Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/I0CsBeWRIYCibmM4KN1v_eEPXMQ.roa
File:                     I0CsBeWRIYCibmM4KN1v_eEPXMQ.roa (raw, json)
Hash identifier:          SkHCCjNehXno95rKHeo5cot13th5I1X/p97CGQ/jvX4=
Subject key identifier:   23:40:AC:05:E5:91:21:80:A2:6E:63:38:28:DD:6F:FD:E1:0F:5C:C4
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019E64C1683AE4365704136127E30D3E7C2F
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/I0CsBeWRIYCibmM4KN1v_eEPXMQ.roa
Signing time:             Tue 26 May 2026 14:47:37 +0000
ROA not before:           Tue 26 May 2026 14:47:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200084
IP address blocks:        2a06:9801:cc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:64:c1:68:3a:e4:36:57:04:13:61:27:e3:0d:3e:7c:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: May 26 14:47:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2340ac05e5912180a26e633828dd6ffde10f5cc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:f4:c6:45:32:30:de:b9:64:11:fc:4a:79:b8:
                    b7:ce:74:81:d2:44:e1:46:d6:af:69:a3:fb:e0:0a:
                    03:f1:1c:80:70:76:53:e9:03:16:54:6b:ba:1b:eb:
                    5c:7b:0c:d8:88:af:50:55:ff:a8:c6:3e:f5:ed:23:
                    02:e2:c4:b6:e0:8d:05:67:bd:51:69:33:81:c1:0c:
                    15:63:60:b4:08:fa:1d:5c:3a:75:6f:d2:3d:a6:23:
                    20:e6:70:90:a9:44:6d:cc:d9:d9:88:ae:4b:41:96:
                    bb:28:94:9b:75:3e:e5:6a:e5:ef:60:66:ab:9a:cf:
                    eb:08:7a:51:21:30:70:17:8a:74:b5:62:5c:59:f6:
                    6e:9c:b7:bb:c2:ba:6d:17:25:cd:0e:64:20:dc:18:
                    57:15:e6:44:6c:9c:8c:29:0f:33:35:be:fc:6b:55:
                    61:2e:0c:8d:f3:50:47:cb:2e:a8:7f:00:df:ca:8d:
                    b7:f8:e8:42:de:82:81:11:20:80:6d:e8:5d:99:48:
                    c8:cd:5d:a8:90:db:27:7d:86:de:80:8f:3e:e6:38:
                    4d:96:b3:9b:82:38:16:d7:9b:3b:03:82:ad:8f:00:
                    2c:73:15:5e:30:9e:97:56:0c:12:43:45:c1:ae:1d:
                    c9:c7:3e:fb:79:8a:b7:34:bf:6f:38:8b:48:2f:cf:
                    86:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:40:AC:05:E5:91:21:80:A2:6E:63:38:28:DD:6F:FD:E1:0F:5C:C4
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/I0CsBeWRIYCibmM4KN1v_eEPXMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:cc::/48

    Signature Algorithm: sha256WithRSAEncryption
         17:c5:56:f6:1a:89:04:af:66:5a:68:25:74:83:15:88:62:87:
         71:b5:ed:a6:82:aa:10:8f:77:10:ba:1c:50:ec:91:81:9a:64:
         c0:a0:e6:73:c9:3e:f5:92:45:0e:5c:65:98:3d:fe:1e:69:20:
         ba:96:c9:c1:21:47:79:3c:c0:cb:d6:21:fd:0a:14:f3:c8:2a:
         18:e3:f4:78:72:4f:76:fe:a0:3a:0d:ce:21:18:27:c2:df:7e:
         c1:e5:6f:03:9a:c4:eb:1a:51:45:58:54:bc:63:12:ba:f1:55:
         30:92:70:70:36:ef:43:41:a3:ac:5f:15:55:81:21:99:03:a1:
         83:2d:3f:27:23:10:20:fd:87:e9:60:70:47:b0:5e:a3:22:1f:
         db:54:9c:a5:dc:9b:4c:6c:2c:cd:4a:83:4c:9e:e1:3a:b6:c3:
         e6:42:a0:8c:ae:8f:71:f9:e6:8c:8c:3a:41:68:2e:e0:01:83:
         0d:ee:16:98:26:e5:4b:1a:89:95:43:3a:1a:74:b1:42:02:c3:
         20:51:d3:aa:d8:56:fa:69:7a:65:c6:ea:9b:63:f1:48:91:be:
         33:df:6a:63:56:40:09:95:f1:4e:40:38:ec:ad:b5:5e:b6:38:
         fd:0a:dc:9f:f8:65:8a:bf:25:14:eb:92:01:31:4d:8c:f6:64:
         23:61:e3:2d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ5kwWg65DZXBBNhJ+MNPnwvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNTI2MTQ0NzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzQwYWMwNWU1OTEyMTgwYTI2ZTYzMzgyOGRkNmZmZGUxMGY1Y2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3/TGRTIw3rlkEfxKebi3znSB0kTh
RtavaaP74AoD8RyAcHZT6QMWVGu6G+tcewzYiK9QVf+oxj717SMC4sS24I0FZ71R
aTOBwQwVY2C0CPodXDp1b9I9piMg5nCQqURtzNnZiK5LQZa7KJSbdT7lauXvYGar
ms/rCHpRITBwF4p0tWJcWfZunLe7wrptFyXNDmQg3BhXFeZEbJyMKQ8zNb78a1Vh
LgyN81BHyy6ofwDfyo23+OhC3oKBESCAbehdmUjIzV2okNsnfYbegI8+5jhNlrOb
gjgW15s7A4KtjwAscxVeMJ6XVgwSQ0XBrh3Jxz77eYq3NL9vOItIL8+G9wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCNArAXlkSGAom5jOCjdb/3hD1zEMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvSTBDc0JlV1JJWUNpYm1NNEtOMXZfZUVQWE1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQDM
MA0GCSqGSIb3DQEBCwUAA4IBAQAXxVb2GokEr2ZaaCV0gxWIYodxte2mgqoQj3cQ
uhxQ7JGBmmTAoOZzyT71kkUOXGWYPf4eaSC6lsnBIUd5PMDL1iH9ChTzyCoY4/R4
ck92/qA6Dc4hGCfC337B5W8DmsTrGlFFWFS8YxK68VUwknBwNu9DQaOsXxVVgSGZ
A6GDLT8nIxAg/YfpYHBHsF6jIh/bVJyl3JtMbCzNSoNMnuE6tsPmQqCMro9x+eaM
jDpBaC7gAYMN7haYJuVLGomVQzoadLFCAsMgUdOq2Fb6aXplxuqbY/FIkb4z32pj
VkAJlfFOQDjsrbVetjj9Ctyf+GWKvyUU65IBMU2M9mQjYeMt
-----END CERTIFICATE-----