Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/tGgYc8esx93FIuv6qVdvLrrfYjA.roa
File:                     tGgYc8esx93FIuv6qVdvLrrfYjA.roa (raw, json)
Hash identifier:          NqmOiovtc0twyj4G/0azepimZEOqE1VqYTbbiNKPooI=
Subject key identifier:   B4:68:18:73:C7:AC:C7:DD:C5:22:EB:FA:A9:57:6F:2E:BA:DF:62:30
Certificate issuer:       /CN=cfc7ef2b766594892d78928cbe781779fdce67d0
Certificate serial:       019B7F141C9026C14905049F373F2F9D0E18
Authority key identifier: CF:C7:EF:2B:76:65:94:89:2D:78:92:8C:BE:78:17:79:FD:CE:67:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z8fvK3ZllIkteJKMvngXef3OZ9A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/tGgYc8esx93FIuv6qVdvLrrfYjA.roa
Signing time:             Fri 02 Jan 2026 14:19:43 +0000
ROA not before:           Fri 02 Jan 2026 14:19:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3097
IP address blocks:        2a02:6a0:ffe::/48 maxlen: 48
                          2a02:6a0:fff::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/z8fvK3ZllIkteJKMvngXef3OZ9A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/z8fvK3ZllIkteJKMvngXef3OZ9A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z8fvK3ZllIkteJKMvngXef3OZ9A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 11:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:1c:90:26:c1:49:05:04:9f:37:3f:2f:9d:0e:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfc7ef2b766594892d78928cbe781779fdce67d0
        Validity
            Not Before: Jan  2 14:19:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b4681873c7acc7ddc522ebfaa9576f2ebadf6230
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:5a:55:e3:3d:ef:90:37:5f:39:7f:68:a0:3a:
                    35:84:2a:d4:3b:c9:55:84:63:35:e3:87:09:f5:44:
                    ab:a2:f1:1e:71:fb:a2:96:28:bd:91:f6:80:e9:64:
                    87:08:e8:2d:92:e7:76:ca:ef:de:8f:65:af:38:da:
                    89:27:eb:60:25:53:00:1c:c7:1d:4d:bb:41:03:06:
                    76:5a:37:ad:3f:17:15:93:06:61:51:fe:27:d3:69:
                    3c:5a:67:d8:81:25:b4:5d:ed:6c:32:2d:be:47:93:
                    2e:dc:0d:82:8e:01:6b:6c:70:7a:0f:76:b6:86:c7:
                    90:d2:97:e5:2c:69:22:a2:ca:9e:96:70:3b:78:17:
                    ec:40:97:56:98:2a:72:40:39:08:5f:56:3d:bd:0c:
                    8f:d8:12:13:66:8e:ae:70:05:d2:11:89:ab:24:bb:
                    e4:23:51:77:76:a8:41:f7:41:21:cc:a3:5a:54:28:
                    22:71:8e:d2:06:e9:fe:d2:cf:b8:ca:26:cb:18:a4:
                    26:ab:3a:96:ed:1e:16:8a:b9:6e:50:55:bf:c4:3c:
                    f4:57:19:07:a6:58:7f:d3:7c:87:d3:1b:1c:23:40:
                    b1:66:57:48:2e:c1:a4:d4:b9:71:c3:80:84:b5:6c:
                    28:d9:01:02:84:0a:37:6e:b5:8a:30:83:cb:32:9e:
                    11:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:68:18:73:C7:AC:C7:DD:C5:22:EB:FA:A9:57:6F:2E:BA:DF:62:30
            X509v3 Authority Key Identifier:
                keyid:CF:C7:EF:2B:76:65:94:89:2D:78:92:8C:BE:78:17:79:FD:CE:67:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z8fvK3ZllIkteJKMvngXef3OZ9A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/tGgYc8esx93FIuv6qVdvLrrfYjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/cd0b2c-29e2-4737-9eb7-8cd55b03d22d/1/z8fvK3ZllIkteJKMvngXef3OZ9A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:6a0:ffe::/47

    Signature Algorithm: sha256WithRSAEncryption
         54:8f:46:50:2c:1c:81:a9:4f:7a:68:3d:be:8b:dc:f3:5f:34:
         a2:be:f1:d2:dd:46:20:40:fc:c1:4e:ac:62:7b:95:bc:63:81:
         6a:db:10:1e:f4:9b:38:d7:e1:36:10:9e:5c:fb:df:57:53:30:
         6c:ce:f1:b9:82:38:76:6c:af:c2:64:b1:f5:98:d9:e8:e5:14:
         24:e4:98:f6:e7:1f:09:5b:38:f2:00:42:0e:19:db:6f:51:aa:
         7b:28:d9:99:63:71:88:be:51:ed:df:d2:3f:f5:87:d2:37:88:
         5e:55:cb:7b:5d:58:08:2a:e7:df:d4:81:9d:32:60:1f:f8:3d:
         b5:4c:fa:fe:71:db:c6:4b:ee:aa:52:c1:5f:64:3e:5f:b0:b5:
         43:9f:2e:1e:65:b1:04:25:61:2f:19:f3:7a:e1:d5:75:79:e8:
         75:96:c5:28:71:6e:89:db:12:d8:17:d8:b9:3a:c6:97:cd:86:
         41:7d:d8:3f:48:0d:ab:b0:ba:6f:2d:fa:6a:12:ac:53:bf:08:
         1d:38:29:4a:12:44:c4:48:56:88:04:d9:0b:73:64:91:c9:5c:
         72:ff:7a:08:06:5e:72:44:76:b7:51:a7:bb:1b:bf:1a:90:df:
         5d:ce:f6:a1:1d:d6:ba:9c:ab:d9:38:0f:eb:d6:f8:55:a1:40:
         d8:34:e8:fa
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt/FByQJsFJBQSfNz8vnQ4YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmYzdlZjJiNzY2NTk0ODkyZDc4OTI4Y2JlNzgxNzc5ZmRj
ZTY3ZDAwHhcNMjYwMTAyMTQxOTQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDY4MTg3M2M3YWNjN2RkYzUyMmViZmFhOTU3NmYyZWJhZGY2MjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz1pV4z3vkDdfOX9ooDo1hCrUO8lV
hGM144cJ9USrovEecfuilii9kfaA6WSHCOgtkud2yu/ej2WvONqJJ+tgJVMAHMcd
TbtBAwZ2WjetPxcVkwZhUf4n02k8WmfYgSW0Xe1sMi2+R5Mu3A2CjgFrbHB6D3a2
hseQ0pflLGkiosqelnA7eBfsQJdWmCpyQDkIX1Y9vQyP2BITZo6ucAXSEYmrJLvk
I1F3dqhB90EhzKNaVCgicY7SBun+0s+4yibLGKQmqzqW7R4WirluUFW/xDz0VxkH
plh/03yH0xscI0CxZldILsGk1Llxw4CEtWwo2QEChAo3brWKMIPLMp4RcwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLRoGHPHrMfdxSLr+qlXby6632IwMB8GA1UdIwQY
MBaAFM/H7yt2ZZSJLXiSjL54F3n9zmfQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejhmdkszWmxsSWt0ZUpLTXZuZ1hlZjNPWjlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy9jZDBiMmMtMjllMi00NzM3LTllYjct
OGNkNTViMDNkMjJkLzEvdEdnWWM4ZXN4OTNGSXV2NnFWZHZMcnJmWWpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy9jZDBiMmMtMjllMi00NzM3LTllYjctOGNkNTViMDNkMjJk
LzEvejhmdkszWmxsSWt0ZUpLTXZuZ1hlZjNPWjlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKgIGoA/+
MA0GCSqGSIb3DQEBCwUAA4IBAQBUj0ZQLByBqU96aD2+i9zzXzSivvHS3UYgQPzB
Tqxie5W8Y4Fq2xAe9Js41+E2EJ5c+99XUzBszvG5gjh2bK/CZLH1mNno5RQk5Jj2
5x8JWzjyAEIOGdtvUap7KNmZY3GIvlHt39I/9YfSN4heVct7XVgIKuff1IGdMmAf
+D21TPr+cdvGS+6qUsFfZD5fsLVDny4eZbEEJWEvGfN64dV1eeh1lsUocW6J2xLY
F9i5OsaXzYZBfdg/SA2rsLpvLfpqEqxTvwgdOClKEkTESFaIBNkLc2SRyVxy/3oI
Bl5yRHa3Uae7G78akN9dzvahHda6nKvZOA/r1vhVoUDYNOj6
-----END CERTIFICATE-----