Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/eCOutUmhvd2MrRWUwWCK4j8oPrc.roa
File:                     eCOutUmhvd2MrRWUwWCK4j8oPrc.roa (raw, json)
Hash identifier:          WO4lJbRJv+xuMeU33d1ZY7018hGZMmAbz6WfAaoJPOU=
Subject key identifier:   78:23:AE:B5:49:A1:BD:DD:8C:AD:15:94:C1:60:8A:E2:3F:28:3E:B7
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019E6BB5F5D439209D7570F5AA7134B55762
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/eCOutUmhvd2MrRWUwWCK4j8oPrc.roa
Signing time:             Wed 27 May 2026 23:12:27 +0000
ROA not before:           Wed 27 May 2026 23:12:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197237
IP address blocks:        2a06:9801:749::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:6b:b5:f5:d4:39:20:9d:75:70:f5:aa:71:34:b5:57:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: May 27 23:12:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7823aeb549a1bddd8cad1594c1608ae23f283eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:8b:27:9c:95:16:00:ed:ea:6e:71:86:85:69:
                    99:7a:dc:d4:32:d8:f0:60:ac:08:8b:b8:b3:e8:8e:
                    ce:02:da:93:93:14:e1:96:5b:04:2f:76:ef:f3:ad:
                    7d:29:52:d4:30:fb:2d:c8:4f:4b:a0:57:3f:8f:0b:
                    dd:03:98:e3:d3:cd:c7:55:f7:84:bf:c5:d3:ba:31:
                    88:f0:d5:41:b0:e3:79:87:5e:02:ea:22:73:84:76:
                    1c:40:2a:e4:12:61:4f:da:7a:73:e0:ac:a9:3c:3b:
                    ac:f0:ad:ad:ca:be:22:9e:37:56:09:cd:35:46:c3:
                    a6:c0:60:9a:c8:37:dc:24:ab:51:7c:15:02:0b:4a:
                    b4:fe:26:a6:50:65:55:5c:41:b5:21:6b:6a:bc:d4:
                    d3:7d:94:1b:40:28:f0:e1:f9:38:d9:5e:17:62:0f:
                    81:b1:f1:84:62:15:74:5e:d8:e8:7b:9a:b3:05:8a:
                    3b:7a:a5:9f:70:d3:81:89:c7:39:ef:bb:fe:cf:39:
                    d9:88:f8:8d:01:f7:e8:37:e4:17:a2:a4:bf:30:a4:
                    f6:80:ae:2b:59:a1:00:e3:55:8b:4e:66:74:d2:f2:
                    27:0c:34:5f:cb:0e:76:dc:0a:78:78:b0:cb:ef:7e:
                    4b:e7:a1:94:ad:74:69:a6:0e:5d:aa:ad:81:b0:c4:
                    aa:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:23:AE:B5:49:A1:BD:DD:8C:AD:15:94:C1:60:8A:E2:3F:28:3E:B7
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/eCOutUmhvd2MrRWUwWCK4j8oPrc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:749::/48

    Signature Algorithm: sha256WithRSAEncryption
         73:ec:a8:21:71:91:91:da:51:8e:78:14:16:5c:e7:3f:f7:12:
         6d:91:5f:9a:07:3e:a6:ae:72:61:f5:7a:0d:9b:55:96:0a:d3:
         d5:91:6e:6a:a6:0f:de:de:4b:a9:aa:39:49:5b:d0:2c:4a:a6:
         6f:3e:06:02:c0:26:49:d0:d5:cf:a2:99:86:d0:df:b2:fc:2e:
         dd:f2:73:6d:26:15:bf:2c:f1:e2:22:c3:54:a9:c4:f6:5c:27:
         72:1c:ae:4a:65:62:37:bc:85:20:4c:1d:f6:4f:a1:e9:61:91:
         fd:5c:41:6b:59:25:ce:a0:74:d8:1a:a1:0d:f4:e9:d2:33:94:
         ca:84:e3:75:35:c6:71:bb:16:ce:72:51:ee:92:81:25:a1:4f:
         61:e8:6b:08:f3:ca:72:11:2a:e8:38:87:7e:79:be:0c:92:88:
         fb:3f:10:59:65:67:bb:62:df:68:2d:09:bc:74:a8:3a:70:8c:
         0f:f0:33:47:e5:3a:63:fd:04:30:58:38:3e:13:5a:c1:5c:27:
         81:83:d1:3c:36:24:1f:f5:01:e5:76:62:44:1d:c9:e0:e8:8b:
         7b:66:f4:e9:0f:d9:4b:0f:6e:90:e2:4d:e6:ba:2c:53:fc:33:
         85:38:35:3d:c5:c9:23:b1:ee:c9:91:33:2d:e2:42:56:4a:07:
         f0:5a:45:26
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ5rtfXUOSCddXD1qnE0tVdiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNTI3MjMxMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODIzYWViNTQ5YTFiZGRkOGNhZDE1OTRjMTYwOGFlMjNmMjgzZWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu4snnJUWAO3qbnGGhWmZetzUMtjw
YKwIi7iz6I7OAtqTkxThllsEL3bv8619KVLUMPstyE9LoFc/jwvdA5jj083HVfeE
v8XTujGI8NVBsON5h14C6iJzhHYcQCrkEmFP2npz4KypPDus8K2tyr4injdWCc01
RsOmwGCayDfcJKtRfBUCC0q0/iamUGVVXEG1IWtqvNTTfZQbQCjw4fk42V4XYg+B
sfGEYhV0Xtjoe5qzBYo7eqWfcNOBicc577v+zznZiPiNAffoN+QXoqS/MKT2gK4r
WaEA41WLTmZ00vInDDRfyw523Ap4eLDL735L56GUrXRppg5dqq2BsMSqIQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHgjrrVJob3djK0VlMFgiuI/KD63MB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvZUNPdXRVbWh2ZDJNclJXVXdXQ0s0ajhvUHJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQdJ
MA0GCSqGSIb3DQEBCwUAA4IBAQBz7KghcZGR2lGOeBQWXOc/9xJtkV+aBz6mrnJh
9XoNm1WWCtPVkW5qpg/e3kupqjlJW9AsSqZvPgYCwCZJ0NXPopmG0N+y/C7d8nNt
JhW/LPHiIsNUqcT2XCdyHK5KZWI3vIUgTB32T6HpYZH9XEFrWSXOoHTYGqEN9OnS
M5TKhON1NcZxuxbOclHukoEloU9h6GsI88pyESroOId+eb4Mkoj7PxBZZWe7Yt9o
LQm8dKg6cIwP8DNH5Tpj/QQwWDg+E1rBXCeBg9E8NiQf9QHldmJEHcng6It7ZvTp
D9lLD26Q4k3muixT/DOFODU9xckjse7JkTMt4kJWSgfwWkUm
-----END CERTIFICATE-----