Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/_siVgVasG94LnpkyKuH-iEOHhwY.roa
File:                     _siVgVasG94LnpkyKuH-iEOHhwY.roa (raw, json)
Hash identifier:          YNf7bDVOomZ3mTsQenOpAjeZ/FlkRQTvPNx8h0gZfEw=
Subject key identifier:   FE:C8:95:81:56:AC:1B:DE:0B:9E:99:32:2A:E1:FE:88:43:87:87:06
Certificate issuer:       /CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
Certificate serial:       019E2C057981F451A2650362BD0710B2EB14
Authority key identifier: 1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/_siVgVasG94LnpkyKuH-iEOHhwY.roa
Signing time:             Fri 15 May 2026 14:23:36 +0000
ROA not before:           Fri 15 May 2026 14:23:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198138
IP address blocks:        2a01:ecc0:b::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2c:05:79:81:f4:51:a2:65:03:62:bd:07:10:b2:eb:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d43a2484569d20e3f53c17be7b9fb29c34ee5be
        Validity
            Not Before: May 15 14:23:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fec8958156ac1bde0b9e99322ae1fe8843878706
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:45:dc:a7:6f:27:e3:9b:38:64:62:d9:91:f0:
                    65:63:6b:8b:0e:7e:57:fb:cd:45:9e:30:7d:da:9b:
                    56:79:f4:7d:72:7f:17:78:4d:bc:da:e9:97:61:c7:
                    1c:f6:1f:3d:ca:0c:d1:e2:e3:72:3e:d4:94:12:6e:
                    a0:f2:e7:51:c0:82:43:82:8d:e9:5f:b0:d3:b0:e3:
                    45:4f:90:99:b3:1d:74:88:1d:4f:30:6c:dc:ad:35:
                    b2:ee:69:a1:eb:0f:ce:d4:e4:5c:80:e4:d0:3a:bf:
                    2a:a6:ee:49:23:25:d9:ac:c9:38:91:99:d9:d8:35:
                    3f:8b:0b:d5:99:02:24:31:1e:71:92:aa:6d:b3:b7:
                    85:49:0b:1a:0d:f7:2d:91:05:3d:00:4b:6f:ec:ac:
                    99:67:24:55:a7:5c:5e:0d:32:af:9e:42:5a:3f:e9:
                    8d:ff:01:83:9b:2a:d2:20:3c:a8:80:4a:5b:0a:f1:
                    9b:f8:17:4c:ef:de:60:47:38:1d:59:46:bc:a3:12:
                    17:97:b7:34:f9:94:27:a9:a6:ad:a3:fe:84:3d:1c:
                    52:e8:98:64:16:85:43:d2:cf:8e:06:ee:5a:d0:94:
                    c5:56:90:31:61:4b:2e:be:88:f6:09:d5:51:af:21:
                    b7:f4:75:97:98:68:ac:06:fe:0a:51:c5:06:ac:54:
                    61:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:C8:95:81:56:AC:1B:DE:0B:9E:99:32:2A:E1:FE:88:43:87:87:06
            X509v3 Authority Key Identifier:
                keyid:1D:43:A2:48:45:69:D2:0E:3F:53:C1:7B:E7:B9:FB:29:C3:4E:E5:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HUOiSEVp0g4_U8F757n7KcNO5b4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/_siVgVasG94LnpkyKuH-iEOHhwY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/c93d87-32e0-46f1-9fb9-63451548979d/1/HUOiSEVp0g4_U8F757n7KcNO5b4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:ecc0:b::/48

    Signature Algorithm: sha256WithRSAEncryption
         a4:f5:25:c0:2a:3d:de:df:ae:69:82:42:6a:d1:03:28:f0:96:
         ca:1e:fc:47:a0:96:fb:21:49:e7:fc:5f:05:35:b3:38:57:20:
         5f:a6:4b:bf:d6:37:17:52:4b:e2:3a:09:03:19:29:2a:c3:0b:
         3b:e7:6d:c0:34:a9:71:4e:63:8e:d3:1b:9f:fe:e9:59:2d:5b:
         19:6c:1a:e5:7e:4e:61:a3:28:a8:83:9e:a9:c2:db:3a:32:58:
         6a:b6:be:b6:36:bd:56:22:b7:a3:a3:dc:da:5a:e5:4b:b8:28:
         87:55:aa:9a:bb:1e:c8:86:17:1c:28:b9:c3:4d:e8:22:c9:a0:
         87:47:9b:0a:65:0b:93:cd:fc:af:e8:a7:35:86:ba:77:95:0f:
         41:3f:87:eb:4c:57:b2:0e:0c:ec:84:5d:1b:53:37:6b:15:a8:
         68:bc:c9:19:f1:3b:fe:20:54:8d:51:74:04:e7:90:55:53:ee:
         4c:67:51:e3:26:12:f6:47:d8:bb:b6:2a:a7:0a:4e:4c:23:f0:
         b3:15:2d:61:27:78:ca:ce:04:e1:49:f7:06:4d:5a:01:17:4e:
         91:58:5d:43:92:be:2f:c8:fa:19:c7:c4:cb:5f:83:bc:d2:85:
         37:0d:54:4e:c1:8f:da:ef:2d:17:9e:21:ee:a1:70:8f:24:b8:
         2c:fa:99:f0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ4sBXmB9FGiZQNivQcQsusUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkNDNhMjQ4NDU2OWQyMGUzZjUzYzE3YmU3YjlmYjI5YzM0
ZWU1YmUwHhcNMjYwNTE1MTQyMzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWM4OTU4MTU2YWMxYmRlMGI5ZTk5MzIyYWUxZmU4ODQzODc4NzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqkXcp28n45s4ZGLZkfBlY2uLDn5X
+81FnjB92ptWefR9cn8XeE282umXYccc9h89ygzR4uNyPtSUEm6g8udRwIJDgo3p
X7DTsONFT5CZsx10iB1PMGzcrTWy7mmh6w/O1ORcgOTQOr8qpu5JIyXZrMk4kZnZ
2DU/iwvVmQIkMR5xkqpts7eFSQsaDfctkQU9AEtv7KyZZyRVp1xeDTKvnkJaP+mN
/wGDmyrSIDyogEpbCvGb+BdM795gRzgdWUa8oxIXl7c0+ZQnqaato/6EPRxS6Jhk
FoVD0s+OBu5a0JTFVpAxYUsuvoj2CdVRryG39HWXmGisBv4KUcUGrFRhawIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFP7IlYFWrBveC56ZMirh/ohDh4cGMB8GA1UdIwQY
MBaAFB1DokhFadIOP1PBe+e5+ynDTuW+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjkt
NjM0NTE1NDg5NzlkLzEvX3NpVmdWYXNHOTRMbnBreUt1SC1pRU9IaHdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jOTNkODctMzJlMC00NmYxLTlmYjktNjM0NTE1NDg5Nzlk
LzEvSFVPaVNFVnAwZzRfVThGNzU3bjdLY05PNWI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgHswAAL
MA0GCSqGSIb3DQEBCwUAA4IBAQCk9SXAKj3e365pgkJq0QMo8JbKHvxHoJb7IUnn
/F8FNbM4VyBfpku/1jcXUkviOgkDGSkqwws7523ANKlxTmOO0xuf/ulZLVsZbBrl
fk5hoyiog56pwts6Mlhqtr62Nr1WIrejo9zaWuVLuCiHVaqaux7IhhccKLnDTegi
yaCHR5sKZQuTzfyv6Kc1hrp3lQ9BP4frTFeyDgzshF0bUzdrFahovMkZ8Tv+IFSN
UXQE55BVU+5MZ1HjJhL2R9i7tiqnCk5MI/CzFS1hJ3jKzgThSfcGTVoBF06RWF1D
kr4vyPoZx8TLX4O80oU3DVROwY/a7y0XniHuoXCPJLgs+pnw
-----END CERTIFICATE-----