Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/VFNhr5XSKNgkb0bJBVnpib0_JnI.roa
File:                     VFNhr5XSKNgkb0bJBVnpib0_JnI.roa (raw, json)
Hash identifier:          8XM0ujyS0XqjlraCgMjoVUmoGzsjU1Gc7u+Qp3s83NM=
Subject key identifier:   54:53:61:AF:95:D2:28:D8:24:6F:46:C9:05:59:E9:89:BD:3F:26:72
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019D988BA1797DBFFBCB85F1D5CC4B7659FD
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/VFNhr5XSKNgkb0bJBVnpib0_JnI.roa
Signing time:             Thu 16 Apr 2026 23:06:20 +0000
ROA not before:           Thu 16 Apr 2026 23:06:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198840
IP address blocks:        2a06:9801:22f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:98:8b:a1:79:7d:bf:fb:cb:85:f1:d5:cc:4b:76:59:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Apr 16 23:06:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=545361af95d228d8246f46c90559e989bd3f2672
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:9b:eb:8f:0a:ed:5b:1f:68:97:00:fc:d8:d9:
                    e3:e0:22:1b:fe:de:37:eb:33:99:67:80:1e:48:9f:
                    17:a0:ff:23:80:64:fd:1d:3e:ef:35:01:9a:95:a1:
                    31:1b:4c:d8:9a:08:82:6d:25:13:a8:80:11:8d:69:
                    f2:71:90:36:96:7b:c7:db:13:6d:69:1e:ff:1d:ee:
                    42:20:d3:97:a0:78:1e:05:12:33:b4:b5:7f:8d:98:
                    c3:76:73:f2:28:05:73:65:b9:26:ca:b5:73:04:d1:
                    9e:d8:99:54:09:a8:43:7c:3d:18:82:98:4f:de:e8:
                    f3:50:95:12:f8:b7:4e:a0:53:17:1d:50:65:07:ac:
                    d2:ab:4e:3f:e6:10:56:f3:fc:53:2c:62:43:ec:5f:
                    b1:d1:0e:64:62:9f:2d:28:63:de:be:dc:36:52:45:
                    2f:e5:3e:9a:fe:9a:64:c1:c2:6c:77:91:07:ba:f6:
                    52:28:85:0d:db:26:81:16:bf:25:19:06:20:c3:32:
                    8a:e2:61:62:96:37:c2:c0:fc:3a:46:6c:9e:08:3c:
                    c6:14:f0:bf:be:f3:bb:3f:80:c9:1c:d4:c0:96:ef:
                    a7:f8:90:b5:c9:e6:bb:a6:84:5a:6c:60:31:c0:83:
                    86:7c:0e:61:75:88:97:a1:c0:49:de:b4:0c:8b:be:
                    3c:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:53:61:AF:95:D2:28:D8:24:6F:46:C9:05:59:E9:89:BD:3F:26:72
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/VFNhr5XSKNgkb0bJBVnpib0_JnI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:22f::/48

    Signature Algorithm: sha256WithRSAEncryption
         27:a8:80:2a:15:70:a6:0b:ba:fc:c7:cc:14:6b:25:f6:9e:94:
         c9:e4:03:5c:4b:c9:73:90:3c:f8:a3:b3:7b:fd:05:d7:08:62:
         7f:4d:e7:9f:7b:b3:48:1a:3e:7c:9f:8c:ee:a9:a8:11:ce:44:
         64:34:7d:94:7a:d9:40:2d:56:d4:53:57:0d:df:21:f0:2b:cd:
         73:2c:bd:c7:b3:1a:19:08:28:a3:33:39:6e:b3:e0:44:90:23:
         0d:60:fc:cf:c0:e4:14:74:2c:c2:d6:22:0e:49:a3:2b:38:72:
         3c:eb:65:41:fb:b9:a0:f0:a1:a2:35:4d:6b:af:da:f6:2d:45:
         ca:38:ac:b8:48:9c:a7:a3:4a:82:8f:9e:8f:97:75:1b:3b:8a:
         05:2e:3c:a6:de:5c:65:8a:28:55:0c:f0:f2:bc:8d:62:54:c1:
         45:41:0c:99:ba:7b:e5:65:90:5c:a4:12:57:ab:8f:46:e4:7c:
         97:9a:ab:80:ab:7c:aa:79:67:bc:b5:22:f6:85:f6:f1:a4:5d:
         32:5f:f6:2b:34:56:ce:b0:a2:ab:3d:75:bc:c1:1c:1f:7f:57:
         28:a2:bd:7d:bc:a9:0e:d0:31:92:99:fb:13:64:e8:29:49:9b:
         f0:6f:2a:db:db:81:e2:f2:1e:91:ba:07:45:1c:b5:c5:8a:09:
         48:c9:cc:55
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ2Yi6F5fb/7y4Xx1cxLdln9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNDE2MjMwNjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDUzNjFhZjk1ZDIyOGQ4MjQ2ZjQ2YzkwNTU5ZTk4OWJkM2YyNjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAipvrjwrtWx9olwD82Nnj4CIb/t43
6zOZZ4AeSJ8XoP8jgGT9HT7vNQGalaExG0zYmgiCbSUTqIARjWnycZA2lnvH2xNt
aR7/He5CINOXoHgeBRIztLV/jZjDdnPyKAVzZbkmyrVzBNGe2JlUCahDfD0YgphP
3ujzUJUS+LdOoFMXHVBlB6zSq04/5hBW8/xTLGJD7F+x0Q5kYp8tKGPevtw2UkUv
5T6a/ppkwcJsd5EHuvZSKIUN2yaBFr8lGQYgwzKK4mFiljfCwPw6RmyeCDzGFPC/
vvO7P4DJHNTAlu+n+JC1yea7poRabGAxwIOGfA5hdYiXocBJ3rQMi7489QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFRTYa+V0ijYJG9GyQVZ6Ym9PyZyMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvVkZOaHI1WFNLTmdrYjBiSkJWbnBpYjBfSm5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQIv
MA0GCSqGSIb3DQEBCwUAA4IBAQAnqIAqFXCmC7r8x8wUayX2npTJ5ANcS8lzkDz4
o7N7/QXXCGJ/Teefe7NIGj58n4zuqagRzkRkNH2UetlALVbUU1cN3yHwK81zLL3H
sxoZCCijMzlus+BEkCMNYPzPwOQUdCzC1iIOSaMrOHI862VB+7mg8KGiNU1rr9r2
LUXKOKy4SJyno0qCj56Pl3UbO4oFLjym3lxliihVDPDyvI1iVMFFQQyZunvlZZBc
pBJXq49G5HyXmquAq3yqeWe8tSL2hfbxpF0yX/YrNFbOsKKrPXW8wRwff1coor19
vKkO0DGSmfsTZOgpSZvwbyrb24Hi8h6RugdFHLXFiglIycxV
-----END CERTIFICATE-----