Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/nEoLcIBVzGSZRv54KzS61hB8Y24.roa
File:                     nEoLcIBVzGSZRv54KzS61hB8Y24.roa (raw, json)
Hash identifier:          ybQVgjsCdIKRcvsj486aHPf5/2fFnU+/g3D8s9lqSDc=
Subject key identifier:   9C:4A:0B:70:80:55:CC:64:99:46:FE:78:2B:34:BA:D6:10:7C:63:6E
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019ED11FB6B65EB4688E77F210440FB8DBB2
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/nEoLcIBVzGSZRv54KzS61hB8Y24.roa
Signing time:             Tue 16 Jun 2026 15:49:36 +0000
ROA not before:           Tue 16 Jun 2026 15:49:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219424
IP address blocks:        2a06:9801:795::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:d1:1f:b6:b6:5e:b4:68:8e:77:f2:10:44:0f:b8:db:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Jun 16 15:49:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9c4a0b708055cc649946fe782b34bad6107c636e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:bd:90:a4:de:b9:0c:91:f8:e0:39:07:83:f0:
                    f0:05:81:af:2a:b9:04:ef:9a:09:27:45:d8:4d:0a:
                    d2:b2:0a:b7:11:71:e2:2a:59:b0:19:ad:43:27:9a:
                    22:e9:19:09:2c:d0:33:b5:87:1c:7d:05:3f:bc:3a:
                    c2:c8:be:f7:ed:b1:94:72:0a:78:5c:2d:67:a8:3f:
                    48:3a:34:d4:c3:4d:9c:25:a1:c1:80:a8:61:f6:de:
                    71:ad:48:5e:3b:70:85:a3:6a:3e:f8:83:e8:d9:cf:
                    27:58:11:88:09:90:cd:d2:8e:44:f3:b8:95:de:af:
                    99:7c:da:15:96:74:e9:bb:e2:33:04:09:67:88:d4:
                    69:4f:85:43:65:5f:95:85:9a:14:6c:b7:96:b9:9a:
                    d2:60:57:9b:3b:2a:3d:f4:18:fc:48:0f:20:7d:b3:
                    2f:88:c6:48:b2:69:48:65:c0:d7:1d:be:e3:97:58:
                    13:3c:60:34:7d:78:44:18:f6:85:f3:46:f6:69:cb:
                    29:11:9a:97:71:b8:d5:77:8a:92:81:3e:a6:e2:2f:
                    5c:df:e4:07:29:50:57:46:ef:c6:e6:fa:99:92:22:
                    c5:24:7e:0b:0c:f6:34:9a:d8:b7:5e:df:96:3a:2b:
                    72:eb:37:81:75:b4:31:5b:b3:6b:cb:d7:43:5a:cf:
                    f2:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:4A:0B:70:80:55:CC:64:99:46:FE:78:2B:34:BA:D6:10:7C:63:6E
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/nEoLcIBVzGSZRv54KzS61hB8Y24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:795::/48

    Signature Algorithm: sha256WithRSAEncryption
         67:b9:57:4e:c0:11:dc:16:ef:23:93:32:b4:c0:c5:62:06:ba:
         ec:56:d6:ce:7a:c5:e1:9c:f8:53:de:37:59:5d:39:94:41:a3:
         b8:f5:4b:95:aa:41:61:bb:e4:35:68:e9:9e:e7:2d:78:b3:de:
         3f:8d:3a:11:40:36:ed:b6:ff:d5:10:95:c0:30:4e:a7:ad:6b:
         03:4f:e4:a2:14:d8:87:b7:b9:90:be:93:f3:dd:3e:fd:7e:33:
         22:6c:d7:b7:6d:a9:42:5a:e2:c9:ea:9b:13:96:57:a3:62:fb:
         14:64:70:16:dc:b2:20:68:fc:b7:34:2c:f5:d8:3f:ec:11:90:
         01:25:3b:d1:b3:eb:b0:f6:dd:26:fc:70:f1:c0:6d:6a:78:14:
         5c:c3:bb:1c:52:1b:d7:5d:74:37:80:08:d4:24:1d:fe:9b:00:
         4b:ce:0f:2b:37:41:81:02:11:63:a9:5a:9a:e1:16:b4:26:c2:
         bb:6c:19:83:8f:fc:2b:46:5a:05:35:4f:5d:38:07:ba:f2:56:
         6f:f2:3e:4f:da:38:b7:b4:ed:c2:ac:11:7c:30:10:4d:b4:8a:
         72:bf:26:c6:79:75:42:79:70:39:30:0a:59:12:1f:19:f8:9d:
         54:77:f1:7b:2a:33:2a:b8:e2:8f:08:e0:cb:d1:ef:6d:17:66:
         a7:42:66:04
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ7RH7a2XrRojnfyEEQPuNuyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNjE2MTU0OTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzRhMGI3MDgwNTVjYzY0OTk0NmZlNzgyYjM0YmFkNjEwN2M2MzZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzL2QpN65DJH44DkHg/DwBYGvKrkE
75oJJ0XYTQrSsgq3EXHiKlmwGa1DJ5oi6RkJLNAztYccfQU/vDrCyL737bGUcgp4
XC1nqD9IOjTUw02cJaHBgKhh9t5xrUheO3CFo2o++IPo2c8nWBGICZDN0o5E87iV
3q+ZfNoVlnTpu+IzBAlniNRpT4VDZV+VhZoUbLeWuZrSYFebOyo99Bj8SA8gfbMv
iMZIsmlIZcDXHb7jl1gTPGA0fXhEGPaF80b2acspEZqXcbjVd4qSgT6m4i9c3+QH
KVBXRu/G5vqZkiLFJH4LDPY0mti3Xt+WOity6zeBdbQxW7Nry9dDWs/ynwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJxKC3CAVcxkmUb+eCs0utYQfGNuMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvbkVvTGNJQlZ6R1NaUnY1NEt6UzYxaEI4WTI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQeV
MA0GCSqGSIb3DQEBCwUAA4IBAQBnuVdOwBHcFu8jkzK0wMViBrrsVtbOesXhnPhT
3jdZXTmUQaO49UuVqkFhu+Q1aOme5y14s94/jToRQDbttv/VEJXAME6nrWsDT+Si
FNiHt7mQvpPz3T79fjMibNe3balCWuLJ6psTllejYvsUZHAW3LIgaPy3NCz12D/s
EZABJTvRs+uw9t0m/HDxwG1qeBRcw7scUhvXXXQ3gAjUJB3+mwBLzg8rN0GBAhFj
qVqa4Ra0JsK7bBmDj/wrRloFNU9dOAe68lZv8j5P2ji3tO3CrBF8MBBNtIpyvybG
eXVCeXA5MApZEh8Z+J1Ud/F7KjMquOKPCODL0e9tF2anQmYE
-----END CERTIFICATE-----