Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/hab_t8VHTz7rBNc7m8tftK59GiQ.roa
File:                     hab_t8VHTz7rBNc7m8tftK59GiQ.roa (raw, json)
Hash identifier:          SYXDaR2pjRiS/sNEX4kH1NuTapcgO34OEZvgSVnTYmI=
Subject key identifier:   85:A6:FF:B7:C5:47:4F:3E:EB:04:D7:3B:9B:CB:5F:B4:AE:7D:1A:24
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019D4153B57199F2E921E6BCEB27A3621DBD
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/hab_t8VHTz7rBNc7m8tftK59GiQ.roa
Signing time:             Tue 31 Mar 2026 00:38:17 +0000
ROA not before:           Tue 31 Mar 2026 00:38:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199683
IP address blocks:        2a06:9801:cb::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:41:53:b5:71:99:f2:e9:21:e6:bc:eb:27:a3:62:1d:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Mar 31 00:38:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=85a6ffb7c5474f3eeb04d73b9bcb5fb4ae7d1a24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:0d:92:0f:2d:2f:4d:d7:62:ae:d7:ef:77:54:
                    8d:ef:d0:0d:25:be:28:76:f0:b9:09:d6:fa:a4:3f:
                    38:6a:97:14:a1:00:ec:c7:ed:6c:b0:75:1b:cc:04:
                    55:39:76:7a:5c:15:4e:13:cd:99:28:35:cb:17:68:
                    32:55:da:0c:80:93:76:f4:92:4d:84:0e:c2:69:f6:
                    a7:44:ef:1c:da:ad:a0:71:05:01:c7:71:43:8f:96:
                    41:e4:81:a4:9b:f4:bc:78:8d:db:75:15:fe:af:56:
                    71:17:12:97:3c:dc:6e:dc:41:d9:12:39:74:90:96:
                    b6:8c:38:4f:b4:91:a9:9b:b5:fd:95:80:78:65:9d:
                    e6:a2:55:87:1e:35:a7:e0:5d:4b:dd:d5:dd:3a:15:
                    65:4d:6c:40:56:92:25:ff:f8:1d:cd:2a:8b:7a:69:
                    5c:1b:8b:a1:36:b4:68:15:c6:ac:ea:a2:28:5b:c0:
                    16:90:c9:88:ff:c7:be:39:18:84:35:5b:d0:e1:88:
                    c6:5d:b9:4b:e5:72:3d:5a:3a:db:94:22:cd:95:0a:
                    77:7e:db:e4:c2:ea:8a:74:49:25:92:30:61:55:ca:
                    c0:7f:86:7c:7a:eb:89:d9:1e:7e:3f:24:91:c7:cd:
                    b7:df:7c:b6:a2:2c:fc:5f:56:0c:ec:c9:25:78:47:
                    19:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:A6:FF:B7:C5:47:4F:3E:EB:04:D7:3B:9B:CB:5F:B4:AE:7D:1A:24
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/hab_t8VHTz7rBNc7m8tftK59GiQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:cb::/48

    Signature Algorithm: sha256WithRSAEncryption
         43:39:a4:42:9d:aa:67:65:8f:6f:d5:c0:b0:b2:c8:10:5c:cf:
         c1:4d:4d:41:7e:08:25:e7:df:76:a1:b4:cd:af:a7:ec:e8:01:
         02:0a:ff:e0:08:d8:c1:60:a6:54:82:19:a0:98:19:ea:1c:83:
         62:28:02:99:57:00:59:5e:fe:9a:85:28:86:cb:ce:b1:e1:0d:
         94:dc:6f:17:81:a8:da:d1:34:d7:68:4f:af:84:d8:13:e8:fb:
         fa:34:96:05:6a:8c:ff:84:e8:bb:2f:c3:d1:29:5f:a6:88:29:
         41:7d:b0:47:14:3d:05:76:02:39:d7:ea:e2:70:66:48:3c:07:
         f3:17:0c:18:bf:86:b7:84:b3:84:c5:7c:ff:7c:ef:3e:bb:50:
         e3:d1:99:fc:d1:3a:fa:cc:79:1e:0a:3b:f7:4b:cf:30:7e:32:
         5f:ad:c5:2c:64:06:16:2b:ab:a9:9d:0f:c9:be:5a:87:95:c2:
         9f:8a:d6:c4:a9:77:91:80:81:88:69:cd:0e:b8:3b:f3:53:bb:
         fb:6f:b4:3c:07:69:f4:f6:d3:c3:be:21:92:7d:fe:29:dc:b1:
         71:c5:e6:5d:93:3f:c4:cf:0c:9f:ab:13:a1:f7:1e:c6:22:b0:
         c6:21:61:45:dc:f4:f7:cc:3f:60:b0:b3:45:23:0e:a4:5c:b9:
         95:83:77:dc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ1BU7VxmfLpIea86yejYh29MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwMzMxMDAzODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NWE2ZmZiN2M1NDc0ZjNlZWIwNGQ3M2I5YmNiNWZiNGFlN2QxYTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQ2SDy0vTddirtfvd1SN79ANJb4o
dvC5Cdb6pD84apcUoQDsx+1ssHUbzARVOXZ6XBVOE82ZKDXLF2gyVdoMgJN29JJN
hA7CafanRO8c2q2gcQUBx3FDj5ZB5IGkm/S8eI3bdRX+r1ZxFxKXPNxu3EHZEjl0
kJa2jDhPtJGpm7X9lYB4ZZ3molWHHjWn4F1L3dXdOhVlTWxAVpIl//gdzSqLemlc
G4uhNrRoFcas6qIoW8AWkMmI/8e+ORiENVvQ4YjGXblL5XI9WjrblCLNlQp3ftvk
wuqKdEklkjBhVcrAf4Z8euuJ2R5+PySRx82333y2oiz8X1YM7MkleEcZxQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIWm/7fFR08+6wTXO5vLX7SufRokMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvaGFiX3Q4VkhUejdyQk5jN204dGZ0SzU5R2lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQDL
MA0GCSqGSIb3DQEBCwUAA4IBAQBDOaRCnapnZY9v1cCwssgQXM/BTU1Bfggl5992
obTNr6fs6AECCv/gCNjBYKZUghmgmBnqHINiKAKZVwBZXv6ahSiGy86x4Q2U3G8X
gaja0TTXaE+vhNgT6Pv6NJYFaoz/hOi7L8PRKV+miClBfbBHFD0FdgI51+ricGZI
PAfzFwwYv4a3hLOExXz/fO8+u1Dj0Zn80Tr6zHkeCjv3S88wfjJfrcUsZAYWK6up
nQ/JvlqHlcKfitbEqXeRgIGIac0OuDvzU7v7b7Q8B2n09tPDviGSff4p3LFxxeZd
kz/EzwyfqxOh9x7GIrDGIWFF3PT3zD9gsLNFIw6kXLmVg3fc
-----END CERTIFICATE-----