Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/Y4k6hZFhvCoHiB7h05680H5APKM.roa
File:                     Y4k6hZFhvCoHiB7h05680H5APKM.roa (raw, json)
Hash identifier:          BGmp+q30ZAASUmPPXR43EIv6VKKM1vrOmCdZ6rG6eeg=
Subject key identifier:   63:89:3A:85:91:61:BC:2A:07:88:1E:E1:D3:9E:BC:D0:7E:40:3C:A3
Certificate issuer:       /CN=bcce590711ae7fcb016eeb7376b0a7fc7661cb13
Certificate serial:       019B7F15AB336E6F853086BE4DB71440096B
Authority key identifier: BC:CE:59:07:11:AE:7F:CB:01:6E:EB:73:76:B0:A7:FC:76:61:CB:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vM5ZBxGuf8sBbutzdrCn_HZhyxM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/Y4k6hZFhvCoHiB7h05680H5APKM.roa
Signing time:             Fri 02 Jan 2026 14:21:25 +0000
ROA not before:           Fri 02 Jan 2026 14:21:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199875
IP address blocks:        2a00:ad44:3084::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/vM5ZBxGuf8sBbutzdrCn_HZhyxM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/vM5ZBxGuf8sBbutzdrCn_HZhyxM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vM5ZBxGuf8sBbutzdrCn_HZhyxM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 15:05:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:15:ab:33:6e:6f:85:30:86:be:4d:b7:14:40:09:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcce590711ae7fcb016eeb7376b0a7fc7661cb13
        Validity
            Not Before: Jan  2 14:21:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=63893a859161bc2a07881ee1d39ebcd07e403ca3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:3f:f2:20:2e:96:ba:4b:63:f2:90:72:0d:a3:
                    76:15:34:86:79:84:50:9b:b8:59:3d:09:36:54:81:
                    03:e9:62:c9:7d:26:98:11:58:d1:be:4d:58:fd:89:
                    49:0c:91:e9:cb:57:ba:b3:35:c3:1b:13:67:2c:fc:
                    c0:8d:dd:e9:4a:f8:3c:3b:a6:50:be:38:c1:ec:53:
                    6d:64:12:65:79:ee:12:65:d4:bd:89:70:e9:89:cc:
                    8e:43:6e:36:e9:82:6b:ea:80:9f:26:17:49:e2:f5:
                    f5:f1:66:6f:a8:9f:b2:11:c6:d4:a6:1b:45:0c:3d:
                    f4:c1:dc:5b:e6:81:99:36:91:02:e7:ef:61:c1:d4:
                    c9:b9:cb:1a:67:00:32:c1:bb:d9:e8:30:92:11:03:
                    55:d5:8b:ef:f2:c3:38:2a:d4:4b:ce:f1:0c:70:fd:
                    c5:b5:3b:a6:53:f9:8b:1c:70:6e:83:7a:73:df:4c:
                    e7:9d:97:4e:8f:91:7f:ff:19:9c:97:eb:d9:d3:12:
                    5e:e7:28:72:fa:32:98:6b:bb:c9:f9:25:b4:e8:5a:
                    0c:ed:42:db:a9:61:1f:cf:f7:fb:26:8d:5c:e1:45:
                    fd:44:08:53:aa:56:9c:5d:86:71:25:85:1a:07:53:
                    96:9e:d2:11:ca:03:b7:42:d1:5a:a5:e6:74:e7:15:
                    07:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:89:3A:85:91:61:BC:2A:07:88:1E:E1:D3:9E:BC:D0:7E:40:3C:A3
            X509v3 Authority Key Identifier:
                keyid:BC:CE:59:07:11:AE:7F:CB:01:6E:EB:73:76:B0:A7:FC:76:61:CB:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vM5ZBxGuf8sBbutzdrCn_HZhyxM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/Y4k6hZFhvCoHiB7h05680H5APKM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ac6b91-edaf-4486-934e-05db497ac455/1/vM5ZBxGuf8sBbutzdrCn_HZhyxM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:ad44:3084::/48

    Signature Algorithm: sha256WithRSAEncryption
         90:04:54:59:5c:c6:64:bc:b0:72:40:f5:cf:fd:f2:2f:83:df:
         e5:6f:0e:69:66:18:a7:79:e9:d0:70:85:ad:cd:ac:ce:d2:b1:
         bc:d8:06:00:46:cc:ef:01:bc:73:e2:68:2d:69:39:1c:f3:fc:
         14:bf:c5:3e:17:b2:3e:fc:3e:af:90:94:51:cd:c0:ab:fc:58:
         97:2f:12:5f:66:6b:85:0b:23:62:c4:64:eb:cc:91:9a:1a:de:
         da:06:14:70:44:65:cd:d5:c5:1c:df:c7:58:23:31:5b:04:a0:
         ea:73:39:93:41:fe:cb:04:7e:4a:81:61:a2:47:c8:e8:de:b1:
         06:d8:c1:8b:8c:9d:cc:e9:85:96:37:3a:6b:b2:72:c8:1d:0b:
         42:d7:dc:94:00:1c:1c:32:de:ba:41:d1:cc:1b:2e:b1:38:7a:
         cc:e7:5c:38:cc:9c:57:2a:e2:ce:73:08:1e:b0:1e:35:c6:83:
         ac:c0:d1:63:49:cf:4c:f3:13:c2:50:e0:85:43:17:d9:ab:76:
         3e:28:fb:95:03:e3:d0:5b:1e:c9:97:d9:2e:8e:6f:5f:92:29:
         bf:74:5f:05:6f:f4:92:56:42:6d:fb:8c:7e:17:e5:8c:23:62:
         96:2a:fb:eb:3c:79:c3:eb:49:9e:9f:94:21:d5:d3:82:d2:f0:
         cf:f9:f1:07
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt/Faszbm+FMIa+TbcUQAlrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjY2U1OTA3MTFhZTdmY2IwMTZlZWI3Mzc2YjBhN2ZjNzY2
MWNiMTMwHhcNMjYwMTAyMTQyMTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Mzg5M2E4NTkxNjFiYzJhMDc4ODFlZTFkMzllYmNkMDdlNDAzY2EzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6T/yIC6Wuktj8pByDaN2FTSGeYRQ
m7hZPQk2VIED6WLJfSaYEVjRvk1Y/YlJDJHpy1e6szXDGxNnLPzAjd3pSvg8O6ZQ
vjjB7FNtZBJlee4SZdS9iXDpicyOQ2426YJr6oCfJhdJ4vX18WZvqJ+yEcbUphtF
DD30wdxb5oGZNpEC5+9hwdTJucsaZwAywbvZ6DCSEQNV1Yvv8sM4KtRLzvEMcP3F
tTumU/mLHHBug3pz30znnZdOj5F//xmcl+vZ0xJe5yhy+jKYa7vJ+SW06FoM7ULb
qWEfz/f7Jo1c4UX9RAhTqlacXYZxJYUaB1OWntIRygO3QtFapeZ05xUH7wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGOJOoWRYbwqB4ge4dOevNB+QDyjMB8GA1UdIwQY
MBaAFLzOWQcRrn/LAW7rc3awp/x2YcsTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdk01WkJ4R3VmOHNCYnV0emRyQ25fSFpoeXhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9hYzZiOTEtZWRhZi00NDg2LTkzNGUt
MDVkYjQ5N2FjNDU1LzEvWTRrNmhaRmh2Q29IaUI3aDA1NjgwSDVBUEtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9hYzZiOTEtZWRhZi00NDg2LTkzNGUtMDVkYjQ5N2FjNDU1
LzEvdk01WkJ4R3VmOHNCYnV0emRyQ25fSFpoeXhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgCtRDCE
MA0GCSqGSIb3DQEBCwUAA4IBAQCQBFRZXMZkvLByQPXP/fIvg9/lbw5pZhineenQ
cIWtzazO0rG82AYARszvAbxz4mgtaTkc8/wUv8U+F7I+/D6vkJRRzcCr/FiXLxJf
ZmuFCyNixGTrzJGaGt7aBhRwRGXN1cUc38dYIzFbBKDqczmTQf7LBH5KgWGiR8jo
3rEG2MGLjJ3M6YWWNzprsnLIHQtC19yUABwcMt66QdHMGy6xOHrM51w4zJxXKuLO
cwgesB41xoOswNFjSc9M8xPCUOCFQxfZq3Y+KPuVA+PQWx7Jl9kujm9fkim/dF8F
b/SSVkJt+4x+F+WMI2KWKvvrPHnD60men5Qh1dOC0vDP+fEH
-----END CERTIFICATE-----