Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/4f8124-4142-4dd5-8c62-07c8b5a985ba/1/YIz6jgPy4T57-v5Y0lRVw2yHO-g.roa
File:                     YIz6jgPy4T57-v5Y0lRVw2yHO-g.roa (raw, json)
Hash identifier:          y3YrgdUaOAbn2OQqch9+TXJZirScPNyDivnJKIFz94k=
Subject key identifier:   60:8C:FA:8E:03:F2:E1:3E:7B:FA:FE:58:D2:54:55:C3:6C:87:3B:E8
Certificate issuer:       /CN=f4e36bd4bf3825740c905a67cdc16b301872aa71
Certificate serial:       019EB2C7131DFDD55F58EE3C88FB696A439A
Authority key identifier: F4:E3:6B:D4:BF:38:25:74:0C:90:5A:67:CD:C1:6B:30:18:72:AA:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9ONr1L84JXQMkFpnzcFrMBhyqnE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/4f8124-4142-4dd5-8c62-07c8b5a985ba/1/YIz6jgPy4T57-v5Y0lRVw2yHO-g.roa
Signing time:             Wed 10 Jun 2026 18:24:11 +0000
ROA not before:           Wed 10 Jun 2026 18:24:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219505
IP address blocks:        2a0b:2a06::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/4f8124-4142-4dd5-8c62-07c8b5a985ba/1/9ONr1L84JXQMkFpnzcFrMBhyqnE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/4f8124-4142-4dd5-8c62-07c8b5a985ba/1/9ONr1L84JXQMkFpnzcFrMBhyqnE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9ONr1L84JXQMkFpnzcFrMBhyqnE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 00:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b2:c7:13:1d:fd:d5:5f:58:ee:3c:88:fb:69:6a:43:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4e36bd4bf3825740c905a67cdc16b301872aa71
        Validity
            Not Before: Jun 10 18:24:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=608cfa8e03f2e13e7bfafe58d25455c36c873be8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:0e:96:50:26:32:4d:b1:23:54:cf:bb:c7:f9:
                    c0:a9:48:ad:dd:9a:eb:ec:c3:71:b7:22:3a:38:07:
                    d3:79:7a:4c:7c:a4:4d:e2:4f:68:29:eb:08:6b:97:
                    ac:48:b2:da:27:c0:9a:4a:2d:94:7f:55:4c:10:4f:
                    33:ff:2d:f2:43:f0:bc:10:cf:78:1c:2b:29:4b:74:
                    1c:a1:de:73:57:58:48:d0:f6:bc:12:2c:d1:15:63:
                    86:33:e1:b6:07:b8:cd:d1:8b:6b:ae:af:78:34:da:
                    fa:1e:9c:a6:55:fa:e2:0e:78:aa:b8:7e:3f:82:83:
                    39:a3:46:24:06:49:f3:75:57:64:e0:9f:2f:93:6b:
                    1a:e6:24:97:b2:fa:4d:61:e0:fa:2c:59:ee:87:68:
                    b5:bb:9b:bf:2c:ce:ad:1e:19:8f:2a:85:35:a3:d2:
                    97:c1:eb:73:ca:aa:9a:3b:5e:ff:45:26:99:9b:58:
                    84:0d:9b:fe:32:25:26:ae:d3:70:8a:09:e6:49:12:
                    17:37:8b:4c:55:69:93:82:6b:93:1a:fa:be:79:19:
                    e4:57:4b:3c:a1:65:38:36:73:93:c4:fa:2a:61:ab:
                    de:a1:72:f6:be:4c:05:b5:3a:39:27:af:44:94:24:
                    95:88:56:8e:e9:49:12:05:dc:2b:40:03:eb:28:93:
                    17:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:8C:FA:8E:03:F2:E1:3E:7B:FA:FE:58:D2:54:55:C3:6C:87:3B:E8
            X509v3 Authority Key Identifier:
                keyid:F4:E3:6B:D4:BF:38:25:74:0C:90:5A:67:CD:C1:6B:30:18:72:AA:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9ONr1L84JXQMkFpnzcFrMBhyqnE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/4f8124-4142-4dd5-8c62-07c8b5a985ba/1/YIz6jgPy4T57-v5Y0lRVw2yHO-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/4f8124-4142-4dd5-8c62-07c8b5a985ba/1/9ONr1L84JXQMkFpnzcFrMBhyqnE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2a06::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:cf:9e:42:2a:71:7f:a0:ac:09:68:ce:35:97:fb:27:9b:44:
         0c:fe:27:d7:c0:e4:95:46:0a:a7:ed:87:65:06:a1:8f:51:02:
         36:df:be:86:f8:e3:b9:8a:6c:69:ea:26:04:fb:15:29:49:10:
         25:fc:f4:f0:5a:52:fa:c6:db:8b:2a:46:09:f0:ab:87:10:07:
         7e:6c:c8:15:25:b1:d3:e4:59:3b:83:bf:ef:cc:04:68:b9:eb:
         4b:43:9a:fd:a7:12:3f:09:c1:49:29:47:f5:9b:98:e1:90:3b:
         94:1c:37:46:26:ff:cf:bf:fe:36:b7:31:8e:2c:e8:0b:58:e3:
         73:e0:eb:93:95:58:20:37:f1:c1:4c:06:e3:dd:ac:cb:1b:16:
         28:d7:d0:bc:7a:70:e5:bc:58:3c:be:ca:a6:14:e1:d0:e1:dd:
         dd:0e:9b:44:a8:db:8d:dd:8b:cd:f5:f5:8c:74:fa:7b:cf:1d:
         e8:c3:b7:19:73:1c:4e:75:32:7e:52:8d:19:23:09:fb:bf:68:
         4b:eb:27:e4:c6:3a:7b:f3:2e:2c:d4:42:ea:57:55:69:60:ac:
         d9:e0:a6:0d:7e:3a:d0:1a:41:12:87:5f:a1:0c:85:17:1c:33:
         6a:1f:89:a2:86:b6:14:58:fa:9a:cc:8b:45:f2:e9:a0:84:b2:
         ef:e6:d1:d5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ6yxxMd/dVfWO48iPtpakOaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZTM2YmQ0YmYzODI1NzQwYzkwNWE2N2NkYzE2YjMwMTg3
MmFhNzEwHhcNMjYwNjEwMTgyNDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDhjZmE4ZTAzZjJlMTNlN2JmYWZlNThkMjU0NTVjMzZjODczYmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApg6WUCYyTbEjVM+7x/nAqUit3Zrr
7MNxtyI6OAfTeXpMfKRN4k9oKesIa5esSLLaJ8CaSi2Uf1VMEE8z/y3yQ/C8EM94
HCspS3Qcod5zV1hI0Pa8EizRFWOGM+G2B7jN0Ytrrq94NNr6HpymVfriDniquH4/
goM5o0YkBknzdVdk4J8vk2sa5iSXsvpNYeD6LFnuh2i1u5u/LM6tHhmPKoU1o9KX
wetzyqqaO17/RSaZm1iEDZv+MiUmrtNwignmSRIXN4tMVWmTgmuTGvq+eRnkV0s8
oWU4NnOTxPoqYaveoXL2vkwFtTo5J69ElCSViFaO6UkSBdwrQAPrKJMXvQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGCM+o4D8uE+e/r+WNJUVcNshzvoMB8GA1UdIwQY
MBaAFPTja9S/OCV0DJBaZ83BazAYcqpxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU9OcjFMODRKWFFNa0ZwbnpjRnJNQmh5cW5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS80ZjgxMjQtNDE0Mi00ZGQ1LThjNjIt
MDdjOGI1YTk4NWJhLzEvWUl6NmpnUHk0VDU3LXY1WTBsUlZ3MnlITy1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS80ZjgxMjQtNDE0Mi00ZGQ1LThjNjItMDdjOGI1YTk4NWJh
LzEvOU9OcjFMODRKWFFNa0ZwbnpjRnJNQmh5cW5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgsqBgAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAKz55CKnF/oKwJaM41l/snm0QM/ifXwOSVRgqn
7YdlBqGPUQI2376G+OO5imxp6iYE+xUpSRAl/PTwWlL6xtuLKkYJ8KuHEAd+bMgV
JbHT5Fk7g7/vzARouetLQ5r9pxI/CcFJKUf1m5jhkDuUHDdGJv/Pv/42tzGOLOgL
WONz4OuTlVggN/HBTAbj3azLGxYo19C8enDlvFg8vsqmFOHQ4d3dDptEqNuN3YvN
9fWMdPp7zx3ow7cZcxxOdTJ+Uo0ZIwn7v2hL6yfkxjp78y4s1ELqV1VpYKzZ4KYN
fjrQGkESh1+hDIUXHDNqH4mihrYUWPqazItF8umghLLv5tHV
-----END CERTIFICATE-----