Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/IIrMyzgBP5_JRQxJ_jiwy1v0Ecs.roa
File:                     IIrMyzgBP5_JRQxJ_jiwy1v0Ecs.roa (raw, json)
Hash identifier:          BzooYeO72FAkBEgUsaLcwTgtG21uTNs19XaoNtISN/4=
Subject key identifier:   20:8A:CC:CB:38:01:3F:9F:C9:45:0C:49:FE:38:B0:CB:5B:F4:11:CB
Certificate issuer:       /CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
Certificate serial:       019EBE83D7E2E5462DD80853FEB92751F7D1
Authority key identifier: B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/IIrMyzgBP5_JRQxJ_jiwy1v0Ecs.roa
Signing time:             Sat 13 Jun 2026 01:06:11 +0000
ROA not before:           Sat 13 Jun 2026 01:06:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215760
IP address blocks:        2a12:bec4:1fa0::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:be:83:d7:e2:e5:46:2d:d8:08:53:fe:b9:27:51:f7:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b37e215a415ed7b5de4b6dc12f2f7b7750c3d66f
        Validity
            Not Before: Jun 13 01:06:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=208acccb38013f9fc9450c49fe38b0cb5bf411cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:d5:24:be:e9:0a:29:28:45:36:99:52:8a:ef:
                    11:77:08:49:24:07:b5:57:b2:b4:6e:c5:7e:97:26:
                    28:c2:46:5c:af:32:55:96:23:48:1b:ce:b0:9b:bb:
                    19:ae:7d:40:5b:df:3e:1b:9e:1c:6b:fb:6c:21:7a:
                    87:74:b5:42:eb:26:e9:fa:b3:90:0e:35:1e:4a:22:
                    8c:ed:04:57:3f:9c:e5:48:cb:92:79:8b:72:b0:39:
                    89:a9:0c:49:bc:6a:43:9c:ed:93:0e:fd:2d:7d:e3:
                    fc:23:f9:07:52:c0:6f:25:27:ad:9f:d3:93:73:9d:
                    34:15:58:b0:71:8e:1c:5e:ba:f6:c0:cb:c3:41:ef:
                    82:b5:fb:06:ad:36:f9:50:3e:4c:09:82:4d:5b:e4:
                    7f:5b:6f:05:8f:d5:c2:ec:7c:9c:cc:2d:6c:1c:68:
                    8e:22:a6:3d:2a:ff:35:00:d6:3c:ce:48:dc:67:de:
                    40:d7:2a:12:df:73:96:9c:90:49:96:89:8e:f5:2e:
                    fc:31:f0:11:1a:fa:c5:2c:45:4d:01:9a:79:09:35:
                    fb:84:ea:ca:7b:b7:1b:31:d3:a6:a0:86:38:7a:ed:
                    2d:77:c3:bb:01:e5:57:9d:1f:3b:db:14:0c:b9:8b:
                    8a:54:08:d3:5b:31:26:8e:89:c6:96:50:fa:1e:87:
                    5a:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:8A:CC:CB:38:01:3F:9F:C9:45:0C:49:FE:38:B0:CB:5B:F4:11:CB
            X509v3 Authority Key Identifier:
                keyid:B3:7E:21:5A:41:5E:D7:B5:DE:4B:6D:C1:2F:2F:7B:77:50:C3:D6:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s34hWkFe17XeS23BLy97d1DD1m8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/IIrMyzgBP5_JRQxJ_jiwy1v0Ecs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/97f49a-7a95-4dd5-8c74-55369cf507ee/1/s34hWkFe17XeS23BLy97d1DD1m8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:bec4:1fa0::/44

    Signature Algorithm: sha256WithRSAEncryption
         4b:7f:41:4b:e8:ab:0d:dc:1b:30:ab:a2:94:eb:1d:e0:cc:fe:
         df:91:b7:36:5a:9d:33:b7:50:7f:48:81:89:c1:74:8b:90:f5:
         36:b3:dd:f7:81:9b:e8:43:b2:8b:b9:a6:02:b5:e8:a1:65:fc:
         93:c5:e4:de:77:0a:03:66:75:82:67:16:80:1e:72:68:ab:e9:
         66:50:8a:51:33:38:f4:7a:81:a4:cd:b5:38:0a:51:5c:9a:4e:
         65:6d:4f:8a:4a:08:49:b6:e1:bf:41:8a:be:b7:56:0c:0e:01:
         56:e4:6c:51:c3:1f:0e:d4:bd:b7:36:60:6c:1f:4b:ed:dc:82:
         1b:95:fc:ec:f3:f2:1b:6a:78:f8:94:cb:67:7d:df:7a:77:ad:
         9a:fe:7c:dd:c2:81:c3:9c:26:1b:19:e0:9b:2e:ae:60:fe:56:
         c9:a4:ce:c6:58:05:33:b1:02:99:09:40:ca:e4:c5:c3:f4:98:
         4c:4d:5d:5a:2b:75:27:df:be:f9:62:0f:4e:7e:9d:36:60:72:
         06:fd:15:ca:19:94:e4:b8:99:da:65:09:38:a4:0b:c6:05:98:
         8c:ca:1b:05:7e:9c:19:85:30:5a:2c:e3:23:ff:f2:d4:3e:51:
         1c:44:4f:47:b3:25:a1:91:11:bc:76:df:ae:62:41:a0:15:7f:
         91:24:1b:c3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ6+g9fi5UYt2AhT/rknUffRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzN2UyMTVhNDE1ZWQ3YjVkZTRiNmRjMTJmMmY3Yjc3NTBj
M2Q2NmYwHhcNMjYwNjEzMDEwNjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDhhY2NjYjM4MDEzZjlmYzk0NTBjNDlmZTM4YjBjYjViZjQxMWNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA19UkvukKKShFNplSiu8RdwhJJAe1
V7K0bsV+lyYowkZcrzJVliNIG86wm7sZrn1AW98+G54ca/tsIXqHdLVC6ybp+rOQ
DjUeSiKM7QRXP5zlSMuSeYtysDmJqQxJvGpDnO2TDv0tfeP8I/kHUsBvJSetn9OT
c500FViwcY4cXrr2wMvDQe+CtfsGrTb5UD5MCYJNW+R/W28Fj9XC7HyczC1sHGiO
IqY9Kv81ANY8zkjcZ95A1yoS33OWnJBJlomO9S78MfARGvrFLEVNAZp5CTX7hOrK
e7cbMdOmoIY4eu0td8O7AeVXnR872xQMuYuKVAjTWzEmjonGllD6Hoda2wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCCKzMs4AT+fyUUMSf44sMtb9BHLMB8GA1UdIwQY
MBaAFLN+IVpBXte13kttwS8ve3dQw9ZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQt
NTUzNjljZjUwN2VlLzEvSUlyTXl6Z0JQNV9KUlF4Sl9qaXd5MXYwRWNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85N2Y0OWEtN2E5NS00ZGQ1LThjNzQtNTUzNjljZjUwN2Vl
LzEvczM0aFdrRmUxN1hlUzIzQkx5OTdkMUREMW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhK+xB+g
MA0GCSqGSIb3DQEBCwUAA4IBAQBLf0FL6KsN3Bswq6KU6x3gzP7fkbc2Wp0zt1B/
SIGJwXSLkPU2s933gZvoQ7KLuaYCteihZfyTxeTedwoDZnWCZxaAHnJoq+lmUIpR
Mzj0eoGkzbU4ClFcmk5lbU+KSghJtuG/QYq+t1YMDgFW5GxRwx8O1L23NmBsH0vt
3IIblfzs8/Ibanj4lMtnfd96d62a/nzdwoHDnCYbGeCbLq5g/lbJpM7GWAUzsQKZ
CUDK5MXD9JhMTV1aK3Un3775Yg9Ofp02YHIG/RXKGZTkuJnaZQk4pAvGBZiMyhsF
fpwZhTBaLOMj//LUPlEcRE9HsyWhkRG8dt+uYkGgFX+RJBvD
-----END CERTIFICATE-----