Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/VQymcpRc4q5C2kWmvIm-soEs5ZE.roa
File:                     VQymcpRc4q5C2kWmvIm-soEs5ZE.roa (raw, json)
Hash identifier:          bhSRYNcmibPWN7xWR6A5n1uxplfjGWdvxtHLtXIG6hM=
Subject key identifier:   55:0C:A6:72:94:5C:E2:AE:42:DA:45:A6:BC:89:BE:B2:81:2C:E5:91
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019E64C168AB6D1D097755DF36525EB98321
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/VQymcpRc4q5C2kWmvIm-soEs5ZE.roa
Signing time:             Tue 26 May 2026 14:47:37 +0000
ROA not before:           Tue 26 May 2026 14:47:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201002
IP address blocks:        2a06:9801:250::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 23:31:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:64:c1:68:ab:6d:1d:09:77:55:df:36:52:5e:b9:83:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: May 26 14:47:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=550ca672945ce2ae42da45a6bc89beb2812ce591
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:6f:66:d9:87:6b:51:87:28:62:1d:6f:69:1a:
                    a4:29:a2:60:49:b6:b9:8a:8e:d4:2e:38:23:51:d7:
                    6e:b1:4b:3e:e4:75:0a:11:a4:a2:a3:ab:ec:14:ad:
                    e6:bb:55:79:fc:df:d5:9c:f5:ed:ed:75:97:d5:34:
                    57:c0:5d:5e:e2:7a:98:3b:c7:2a:a4:81:a4:fa:86:
                    61:7b:eb:fd:2c:54:d2:20:b8:2f:67:96:3c:5e:03:
                    2e:d7:5b:3a:ef:65:92:36:f7:7c:9f:c9:7b:ec:0c:
                    8a:66:c1:e6:e8:82:16:7b:36:67:91:3d:48:8b:16:
                    80:c5:46:c1:eb:73:58:56:50:1d:4f:76:13:df:e6:
                    37:a8:81:6e:84:b0:0f:e2:cf:51:f4:3f:52:5f:3f:
                    fb:ab:1c:a2:54:dc:c3:fc:15:89:8b:a3:1f:2b:aa:
                    59:60:0e:07:8b:17:ee:d2:b7:91:b1:98:45:8f:14:
                    4b:48:26:fc:37:a9:e4:9a:52:f1:9f:c9:ff:31:3d:
                    af:a3:cc:0e:23:9d:b8:f0:f0:d6:2a:08:7c:c3:63:
                    e5:96:90:0e:b7:13:9a:02:66:0c:48:89:02:e8:ce:
                    27:57:08:66:81:d4:ed:54:6a:0b:af:b4:46:1c:2b:
                    1a:94:e6:c2:26:c8:02:ba:d7:fe:24:4c:d7:ca:40:
                    f4:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:0C:A6:72:94:5C:E2:AE:42:DA:45:A6:BC:89:BE:B2:81:2C:E5:91
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/VQymcpRc4q5C2kWmvIm-soEs5ZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:250::/44

    Signature Algorithm: sha256WithRSAEncryption
         84:95:55:ef:7e:4d:43:61:cd:dd:6c:9b:90:1b:ff:35:59:59:
         7a:99:8a:7f:0d:27:6b:d2:91:f7:56:07:d4:3d:02:0b:6b:db:
         6b:37:19:33:2b:5f:d1:d5:f2:83:42:fe:8e:ae:19:c3:3c:18:
         4e:db:f0:00:28:bb:af:50:5a:84:a5:03:4c:d8:04:37:00:5b:
         96:d3:be:c8:90:ef:3f:c8:ca:9e:fb:66:f2:29:0c:a5:04:05:
         1b:dd:64:59:af:97:56:c4:1d:1a:bd:70:91:34:1c:4f:dc:61:
         10:5c:03:80:b7:06:05:44:0f:ed:10:6d:1f:58:9d:35:3b:2c:
         7a:46:0c:8d:56:1c:5c:80:a7:1f:94:0d:c9:44:70:7f:59:cb:
         b5:00:86:48:22:de:f5:6a:d6:49:7f:7d:2f:13:06:65:8b:56:
         a2:fa:d5:b7:6e:56:dc:72:cb:0a:f9:0b:12:0d:f7:96:33:fa:
         20:4c:3b:57:fc:9b:53:dc:b6:10:8d:18:7e:ba:80:27:cf:61:
         c1:4d:69:84:18:07:fc:c2:f5:13:33:f7:57:21:f7:a4:43:35:
         45:da:06:69:87:8c:1e:71:e5:1b:02:4e:ce:8d:46:2e:ac:3d:
         9f:d4:cb:28:1f:3a:89:02:ca:d2:cc:57:b8:70:73:0e:04:90:
         56:dd:cf:f5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ5kwWirbR0Jd1XfNlJeuYMhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNTI2MTQ0NzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTBjYTY3Mjk0NWNlMmFlNDJkYTQ1YTZiYzg5YmViMjgxMmNlNTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoG9m2YdrUYcoYh1vaRqkKaJgSba5
io7ULjgjUddusUs+5HUKEaSio6vsFK3mu1V5/N/VnPXt7XWX1TRXwF1e4nqYO8cq
pIGk+oZhe+v9LFTSILgvZ5Y8XgMu11s672WSNvd8n8l77AyKZsHm6IIWezZnkT1I
ixaAxUbB63NYVlAdT3YT3+Y3qIFuhLAP4s9R9D9SXz/7qxyiVNzD/BWJi6MfK6pZ
YA4Hixfu0reRsZhFjxRLSCb8N6nkmlLxn8n/MT2vo8wOI5248PDWKgh8w2PllpAO
txOaAmYMSIkC6M4nVwhmgdTtVGoLr7RGHCsalObCJsgCutf+JEzXykD0kwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFUMpnKUXOKuQtpFpryJvrKBLOWRMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvVlF5bWNwUmM0cTVDMmtXbXZJbS1zb0VzNVpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgaYAQJQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCElVXvfk1DYc3dbJuQG/81WVl6mYp/DSdr0pH3
VgfUPQILa9trNxkzK1/R1fKDQv6OrhnDPBhO2/AAKLuvUFqEpQNM2AQ3AFuW077I
kO8/yMqe+2byKQylBAUb3WRZr5dWxB0avXCRNBxP3GEQXAOAtwYFRA/tEG0fWJ01
Oyx6RgyNVhxcgKcflA3JRHB/Wcu1AIZIIt71atZJf30vEwZli1ai+tW3blbccssK
+QsSDfeWM/ogTDtX/JtT3LYQjRh+uoAnz2HBTWmEGAf8wvUTM/dXIfekQzVF2gZp
h4weceUbAk7OjUYurD2f1MsoHzqJAsrSzFe4cHMOBJBW3c/1
-----END CERTIFICATE-----