Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/v55TfW-02d_GbzP4z8Z1608ucAE.roa
File:                     v55TfW-02d_GbzP4z8Z1608ucAE.roa (raw, json)
Hash identifier:          WpaxrhwO9iZUV0fUwOZBdeNDTXQY99gs4dKXGuKdwbM=
Subject key identifier:   BF:9E:53:7D:6F:B4:D9:DF:C6:6F:33:F8:CF:C6:75:EB:4F:2E:70:01
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019D4153B444B7ED3E18A3238D18431D39D3
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/v55TfW-02d_GbzP4z8Z1608ucAE.roa
Signing time:             Tue 31 Mar 2026 00:38:17 +0000
ROA not before:           Tue 31 Mar 2026 00:38:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199674
IP address blocks:        2a06:9801:228::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:41:53:b4:44:b7:ed:3e:18:a3:23:8d:18:43:1d:39:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Mar 31 00:38:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bf9e537d6fb4d9dfc66f33f8cfc675eb4f2e7001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:db:6e:40:31:d8:e8:9f:cc:06:ed:21:5c:7b:
                    a1:ec:b0:f4:a5:06:5d:e7:65:b8:53:d1:a9:7b:d1:
                    94:78:27:2f:8b:3d:9f:24:28:4b:39:b7:96:86:14:
                    83:cd:55:fd:14:58:23:54:d4:17:44:7e:67:65:46:
                    bc:88:18:95:d2:d4:72:23:50:5b:64:1b:c1:94:21:
                    c3:de:64:fa:23:60:1e:53:5e:43:eb:bf:fa:18:26:
                    1b:0b:d8:91:fc:6f:b2:7f:0f:8a:9e:92:17:93:c1:
                    24:a9:d1:2a:e1:1b:16:fb:ce:e5:a3:3e:74:97:da:
                    ab:b0:fa:8b:6a:cb:d6:c5:da:cb:1f:77:ad:83:27:
                    a0:b3:4f:40:02:92:17:4d:97:01:d6:15:20:82:9c:
                    3a:fa:16:5b:38:08:70:76:ed:8a:0b:7a:03:9e:c7:
                    b6:e8:00:22:3d:a7:b2:89:61:7c:9b:28:6b:d0:89:
                    4c:d3:be:7f:65:d8:92:0f:62:f7:96:3e:b4:72:1b:
                    d8:50:16:84:93:1d:dc:4d:d6:55:67:2e:68:50:36:
                    c5:dc:73:7c:a1:40:8a:e7:52:fa:b4:e2:10:e0:7e:
                    5c:30:56:0e:ea:9b:6e:61:68:2d:d5:0e:fa:7e:c8:
                    3f:39:9b:a9:f8:b7:fe:9f:e9:4b:02:9a:fb:bd:73:
                    32:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:9E:53:7D:6F:B4:D9:DF:C6:6F:33:F8:CF:C6:75:EB:4F:2E:70:01
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/v55TfW-02d_GbzP4z8Z1608ucAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:228::/48

    Signature Algorithm: sha256WithRSAEncryption
         78:a0:0e:a6:56:fd:bf:40:78:0a:93:63:bc:48:37:5b:5e:32:
         b3:67:84:29:e6:71:e2:64:35:bd:46:98:43:e5:5e:44:6b:f6:
         6d:ab:6a:50:ad:e7:74:01:29:8d:25:33:32:ea:dd:da:40:c6:
         94:ed:34:c0:21:98:e2:df:21:d9:45:84:ea:66:8a:ef:2e:a6:
         e1:9c:9b:a1:57:93:a9:be:3e:b6:81:f7:8c:86:3c:f4:dd:aa:
         da:d2:57:93:54:54:9a:50:c4:46:7d:41:ae:61:89:27:96:66:
         10:83:e5:dd:1e:ed:a5:70:0e:19:54:65:90:b3:54:86:36:a0:
         bb:79:78:31:75:b0:ba:e6:ff:9b:1d:9c:e7:bb:c8:da:b1:f8:
         5c:c9:d5:b6:f6:67:72:86:fb:d4:12:44:c2:31:1b:46:ba:02:
         5f:18:36:bc:26:56:1d:ee:af:a9:95:88:ab:9f:f3:60:e0:a3:
         8d:66:2a:f9:9c:96:91:b6:10:f7:2d:f5:a6:b7:6f:cb:5c:9e:
         72:96:61:0a:74:e0:b6:d9:64:7a:d5:27:89:9a:81:ec:91:f0:
         e6:35:b6:25:c8:92:ec:f5:6c:4f:55:ce:40:29:9d:ca:34:77:
         0e:f7:f6:af:39:54:99:d0:9d:85:56:ad:67:fa:98:35:ea:5b:
         48:20:b3:d4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ1BU7REt+0+GKMjjRhDHTnTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwMzMxMDAzODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjllNTM3ZDZmYjRkOWRmYzY2ZjMzZjhjZmM2NzVlYjRmMmU3MDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNtuQDHY6J/MBu0hXHuh7LD0pQZd
52W4U9Gpe9GUeCcviz2fJChLObeWhhSDzVX9FFgjVNQXRH5nZUa8iBiV0tRyI1Bb
ZBvBlCHD3mT6I2AeU15D67/6GCYbC9iR/G+yfw+KnpIXk8EkqdEq4RsW+87loz50
l9qrsPqLasvWxdrLH3etgyegs09AApIXTZcB1hUggpw6+hZbOAhwdu2KC3oDnse2
6AAiPaeyiWF8myhr0IlM075/ZdiSD2L3lj60chvYUBaEkx3cTdZVZy5oUDbF3HN8
oUCK51L6tOIQ4H5cMFYO6ptuYWgt1Q76fsg/OZup+Lf+n+lLApr7vXMyUQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFL+eU31vtNnfxm8z+M/GdetPLnABMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvdjU1VGZXLTAyZF9HYnpQNHo4WjE2MDh1Y0FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQIo
MA0GCSqGSIb3DQEBCwUAA4IBAQB4oA6mVv2/QHgKk2O8SDdbXjKzZ4Qp5nHiZDW9
RphD5V5Ea/Ztq2pQred0ASmNJTMy6t3aQMaU7TTAIZji3yHZRYTqZorvLqbhnJuh
V5Opvj62gfeMhjz03ara0leTVFSaUMRGfUGuYYknlmYQg+XdHu2lcA4ZVGWQs1SG
NqC7eXgxdbC65v+bHZznu8jasfhcydW29mdyhvvUEkTCMRtGugJfGDa8JlYd7q+p
lYirn/Ng4KONZir5nJaRthD3LfWmt2/LXJ5ylmEKdOC22WR61SeJmoHskfDmNbYl
yJLs9WxPVc5AKZ3KNHcO9/avOVSZ0J2FVq1n+pg16ltIILPU
-----END CERTIFICATE-----