Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/226927-d656-4b91-a990-0ce0496a997b/1/WEfg623at549gjZw64RcO_APHMQ.roa
File:                     WEfg623at549gjZw64RcO_APHMQ.roa (raw, json)
Hash identifier:          FO7uHOTKAm/yntYjpVC9E+eNIvpI6nRmgjdhZ1LH7Ak=
Subject key identifier:   58:47:E0:EB:6D:DA:B7:9E:3D:82:36:70:EB:84:5C:3B:F0:0F:1C:C4
Certificate issuer:       /CN=3adbb475a4304c845343fd94fee9a6b88008e38b
Certificate serial:       019B77C67BA7189A33287443984127F333D6
Authority key identifier: 3A:DB:B4:75:A4:30:4C:84:53:43:FD:94:FE:E9:A6:B8:80:08:E3:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Otu0daQwTIRTQ_2U_ummuIAI44s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/226927-d656-4b91-a990-0ce0496a997b/1/WEfg623at549gjZw64RcO_APHMQ.roa
Signing time:             Thu 01 Jan 2026 04:17:34 +0000
ROA not before:           Thu 01 Jan 2026 04:17:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210833
IP address blocks:        2001:67c:828::/48 maxlen: 48
                          2a05:d4c0::/32 maxlen: 48
                          2a05:d4c0:ffff::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/226927-d656-4b91-a990-0ce0496a997b/1/Otu0daQwTIRTQ_2U_ummuIAI44s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/226927-d656-4b91-a990-0ce0496a997b/1/Otu0daQwTIRTQ_2U_ummuIAI44s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Otu0daQwTIRTQ_2U_ummuIAI44s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:77:c6:7b:a7:18:9a:33:28:74:43:98:41:27:f3:33:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3adbb475a4304c845343fd94fee9a6b88008e38b
        Validity
            Not Before: Jan  1 04:17:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5847e0eb6ddab79e3d823670eb845c3bf00f1cc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:df:4a:40:c5:a4:f1:c0:90:5c:ef:1f:cc:57:
                    77:2e:61:a7:58:d0:5a:3b:7a:15:b4:f6:bd:35:a5:
                    02:e1:ae:71:a9:f1:da:68:ab:f0:87:12:cf:18:bc:
                    2e:81:8b:a8:2c:55:88:56:b8:d6:26:54:86:65:d7:
                    df:0c:95:06:76:ef:4b:43:54:e7:31:63:ec:c8:18:
                    82:26:17:36:04:7c:6a:0a:e4:5b:1f:05:3a:cd:e9:
                    40:c9:05:a7:6b:06:c9:58:2e:ef:16:ef:57:5b:a5:
                    96:39:ea:90:a4:13:66:6e:e3:9f:b5:e0:d5:55:07:
                    c8:fe:55:29:a2:0e:2b:a2:1d:d5:d7:f5:40:dc:e6:
                    a7:28:48:bd:2d:42:b6:08:e3:b2:2b:f8:1f:89:3a:
                    f2:55:36:2e:e8:f0:3a:3c:8b:3b:c1:86:d9:26:f7:
                    51:7f:dc:0d:c7:88:94:a1:68:41:ea:4a:93:80:74:
                    43:e2:54:66:e3:c8:c4:96:26:b3:46:f0:5a:72:17:
                    8a:50:c5:eb:73:e2:0f:54:6a:e7:8c:99:32:5f:ae:
                    06:ba:f9:07:e1:d8:6a:d9:8e:fa:50:b4:78:e7:bc:
                    eb:5b:dc:8f:e9:62:3d:71:25:f0:4f:ae:19:43:1f:
                    e6:4f:44:5a:cb:63:76:db:8c:b1:6e:96:5b:b2:4b:
                    ac:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:47:E0:EB:6D:DA:B7:9E:3D:82:36:70:EB:84:5C:3B:F0:0F:1C:C4
            X509v3 Authority Key Identifier:
                keyid:3A:DB:B4:75:A4:30:4C:84:53:43:FD:94:FE:E9:A6:B8:80:08:E3:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Otu0daQwTIRTQ_2U_ummuIAI44s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/226927-d656-4b91-a990-0ce0496a997b/1/WEfg623at549gjZw64RcO_APHMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/226927-d656-4b91-a990-0ce0496a997b/1/Otu0daQwTIRTQ_2U_ummuIAI44s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:828::/48
                  2a05:d4c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         d9:56:89:0b:d8:58:0d:0a:5a:5c:78:37:33:47:07:bf:c1:b4:
         f4:99:73:f0:f4:75:97:59:82:44:55:36:cd:1c:28:a3:3b:ec:
         03:06:6e:41:3d:22:ad:48:21:67:de:6c:72:75:eb:f9:b3:1a:
         af:50:b0:42:98:10:85:dc:2a:b7:9d:4d:e5:d8:91:76:bd:dc:
         d8:8f:16:8d:89:fb:72:8e:04:4b:f8:ce:90:c8:11:e3:c7:17:
         9f:23:93:20:f5:58:4e:d2:2a:e4:64:25:a2:ca:7a:00:a5:8f:
         5e:df:75:cf:5b:ae:27:b6:5e:97:16:8e:70:40:4b:22:89:ed:
         e2:64:7e:c5:0d:c6:f5:93:d5:a3:ed:ad:a3:7e:9c:5f:8a:bc:
         e5:b0:54:11:55:fe:69:87:76:e0:14:a5:84:89:7f:25:d1:16:
         19:e3:17:9b:1c:c7:99:45:52:ff:7c:4e:33:c3:e5:e7:2c:d2:
         15:36:3f:c4:07:ff:d3:c1:b1:77:fb:20:a1:0d:c2:5e:12:14:
         9a:af:89:1f:2b:15:f8:da:0d:45:88:43:9b:b2:75:ef:4e:9f:
         97:50:a8:4d:68:cf:35:e9:17:b5:91:3e:49:22:45:c0:9b:a7:
         07:4e:df:d9:fe:00:e9:fd:c3:ab:a3:45:8e:ce:6f:74:86:39:
         6e:95:18:24
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZt3xnunGJozKHRDmEEn8zPWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZGJiNDc1YTQzMDRjODQ1MzQzZmQ5NGZlZTlhNmI4ODAw
OGUzOGIwHhcNMjYwMTAxMDQxNzM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODQ3ZTBlYjZkZGFiNzllM2Q4MjM2NzBlYjg0NWMzYmYwMGYxY2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAod9KQMWk8cCQXO8fzFd3LmGnWNBa
O3oVtPa9NaUC4a5xqfHaaKvwhxLPGLwugYuoLFWIVrjWJlSGZdffDJUGdu9LQ1Tn
MWPsyBiCJhc2BHxqCuRbHwU6zelAyQWnawbJWC7vFu9XW6WWOeqQpBNmbuOfteDV
VQfI/lUpog4roh3V1/VA3OanKEi9LUK2COOyK/gfiTryVTYu6PA6PIs7wYbZJvdR
f9wNx4iUoWhB6kqTgHRD4lRm48jEliazRvBacheKUMXrc+IPVGrnjJkyX64GuvkH
4dhq2Y76ULR457zrW9yP6WI9cSXwT64ZQx/mT0Ray2N224yxbpZbskuszwIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFFhH4Ott2reePYI2cOuEXDvwDxzEMB8GA1UdIwQY
MBaAFDrbtHWkMEyEU0P9lP7ppriACOOLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3R1MGRhUXdUSVJUUV8yVV91bW11SUFJNDRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yMjY5MjctZDY1Ni00YjkxLWE5OTAt
MGNlMDQ5NmE5OTdiLzEvV0VmZzYyM2F0NTQ5Z2padzY0UmNPX0FQSE1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yMjY5MjctZDY1Ni00YjkxLWE5OTAtMGNlMDQ5NmE5OTdi
LzEvT3R1MGRhUXdUSVJUUV8yVV91bW11SUFJNDRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwcAIAEGfAgo
AwUAKgXUwDANBgkqhkiG9w0BAQsFAAOCAQEA2VaJC9hYDQpaXHg3M0cHv8G09Jlz
8PR1l1mCRFU2zRwoozvsAwZuQT0irUghZ95scnXr+bMar1CwQpgQhdwqt51N5diR
dr3c2I8WjYn7co4ES/jOkMgR48cXnyOTIPVYTtIq5GQlosp6AKWPXt91z1uuJ7Ze
lxaOcEBLIont4mR+xQ3G9ZPVo+2to36cX4q85bBUEVX+aYd24BSlhIl/JdEWGeMX
mxzHmUVS/3xOM8Pl5yzSFTY/xAf/08Gxd/sgoQ3CXhIUmq+JHysV+NoNRYhDm7J1
706fl1CoTWjPNekXtZE+SSJFwJunB07f2f4A6f3Dq6NFjs5vdIY5bpUYJA==
-----END CERTIFICATE-----