Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/e41999-c0c9-49db-bdfa-792f29eb13f8/1/D9_btYwl0fQhOMvvEzfg91IZ8P0.roa
File:                     D9_btYwl0fQhOMvvEzfg91IZ8P0.roa (raw, json)
Hash identifier:          WuI7JG/DTFeMuDLWYMfuwcvhxvoBD8M0//z426pEYRE=
Subject key identifier:   0F:DF:DB:B5:8C:25:D1:F4:21:38:CB:EF:13:37:E0:F7:52:19:F0:FD
Certificate issuer:       /CN=dbe47e559d2a82cf50b4151965e36937e3ff767a
Certificate serial:       019E7442F9E5477D6D26ED61292D4334E6E6
Authority key identifier: DB:E4:7E:55:9D:2A:82:CF:50:B4:15:19:65:E3:69:37:E3:FF:76:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2-R-VZ0qgs9QtBUZZeNpN-P_dno.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/e41999-c0c9-49db-bdfa-792f29eb13f8/1/D9_btYwl0fQhOMvvEzfg91IZ8P0.roa
Signing time:             Fri 29 May 2026 15:03:26 +0000
ROA not before:           Fri 29 May 2026 15:03:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20712
IP address blocks:        2a05:6346:200::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/e41999-c0c9-49db-bdfa-792f29eb13f8/1/2-R-VZ0qgs9QtBUZZeNpN-P_dno.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/e41999-c0c9-49db-bdfa-792f29eb13f8/1/2-R-VZ0qgs9QtBUZZeNpN-P_dno.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2-R-VZ0qgs9QtBUZZeNpN-P_dno.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:74:42:f9:e5:47:7d:6d:26:ed:61:29:2d:43:34:e6:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbe47e559d2a82cf50b4151965e36937e3ff767a
        Validity
            Not Before: May 29 15:03:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0fdfdbb58c25d1f42138cbef1337e0f75219f0fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:03:62:f6:6b:40:ab:d0:ae:ea:07:a0:f2:11:
                    d2:12:38:40:87:c4:0d:5d:80:70:54:c1:a7:93:32:
                    75:fc:03:9e:6d:7e:b3:23:23:9d:b2:ec:29:9f:38:
                    09:a5:d0:b9:35:34:47:2c:d1:4a:e2:23:1f:35:ac:
                    8b:cf:d9:49:c7:b9:4e:12:fa:73:6b:96:a9:80:57:
                    db:33:3b:ee:12:2f:59:30:c5:24:7d:fe:16:1c:99:
                    94:96:ab:08:7c:7e:cb:ad:59:cb:5c:a0:0d:2b:70:
                    05:c9:cf:11:ec:39:7e:7f:73:45:29:20:fb:55:c6:
                    4d:78:f9:6c:3a:52:92:0b:b6:df:48:b5:5b:32:66:
                    bc:64:92:db:0f:e6:6b:4c:0f:71:ac:4e:51:16:bc:
                    b4:10:ab:84:af:33:f5:43:97:b8:c4:3c:02:c9:b7:
                    a8:30:8d:84:f6:f8:6e:1a:55:b5:27:74:0b:5e:0e:
                    d3:3e:67:7f:6f:73:a8:56:f6:07:da:c5:86:11:7f:
                    94:12:2a:58:56:7d:83:01:31:1d:ad:ee:0f:85:6d:
                    00:08:47:44:f6:82:ed:29:b4:61:b7:57:c9:3a:76:
                    91:d4:65:04:2a:32:70:2e:ad:6c:bc:2c:09:0d:55:
                    a1:67:c2:8f:7e:2f:26:ef:96:0e:8f:16:64:1b:97:
                    52:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:DF:DB:B5:8C:25:D1:F4:21:38:CB:EF:13:37:E0:F7:52:19:F0:FD
            X509v3 Authority Key Identifier:
                keyid:DB:E4:7E:55:9D:2A:82:CF:50:B4:15:19:65:E3:69:37:E3:FF:76:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2-R-VZ0qgs9QtBUZZeNpN-P_dno.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/e41999-c0c9-49db-bdfa-792f29eb13f8/1/D9_btYwl0fQhOMvvEzfg91IZ8P0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/e41999-c0c9-49db-bdfa-792f29eb13f8/1/2-R-VZ0qgs9QtBUZZeNpN-P_dno.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:6346:200::/48

    Signature Algorithm: sha256WithRSAEncryption
         98:31:e0:54:16:ff:a1:71:ab:61:eb:24:ae:6e:f3:cf:43:ad:
         b3:18:62:64:38:d3:9d:24:96:68:29:f6:5a:e3:bf:ad:c0:7f:
         3a:4f:bc:d1:4c:d8:82:da:92:73:a0:93:a5:4a:72:61:6d:d0:
         4a:f5:82:33:10:f3:07:19:50:ca:d0:3f:d3:4b:04:5b:a5:21:
         37:e6:81:04:51:7d:a7:bb:67:97:d9:00:30:4b:20:a5:7f:38:
         08:7c:87:7d:d5:6e:08:46:2e:14:d3:52:f5:07:2a:a6:b4:20:
         5f:00:58:67:e7:55:d1:9e:53:96:24:85:eb:17:1c:ab:ee:d4:
         b1:dc:a6:2e:88:51:6c:2b:f4:74:45:37:4a:df:1e:cf:69:be:
         0e:2e:1c:21:23:9d:5d:55:b8:3c:d6:20:03:d6:5e:e6:60:8c:
         20:66:0d:ea:53:a3:2a:fa:29:0c:0a:5e:61:2a:63:ca:62:c2:
         7c:1a:08:ae:ee:68:0d:96:f2:60:42:6b:af:83:bf:46:bc:4b:
         91:3b:ad:6e:b7:0b:15:53:a5:7a:03:69:fd:52:10:5a:90:a5:
         1b:58:0c:9e:23:c8:a2:79:22:dd:ab:27:d9:b2:33:3b:fc:70:
         5d:4d:e4:f0:fe:06:8c:cc:ba:d9:b4:f1:4c:ff:f0:e9:7d:26:
         b2:e2:16:b2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ50QvnlR31tJu1hKS1DNObmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiZTQ3ZTU1OWQyYTgyY2Y1MGI0MTUxOTY1ZTM2OTM3ZTNm
Zjc2N2EwHhcNMjYwNTI5MTUwMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmRmZGJiNThjMjVkMWY0MjEzOGNiZWYxMzM3ZTBmNzUyMTlmMGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmwNi9mtAq9Cu6geg8hHSEjhAh8QN
XYBwVMGnkzJ1/AOebX6zIyOdsuwpnzgJpdC5NTRHLNFK4iMfNayLz9lJx7lOEvpz
a5apgFfbMzvuEi9ZMMUkff4WHJmUlqsIfH7LrVnLXKANK3AFyc8R7Dl+f3NFKSD7
VcZNePlsOlKSC7bfSLVbMma8ZJLbD+ZrTA9xrE5RFry0EKuErzP1Q5e4xDwCybeo
MI2E9vhuGlW1J3QLXg7TPmd/b3OoVvYH2sWGEX+UEipYVn2DATEdre4PhW0ACEdE
9oLtKbRht1fJOnaR1GUEKjJwLq1svCwJDVWhZ8KPfi8m75YOjxZkG5dSIQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA/f27WMJdH0ITjL7xM34PdSGfD9MB8GA1UdIwQY
MBaAFNvkflWdKoLPULQVGWXjaTfj/3Z6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMi1SLVZaMHFnczlRdEJVWlplTnBOLVBfZG5vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9lNDE5OTktYzBjOS00OWRiLWJkZmEt
NzkyZjI5ZWIxM2Y4LzEvRDlfYnRZd2wwZlFoT012dkV6Zmc5MUlaOFAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9lNDE5OTktYzBjOS00OWRiLWJkZmEtNzkyZjI5ZWIxM2Y4
LzEvMi1SLVZaMHFnczlRdEJVWlplTnBOLVBfZG5vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgVjRgIA
MA0GCSqGSIb3DQEBCwUAA4IBAQCYMeBUFv+hcath6ySubvPPQ62zGGJkONOdJJZo
KfZa47+twH86T7zRTNiC2pJzoJOlSnJhbdBK9YIzEPMHGVDK0D/TSwRbpSE35oEE
UX2nu2eX2QAwSyClfzgIfId91W4IRi4U01L1ByqmtCBfAFhn51XRnlOWJIXrFxyr
7tSx3KYuiFFsK/R0RTdK3x7Pab4OLhwhI51dVbg81iAD1l7mYIwgZg3qU6Mq+ikM
Cl5hKmPKYsJ8Ggiu7mgNlvJgQmuvg79GvEuRO61utwsVU6V6A2n9UhBakKUbWAye
I8iieSLdqyfZsjM7/HBdTeTw/gaMzLrZtPFM//DpfSay4hay
-----END CERTIFICATE-----