD+ACAyJui/vsDjgSN5
ha2VTOqIjHA42x2vRFNUkktAxO0iJj+GOYZ3fI3yQojYAXOU0ubI9g13KwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBcZOlooLF+DJwxBTL0pQyv/JpwQMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvRnhrNldpZ3NYNE1uREVGTXZTbERLXzhtbkJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQdM
MA0GCSqGSIb3DQEBCwUAA4IBAQAS7quMnZpjYu7TT6cf3ZhOojL46FfarnrkTunf
3kdn57i4k8r/lm0HzktqZC4sydgDTH9nuB5SgQlaEdfO0pVmSZfPrYpX6h1VLzJI
imsMu35CfcmMJhIwyMkQ4LHck3TqGsvPieADkKKy0r5TUGU201m2Zqz4XVhbePKU
Wdu5G8+nXxtcmj900ifTIBnSXW9Pt3bSUDftbLPibGF5F0HoDJ6c3PdhyTQO7e68
Cz9RkE3APIR15nquNlDIeR3NkB2722iA3UtTqGgmZA9fdYs7amw65mFsuvkqd2Ma
Z8udOp8GfBEsygQzHf2L/jelv2QeF2DciaxOxrIY+/4nd/tb
-----END CERTIFICATE-----