Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/SHxB6bMvlx6JI-t5mmZ5yeF3FyQ.roa
File:                     SHxB6bMvlx6JI-t5mmZ5yeF3FyQ.roa (raw, json)
Hash identifier:          ybnh/F6NLZFLaFnJizz5HRUsYJvnBlmXNeXzZR7rbgk=
Subject key identifier:   48:7C:41:E9:B3:2F:97:1E:89:23:EB:79:9A:66:79:C9:E1:77:17:24
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019C8CCEC5B3EF548A5776E6C1FE4660A83B
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/SHxB6bMvlx6JI-t5mmZ5yeF3FyQ.roa
Signing time:             Mon 23 Feb 2026 23:21:27 +0000
ROA not before:           Mon 23 Feb 2026 23:21:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200840
IP address blocks:        2a06:9801:84::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 13:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8c:ce:c5:b3:ef:54:8a:57:76:e6:c1:fe:46:60:a8:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Feb 23 23:21:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=487c41e9b32f971e8923eb799a6679c9e1771724
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:df:76:3f:2d:1b:12:b3:24:5d:50:44:90:84:
                    3e:db:21:70:bb:59:d3:f9:40:3d:19:06:12:94:67:
                    fa:32:94:0b:fa:d9:86:32:29:14:13:3d:c5:67:e0:
                    dd:36:a7:16:dd:b8:63:c5:31:bc:99:5c:ce:40:a0:
                    42:bd:a1:f8:7c:44:eb:d1:86:8c:8b:7e:ff:69:0a:
                    c4:c5:3c:bd:2e:69:00:30:e5:7f:34:bd:3e:67:66:
                    5b:f1:6e:48:93:fe:21:4e:5c:38:16:ee:cd:d6:95:
                    f7:9a:51:2d:55:78:97:0c:ee:5f:58:87:69:03:9f:
                    ba:5b:4d:0f:53:8c:25:90:11:6d:b6:3d:32:23:88:
                    2b:8c:fa:66:8a:98:cd:25:1d:8b:2a:ca:c3:3d:04:
                    42:a6:38:8b:e4:4e:1b:51:44:6e:da:40:0a:58:30:
                    ee:21:16:60:b9:10:55:70:38:f1:e6:59:9a:67:3d:
                    83:b1:03:c5:21:e6:3e:50:48:68:44:63:f4:b3:4a:
                    5a:53:37:88:2b:6a:81:8c:c3:d8:7d:b3:b6:b7:f9:
                    10:a9:dd:6c:78:4f:6d:7a:b7:71:25:85:a9:50:71:
                    d0:ac:6a:aa:f7:8b:bc:41:54:05:2a:11:3e:e8:de:
                    08:ec:51:f8:b1:36:6b:94:df:2c:e6:c8:e1:6f:25:
                    28:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:7C:41:E9:B3:2F:97:1E:89:23:EB:79:9A:66:79:C9:E1:77:17:24
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/SHxB6bMvlx6JI-t5mmZ5yeF3FyQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:84::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:7b:d8:f3:17:11:de:d9:5d:66:05:2d:31:17:53:cb:a8:d0:
         bf:e7:08:96:db:ca:3d:e5:12:98:1f:38:37:00:3a:97:96:a6:
         7a:a5:84:ce:a6:0b:fe:24:07:9d:f4:c8:cd:c6:0d:55:e2:31:
         62:f8:b4:10:8b:cb:97:95:1b:6b:fc:38:de:d6:cb:31:2d:0f:
         9a:1a:df:b8:02:cd:7f:eb:0c:bc:02:29:e4:f7:92:43:6b:c7:
         7c:36:e4:60:22:42:59:dd:f8:8d:ea:f5:6f:d7:83:fa:1b:21:
         8c:5f:b9:fb:0d:c6:e4:d3:dc:36:7b:9d:e8:f4:c6:01:43:ab:
         11:7e:c6:f1:bb:79:cd:ed:81:76:2d:ee:19:6b:10:30:27:ee:
         00:e0:e1:d1:91:1d:af:39:5f:4f:89:20:4d:83:00:a6:90:b5:
         33:f0:ea:91:13:5c:2d:83:6d:e7:6c:d2:85:77:8b:62:f8:fd:
         82:69:f7:d1:57:ca:66:80:da:cf:e0:cb:c1:b7:d1:9a:88:85:
         96:0e:77:8f:74:59:85:fa:04:a4:2a:21:21:1d:95:d1:28:3c:
         56:81:5a:4f:f9:98:78:69:84:45:ff:ff:80:00:8e:71:71:2a:
         29:2b:67:4b:a8:c9:4c:08:57:3e:94:38:2e:4c:d6:3a:5a:12:
         3c:3e:10:bb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZyMzsWz71SKV3bmwf5GYKg7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwMjIzMjMyMTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODdjNDFlOWIzMmY5NzFlODkyM2ViNzk5YTY2NzljOWUxNzcxNzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAut92Py0bErMkXVBEkIQ+2yFwu1nT
+UA9GQYSlGf6MpQL+tmGMikUEz3FZ+DdNqcW3bhjxTG8mVzOQKBCvaH4fETr0YaM
i37/aQrExTy9LmkAMOV/NL0+Z2Zb8W5Ik/4hTlw4Fu7N1pX3mlEtVXiXDO5fWIdp
A5+6W00PU4wlkBFttj0yI4grjPpmipjNJR2LKsrDPQRCpjiL5E4bUURu2kAKWDDu
IRZguRBVcDjx5lmaZz2DsQPFIeY+UEhoRGP0s0paUzeIK2qBjMPYfbO2t/kQqd1s
eE9terdxJYWpUHHQrGqq94u8QVQFKhE+6N4I7FH4sTZrlN8s5sjhbyUoVQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEh8QemzL5ceiSPreZpmecnhdxckMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvU0h4QjZiTXZseDZKSS10NW1tWjV5ZUYzRnlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQCE
MA0GCSqGSIb3DQEBCwUAA4IBAQBLe9jzFxHe2V1mBS0xF1PLqNC/5wiW28o95RKY
Hzg3ADqXlqZ6pYTOpgv+JAed9MjNxg1V4jFi+LQQi8uXlRtr/Dje1ssxLQ+aGt+4
As1/6wy8Aink95JDa8d8NuRgIkJZ3fiN6vVv14P6GyGMX7n7Dcbk09w2e53o9MYB
Q6sRfsbxu3nN7YF2Le4ZaxAwJ+4A4OHRkR2vOV9PiSBNgwCmkLUz8OqRE1wtg23n
bNKFd4ti+P2CaffRV8pmgNrP4MvBt9GaiIWWDnePdFmF+gSkKiEhHZXRKDxWgVpP
+Zh4aYRF//+AAI5xcSopK2dLqMlMCFc+lDguTNY6WhI8PhC7
-----END CERTIFICATE-----