Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/r3Gj28qxCmsCd0VMfNKOdxAgbOI.roa
File:                     r3Gj28qxCmsCd0VMfNKOdxAgbOI.roa (raw, json)
Hash identifier:          rVagaCAlGM1dBitdjHx7SnwM1EWU8ftBiG82vwvCY6g=
Subject key identifier:   AF:71:A3:DB:CA:B1:0A:6B:02:77:45:4C:7C:D2:8E:77:10:20:6C:E2
Certificate issuer:       /CN=cfc7ef2b766594892d78928cbe781779fdce67d0
Certificate serial:       019B7F141D6A05F5CBA0502DEBD7C850A6F6
Authority key identifier: CF:C7:EF:2B:76:65:94:89:2D:78:92:8C:BE:78:17:79:FD:CE:67:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z8fvK3ZllIkteJKMvngXef3OZ9A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/r3Gj28qxCmsCd0VMfNKOdxAgbOI.roa
Signing time:             Fri 02 Jan 2026 14:19:43 +0000
ROA not before:           Fri 02 Jan 2026 14:19:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8729
IP address blocks:        2a02:6a0:cffe::/48 maxlen: 48
                          2a02:6a0:cfff::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/z8fvK3ZllIkteJKMvngXef3OZ9A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/z8fvK3ZllIkteJKMvngXef3OZ9A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z8fvK3ZllIkteJKMvngXef3OZ9A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:1d:6a:05:f5:cb:a0:50:2d:eb:d7:c8:50:a6:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfc7ef2b766594892d78928cbe781779fdce67d0
        Validity
            Not Before: Jan  2 14:19:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=af71a3dbcab10a6b0277454c7cd28e7710206ce2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:12:5b:16:b8:c5:3e:48:05:ca:f1:db:58:2a:
                    d6:8a:bf:ba:43:0a:ac:f4:1a:8d:39:1d:cd:69:52:
                    a5:05:3b:bd:6c:78:8a:2e:5c:d8:a3:ef:1b:39:72:
                    b6:17:a3:81:a4:a3:7d:d7:b0:50:7f:05:da:69:89:
                    23:f9:ec:b3:e4:20:b8:13:08:25:6b:80:5b:e2:80:
                    02:28:cc:4e:03:4f:9a:61:cf:2e:48:f2:90:df:02:
                    05:a6:4a:3c:73:dd:e8:81:c7:0b:b8:b2:d7:25:1f:
                    4e:0b:72:f0:a6:bf:14:13:36:4a:08:95:b4:4b:71:
                    21:e1:cf:8b:04:0d:d5:50:20:00:67:83:d5:58:4b:
                    be:7e:00:39:00:da:ed:e9:20:49:ea:be:0b:52:0d:
                    27:50:3a:9d:2d:e3:e8:1e:97:45:87:b4:86:84:28:
                    78:4a:22:85:f8:9c:e2:c0:31:d9:6d:83:ce:51:f3:
                    ac:60:84:1e:b8:e7:36:e4:3a:e1:fc:f1:c2:22:7d:
                    7b:d9:fd:89:bc:86:4c:ff:0b:08:1d:43:39:e4:f4:
                    8f:00:4c:c6:a0:87:c9:9b:d8:5b:70:53:78:6a:39:
                    8c:60:9d:5f:9c:54:e8:03:a4:40:74:7e:7a:32:21:
                    7e:2f:2b:fc:09:e1:44:9d:be:c8:e6:23:82:66:2a:
                    c7:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:71:A3:DB:CA:B1:0A:6B:02:77:45:4C:7C:D2:8E:77:10:20:6C:E2
            X509v3 Authority Key Identifier:
                keyid:CF:C7:EF:2B:76:65:94:89:2D:78:92:8C:BE:78:17:79:FD:CE:67:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z8fvK3ZllIkteJKMvngXef3OZ9A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/r3Gj28qxCmsCd0VMfNKOdxAgbOI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/z8fvK3ZllIkteJKMvngXef3OZ9A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:6a0:cffe::/47

    Signature Algorithm: sha256WithRSAEncryption
         1c:1b:79:52:57:4f:1f:fd:ab:3c:e3:a1:30:ff:99:c9:01:d2:
         7b:ac:b6:dc:26:f0:de:a0:54:83:32:52:21:b6:77:9e:34:d9:
         80:01:89:0f:97:bb:40:d8:d0:c4:7d:74:ba:89:92:af:54:75:
         69:c2:93:3f:aa:ae:b9:83:76:28:65:fd:06:6a:44:1d:f7:d1:
         de:dc:f1:cd:31:6c:54:89:89:81:7b:84:b6:48:be:be:d5:50:
         81:a2:32:07:3c:92:02:01:02:04:0a:ca:fa:2d:33:83:0b:82:
         ea:82:66:5c:e6:4e:e8:da:13:bc:90:21:a1:31:39:21:8e:cb:
         98:13:82:14:9c:5b:05:62:59:84:38:1e:c0:55:ae:f7:97:46:
         7c:7b:2e:9d:15:68:56:d8:c3:c0:3e:29:29:09:9e:53:df:c2:
         47:3f:c0:bf:73:81:d7:f9:7e:13:d0:29:30:74:98:6d:e0:8f:
         a4:2a:50:8f:d2:88:af:bd:32:7b:75:4e:2d:8b:f4:04:ca:42:
         50:db:fa:d8:6d:c9:98:31:cb:fa:d2:ad:5a:1f:67:f8:98:63:
         28:15:62:ea:e1:77:1d:0f:a1:a0:33:05:f5:7d:cf:8b:b5:ba:
         aa:93:79:b6:e3:7b:48:ee:57:39:9c:c8:e6:d5:2c:ee:0a:19:
         2d:c4:44:45
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt/FB1qBfXLoFAt69fIUKb2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmYzdlZjJiNzY2NTk0ODkyZDc4OTI4Y2JlNzgxNzc5ZmRj
ZTY3ZDAwHhcNMjYwMTAyMTQxOTQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjcxYTNkYmNhYjEwYTZiMDI3NzQ1NGM3Y2QyOGU3NzEwMjA2Y2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBJbFrjFPkgFyvHbWCrWir+6Qwqs
9BqNOR3NaVKlBTu9bHiKLlzYo+8bOXK2F6OBpKN917BQfwXaaYkj+eyz5CC4Ewgl
a4Bb4oACKMxOA0+aYc8uSPKQ3wIFpko8c93ogccLuLLXJR9OC3Lwpr8UEzZKCJW0
S3Eh4c+LBA3VUCAAZ4PVWEu+fgA5ANrt6SBJ6r4LUg0nUDqdLePoHpdFh7SGhCh4
SiKF+JziwDHZbYPOUfOsYIQeuOc25Drh/PHCIn172f2JvIZM/wsIHUM55PSPAEzG
oIfJm9hbcFN4ajmMYJ1fnFToA6RAdH56MiF+Lyv8CeFEnb7I5iOCZirH3wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK9xo9vKsQprAndFTHzSjncQIGziMB8GA1UdIwQY
MBaAFM/H7yt2ZZSJLXiSjL54F3n9zmfQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejhmdkszWmxsSWt0ZUpLTXZuZ1hlZjNPWjlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9jZDBiMmMtMjllMi00NzM3LTllYjct
OGNkNTViMDNkMjJkLzEvcjNHajI4cXhDbXNDZDBWTWZOS09keEFnYk9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9jZDBiMmMtMjllMi00NzM3LTllYjctOGNkNTViMDNkMjJk
LzEvejhmdkszWmxsSWt0ZUpLTXZuZ1hlZjNPWjlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKgIGoM/+
MA0GCSqGSIb3DQEBCwUAA4IBAQAcG3lSV08f/as846Ew/5nJAdJ7rLbcJvDeoFSD
MlIhtneeNNmAAYkPl7tA2NDEfXS6iZKvVHVpwpM/qq65g3YoZf0GakQd99He3PHN
MWxUiYmBe4S2SL6+1VCBojIHPJICAQIECsr6LTODC4LqgmZc5k7o2hO8kCGhMTkh
jsuYE4IUnFsFYlmEOB7AVa73l0Z8ey6dFWhW2MPAPikpCZ5T38JHP8C/c4HX+X4T
0CkwdJht4I+kKlCP0oivvTJ7dU4ti/QEykJQ2/rYbcmYMcv60q1aH2f4mGMoFWLq
4XcdD6GgMwX1fc+Ltbqqk3m243tI7lc5nMjm1SzuChktxERF
-----END CERTIFICATE-----