Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/1a8cbd-72cf-4a1c-83d2-c23eaed4d125/1/T-A-44juLtTcwFnkF5SXhOQIQ9I.roa
File:                     T-A-44juLtTcwFnkF5SXhOQIQ9I.roa (raw, json)
Hash identifier:          5FV/i01IPIqBUOBQNZQFuPYhK8LFfHjFfgoQlpXFS0o=
Subject key identifier:   4F:E0:3E:E3:88:EE:2E:D4:DC:C0:59:E4:17:94:97:84:E4:08:43:D2
Certificate issuer:       /CN=8f041d669ea6c41170d6f81409c0ffdc28e56907
Certificate serial:       019B7F843105B7DACECF53FFE78666133316
Authority key identifier: 8F:04:1D:66:9E:A6:C4:11:70:D6:F8:14:09:C0:FF:DC:28:E5:69:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jwQdZp6mxBFw1vgUCcD_3CjlaQc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/1a8cbd-72cf-4a1c-83d2-c23eaed4d125/1/T-A-44juLtTcwFnkF5SXhOQIQ9I.roa
Signing time:             Fri 02 Jan 2026 16:22:08 +0000
ROA not before:           Fri 02 Jan 2026 16:22:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207563
IP address blocks:        2001:678:be8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/1a8cbd-72cf-4a1c-83d2-c23eaed4d125/1/jwQdZp6mxBFw1vgUCcD_3CjlaQc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/1a8cbd-72cf-4a1c-83d2-c23eaed4d125/1/jwQdZp6mxBFw1vgUCcD_3CjlaQc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jwQdZp6mxBFw1vgUCcD_3CjlaQc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 13:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:84:31:05:b7:da:ce:cf:53:ff:e7:86:66:13:33:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f041d669ea6c41170d6f81409c0ffdc28e56907
        Validity
            Not Before: Jan  2 16:22:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4fe03ee388ee2ed4dcc059e417949784e40843d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:85:fc:36:89:0c:b8:0c:27:60:1a:a9:a5:83:
                    29:3e:d0:e2:d5:d7:bb:8f:3b:26:cc:90:99:2f:8f:
                    cf:48:d1:c5:cf:28:b7:ca:7a:e1:9d:87:1d:78:df:
                    a1:a1:d6:06:b8:76:e3:06:31:6a:0b:3f:c5:6e:5f:
                    5e:ed:8d:14:67:85:68:89:46:e6:a5:e1:ef:87:a8:
                    d4:e2:68:b6:e9:0d:05:77:75:1a:78:84:79:78:2c:
                    ab:0a:11:95:39:50:41:21:08:d5:8b:dd:0a:d6:e0:
                    a2:ad:3f:95:96:dc:04:9e:54:ac:21:3a:60:e8:16:
                    69:81:f8:f0:6e:dc:bf:3f:e7:d7:48:08:4f:c6:55:
                    a8:98:13:bc:ed:f0:0e:8d:2a:da:81:51:be:8d:32:
                    3d:87:b4:e5:9e:b4:e1:94:d4:b8:0b:5d:33:28:2f:
                    77:48:65:bd:35:09:d2:d4:a0:64:12:8d:d2:2e:c9:
                    39:d6:ff:11:b2:00:87:7e:49:9a:4f:57:c5:8c:98:
                    8f:6a:06:cb:e8:a6:73:0e:8a:f1:34:46:de:12:04:
                    85:27:4c:b2:58:6f:20:85:dd:73:9e:a2:78:ac:48:
                    d2:b7:e7:3e:8a:5c:41:79:0b:9c:38:57:5b:d6:4a:
                    1f:a1:1b:4c:c4:30:17:7b:64:cd:d6:7e:70:32:f2:
                    a0:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:E0:3E:E3:88:EE:2E:D4:DC:C0:59:E4:17:94:97:84:E4:08:43:D2
            X509v3 Authority Key Identifier:
                keyid:8F:04:1D:66:9E:A6:C4:11:70:D6:F8:14:09:C0:FF:DC:28:E5:69:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jwQdZp6mxBFw1vgUCcD_3CjlaQc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/1a8cbd-72cf-4a1c-83d2-c23eaed4d125/1/T-A-44juLtTcwFnkF5SXhOQIQ9I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/1a8cbd-72cf-4a1c-83d2-c23eaed4d125/1/jwQdZp6mxBFw1vgUCcD_3CjlaQc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:be8::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:34:d1:32:56:9d:ea:57:32:fa:75:a7:04:81:59:ab:d6:b6:
         cf:d7:e5:e7:bb:42:fe:f7:b5:70:0e:8f:0d:bd:6e:06:40:07:
         33:f5:b1:37:f0:9b:52:92:0d:e1:3a:25:11:2d:ef:d1:04:4d:
         39:8b:b4:ee:bd:56:af:c0:24:e9:58:1f:6e:19:eb:6b:59:14:
         38:d6:0e:70:fc:af:13:f6:15:37:63:53:8a:94:d1:df:fd:26:
         ba:62:e8:6d:da:67:c6:9c:0a:e1:e2:a5:26:f9:dd:94:f5:31:
         d8:87:f4:9e:19:c6:ba:15:93:1e:bc:c3:a8:98:1d:99:98:ce:
         74:3a:10:cc:c2:63:95:2e:66:44:d7:41:af:41:9f:8b:63:93:
         ab:fd:1b:f8:33:9d:4f:1c:37:85:58:cf:04:63:fb:56:6a:1d:
         0e:3b:dc:bb:7f:86:59:4f:ae:87:72:73:75:42:9b:38:7f:95:
         2a:f1:6d:de:36:57:86:74:4d:29:d5:21:80:c7:0f:d0:b8:66:
         02:9f:fa:46:d8:e4:81:25:8f:00:97:43:67:c4:92:52:49:64:
         9b:8e:7a:4f:71:e5:8b:bb:07:99:fc:35:84:40:bb:74:28:b7:
         e2:50:83:54:52:b3:f9:47:a5:bb:82:53:ce:b0:11:a0:02:a5:
         a7:39:7e:01
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt/hDEFt9rOz1P/54ZmEzMWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMDQxZDY2OWVhNmM0MTE3MGQ2ZjgxNDA5YzBmZmRjMjhl
NTY5MDcwHhcNMjYwMTAyMTYyMjA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmUwM2VlMzg4ZWUyZWQ0ZGNjMDU5ZTQxNzk0OTc4NGU0MDg0M2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1YX8NokMuAwnYBqppYMpPtDi1de7
jzsmzJCZL4/PSNHFzyi3ynrhnYcdeN+hodYGuHbjBjFqCz/Fbl9e7Y0UZ4VoiUbm
peHvh6jU4mi26Q0Fd3UaeIR5eCyrChGVOVBBIQjVi90K1uCirT+VltwEnlSsITpg
6BZpgfjwbty/P+fXSAhPxlWomBO87fAOjSragVG+jTI9h7TlnrThlNS4C10zKC93
SGW9NQnS1KBkEo3SLsk51v8RsgCHfkmaT1fFjJiPagbL6KZzDorxNEbeEgSFJ0yy
WG8ghd1znqJ4rEjSt+c+ilxBeQucOFdb1kofoRtMxDAXe2TN1n5wMvKgCwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE/gPuOI7i7U3MBZ5BeUl4TkCEPSMB8GA1UdIwQY
MBaAFI8EHWaepsQRcNb4FAnA/9wo5WkHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvandRZFpwNm14QkZ3MXZnVUNjRF8zQ2psYVFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny8xYThjYmQtNzJjZi00YTFjLTgzZDIt
YzIzZWFlZDRkMTI1LzEvVC1BLTQ0anVMdFRjd0Zua0Y1U1hoT1FJUTlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny8xYThjYmQtNzJjZi00YTFjLTgzZDItYzIzZWFlZDRkMTI1
LzEvandRZFpwNm14QkZ3MXZnVUNjRF8zQ2psYVFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAvo
MA0GCSqGSIb3DQEBCwUAA4IBAQAuNNEyVp3qVzL6dacEgVmr1rbP1+Xnu0L+97Vw
Do8NvW4GQAcz9bE38JtSkg3hOiURLe/RBE05i7TuvVavwCTpWB9uGetrWRQ41g5w
/K8T9hU3Y1OKlNHf/Sa6Yuht2mfGnArh4qUm+d2U9THYh/SeGca6FZMevMOomB2Z
mM50OhDMwmOVLmZE10GvQZ+LY5Or/Rv4M51PHDeFWM8EY/tWah0OO9y7f4ZZT66H
cnN1Qps4f5Uq8W3eNleGdE0p1SGAxw/QuGYCn/pG2OSBJY8Al0NnxJJSSWSbjnpP
ceWLuweZ/DWEQLt0KLfiUINUUrP5R6W7glPOsBGgAqWnOX4B
-----END CERTIFICATE-----