Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/SJaa15Si6wlW0pGVl68zX2YVrXc.roa
File:                     SJaa15Si6wlW0pGVl68zX2YVrXc.roa (raw, json)
Hash identifier:          ShEpXy8YSo3VE0OaU3ivVfPHvK0ul8YGmTKn2iFT+uI=
Subject key identifier:   48:96:9A:D7:94:A2:EB:09:56:D2:91:95:97:AF:33:5F:66:15:AD:77
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019EADBEEF29891DC885D3D616567569113D
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/SJaa15Si6wlW0pGVl68zX2YVrXc.roa
Signing time:             Tue 09 Jun 2026 18:57:11 +0000
ROA not before:           Tue 09 Jun 2026 18:57:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199829
IP address blocks:        2a06:9801:7b0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ad:be:ef:29:89:1d:c8:85:d3:d6:16:56:75:69:11:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Jun  9 18:57:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=48969ad794a2eb0956d2919597af335f6615ad77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:4d:a6:a6:ae:1f:b0:78:58:52:09:45:95:14:
                    cd:b1:44:8f:88:7f:cf:c6:46:8f:c2:0a:a0:6e:57:
                    6e:09:a9:13:03:2c:58:63:cc:67:5e:83:dd:81:ff:
                    9c:7c:57:62:37:67:e9:bd:cc:09:d3:58:44:6f:45:
                    fd:7e:32:be:60:46:27:94:00:df:16:c4:09:27:bb:
                    76:3c:65:7a:8a:cc:ab:83:3d:a3:0b:93:8d:8a:0d:
                    2c:30:40:9c:14:64:d4:03:ac:4d:d3:33:95:55:1e:
                    6d:e4:8d:c1:ef:20:a9:b6:5a:a8:20:16:70:53:fd:
                    27:7d:b0:e4:b3:46:c6:21:df:31:ce:10:14:24:00:
                    d6:32:51:73:70:a0:17:46:b0:a5:4e:02:f5:89:f6:
                    1c:80:70:dc:da:62:68:5e:cc:17:6c:d1:07:0b:c4:
                    1b:b4:15:8d:dc:66:ef:af:12:8b:7a:e9:74:4d:73:
                    16:1e:76:10:91:52:bd:7b:b7:51:56:fb:7e:01:1d:
                    ca:18:b2:a2:51:8f:a0:ff:37:c3:af:43:7f:b2:20:
                    2f:66:17:ab:56:e6:91:c9:5d:3f:b0:04:30:7a:05:
                    61:a2:e0:f3:03:21:48:ef:4d:93:b8:bb:81:55:5d:
                    c7:d0:15:ed:e9:40:75:9c:81:07:58:8c:6b:f7:ad:
                    06:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:96:9A:D7:94:A2:EB:09:56:D2:91:95:97:AF:33:5F:66:15:AD:77
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/SJaa15Si6wlW0pGVl68zX2YVrXc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:7b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         91:2f:b8:c3:72:96:b6:a0:4f:de:c1:2f:31:21:ff:b4:6e:0c:
         40:b0:84:cd:1d:24:57:26:a8:81:04:38:f2:3f:b2:e8:bb:52:
         e3:cc:e6:5e:7d:e1:dc:e9:be:8e:5e:19:07:6d:12:48:4b:db:
         3a:2c:a7:e7:01:2a:48:6f:53:99:bc:23:a1:fa:8b:eb:27:ab:
         9f:52:ba:fc:a0:d8:6a:64:39:82:12:97:0c:4c:65:08:9a:66:
         df:cc:d9:c5:9d:73:2c:4f:9b:ac:9d:03:68:ca:f3:80:b7:cc:
         1d:e3:33:87:6f:41:9d:6c:89:43:ff:98:fc:0e:60:13:3e:6c:
         be:e6:47:c9:ea:8b:bb:34:05:0b:b0:c3:7c:df:a7:47:31:70:
         08:1f:00:ec:c2:30:2f:ed:ae:58:77:a3:6c:06:2e:b2:d9:a8:
         1b:73:38:9c:82:2f:20:56:03:1a:a6:a1:b2:87:9e:d8:45:d1:
         f8:b3:0a:20:c7:e2:b2:37:85:e1:d1:6d:2d:ae:1a:96:b1:ac:
         c9:e0:71:8b:b1:6d:ab:72:52:6e:eb:05:c2:a8:6e:10:81:38:
         97:20:aa:c0:2c:ed:49:5b:b2:b4:71:11:56:d8:28:7a:de:6d:
         6b:60:0b:b4:4c:e8:45:59:a1:4d:f1:3c:55:1b:a1:ac:b5:e2:
         c7:49:58:b2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ6tvu8piR3IhdPWFlZ1aRE9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNjA5MTg1NzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODk2OWFkNzk0YTJlYjA5NTZkMjkxOTU5N2FmMzM1ZjY2MTVhZDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvE2mpq4fsHhYUglFlRTNsUSPiH/P
xkaPwgqgblduCakTAyxYY8xnXoPdgf+cfFdiN2fpvcwJ01hEb0X9fjK+YEYnlADf
FsQJJ7t2PGV6isyrgz2jC5ONig0sMECcFGTUA6xN0zOVVR5t5I3B7yCptlqoIBZw
U/0nfbDks0bGId8xzhAUJADWMlFzcKAXRrClTgL1ifYcgHDc2mJoXswXbNEHC8Qb
tBWN3GbvrxKLeul0TXMWHnYQkVK9e7dRVvt+AR3KGLKiUY+g/zfDr0N/siAvZher
VuaRyV0/sAQwegVhouDzAyFI702TuLuBVV3H0BXt6UB1nIEHWIxr960GYQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEiWmteUousJVtKRlZevM19mFa13MB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvU0phYTE1U2k2d2xXMHBHVmw2OHpYMllWclhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgaYAQew
MA0GCSqGSIb3DQEBCwUAA4IBAQCRL7jDcpa2oE/ewS8xIf+0bgxAsITNHSRXJqiB
BDjyP7Lou1LjzOZefeHc6b6OXhkHbRJIS9s6LKfnASpIb1OZvCOh+ovrJ6ufUrr8
oNhqZDmCEpcMTGUImmbfzNnFnXMsT5usnQNoyvOAt8wd4zOHb0GdbIlD/5j8DmAT
Pmy+5kfJ6ou7NAULsMN836dHMXAIHwDswjAv7a5Yd6NsBi6y2agbczicgi8gVgMa
pqGyh57YRdH4swogx+KyN4Xh0W0trhqWsazJ4HGLsW2rclJu6wXCqG4QgTiXIKrA
LO1JW7K0cRFW2Ch63m1rYAu0TOhFWaFN8TxVG6GsteLHSViy
-----END CERTIFICATE-----