Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/p-HbLKb4lgKqD17KINjpzSpNeKw.roa
File:                     p-HbLKb4lgKqD17KINjpzSpNeKw.roa (raw, json)
Hash identifier:          kwJVN+Ef6jZ2XVCmjJqCdayU4P+bEMlXYF0Y9S9hnWs=
Subject key identifier:   A7:E1:DB:2C:A6:F8:96:02:AA:0F:5E:CA:20:D8:E9:CD:2A:4D:78:AC
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019E4E80FEF76465C63C0C0086B121713036
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/p-HbLKb4lgKqD17KINjpzSpNeKw.roa
Signing time:             Fri 22 May 2026 07:05:37 +0000
ROA not before:           Fri 22 May 2026 07:05:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198186
IP address blocks:        2a06:9801:2bd::/48 maxlen: 48
                          2a06:9801:770::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4e:80:fe:f7:64:65:c6:3c:0c:00:86:b1:21:71:30:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: May 22 07:05:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a7e1db2ca6f89602aa0f5eca20d8e9cd2a4d78ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:19:63:42:5f:7c:4d:79:2e:ae:64:0c:cb:a5:
                    93:2f:90:7e:cf:d3:74:1e:11:d3:ff:04:0c:41:4e:
                    c6:57:6a:d4:fc:97:54:77:d6:75:d3:40:1f:a6:eb:
                    f0:0d:64:06:d8:24:c4:37:4c:ee:16:76:37:09:c2:
                    1d:31:ea:36:54:4b:8c:17:36:8c:76:c0:d4:c6:b9:
                    17:ac:9b:1b:5d:80:5e:2a:c8:97:7a:a8:33:a9:b0:
                    87:64:43:f4:26:e6:15:35:47:c6:0d:93:67:a0:68:
                    ae:ec:5a:d3:91:2b:ff:29:5e:80:80:f2:4d:be:0a:
                    67:30:60:0d:38:fb:9d:fe:b5:30:c6:c6:83:ad:9f:
                    2e:99:5a:e8:fa:19:1e:a9:f7:24:e5:00:07:0c:d0:
                    e4:8b:0d:b5:0f:e0:e9:9d:2c:8a:d7:b1:ca:29:15:
                    9d:f9:87:24:fc:8f:36:89:89:74:5f:43:00:a5:39:
                    43:94:8f:d4:c7:70:4c:7f:bd:a5:88:25:1d:e3:be:
                    08:0e:75:16:d1:d6:e3:02:86:1d:9c:bd:90:c5:8f:
                    fb:20:08:00:93:5b:e4:f2:59:f8:08:dc:83:ab:92:
                    3e:f5:c8:8f:14:d7:25:ce:f1:c9:dc:f4:b4:d6:85:
                    7d:21:34:a7:f3:cd:d5:85:92:d7:1d:a0:e0:9d:4c:
                    eb:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:E1:DB:2C:A6:F8:96:02:AA:0F:5E:CA:20:D8:E9:CD:2A:4D:78:AC
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/p-HbLKb4lgKqD17KINjpzSpNeKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:2bd::/48
                  2a06:9801:770::/44

    Signature Algorithm: sha256WithRSAEncryption
         56:6b:24:5a:ce:2b:9f:20:c7:90:72:8e:83:88:d3:23:61:16:
         e7:ca:3f:a6:de:68:3e:9a:8c:0c:0e:6d:3c:62:c4:cd:6b:90:
         22:b0:82:39:c5:a1:b7:85:3c:15:43:e7:16:5d:c6:74:28:6a:
         b0:fd:3d:d4:86:48:ce:1b:8c:90:44:6f:a8:f1:03:67:56:e8:
         ac:22:0a:c7:7b:46:87:6f:ee:d3:fc:2b:c7:f7:9d:f8:0d:99:
         86:5a:9a:6a:7a:ed:08:16:20:d7:32:d6:3e:67:9f:fa:a5:67:
         07:10:75:13:a6:d9:d7:bc:c8:43:c0:7f:59:c5:0e:11:40:a6:
         4e:9a:2c:04:b5:c2:17:40:c1:24:71:a0:77:45:7b:8b:db:94:
         d3:35:d4:de:cc:ab:c4:70:19:27:1d:a1:7a:57:ae:93:51:6e:
         d6:d6:9b:f3:65:fa:db:4c:f3:91:ed:14:61:b8:13:19:66:93:
         88:1c:a6:fe:4d:3d:94:5b:36:aa:86:04:6e:fc:d9:5c:9d:50:
         2b:2c:43:78:88:cc:3b:ad:45:e3:af:2c:13:84:12:f5:54:96:
         41:1f:9e:12:3d:a0:da:76:fc:85:6e:b0:f0:c1:df:4a:5c:dc:
         33:85:41:0b:77:5f:d0:b9:85:06:8a:66:04:01:80:31:1d:88:
         dc:83:87:fb
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ5OgP73ZGXGPAwAhrEhcTA2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNTIyMDcwNTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2UxZGIyY2E2Zjg5NjAyYWEwZjVlY2EyMGQ4ZTljZDJhNGQ3OGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0BljQl98TXkurmQMy6WTL5B+z9N0
HhHT/wQMQU7GV2rU/JdUd9Z100AfpuvwDWQG2CTEN0zuFnY3CcIdMeo2VEuMFzaM
dsDUxrkXrJsbXYBeKsiXeqgzqbCHZEP0JuYVNUfGDZNnoGiu7FrTkSv/KV6AgPJN
vgpnMGANOPud/rUwxsaDrZ8umVro+hkeqfck5QAHDNDkiw21D+DpnSyK17HKKRWd
+Yck/I82iYl0X0MApTlDlI/Ux3BMf72liCUd474IDnUW0dbjAoYdnL2QxY/7IAgA
k1vk8ln4CNyDq5I+9ciPFNclzvHJ3PS01oV9ITSn883VhZLXHaDgnUzrUQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKfh2yym+JYCqg9eyiDY6c0qTXisMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvcC1IYkxLYjRsZ0txRDE3S0lOanB6U3BOZUt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgaYAQK9
AwcEKgaYAQdwMA0GCSqGSIb3DQEBCwUAA4IBAQBWayRaziufIMeQco6DiNMjYRbn
yj+m3mg+mowMDm08YsTNa5AisII5xaG3hTwVQ+cWXcZ0KGqw/T3UhkjOG4yQRG+o
8QNnVuisIgrHe0aHb+7T/CvH9534DZmGWppqeu0IFiDXMtY+Z5/6pWcHEHUTptnX
vMhDwH9ZxQ4RQKZOmiwEtcIXQMEkcaB3RXuL25TTNdTezKvEcBknHaF6V66TUW7W
1pvzZfrbTPOR7RRhuBMZZpOIHKb+TT2UWzaqhgRu/NlcnVArLEN4iMw7rUXjrywT
hBL1VJZBH54SPaDadvyFbrDwwd9KXNwzhUELd1/QuYUGimYEAYAxHYjcg4f7
-----END CERTIFICATE-----