Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/a5d286-8670-47e4-97b4-24cf8a61d7e8/1/ywEDyg5noLnl2Id8tl5e5-qEn_I.roa
File:                     ywEDyg5noLnl2Id8tl5e5-qEn_I.roa (raw, json)
Hash identifier:          Yq3ktSde9JnuVJQbO5PThHmWVkDdLslJYCz3Lb5y84c=
Subject key identifier:   CB:01:03:CA:0E:67:A0:B9:E5:D8:87:7C:B6:5E:5E:E7:EA:84:9F:F2
Certificate issuer:       /CN=8a28ff310da7df8309cfab4dcf9a235842b60872
Certificate serial:       019B7F147462D888E6859722FECE73AAA94C
Authority key identifier: 8A:28:FF:31:0D:A7:DF:83:09:CF:AB:4D:CF:9A:23:58:42:B6:08:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iij_MQ2n34MJz6tNz5ojWEK2CHI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/a5d286-8670-47e4-97b4-24cf8a61d7e8/1/ywEDyg5noLnl2Id8tl5e5-qEn_I.roa
Signing time:             Fri 02 Jan 2026 14:20:05 +0000
ROA not before:           Fri 02 Jan 2026 14:20:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214331
IP address blocks:        2a06:b700:1000::/48 maxlen: 48
                          2a06:b700:1001::/48 maxlen: 48
                          2a06:b700:1004::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/a5d286-8670-47e4-97b4-24cf8a61d7e8/1/iij_MQ2n34MJz6tNz5ojWEK2CHI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/a5d286-8670-47e4-97b4-24cf8a61d7e8/1/iij_MQ2n34MJz6tNz5ojWEK2CHI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iij_MQ2n34MJz6tNz5ojWEK2CHI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:74:62:d8:88:e6:85:97:22:fe:ce:73:aa:a9:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a28ff310da7df8309cfab4dcf9a235842b60872
        Validity
            Not Before: Jan  2 14:20:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cb0103ca0e67a0b9e5d8877cb65e5ee7ea849ff2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d6:e7:d8:ab:7f:80:24:ca:67:88:fb:ec:b6:
                    86:d7:65:ed:8b:1f:30:b4:5e:12:e7:bf:d7:c3:3f:
                    0d:39:94:41:38:62:c9:c4:3f:79:8f:59:61:94:f6:
                    eb:d9:b2:49:1d:e9:b2:95:9f:0f:7e:e7:8d:1a:41:
                    e0:4f:ac:d7:50:31:6e:5b:80:c8:80:f6:4e:5f:64:
                    8c:63:e0:87:f1:a5:8b:05:be:30:69:bc:2a:fc:72:
                    d9:63:13:53:1e:92:14:77:82:09:d0:b4:26:73:1d:
                    e1:5a:64:2a:95:c3:e3:78:12:be:77:1d:e7:a2:cd:
                    02:2a:49:5b:62:0b:4a:c8:db:14:1c:e5:1d:30:c4:
                    a9:47:ee:81:e1:be:03:79:a4:bd:5d:c8:b9:2d:92:
                    e8:8b:4b:d7:e1:fd:73:72:b9:7c:c3:a8:36:f8:41:
                    2d:de:88:00:56:95:1d:e2:c2:0a:ef:d3:1a:48:5e:
                    ea:bf:42:42:49:d9:89:c2:83:17:36:f2:ef:0c:18:
                    ac:63:41:b5:6b:33:03:56:4b:94:cd:73:af:1e:41:
                    17:a3:c9:35:83:b9:44:60:e3:60:6f:6e:63:b4:cb:
                    3d:94:12:cd:be:47:70:43:69:6f:eb:38:80:49:58:
                    99:8f:b8:61:b9:a6:fe:f8:95:f0:80:f5:59:10:3e:
                    62:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:01:03:CA:0E:67:A0:B9:E5:D8:87:7C:B6:5E:5E:E7:EA:84:9F:F2
            X509v3 Authority Key Identifier:
                keyid:8A:28:FF:31:0D:A7:DF:83:09:CF:AB:4D:CF:9A:23:58:42:B6:08:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iij_MQ2n34MJz6tNz5ojWEK2CHI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/a5d286-8670-47e4-97b4-24cf8a61d7e8/1/ywEDyg5noLnl2Id8tl5e5-qEn_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/a5d286-8670-47e4-97b4-24cf8a61d7e8/1/iij_MQ2n34MJz6tNz5ojWEK2CHI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:b700:1000::/47
                  2a06:b700:1004::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:c3:59:ca:f3:f7:17:20:16:fd:fb:e7:1e:f1:ec:73:c5:43:
         aa:99:bf:0f:f7:08:13:e3:8e:34:70:d1:8d:ea:6c:20:4d:1a:
         bc:37:a1:44:89:3e:be:88:14:08:ce:5b:f4:ba:8e:6f:06:4a:
         8d:a9:65:6b:f5:9e:82:5d:24:41:cf:b3:83:1c:36:a1:91:95:
         af:73:96:61:71:c9:52:fb:90:8c:8b:81:6c:23:0b:79:e1:e3:
         02:67:a7:1b:b1:92:fb:b6:af:fc:f4:ac:13:ef:e7:c7:5b:b6:
         84:e9:7b:2e:e7:a6:13:8d:2e:97:90:7f:ee:7c:e1:e9:55:88:
         16:7d:a5:48:b3:3d:f2:ee:5d:75:15:11:db:49:6b:1d:37:3e:
         74:c2:73:64:65:99:5d:75:d0:e0:b1:17:28:47:9b:21:06:43:
         e3:47:05:07:f9:13:10:4b:6c:ac:b1:22:e1:58:fa:f8:2b:2a:
         dc:f6:2f:c3:f6:90:36:6a:d9:4f:b5:ef:ad:2b:7a:8f:72:51:
         a4:c7:3d:4e:21:f1:9a:86:4a:ac:3c:01:17:bd:8d:df:f7:e4:
         a9:a1:26:07:97:93:f4:e3:5f:0b:e1:ec:4f:38:55:07:f6:f2:
         aa:1e:63:90:47:99:87:b9:49:a4:37:d7:2a:f5:3a:b3:f8:c4:
         3d:58:1e:2a
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZt/FHRi2IjmhZci/s5zqqlMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMjhmZjMxMGRhN2RmODMwOWNmYWI0ZGNmOWEyMzU4NDJi
NjA4NzIwHhcNMjYwMTAyMTQyMDA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjAxMDNjYTBlNjdhMGI5ZTVkODg3N2NiNjVlNWVlN2VhODQ5ZmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9bn2Kt/gCTKZ4j77LaG12Xtix8w
tF4S57/Xwz8NOZRBOGLJxD95j1lhlPbr2bJJHemylZ8PfueNGkHgT6zXUDFuW4DI
gPZOX2SMY+CH8aWLBb4wabwq/HLZYxNTHpIUd4IJ0LQmcx3hWmQqlcPjeBK+dx3n
os0CKklbYgtKyNsUHOUdMMSpR+6B4b4DeaS9Xci5LZLoi0vX4f1zcrl8w6g2+EEt
3ogAVpUd4sIK79MaSF7qv0JCSdmJwoMXNvLvDBisY0G1azMDVkuUzXOvHkEXo8k1
g7lEYONgb25jtMs9lBLNvkdwQ2lv6ziASViZj7hhuab++JXwgPVZED5iAwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMsBA8oOZ6C55diHfLZeXufqhJ/yMB8GA1UdIwQY
MBaAFIoo/zENp9+DCc+rTc+aI1hCtghyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWlqX01RMm4zNE1KejZ0Tno1b2pXRUsyQ0hJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9hNWQyODYtODY3MC00N2U0LTk3YjQt
MjRjZjhhNjFkN2U4LzEveXdFRHlnNW5vTG5sMklkOHRsNWU1LXFFbl9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9hNWQyODYtODY3MC00N2U0LTk3YjQtMjRjZjhhNjFkN2U4
LzEvaWlqX01RMm4zNE1KejZ0Tno1b2pXRUsyQ0hJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcBKga3ABAA
AwcAKga3ABAEMA0GCSqGSIb3DQEBCwUAA4IBAQB7w1nK8/cXIBb9++ce8exzxUOq
mb8P9wgT4440cNGN6mwgTRq8N6FEiT6+iBQIzlv0uo5vBkqNqWVr9Z6CXSRBz7OD
HDahkZWvc5ZhcclS+5CMi4FsIwt54eMCZ6cbsZL7tq/89KwT7+fHW7aE6Xsu56YT
jS6XkH/ufOHpVYgWfaVIsz3y7l11FRHbSWsdNz50wnNkZZldddDgsRcoR5shBkPj
RwUH+RMQS2yssSLhWPr4Kyrc9i/D9pA2atlPte+tK3qPclGkxz1OIfGahkqsPAEX
vY3f9+SpoSYHl5P0418L4exPOFUH9vKqHmOQR5mHuUmkN9cq9Tqz+MQ9WB4q
-----END CERTIFICATE-----