Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/Cj0Rg7ZZSHdgXtFcWXXM7tfIvHc.roa
File:                     Cj0Rg7ZZSHdgXtFcWXXM7tfIvHc.roa (raw, json)
Hash identifier:          0RdkT2H958+n28C6hiLpeEuNIKNrNm4b9XUQd3htNXk=
Subject key identifier:   0A:3D:11:83:B6:59:48:77:60:5E:D1:5C:59:75:CC:EE:D7:C8:BC:77
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       019D62D0D4A9D7C99577EC9685123F3B6EF7
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/Cj0Rg7ZZSHdgXtFcWXXM7tfIvHc.roa
Signing time:             Mon 06 Apr 2026 12:42:26 +0000
ROA not before:           Mon 06 Apr 2026 12:42:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20473
IP address blocks:        2a12:bec4:12a0::/47 maxlen: 47
                          2a12:bec4:12a4::/46 maxlen: 46
                          2a12:bec4:12a8::/45 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:62:d0:d4:a9:d7:c9:95:77:ec:96:85:12:3f:3b:6e:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Apr  6 12:42:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0a3d1183b6594877605ed15c5975cceed7c8bc77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ea:b7:24:c7:a7:0b:e1:7a:2e:c4:d0:75:5b:
                    b8:dc:13:4f:08:24:0a:8b:f1:29:5c:dd:c6:ec:6d:
                    95:7e:04:56:a9:7d:c8:0d:73:55:b6:7f:81:bc:33:
                    0e:71:07:25:c6:8a:f5:05:51:44:76:86:f4:be:3d:
                    c2:93:56:71:f2:39:c6:25:9e:50:8e:05:51:15:27:
                    33:90:8e:ee:88:83:b9:dc:57:ab:3b:c3:fa:1f:b2:
                    c3:1d:4c:83:8e:b9:26:68:33:73:0d:16:7c:4a:8f:
                    f8:54:c4:30:c3:21:4d:7a:cb:34:f4:d2:f1:43:8f:
                    55:63:ee:fa:4b:a8:7c:e7:ae:d7:07:33:ae:df:6a:
                    72:1b:41:6f:cf:c9:7d:24:53:40:6e:4a:9a:e0:cc:
                    ed:64:36:cf:fe:70:41:60:12:47:10:85:82:6b:c5:
                    31:17:e9:a6:65:81:33:e4:e0:eb:e9:09:e2:2b:d3:
                    d5:8c:f5:46:99:fb:c3:69:f5:f1:e2:6d:2a:da:e7:
                    45:7d:76:a3:7b:aa:21:dc:10:24:85:a9:4e:c7:dc:
                    47:ce:b2:88:48:cd:4a:b7:8e:d9:51:8d:0e:71:58:
                    2d:7c:ce:4a:d6:10:2e:0d:53:1c:9b:b7:db:6f:cc:
                    50:b8:04:44:75:f0:f4:7a:9d:e7:73:0c:05:e1:a0:
                    55:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:3D:11:83:B6:59:48:77:60:5E:D1:5C:59:75:CC:EE:D7:C8:BC:77
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/Cj0Rg7ZZSHdgXtFcWXXM7tfIvHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:12a0::/47
                  2a12:bec4:12a4::-2a12:bec4:12af:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         9a:5f:47:48:d2:39:25:61:36:8c:05:71:10:53:04:6e:f4:2c:
         c0:1b:6d:ed:a4:d2:26:fe:23:d0:6a:e9:2b:00:d5:8d:af:29:
         4e:0c:0f:80:d0:42:d0:9f:f0:55:d0:40:e7:fe:19:00:1f:23:
         6b:47:80:02:9b:eb:75:1c:a1:5f:e8:67:40:3a:ab:24:64:43:
         04:32:8e:5e:d5:54:11:e9:7f:22:f7:d7:a7:ad:a7:2e:c9:07:
         c7:1d:a6:67:c4:b0:ca:4a:6d:f8:f3:1e:44:05:2a:db:d5:98:
         14:27:7e:1e:2d:12:65:f9:f1:2c:fa:17:89:5c:3b:06:58:54:
         ba:e9:25:df:26:18:c9:f7:e5:67:90:dc:27:58:14:e1:2f:00:
         a5:ab:24:0f:fd:ce:17:fc:ff:d1:03:55:e9:96:74:12:34:55:
         41:d0:54:9c:76:b7:07:84:b4:47:a1:15:a1:09:cb:fd:1a:3d:
         31:ec:9f:77:69:69:90:6f:d5:fd:4e:6d:90:39:d1:8b:82:67:
         e2:34:0b:73:63:11:be:e8:57:17:b7:b4:01:73:91:41:ea:af:
         30:29:b0:fb:4a:9f:fe:c3:da:54:4c:cb:af:14:a2:34:8d:bf:
         47:8c:3a:78:92:2a:72:97:4b:e4:a7:48:42:4c:a6:70:76:a0:
         14:7d:3f:8a
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZ1i0NSp18mVd+yWhRI/O273MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjYwNDA2MTI0MjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTNkMTE4M2I2NTk0ODc3NjA1ZWQxNWM1OTc1Y2NlZWQ3YzhiYzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+q3JMenC+F6LsTQdVu43BNPCCQK
i/EpXN3G7G2VfgRWqX3IDXNVtn+BvDMOcQclxor1BVFEdob0vj3Ck1Zx8jnGJZ5Q
jgVRFSczkI7uiIO53FerO8P6H7LDHUyDjrkmaDNzDRZ8So/4VMQwwyFNess09NLx
Q49VY+76S6h8567XBzOu32pyG0Fvz8l9JFNAbkqa4MztZDbP/nBBYBJHEIWCa8Ux
F+mmZYEz5ODr6QniK9PVjPVGmfvDafXx4m0q2udFfXaje6oh3BAkhalOx9xHzrKI
SM1Kt47ZUY0OcVgtfM5K1hAuDVMcm7fbb8xQuAREdfD0ep3ncwwF4aBVmQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFAo9EYO2WUh3YF7RXFl1zO7XyLx3MB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvQ2owUmc3WlpTSGRnWHRGY1dYWE03dGZJdkhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAjBAIAAjAdAwcBKhK+xBKg
MBIDBwIqEr7EEqQDBwQqEr7EEqAwDQYJKoZIhvcNAQELBQADggEBAJpfR0jSOSVh
NowFcRBTBG70LMAbbe2k0ib+I9Bq6SsA1Y2vKU4MD4DQQtCf8FXQQOf+GQAfI2tH
gAKb63UcoV/oZ0A6qyRkQwQyjl7VVBHpfyL316etpy7JB8cdpmfEsMpKbfjzHkQF
KtvVmBQnfh4tEmX58Sz6F4lcOwZYVLrpJd8mGMn35WeQ3CdYFOEvAKWrJA/9zhf8
/9EDVemWdBI0VUHQVJx2tweEtEehFaEJy/0aPTHsn3dpaZBv1f1ObZA50YuCZ+I0
C3NjEb7oVxe3tAFzkUHqrzApsPtKn/7D2lRMy68UojSNv0eMOniSKnKXS+SnSEJM
pnB2oBR9P4o=
-----END CERTIFICATE-----