Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/27847c-5113-4a4b-a788-764363b13cd2/1/1-U6aXSNrwCxTePFdNUR5lBDEtfE.roa
File:                     1-U6aXSNrwCxTePFdNUR5lBDEtfE.roa (raw, json)
Hash identifier:          5TwFfZ3mjpXZiK+WWFipXkRuzwCPyvQ/Hl+kyatEY/M=
Subject key identifier:   F9:4E:9A:5D:23:6B:C0:2C:53:78:F1:5D:35:44:79:94:10:C4:B5:F1
Certificate issuer:       /CN=ef52dc6920bde007450630bbfc0216ade4e03f62
Certificate serial:       019B7DCB0D3C449A160D22D9F56F8CB7D430
Authority key identifier: EF:52:DC:69:20:BD:E0:07:45:06:30:BB:FC:02:16:AD:E4:E0:3F:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/71LcaSC94AdFBjC7_AIWreTgP2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/27847c-5113-4a4b-a788-764363b13cd2/1/1-U6aXSNrwCxTePFdNUR5lBDEtfE.roa
Signing time:             Fri 02 Jan 2026 08:20:17 +0000
ROA not before:           Fri 02 Jan 2026 08:20:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     60874
IP address blocks:        2a00:6fe0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/27847c-5113-4a4b-a788-764363b13cd2/1/71LcaSC94AdFBjC7_AIWreTgP2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/27847c-5113-4a4b-a788-764363b13cd2/1/71LcaSC94AdFBjC7_AIWreTgP2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/71LcaSC94AdFBjC7_AIWreTgP2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 13:50:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:0d:3c:44:9a:16:0d:22:d9:f5:6f:8c:b7:d4:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef52dc6920bde007450630bbfc0216ade4e03f62
        Validity
            Not Before: Jan  2 08:20:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f94e9a5d236bc02c5378f15d3544799410c4b5f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:84:ea:e5:a6:74:4b:e1:66:00:61:10:78:7b:
                    fe:58:28:d6:7a:1f:b3:ba:f5:d4:a5:de:9c:58:95:
                    ba:da:6d:c2:aa:e1:eb:b5:45:3a:51:22:ed:de:bb:
                    5d:56:1c:d2:91:a8:65:58:70:65:48:33:4a:1e:94:
                    e3:a9:1a:6f:d6:0d:86:d0:3a:f1:38:6d:9b:35:32:
                    69:05:c0:4f:a7:d1:40:1c:a4:fd:05:4d:5f:c1:b6:
                    c7:c5:c6:a8:da:dd:c6:04:a9:0e:b9:46:d0:72:df:
                    b7:7e:a0:98:a2:11:fb:86:48:54:2c:c8:ec:34:76:
                    77:4c:a1:0f:53:62:56:3f:e4:a1:6c:b3:05:4f:58:
                    47:15:79:c5:e5:75:62:3d:60:3a:55:cb:8c:0a:08:
                    51:50:f1:b1:ed:9e:53:12:e4:a7:07:a7:8c:b1:64:
                    c1:d8:df:48:af:10:6f:5c:2f:f7:e9:5a:95:60:d0:
                    86:8c:d6:3d:72:35:61:cf:ab:8d:24:18:12:b8:a5:
                    d1:7f:ba:3f:09:ce:1e:49:ef:07:2c:e8:11:64:90:
                    ad:e7:f4:c1:23:1f:b4:cf:af:a2:24:07:29:80:67:
                    98:81:98:d8:7a:4b:c2:be:c6:85:e8:06:49:45:b7:
                    87:f1:00:e5:52:48:8e:24:ac:a3:4d:c3:cd:53:40:
                    ae:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:4E:9A:5D:23:6B:C0:2C:53:78:F1:5D:35:44:79:94:10:C4:B5:F1
            X509v3 Authority Key Identifier:
                keyid:EF:52:DC:69:20:BD:E0:07:45:06:30:BB:FC:02:16:AD:E4:E0:3F:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/71LcaSC94AdFBjC7_AIWreTgP2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/27847c-5113-4a4b-a788-764363b13cd2/1/1-U6aXSNrwCxTePFdNUR5lBDEtfE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/27847c-5113-4a4b-a788-764363b13cd2/1/71LcaSC94AdFBjC7_AIWreTgP2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:6fe0::/32

    Signature Algorithm: sha256WithRSAEncryption
         1c:6b:5b:3b:ec:bc:77:e8:4e:93:15:23:b5:f1:23:b6:75:cb:
         ae:34:3b:4a:a6:c3:93:a4:ef:d1:68:31:71:d0:08:26:b7:81:
         4d:2f:d3:a2:12:d6:25:b0:3f:5d:8e:ef:90:60:3e:83:da:12:
         d0:e8:d9:d3:7b:3f:6c:53:14:aa:5a:50:12:ca:d5:f2:37:18:
         3f:ec:d9:c4:0a:a0:53:56:8b:45:eb:d2:97:d7:c7:95:c6:66:
         58:61:79:28:90:32:72:c7:9a:93:7e:86:11:af:02:61:ab:d7:
         da:96:6c:f6:6b:a6:de:e3:1f:eb:6e:82:4a:16:4b:ed:cd:cb:
         3b:61:1d:01:ca:8a:98:ec:d9:fd:be:29:78:1f:80:07:1d:81:
         74:60:7f:ba:b5:3c:8e:6f:54:8e:af:ac:19:1c:03:84:b4:2b:
         08:0e:2a:8e:c9:ff:81:1d:e1:2e:25:5f:f7:7a:85:70:5f:7d:
         54:f4:7a:98:00:6a:f1:c0:81:a9:ad:13:65:7d:b3:06:d5:82:
         fa:2d:3e:4d:44:7d:53:6f:93:9a:5b:c1:3d:c6:fd:0d:db:aa:
         5a:96:6b:bd:e5:b3:f3:43:4e:76:16:11:9d:2c:92:50:37:de:
         1b:8f:a9:64:4b:cf:8a:50:6c:b8:d0:10:c0:a4:65:c4:33:ea:
         00:a3:d5:f6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt9yw08RJoWDSLZ9W+Mt9QwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNTJkYzY5MjBiZGUwMDc0NTA2MzBiYmZjMDIxNmFkZTRl
MDNmNjIwHhcNMjYwMTAyMDgyMDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTRlOWE1ZDIzNmJjMDJjNTM3OGYxNWQzNTQ0Nzk5NDEwYzRiNWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1YTq5aZ0S+FmAGEQeHv+WCjWeh+z
uvXUpd6cWJW62m3CquHrtUU6USLt3rtdVhzSkahlWHBlSDNKHpTjqRpv1g2G0Drx
OG2bNTJpBcBPp9FAHKT9BU1fwbbHxcao2t3GBKkOuUbQct+3fqCYohH7hkhULMjs
NHZ3TKEPU2JWP+ShbLMFT1hHFXnF5XViPWA6VcuMCghRUPGx7Z5TEuSnB6eMsWTB
2N9IrxBvXC/36VqVYNCGjNY9cjVhz6uNJBgSuKXRf7o/Cc4eSe8HLOgRZJCt5/TB
Ix+0z6+iJAcpgGeYgZjYekvCvsaF6AZJRbeH8QDlUkiOJKyjTcPNU0CuYQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPlOml0ja8AsU3jxXTVEeZQQxLXxMB8GA1UdIwQY
MBaAFO9S3GkgveAHRQYwu/wCFq3k4D9iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzFMY2FTQzk0QWRGQmpDN19BSVdyZVRnUDJJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My8yNzg0N2MtNTExMy00YTRiLWE3ODgt
NzY0MzYzYjEzY2QyLzEvMS1VNmFYU05yd0N4VGVQRmROVVI1bEJERXRmRS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvODMvMjc4NDdjLTUxMTMtNGE0Yi1hNzg4LTc2NDM2M2IxM2Nk
Mi8xLzcxTGNhU0M5NEFkRkJqQzdfQUlXcmVUZ1AySS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACoAb+Aw
DQYJKoZIhvcNAQELBQADggEBABxrWzvsvHfoTpMVI7XxI7Z1y640O0qmw5Ok79Fo
MXHQCCa3gU0v06IS1iWwP12O75BgPoPaEtDo2dN7P2xTFKpaUBLK1fI3GD/s2cQK
oFNWi0Xr0pfXx5XGZlhheSiQMnLHmpN+hhGvAmGr19qWbPZrpt7jH+tugkoWS+3N
yzthHQHKipjs2f2+KXgfgAcdgXRgf7q1PI5vVI6vrBkcA4S0KwgOKo7J/4Ed4S4l
X/d6hXBffVT0epgAavHAgamtE2V9swbVgvotPk1EfVNvk5pbwT3G/Q3bqlqWa73l
s/NDTnYWEZ0sklA33huPqWRLz4pQbLjQEMCkZcQz6gCj1fY=
-----END CERTIFICATE-----