Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/5w8L1o2xDu1EgnFPzhAl4Dxiiuk.roa
File:                     5w8L1o2xDu1EgnFPzhAl4Dxiiuk.roa (raw, json)
Hash identifier:          N7gwY/QH2RLdT3WqeakNq3TDez5YAW9J33gsQvciQVk=
Subject key identifier:   E7:0F:0B:D6:8D:B1:0E:ED:44:82:71:4F:CE:10:25:E0:3C:62:8A:E9
Certificate issuer:       /CN=cfc7ef2b766594892d78928cbe781779fdce67d0
Certificate serial:       019B7F141D0F407DF8A78EB8CDE1E58755EE
Authority key identifier: CF:C7:EF:2B:76:65:94:89:2D:78:92:8C:BE:78:17:79:FD:CE:67:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z8fvK3ZllIkteJKMvngXef3OZ9A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/5w8L1o2xDu1EgnFPzhAl4Dxiiuk.roa
Signing time:             Fri 02 Jan 2026 14:19:43 +0000
ROA not before:           Fri 02 Jan 2026 14:19:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     4410
IP address blocks:        2a02:6a0:4ffe::/48 maxlen: 48
                          2a02:6a0:4fff::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/z8fvK3ZllIkteJKMvngXef3OZ9A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/z8fvK3ZllIkteJKMvngXef3OZ9A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z8fvK3ZllIkteJKMvngXef3OZ9A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:1d:0f:40:7d:f8:a7:8e:b8:cd:e1:e5:87:55:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfc7ef2b766594892d78928cbe781779fdce67d0
        Validity
            Not Before: Jan  2 14:19:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e70f0bd68db10eed4482714fce1025e03c628ae9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:1f:dc:c6:b7:b6:60:82:38:fb:06:1b:d5:70:
                    52:90:8f:97:e6:e4:f1:ab:bd:31:4f:59:5e:50:dc:
                    71:be:23:d3:ab:63:f8:5d:af:ea:2a:eb:52:8c:7c:
                    28:02:89:8b:ea:d4:f5:67:98:e5:e1:96:bc:3b:23:
                    63:5a:9b:37:fb:59:de:9a:27:f2:60:16:0a:45:37:
                    cc:3d:b6:47:0e:c5:df:97:7c:d6:af:89:04:ad:4a:
                    82:85:58:6d:9d:2b:e9:1f:f9:d5:55:e6:7d:c2:6b:
                    41:13:06:d8:16:d3:21:55:22:36:31:b2:ae:f9:0d:
                    ce:6e:b3:65:89:4c:d7:17:6b:18:f2:f0:c0:04:91:
                    94:af:8a:e8:84:48:3d:6b:bb:de:b5:0c:02:e5:0d:
                    f9:79:98:d0:69:24:bc:95:da:3d:2c:27:39:63:83:
                    b8:a4:3b:71:ef:97:22:13:3e:47:c1:f5:ea:7a:5a:
                    5d:38:05:f9:eb:65:b6:ed:44:6e:7c:49:eb:55:17:
                    7e:4a:e0:0f:a2:67:54:43:88:e0:98:1e:49:38:a7:
                    1f:c5:db:61:a0:ef:92:83:c4:e3:8f:9f:86:c3:4a:
                    a2:e0:25:d7:44:92:53:63:83:ee:98:4c:15:d3:59:
                    a2:8d:96:04:1e:1f:18:9b:c1:c6:89:20:e5:6c:79:
                    b4:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:0F:0B:D6:8D:B1:0E:ED:44:82:71:4F:CE:10:25:E0:3C:62:8A:E9
            X509v3 Authority Key Identifier:
                keyid:CF:C7:EF:2B:76:65:94:89:2D:78:92:8C:BE:78:17:79:FD:CE:67:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z8fvK3ZllIkteJKMvngXef3OZ9A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/5w8L1o2xDu1EgnFPzhAl4Dxiiuk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/z8fvK3ZllIkteJKMvngXef3OZ9A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:6a0:4ffe::/47

    Signature Algorithm: sha256WithRSAEncryption
         0c:69:4c:e3:da:76:d6:c5:67:b2:8f:5c:d7:0d:67:52:e6:9d:
         5c:04:6d:e2:00:18:50:a8:cd:f4:68:b3:ca:d0:1d:cd:a9:e6:
         fc:2b:3f:1e:3d:0a:7b:6c:56:c2:83:35:4b:f6:ef:f3:7d:88:
         d0:18:e8:a8:cc:07:84:c5:57:1c:b0:7b:74:99:c0:d9:cd:57:
         ae:2f:c3:a5:00:73:ea:c9:37:ef:b9:6c:3d:06:92:45:0c:d3:
         db:41:09:8b:cb:f6:6c:2b:0c:3f:d6:69:33:07:1a:a3:a2:2b:
         12:7d:fd:ec:3f:9b:bc:f1:45:96:ad:90:4d:6c:83:7d:01:55:
         7a:74:8e:43:73:16:2e:b2:52:3f:f0:f1:3c:fe:c6:84:04:23:
         33:54:b0:d2:f4:37:71:8c:7e:58:b3:16:86:8e:63:73:88:b4:
         35:0c:25:0d:36:ae:8b:44:5a:40:a8:76:2b:19:8e:53:7f:ed:
         ac:b8:8f:10:bf:79:0a:f3:f5:46:b5:67:ea:f9:3a:30:c9:0a:
         77:30:73:b1:33:e8:22:b7:cd:53:c5:8a:dc:ef:f2:35:fe:eb:
         1e:dc:42:e7:69:33:8e:60:f7:92:e4:a2:17:c7:5f:12:46:5d:
         7b:21:44:31:e8:20:a7:2b:6f:37:27:fa:9a:c8:ab:dc:a5:82:
         ed:1a:03:e0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt/FB0PQH34p464zeHlh1XuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmYzdlZjJiNzY2NTk0ODkyZDc4OTI4Y2JlNzgxNzc5ZmRj
ZTY3ZDAwHhcNMjYwMTAyMTQxOTQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzBmMGJkNjhkYjEwZWVkNDQ4MjcxNGZjZTEwMjVlMDNjNjI4YWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6B/cxre2YII4+wYb1XBSkI+X5uTx
q70xT1leUNxxviPTq2P4Xa/qKutSjHwoAomL6tT1Z5jl4Za8OyNjWps3+1nemify
YBYKRTfMPbZHDsXfl3zWr4kErUqChVhtnSvpH/nVVeZ9wmtBEwbYFtMhVSI2MbKu
+Q3ObrNliUzXF2sY8vDABJGUr4rohEg9a7vetQwC5Q35eZjQaSS8ldo9LCc5Y4O4
pDtx75ciEz5HwfXqelpdOAX562W27URufEnrVRd+SuAPomdUQ4jgmB5JOKcfxdth
oO+Sg8Tjj5+Gw0qi4CXXRJJTY4PumEwV01mijZYEHh8Ym8HGiSDlbHm0XQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOcPC9aNsQ7tRIJxT84QJeA8YorpMB8GA1UdIwQY
MBaAFM/H7yt2ZZSJLXiSjL54F3n9zmfQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejhmdkszWmxsSWt0ZUpLTXZuZ1hlZjNPWjlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9jZDBiMmMtMjllMi00NzM3LTllYjct
OGNkNTViMDNkMjJkLzEvNXc4TDFvMnhEdTFFZ25GUHpoQWw0RHhpaXVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9jZDBiMmMtMjllMi00NzM3LTllYjctOGNkNTViMDNkMjJk
LzEvejhmdkszWmxsSWt0ZUpLTXZuZ1hlZjNPWjlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKgIGoE/+
MA0GCSqGSIb3DQEBCwUAA4IBAQAMaUzj2nbWxWeyj1zXDWdS5p1cBG3iABhQqM30
aLPK0B3Nqeb8Kz8ePQp7bFbCgzVL9u/zfYjQGOiozAeExVccsHt0mcDZzVeuL8Ol
AHPqyTfvuWw9BpJFDNPbQQmLy/ZsKww/1mkzBxqjoisSff3sP5u88UWWrZBNbIN9
AVV6dI5DcxYuslI/8PE8/saEBCMzVLDS9DdxjH5YsxaGjmNziLQ1DCUNNq6LRFpA
qHYrGY5Tf+2suI8Qv3kK8/VGtWfq+TowyQp3MHOxM+git81TxYrc7/I1/use3ELn
aTOOYPeS5KIXx18SRl17IUQx6CCnK283J/qayKvcpYLtGgPg
-----END CERTIFICATE-----