Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/8ce609-db1d-4997-9d8a-96ddd5a0239d/1/gXTXswMAqOUZcicFKanGyy8Pc24.roa
File:                     gXTXswMAqOUZcicFKanGyy8Pc24.roa (raw, json)
Hash identifier:          CsXx31nQ+NdycTm6E1P0Qb6Ob5IJ6xBFv4kmPa3DVVo=
Subject key identifier:   81:74:D7:B3:03:00:A8:E5:19:72:27:05:29:A9:C6:CB:2F:0F:73:6E
Certificate issuer:       /CN=d9d0318f2685e32d2dba923f6662771427359738
Certificate serial:       019B797E95476595483269F3CCCEF546A5F0
Authority key identifier: D9:D0:31:8F:26:85:E3:2D:2D:BA:92:3F:66:62:77:14:27:35:97:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2dAxjyaF4y0tupI_ZmJ3FCc1lzg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/8ce609-db1d-4997-9d8a-96ddd5a0239d/1/gXTXswMAqOUZcicFKanGyy8Pc24.roa
Signing time:             Thu 01 Jan 2026 12:18:17 +0000
ROA not before:           Thu 01 Jan 2026 12:18:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51103
IP address blocks:        2001:1b28:405::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/8ce609-db1d-4997-9d8a-96ddd5a0239d/1/2dAxjyaF4y0tupI_ZmJ3FCc1lzg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/8ce609-db1d-4997-9d8a-96ddd5a0239d/1/2dAxjyaF4y0tupI_ZmJ3FCc1lzg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2dAxjyaF4y0tupI_ZmJ3FCc1lzg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 12:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:7e:95:47:65:95:48:32:69:f3:cc:ce:f5:46:a5:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d9d0318f2685e32d2dba923f6662771427359738
        Validity
            Not Before: Jan  1 12:18:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8174d7b30300a8e51972270529a9c6cb2f0f736e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:e2:92:32:ce:b1:8c:bd:9a:d6:d0:8f:09:6c:
                    a1:f7:ab:b4:ce:34:b0:04:87:f2:12:32:28:7f:57:
                    ed:ff:6d:ad:0e:61:56:73:06:f0:c1:6b:91:30:e4:
                    00:87:87:83:63:93:31:3e:b4:33:65:4f:23:a3:b5:
                    cb:1e:c5:f0:1e:4d:d5:8a:e2:9c:9d:ce:11:c6:78:
                    e1:04:96:c3:0d:da:36:44:5d:ac:63:94:cf:f2:da:
                    51:85:20:3d:df:39:40:b7:29:4a:42:ab:76:12:26:
                    3e:6c:12:8f:59:43:09:a9:85:92:46:f0:5b:00:df:
                    3b:f7:dc:84:47:f1:6f:50:c1:a4:3a:63:63:75:82:
                    af:3e:df:e5:a4:76:77:86:6a:ee:33:e9:aa:62:0e:
                    8d:23:6b:14:53:a0:50:09:82:be:51:1b:d4:75:bd:
                    d6:bd:03:c5:91:d1:14:ae:be:74:d7:8b:79:8f:8f:
                    57:81:a9:4e:e1:d3:ee:98:23:32:71:fe:90:b0:cd:
                    19:b8:16:f5:8f:58:d7:28:d3:88:e8:db:b6:83:2d:
                    97:cc:1d:7e:ea:fa:da:06:ad:16:f2:f6:25:8e:25:
                    ed:13:a5:1b:7d:7e:9b:cc:69:07:2e:cc:b5:93:ee:
                    9a:5a:62:8c:22:e6:56:e5:e8:5d:14:5e:c4:d3:3e:
                    3b:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:74:D7:B3:03:00:A8:E5:19:72:27:05:29:A9:C6:CB:2F:0F:73:6E
            X509v3 Authority Key Identifier:
                keyid:D9:D0:31:8F:26:85:E3:2D:2D:BA:92:3F:66:62:77:14:27:35:97:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2dAxjyaF4y0tupI_ZmJ3FCc1lzg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/8ce609-db1d-4997-9d8a-96ddd5a0239d/1/gXTXswMAqOUZcicFKanGyy8Pc24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/8ce609-db1d-4997-9d8a-96ddd5a0239d/1/2dAxjyaF4y0tupI_ZmJ3FCc1lzg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:1b28:405::/48

    Signature Algorithm: sha256WithRSAEncryption
         9a:0f:9e:28:93:60:32:a6:f5:7b:4b:f4:92:52:bd:f9:23:da:
         6a:d4:1a:e7:14:21:92:6f:c4:1f:13:8c:d4:f5:91:ac:04:2c:
         6b:3b:86:de:ae:32:9e:b2:76:25:6e:54:1c:ae:02:08:70:59:
         0d:ee:d6:05:61:c0:7c:15:01:a2:b3:29:07:77:86:fe:be:82:
         ec:0c:1e:29:50:1b:45:8d:00:55:21:f7:f2:18:c7:4c:d0:cc:
         d8:77:31:e0:9c:26:6d:d0:d3:b4:d9:19:d9:8e:b9:4e:7b:ea:
         60:50:99:3b:89:01:58:ce:0f:1e:ee:9d:2c:b5:64:68:47:ff:
         f9:1b:58:c5:41:5d:ea:52:a4:6f:de:a3:07:03:66:98:c0:d7:
         ba:57:cd:d3:ff:48:b7:53:36:e4:e8:1a:aa:06:b0:39:f8:12:
         d9:b7:04:82:ac:0c:24:99:35:84:54:57:3a:c9:f5:bb:dc:d3:
         b8:06:9e:c8:91:ee:70:50:60:33:ee:00:fe:0d:75:b0:ee:52:
         20:ab:29:4c:74:27:8f:cb:ca:85:84:56:f4:e1:ad:e5:95:15:
         d1:65:1a:99:22:6b:3c:f9:de:7d:30:de:72:85:eb:3e:17:b6:
         8c:b7:d1:fc:6f:58:47:c7:a4:2b:32:5f:98:b6:b7:f2:dd:1a:
         d9:48:cb:91
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt5fpVHZZVIMmnzzM71RqXwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5ZDAzMThmMjY4NWUzMmQyZGJhOTIzZjY2NjI3NzE0Mjcz
NTk3MzgwHhcNMjYwMTAxMTIxODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTc0ZDdiMzAzMDBhOGU1MTk3MjI3MDUyOWE5YzZjYjJmMGY3MzZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAteKSMs6xjL2a1tCPCWyh96u0zjSw
BIfyEjIof1ft/22tDmFWcwbwwWuRMOQAh4eDY5MxPrQzZU8jo7XLHsXwHk3ViuKc
nc4RxnjhBJbDDdo2RF2sY5TP8tpRhSA93zlAtylKQqt2EiY+bBKPWUMJqYWSRvBb
AN8799yER/FvUMGkOmNjdYKvPt/lpHZ3hmruM+mqYg6NI2sUU6BQCYK+URvUdb3W
vQPFkdEUrr5014t5j49XgalO4dPumCMycf6QsM0ZuBb1j1jXKNOI6Nu2gy2XzB1+
6vraBq0W8vYljiXtE6UbfX6bzGkHLsy1k+6aWmKMIuZW5ehdFF7E0z47JwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIF017MDAKjlGXInBSmpxssvD3NuMB8GA1UdIwQY
MBaAFNnQMY8mheMtLbqSP2ZidxQnNZc4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmRBeGp5YUY0eTB0dXBJX1ptSjNGQ2MxbHpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi84Y2U2MDktZGIxZC00OTk3LTlkOGEt
OTZkZGQ1YTAyMzlkLzEvZ1hUWHN3TUFxT1VaY2ljRkthbkd5eThQYzI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi84Y2U2MDktZGIxZC00OTk3LTlkOGEtOTZkZGQ1YTAyMzlk
LzEvMmRBeGp5YUY0eTB0dXBJX1ptSjNGQ2MxbHpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEbKAQF
MA0GCSqGSIb3DQEBCwUAA4IBAQCaD54ok2AypvV7S/SSUr35I9pq1BrnFCGSb8Qf
E4zU9ZGsBCxrO4berjKesnYlblQcrgIIcFkN7tYFYcB8FQGisykHd4b+voLsDB4p
UBtFjQBVIffyGMdM0MzYdzHgnCZt0NO02RnZjrlOe+pgUJk7iQFYzg8e7p0stWRo
R//5G1jFQV3qUqRv3qMHA2aYwNe6V83T/0i3Uzbk6BqqBrA5+BLZtwSCrAwkmTWE
VFc6yfW73NO4Bp7Ike5wUGAz7gD+DXWw7lIgqylMdCePy8qFhFb04a3llRXRZRqZ
Ims8+d59MN5yhes+F7aMt9H8b1hHx6QrMl+Ytrfy3RrZSMuR
-----END CERTIFICATE-----