Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/rUcdE7ycT0ggZPcgXNMds0M0k48.roa
File:                     rUcdE7ycT0ggZPcgXNMds0M0k48.roa (raw, json)
Hash identifier:          TrTrnMs01h9IETrwULfMEymyVKTmJp9jR7AJbl0IK7I=
Subject key identifier:   AD:47:1D:13:BC:9C:4F:48:20:64:F7:20:5C:D3:1D:B3:43:34:93:8F
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019EAE64A56E8DC1F83B06B173915DF1214C
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/rUcdE7ycT0ggZPcgXNMds0M0k48.roa
Signing time:             Tue 09 Jun 2026 21:58:11 +0000
ROA not before:           Tue 09 Jun 2026 21:58:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219481
IP address blocks:        2a06:9801:79c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ae:64:a5:6e:8d:c1:f8:3b:06:b1:73:91:5d:f1:21:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Jun  9 21:58:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ad471d13bc9c4f482064f7205cd31db34334938f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d9:53:b1:3f:e2:a0:66:46:79:be:27:e6:37:
                    41:60:30:ec:c6:60:72:ae:a3:73:0b:a2:81:4d:e7:
                    ba:a0:f5:56:19:bf:f4:4c:fb:16:4e:6b:85:8a:53:
                    6b:a1:2f:56:00:96:8b:0b:1a:d4:83:e2:26:8f:27:
                    7a:d2:f9:3e:28:d0:0c:e0:8e:77:09:17:2a:7a:1c:
                    a1:d9:0f:77:10:21:51:e2:9c:f9:e7:eb:cd:e0:c8:
                    64:f8:8a:7d:75:3f:94:29:4e:a3:dc:91:81:a2:f7:
                    07:e1:bc:97:f9:c3:c5:8b:ba:44:78:9b:dc:d6:a5:
                    14:42:b1:8e:54:b4:61:f7:5e:f0:59:1a:bd:3e:c8:
                    29:7b:6d:ad:06:b9:a4:86:67:23:d1:30:3c:fb:78:
                    47:41:d3:e0:c1:81:83:99:88:89:80:bd:f5:55:c2:
                    87:b2:a4:54:43:a8:6e:c4:99:49:6a:21:94:20:c9:
                    d8:f6:9f:9d:e9:46:8b:37:ee:aa:a4:e0:ea:c1:ce:
                    48:8d:8c:e0:b6:0c:7e:b5:73:3d:82:ac:73:72:a7:
                    47:f3:ff:fa:50:af:5a:65:3b:58:ed:be:21:40:54:
                    73:43:f8:fe:33:4a:cf:5a:fb:d9:fe:64:34:c4:ce:
                    f7:a6:2e:47:9f:29:1e:bd:86:6f:9c:8e:64:b2:f0:
                    ed:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:47:1D:13:BC:9C:4F:48:20:64:F7:20:5C:D3:1D:B3:43:34:93:8F
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/rUcdE7ycT0ggZPcgXNMds0M0k48.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:79c::/48

    Signature Algorithm: sha256WithRSAEncryption
         25:f4:a8:a7:ea:71:71:ed:7e:fe:1d:cc:93:54:cf:31:8a:7c:
         52:52:d6:1e:01:68:7a:7a:53:de:23:64:8b:cc:a5:6a:35:68:
         7f:b7:ba:34:1d:f8:8c:79:a4:26:b1:84:ef:2d:36:16:61:35:
         8b:e8:94:89:cf:3b:ba:f7:de:cf:26:5e:a2:19:54:a4:a0:6f:
         b5:4a:a8:3c:ac:1b:a7:8c:e2:44:50:fd:81:93:c7:cf:c5:e8:
         c7:3e:f4:28:3a:13:7f:5a:ac:a5:c7:e8:53:72:20:ae:16:eb:
         0f:5d:cf:d8:74:77:37:19:5a:c7:0e:e0:c9:06:40:79:5c:7f:
         25:e0:88:08:82:e2:6f:66:9c:e2:66:f1:91:25:54:ee:34:07:
         fe:4c:be:3b:58:05:6a:b8:ce:9f:f8:e3:dd:a2:91:8a:70:e9:
         da:e5:13:7e:c4:8e:1c:c0:c3:8b:0c:1b:95:28:96:39:cc:a5:
         c8:82:a9:b0:75:45:8d:f6:ba:8f:cf:2c:90:65:f1:13:83:da:
         76:83:06:56:76:78:7b:33:87:03:e2:50:36:c4:0c:42:f7:40:
         8f:35:7a:1e:3e:8e:3f:2b:25:8f:fc:e9:10:ce:77:9b:61:8f:
         f6:e2:0a:fd:cc:c4:1b:bc:05:6c:bb:c2:de:45:87:06:fb:47:
         20:87:48:6c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ6uZKVujcH4Owaxc5Fd8SFMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNjA5MjE1ODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDQ3MWQxM2JjOWM0ZjQ4MjA2NGY3MjA1Y2QzMWRiMzQzMzQ5MzhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9lTsT/ioGZGeb4n5jdBYDDsxmBy
rqNzC6KBTee6oPVWGb/0TPsWTmuFilNroS9WAJaLCxrUg+Imjyd60vk+KNAM4I53
CRcqehyh2Q93ECFR4pz55+vN4Mhk+Ip9dT+UKU6j3JGBovcH4byX+cPFi7pEeJvc
1qUUQrGOVLRh917wWRq9Psgpe22tBrmkhmcj0TA8+3hHQdPgwYGDmYiJgL31VcKH
sqRUQ6huxJlJaiGUIMnY9p+d6UaLN+6qpODqwc5IjYzgtgx+tXM9gqxzcqdH8//6
UK9aZTtY7b4hQFRzQ/j+M0rPWvvZ/mQ0xM73pi5HnykevYZvnI5ksvDtCQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK1HHRO8nE9IIGT3IFzTHbNDNJOPMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvclVjZEU3eWNUMGdnWlBjZ1hOTWRzME0wazQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQec
MA0GCSqGSIb3DQEBCwUAA4IBAQAl9Kin6nFx7X7+HcyTVM8xinxSUtYeAWh6elPe
I2SLzKVqNWh/t7o0HfiMeaQmsYTvLTYWYTWL6JSJzzu6997PJl6iGVSkoG+1Sqg8
rBunjOJEUP2Bk8fPxejHPvQoOhN/Wqylx+hTciCuFusPXc/YdHc3GVrHDuDJBkB5
XH8l4IgIguJvZpziZvGRJVTuNAf+TL47WAVquM6f+OPdopGKcOna5RN+xI4cwMOL
DBuVKJY5zKXIgqmwdUWN9rqPzyyQZfETg9p2gwZWdnh7M4cD4lA2xAxC90CPNXoe
Po4/KyWP/OkQznebYY/24gr9zMQbvAVsu8LeRYcG+0cgh0hs
-----END CERTIFICATE-----