Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/fCllrt6R-TfQAvnRVnMHTfDvX5g.roa
File:                     fCllrt6R-TfQAvnRVnMHTfDvX5g.roa (raw, json)
Hash identifier:          +cSYt8XYVvisFeo8+7D/hiNOAUZz6HNt/3eNOoScxbg=
Subject key identifier:   7C:29:65:AE:DE:91:F9:37:D0:02:F9:D1:56:73:07:4D:F0:EF:5F:98
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019EC7B02BCEA83832A518E3CA603DD6467A
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/fCllrt6R-TfQAvnRVnMHTfDvX5g.roa
Signing time:             Sun 14 Jun 2026 19:51:11 +0000
ROA not before:           Sun 14 Jun 2026 19:51:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219479
IP address blocks:        2a06:9801:798::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:c7:b0:2b:ce:a8:38:32:a5:18:e3:ca:60:3d:d6:46:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Jun 14 19:51:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7c2965aede91f937d002f9d15673074df0ef5f98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:8a:81:d3:59:5b:6e:40:af:26:48:1a:c0:3f:
                    3f:fc:8b:93:28:4b:44:73:af:6f:8a:1e:77:9c:d9:
                    4a:8b:d4:0d:bb:52:fe:54:49:3d:bf:9a:c9:70:39:
                    b6:d7:e5:ca:2d:ac:82:cf:df:3d:2f:6b:e4:fa:f4:
                    22:6f:c9:60:91:17:1d:d2:44:8d:d1:fc:65:98:52:
                    b9:68:94:80:ec:42:be:65:9e:b0:0c:91:06:fe:5d:
                    cd:ae:3d:4a:df:24:35:fa:8d:ec:78:09:13:c2:37:
                    77:e0:37:4b:e7:73:6d:a3:82:0f:a6:a3:26:b1:88:
                    56:d9:f3:e6:43:6d:88:6c:9a:56:95:f2:95:7d:ed:
                    da:44:e3:72:24:9e:23:df:6b:6c:57:c2:e9:ec:6d:
                    10:1a:07:3e:3d:06:84:ec:37:9b:0d:ef:d0:e2:d8:
                    cb:61:ab:53:e3:15:6c:ff:d4:59:96:3e:f3:c1:26:
                    8e:76:80:47:69:f2:e7:ec:d1:e2:26:3d:30:95:73:
                    63:1e:ea:12:16:8c:da:27:a9:17:4b:d5:2b:87:e0:
                    9b:ad:3a:32:07:6b:37:cf:6e:ef:96:52:b4:33:dc:
                    59:33:3d:26:29:06:24:b1:94:53:63:e1:c2:8e:ef:
                    51:9c:40:e0:eb:6c:da:98:38:27:48:b3:a3:54:a7:
                    20:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:29:65:AE:DE:91:F9:37:D0:02:F9:D1:56:73:07:4D:F0:EF:5F:98
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/fCllrt6R-TfQAvnRVnMHTfDvX5g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:798::/48

    Signature Algorithm: sha256WithRSAEncryption
         41:8c:fb:fc:ee:d1:23:66:18:58:61:db:72:26:40:3e:84:e4:
         df:3a:ac:6b:48:8c:24:42:1e:ef:0a:a4:b6:b0:7f:36:b9:2d:
         af:ad:82:78:72:aa:45:20:c8:34:91:9f:89:31:1c:5d:9a:fe:
         cb:d7:ca:2d:45:0d:9f:ae:09:2b:ab:26:01:c3:f6:05:57:83:
         93:15:68:29:42:43:b5:1e:30:42:2a:21:19:85:50:69:51:c7:
         6b:bd:cb:1a:d8:66:89:fc:be:0d:bd:21:3b:8e:3b:1a:3f:c0:
         a4:76:93:d7:61:f3:1b:c7:5d:83:8b:b7:b2:83:89:32:05:08:
         45:4f:db:60:01:dd:7e:cc:70:33:e2:de:38:d3:a0:ac:dc:3e:
         77:d9:64:9a:5d:48:53:bd:d0:d6:ca:a1:bf:34:5b:a9:d5:80:
         44:86:fa:85:ad:32:7c:1a:13:46:3b:82:0a:f4:3f:18:48:c4:
         f1:ba:f8:46:3f:e2:8f:63:05:40:22:c6:94:ae:cb:8a:15:2f:
         07:70:b1:b6:b4:f1:e0:f1:8f:4b:75:7e:26:5d:b7:e7:94:3f:
         fb:7e:35:f6:3a:62:1c:0b:7b:ca:0b:1b:6d:1b:de:43:96:b9:
         3e:3b:74:5a:f2:cc:6f:2a:52:45:1a:8e:d7:ed:78:56:4b:fa:
         46:50:35:86
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ7HsCvOqDgypRjjymA91kZ6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNjE0MTk1MTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzI5NjVhZWRlOTFmOTM3ZDAwMmY5ZDE1NjczMDc0ZGYwZWY1Zjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4qB01lbbkCvJkgawD8//IuTKEtE
c69vih53nNlKi9QNu1L+VEk9v5rJcDm21+XKLayCz989L2vk+vQib8lgkRcd0kSN
0fxlmFK5aJSA7EK+ZZ6wDJEG/l3Nrj1K3yQ1+o3seAkTwjd34DdL53Nto4IPpqMm
sYhW2fPmQ22IbJpWlfKVfe3aRONyJJ4j32tsV8Lp7G0QGgc+PQaE7DebDe/Q4tjL
YatT4xVs/9RZlj7zwSaOdoBHafLn7NHiJj0wlXNjHuoSFozaJ6kXS9Urh+CbrToy
B2s3z27vllK0M9xZMz0mKQYksZRTY+HCju9RnEDg62zamDgnSLOjVKcgTwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHwpZa7ekfk30AL50VZzB03w71+YMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvZkNsbHJ0NlItVGZRQXZuUlZuTUhUZkR2WDVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQeY
MA0GCSqGSIb3DQEBCwUAA4IBAQBBjPv87tEjZhhYYdtyJkA+hOTfOqxrSIwkQh7v
CqS2sH82uS2vrYJ4cqpFIMg0kZ+JMRxdmv7L18otRQ2frgkrqyYBw/YFV4OTFWgp
QkO1HjBCKiEZhVBpUcdrvcsa2GaJ/L4NvSE7jjsaP8CkdpPXYfMbx12Di7eyg4ky
BQhFT9tgAd1+zHAz4t4406Cs3D532WSaXUhTvdDWyqG/NFup1YBEhvqFrTJ8GhNG
O4IK9D8YSMTxuvhGP+KPYwVAIsaUrsuKFS8HcLG2tPHg8Y9LdX4mXbfnlD/7fjX2
OmIcC3vKCxttG95Dlrk+O3Ra8sxvKlJFGo7X7XhWS/pGUDWG
-----END CERTIFICATE-----