Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/UNsAwGOkjKhMaqshZhF24sOtr24.roa
File:                     UNsAwGOkjKhMaqshZhF24sOtr24.roa (raw, json)
Hash identifier:          qqMPnFLoCDJQa3VH137bp+K6IKNk+olzwRMElMZHyH8=
Subject key identifier:   50:DB:00:C0:63:A4:8C:A8:4C:6A:AB:21:66:11:76:E2:C3:AD:AF:6E
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019EACF28C21902C115281A3CFC4FD8AA1DB
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/UNsAwGOkjKhMaqshZhF24sOtr24.roa
Signing time:             Tue 09 Jun 2026 15:13:57 +0000
ROA not before:           Tue 09 Jun 2026 15:13:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219483
IP address blocks:        2a06:9801:2bb::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ac:f2:8c:21:90:2c:11:52:81:a3:cf:c4:fd:8a:a1:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Jun  9 15:13:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=50db00c063a48ca84c6aab21661176e2c3adaf6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:26:3e:f6:25:84:5f:be:77:e7:4c:32:d3:38:
                    90:03:08:28:86:84:74:71:b6:0a:94:c3:ac:38:21:
                    81:c2:64:b8:8d:5f:9c:c4:91:59:7f:f1:59:76:aa:
                    18:6c:0c:de:e2:50:ba:07:7a:9a:50:6f:da:2e:82:
                    5f:3c:b2:2a:54:4a:3b:99:4d:33:58:08:87:ca:6e:
                    4c:d1:85:bb:55:1f:07:cf:bf:67:f3:c9:ef:5e:61:
                    57:c9:ec:19:c1:36:c0:82:b4:dd:b3:7b:60:57:49:
                    dd:73:bf:7f:d5:b5:9e:f6:46:41:fa:b4:f6:36:4b:
                    c6:ee:98:bc:20:f1:5a:85:10:7f:ca:2f:50:49:d4:
                    9b:e3:8d:61:cd:3c:ad:4f:9e:8e:3c:f4:c0:67:87:
                    04:e5:cc:10:a3:76:d5:5a:f8:63:44:f3:b6:0c:ce:
                    b6:37:57:6f:3d:c0:16:1a:e6:ce:0a:b0:52:6b:89:
                    4d:69:20:9d:ba:c0:bf:a2:f8:a1:f7:7a:fe:fe:40:
                    97:9b:5f:2e:25:a2:26:e7:93:e6:73:9f:87:5f:b8:
                    14:d8:2f:a6:c3:f1:64:64:0a:77:58:8f:2f:1b:27:
                    65:20:21:64:1c:d4:8c:62:0a:2f:21:d2:7c:3d:ba:
                    34:cd:21:7d:fc:a5:c2:33:a0:0b:79:03:96:e7:0d:
                    f7:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:DB:00:C0:63:A4:8C:A8:4C:6A:AB:21:66:11:76:E2:C3:AD:AF:6E
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/UNsAwGOkjKhMaqshZhF24sOtr24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:2bb::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:d0:91:9a:83:4f:90:c7:1f:72:19:71:70:c4:cc:3e:e9:43:
         b1:3b:1b:a7:b4:ff:62:1f:52:4b:9b:39:dd:9f:26:c0:55:24:
         af:f8:62:e6:d6:5f:8c:a1:be:ff:6b:8d:08:9e:db:46:44:8a:
         16:13:11:74:38:8e:c7:a0:f9:5a:a6:bd:90:44:3b:09:75:17:
         97:e5:d2:f6:fd:d5:b4:f6:95:e8:28:88:3b:e0:ef:22:b5:56:
         31:1b:2c:ab:5f:a3:6e:3d:1c:c6:ff:0c:77:3b:cc:11:e9:74:
         83:b8:3a:47:46:e1:33:18:52:46:9a:13:81:68:cd:94:9a:7b:
         35:32:85:dd:f6:27:a9:08:dd:70:ae:79:98:77:23:a9:12:25:
         43:87:b8:c7:7e:3f:43:a0:b6:53:d1:0e:17:7d:e5:72:be:99:
         53:5d:66:15:94:32:cc:13:f3:ea:d3:43:3f:5a:23:fa:72:b0:
         46:2b:88:c1:0b:37:d6:29:0f:5e:cf:e7:9f:c2:14:d7:65:49:
         90:94:c3:60:61:d6:89:5b:e6:10:08:d7:07:c1:2f:bd:61:b2:
         32:d3:4a:bc:56:89:a3:9a:57:3a:7e:85:e0:88:76:ee:ba:02:
         27:bd:fd:6c:18:5a:19:16:57:e1:1f:a8:94:81:0c:78:e2:67:
         c8:e5:1b:df
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ6s8owhkCwRUoGjz8T9iqHbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNjA5MTUxMzU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGRiMDBjMDYzYTQ4Y2E4NGM2YWFiMjE2NjExNzZlMmMzYWRhZjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqCY+9iWEX75350wy0ziQAwgohoR0
cbYKlMOsOCGBwmS4jV+cxJFZf/FZdqoYbAze4lC6B3qaUG/aLoJfPLIqVEo7mU0z
WAiHym5M0YW7VR8Hz79n88nvXmFXyewZwTbAgrTds3tgV0ndc79/1bWe9kZB+rT2
NkvG7pi8IPFahRB/yi9QSdSb441hzTytT56OPPTAZ4cE5cwQo3bVWvhjRPO2DM62
N1dvPcAWGubOCrBSa4lNaSCdusC/ovih93r+/kCXm18uJaIm55Pmc5+HX7gU2C+m
w/FkZAp3WI8vGydlICFkHNSMYgovIdJ8Pbo0zSF9/KXCM6ALeQOW5w33YQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFDbAMBjpIyoTGqrIWYRduLDra9uMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvVU5zQXdHT2tqS2hNYXFzaFpoRjI0c090cjI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQK7
MA0GCSqGSIb3DQEBCwUAA4IBAQAr0JGag0+Qxx9yGXFwxMw+6UOxOxuntP9iH1JL
mzndnybAVSSv+GLm1l+Mob7/a40InttGRIoWExF0OI7HoPlapr2QRDsJdReX5dL2
/dW09pXoKIg74O8itVYxGyyrX6NuPRzG/wx3O8wR6XSDuDpHRuEzGFJGmhOBaM2U
mns1MoXd9iepCN1wrnmYdyOpEiVDh7jHfj9DoLZT0Q4XfeVyvplTXWYVlDLME/Pq
00M/WiP6crBGK4jBCzfWKQ9ez+efwhTXZUmQlMNgYdaJW+YQCNcHwS+9YbIy00q8
Vomjmlc6foXgiHbuugInvf1sGFoZFlfhH6iUgQx44mfI5Rvf
-----END CERTIFICATE-----