Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/FREqiTGSqMYPYcoq6fqb-otEyuQ.roa
File:                     FREqiTGSqMYPYcoq6fqb-otEyuQ.roa (raw, json)
Hash identifier:          tJvyer0w9UHorZeizI6wETjoWVs2mifA/SCE2X2t7ws=
Subject key identifier:   15:11:2A:89:31:92:A8:C6:0F:61:CA:2A:E9:FA:9B:FA:8B:44:CA:E4
Certificate issuer:       /CN=5659b0ba8407be11cfc911bd31ed140cd1c6046c
Certificate serial:       019EBABB36970D4169D4041CDAFCA917AED5
Authority key identifier: 56:59:B0:BA:84:07:BE:11:CF:C9:11:BD:31:ED:14:0C:D1:C6:04:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VlmwuoQHvhHPyRG9Me0UDNHGBGw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/FREqiTGSqMYPYcoq6fqb-otEyuQ.roa
Signing time:             Fri 12 Jun 2026 07:28:11 +0000
ROA not before:           Fri 12 Jun 2026 07:28:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201345
IP address blocks:        2a10:fa81:500::/40 maxlen: 40
                          2a10:fa81:580::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/VlmwuoQHvhHPyRG9Me0UDNHGBGw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/VlmwuoQHvhHPyRG9Me0UDNHGBGw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VlmwuoQHvhHPyRG9Me0UDNHGBGw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 21:28:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ba:bb:36:97:0d:41:69:d4:04:1c:da:fc:a9:17:ae:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5659b0ba8407be11cfc911bd31ed140cd1c6046c
        Validity
            Not Before: Jun 12 07:28:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=15112a893192a8c60f61ca2ae9fa9bfa8b44cae4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:d3:a0:1f:32:69:b7:71:4d:fa:74:87:b2:ee:
                    72:b4:69:4c:a4:4a:0f:06:cc:e6:f2:4b:a7:8d:fa:
                    e6:c0:48:f6:44:87:29:0f:e2:94:c1:f8:1c:8c:fa:
                    77:1e:51:87:99:5d:b1:71:a9:ff:64:c8:23:67:81:
                    4a:0d:c9:2e:de:2e:95:47:12:2e:20:96:e0:74:1f:
                    08:e1:0a:f4:f5:33:a4:02:61:a4:3b:fc:c0:a9:e6:
                    92:d8:88:3f:0a:d6:c9:f6:84:a4:99:a4:38:01:fe:
                    0f:78:55:aa:15:58:04:cf:bd:10:93:31:e4:eb:61:
                    4f:76:3d:a7:2a:8c:88:e6:3d:7c:4f:44:fd:5d:28:
                    fe:57:e8:80:ce:b2:a1:d3:c7:a7:cc:99:39:00:e4:
                    30:7b:2e:01:d1:73:b9:7e:7f:76:98:ea:c1:9f:de:
                    62:ad:50:0f:9c:6c:31:88:d6:d0:c1:b0:07:42:5c:
                    d0:86:be:f3:6d:70:9c:e8:7d:9b:dd:ad:7a:18:69:
                    71:38:65:4e:57:20:6b:08:64:d7:fd:f5:57:db:5d:
                    9f:98:af:77:94:86:b0:00:2c:4b:91:74:85:fb:e9:
                    2c:df:c0:b9:2c:33:07:0d:2f:74:90:5e:c3:3b:e3:
                    e8:6e:6b:60:02:57:ac:bc:33:50:c7:17:a3:f8:8a:
                    64:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:11:2A:89:31:92:A8:C6:0F:61:CA:2A:E9:FA:9B:FA:8B:44:CA:E4
            X509v3 Authority Key Identifier:
                keyid:56:59:B0:BA:84:07:BE:11:CF:C9:11:BD:31:ED:14:0C:D1:C6:04:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VlmwuoQHvhHPyRG9Me0UDNHGBGw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/FREqiTGSqMYPYcoq6fqb-otEyuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/VlmwuoQHvhHPyRG9Me0UDNHGBGw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:fa81:500::/40

    Signature Algorithm: sha256WithRSAEncryption
         2a:82:3c:e0:9a:de:84:a9:79:03:b4:f6:d3:f5:db:9d:b5:c9:
         2d:80:f2:15:85:07:4a:1d:f1:93:23:4d:ed:84:f7:47:15:db:
         64:92:c3:b9:d5:f4:41:0f:cb:66:91:d5:a2:23:bb:a8:ee:44:
         99:95:be:3b:8c:1b:a4:56:7a:00:bc:75:4b:34:03:70:bb:92:
         d8:b1:71:91:30:b6:f5:0a:b8:1d:b0:67:ef:2e:05:4e:39:8e:
         0e:52:f3:37:f7:f4:be:aa:3f:55:ab:d3:41:9b:47:8a:1a:e1:
         37:39:ac:37:84:0e:50:a6:85:c1:ca:37:17:52:6a:9b:c9:5c:
         56:b6:a7:4a:a1:c2:ae:94:f8:c9:52:7a:3f:d7:c2:14:f6:d2:
         2a:26:6b:2d:a9:34:c5:8e:ea:ee:48:68:2c:4f:dd:46:fd:38:
         f4:3b:e9:b3:ab:d9:d6:6b:ec:5d:ea:9e:e5:1b:8d:bd:54:cb:
         e6:31:f8:db:19:89:b8:13:bf:fd:ed:84:4b:8e:16:20:44:c9:
         8b:6d:52:3b:74:6c:72:ca:e8:9a:8d:be:3b:e5:35:b5:8d:53:
         f5:dd:c0:09:37:26:c7:d1:cf:d1:c3:fc:be:4b:62:75:74:6d:
         05:b7:04:2b:6a:57:02:b2:41:56:03:fe:6c:c5:a1:14:94:67:
         d8:90:95:0e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZ66uzaXDUFp1AQc2vypF67VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2NTliMGJhODQwN2JlMTFjZmM5MTFiZDMxZWQxNDBjZDFj
NjA0NmMwHhcNMjYwNjEyMDcyODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTExMmE4OTMxOTJhOGM2MGY2MWNhMmFlOWZhOWJmYThiNDRjYWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdOgHzJpt3FN+nSHsu5ytGlMpEoP
Bszm8kunjfrmwEj2RIcpD+KUwfgcjPp3HlGHmV2xcan/ZMgjZ4FKDcku3i6VRxIu
IJbgdB8I4Qr09TOkAmGkO/zAqeaS2Ig/CtbJ9oSkmaQ4Af4PeFWqFVgEz70QkzHk
62FPdj2nKoyI5j18T0T9XSj+V+iAzrKh08enzJk5AOQwey4B0XO5fn92mOrBn95i
rVAPnGwxiNbQwbAHQlzQhr7zbXCc6H2b3a16GGlxOGVOVyBrCGTX/fVX212fmK93
lIawACxLkXSF++ks38C5LDMHDS90kF7DO+PobmtgAlesvDNQxxej+Ipk5QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFBURKokxkqjGD2HKKun6m/qLRMrkMB8GA1UdIwQY
MBaAFFZZsLqEB74Rz8kRvTHtFAzRxgRsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmxtd3VvUUh2aEhQeVJHOU1lMFVETkhHQkd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9kZDhlMzEtMDBiNS00MjEyLTllMDEt
MjM5NGM2NjAwMDIyLzEvRlJFcWlUR1NxTVlQWWNvcTZmcWItb3RFeXVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9kZDhlMzEtMDBiNS00MjEyLTllMDEtMjM5NGM2NjAwMDIy
LzEvVmxtd3VvUUh2aEhQeVJHOU1lMFVETkhHQkd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhD6gQUw
DQYJKoZIhvcNAQELBQADggEBACqCPOCa3oSpeQO09tP12521yS2A8hWFB0od8ZMj
Te2E90cV22SSw7nV9EEPy2aR1aIju6juRJmVvjuMG6RWegC8dUs0A3C7ktixcZEw
tvUKuB2wZ+8uBU45jg5S8zf39L6qP1Wr00GbR4oa4Tc5rDeEDlCmhcHKNxdSapvJ
XFa2p0qhwq6U+MlSej/XwhT20iomay2pNMWO6u5IaCxP3Ub9OPQ76bOr2dZr7F3q
nuUbjb1Uy+Yx+NsZibgTv/3thEuOFiBEyYttUjt0bHLK6JqNvjvlNbWNU/XdwAk3
JsfRz9HD/L5LYnV0bQW3BCtqVwKyQVYD/mzFoRSUZ9iQlQ4=
-----END CERTIFICATE-----