Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/elRl-LFb576Vju89-5rZtpwNvA8.roa
File:                     elRl-LFb576Vju89-5rZtpwNvA8.roa (raw, json)
Hash identifier:          xPwY70PQ+SQxuDbckXLv93tNLUtpNWLtlC48kdNTrKE=
Subject key identifier:   7A:54:65:F8:B1:5B:E7:BE:95:8E:EF:3D:FB:9A:D9:B6:9C:0D:BC:0F
Certificate issuer:       /CN=5659b0ba8407be11cfc911bd31ed140cd1c6046c
Certificate serial:       019EC25FB17DB982CF06F9943DB21811B44D
Authority key identifier: 56:59:B0:BA:84:07:BE:11:CF:C9:11:BD:31:ED:14:0C:D1:C6:04:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VlmwuoQHvhHPyRG9Me0UDNHGBGw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/elRl-LFb576Vju89-5rZtpwNvA8.roa
Signing time:             Sat 13 Jun 2026 19:05:11 +0000
ROA not before:           Sat 13 Jun 2026 19:05:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20473
IP address blocks:        2a10:fa80:5::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/VlmwuoQHvhHPyRG9Me0UDNHGBGw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/VlmwuoQHvhHPyRG9Me0UDNHGBGw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VlmwuoQHvhHPyRG9Me0UDNHGBGw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:c2:5f:b1:7d:b9:82:cf:06:f9:94:3d:b2:18:11:b4:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5659b0ba8407be11cfc911bd31ed140cd1c6046c
        Validity
            Not Before: Jun 13 19:05:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7a5465f8b15be7be958eef3dfb9ad9b69c0dbc0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:82:92:07:e8:a6:45:9f:31:c1:9d:cd:18:e5:
                    ec:66:7a:e9:88:e9:2d:d0:1e:b9:c1:c6:e3:76:16:
                    9e:5a:2c:29:c3:fa:13:9a:00:04:15:70:97:c8:e5:
                    bf:02:77:8e:fe:15:ef:7c:f5:51:07:25:70:2e:4e:
                    51:d5:38:a4:b0:a2:ae:b6:78:97:b8:e6:3c:33:bb:
                    c7:70:8d:b3:ca:80:53:01:3e:bb:3a:b8:00:4b:ba:
                    81:6b:43:1d:be:42:4d:d4:ef:35:b6:7c:83:32:67:
                    90:0b:70:3a:e3:8d:ab:e6:2b:3c:32:4d:e4:20:cd:
                    d7:74:3e:3b:c8:33:12:b4:ce:fc:6f:e1:d8:e9:0d:
                    60:16:d0:46:0a:eb:43:87:a9:2a:80:64:1f:6f:ba:
                    6e:1a:1f:f1:77:7c:21:c1:62:c7:2a:bc:44:99:9f:
                    3e:30:c3:71:10:64:d7:f6:35:59:0f:a1:97:ed:ba:
                    45:90:14:c8:87:b3:54:e7:6c:fd:59:51:a8:b3:54:
                    a6:a2:d6:76:56:94:59:be:2d:af:7e:8b:a9:9b:3d:
                    e2:c9:5b:21:e1:56:a5:1d:f6:52:17:fa:52:6c:d9:
                    1e:47:6c:0e:e9:fd:df:25:69:ad:e6:49:16:72:9f:
                    a6:f3:80:0d:d5:ea:2b:c4:8b:a0:cb:9e:a9:b5:c3:
                    1c:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:54:65:F8:B1:5B:E7:BE:95:8E:EF:3D:FB:9A:D9:B6:9C:0D:BC:0F
            X509v3 Authority Key Identifier:
                keyid:56:59:B0:BA:84:07:BE:11:CF:C9:11:BD:31:ED:14:0C:D1:C6:04:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VlmwuoQHvhHPyRG9Me0UDNHGBGw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/elRl-LFb576Vju89-5rZtpwNvA8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/dd8e31-00b5-4212-9e01-2394c6600022/1/VlmwuoQHvhHPyRG9Me0UDNHGBGw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:fa80:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         40:08:4f:aa:cb:b2:f7:ea:9f:83:be:a2:87:65:ab:96:3b:e3:
         30:a2:b3:90:64:51:f4:2a:03:f1:e2:55:d8:68:c1:e7:35:04:
         84:1d:11:90:8b:8a:17:a5:fa:f6:18:cf:ca:ca:18:7b:9f:b0:
         ef:b0:53:a4:78:07:83:29:44:e1:8c:1a:ab:c8:60:3e:a2:8b:
         88:cc:a7:e1:27:9a:6e:e0:67:b6:fc:64:33:37:24:5f:24:e5:
         6d:26:90:65:69:91:be:72:a7:4a:ef:57:72:f5:3c:4f:4b:6c:
         da:ce:48:43:7d:dd:75:ca:9d:50:6a:15:8f:2e:ac:ac:52:22:
         53:cc:6f:9e:34:6a:7d:55:02:ff:81:87:57:18:05:c3:fb:b8:
         84:0a:c5:81:ef:99:ce:3f:b4:85:5f:70:5f:88:f8:ac:df:90:
         c7:84:bb:e8:f3:1b:8a:b9:c3:7b:0e:d9:b0:bc:df:61:84:65:
         b2:ca:52:e4:c2:01:92:e3:6b:86:ca:9d:c0:f8:fd:16:06:e0:
         8f:50:49:4c:58:b3:df:57:bc:64:bb:1b:51:9e:e8:68:94:70:
         53:55:1b:31:52:31:16:68:84:34:f8:a2:4b:51:33:52:6c:ea:
         85:7a:c0:74:7b:4d:ec:88:ae:bc:f1:a5:b8:a2:2d:11:28:08:
         37:c1:df:8d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ7CX7F9uYLPBvmUPbIYEbRNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2NTliMGJhODQwN2JlMTFjZmM5MTFiZDMxZWQxNDBjZDFj
NjA0NmMwHhcNMjYwNjEzMTkwNTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTU0NjVmOGIxNWJlN2JlOTU4ZWVmM2RmYjlhZDliNjljMGRiYzBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn4KSB+imRZ8xwZ3NGOXsZnrpiOkt
0B65wcbjdhaeWiwpw/oTmgAEFXCXyOW/AneO/hXvfPVRByVwLk5R1TiksKKutniX
uOY8M7vHcI2zyoBTAT67OrgAS7qBa0MdvkJN1O81tnyDMmeQC3A6442r5is8Mk3k
IM3XdD47yDMStM78b+HY6Q1gFtBGCutDh6kqgGQfb7puGh/xd3whwWLHKrxEmZ8+
MMNxEGTX9jVZD6GX7bpFkBTIh7NU52z9WVGos1SmotZ2VpRZvi2vfoupmz3iyVsh
4ValHfZSF/pSbNkeR2wO6f3fJWmt5kkWcp+m84AN1eorxIugy56ptcMcJwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHpUZfixW+e+lY7vPfua2bacDbwPMB8GA1UdIwQY
MBaAFFZZsLqEB74Rz8kRvTHtFAzRxgRsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmxtd3VvUUh2aEhQeVJHOU1lMFVETkhHQkd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9kZDhlMzEtMDBiNS00MjEyLTllMDEt
MjM5NGM2NjAwMDIyLzEvZWxSbC1MRmI1NzZWanU4OS01clp0cHdOdkE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9kZDhlMzEtMDBiNS00MjEyLTllMDEtMjM5NGM2NjAwMDIy
LzEvVmxtd3VvUUh2aEhQeVJHOU1lMFVETkhHQkd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhD6gAAF
MA0GCSqGSIb3DQEBCwUAA4IBAQBACE+qy7L36p+DvqKHZauWO+MworOQZFH0KgPx
4lXYaMHnNQSEHRGQi4oXpfr2GM/Kyhh7n7DvsFOkeAeDKUThjBqryGA+oouIzKfh
J5pu4Ge2/GQzNyRfJOVtJpBlaZG+cqdK71dy9TxPS2zazkhDfd11yp1QahWPLqys
UiJTzG+eNGp9VQL/gYdXGAXD+7iECsWB75nOP7SFX3BfiPis35DHhLvo8xuKucN7
DtmwvN9hhGWyylLkwgGS42uGyp3A+P0WBuCPUElMWLPfV7xkuxtRnuholHBTVRsx
UjEWaIQ0+KJLUTNSbOqFesB0e03siK688aW4oi0RKAg3wd+N
-----END CERTIFICATE-----