Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/Xdk8I6JYy_SCM1oHaAX3xwZNY84.roa
File:                     Xdk8I6JYy_SCM1oHaAX3xwZNY84.roa (raw, json)
Hash identifier:          HSCOThIFnJ4OzY3+g9DlfdAR+cgkT3YNs1c1jzpL67k=
Subject key identifier:   5D:D9:3C:23:A2:58:CB:F4:82:33:5A:07:68:05:F7:C7:06:4D:63:CE
Certificate issuer:       /CN=b0b56d10ccad9d69c01856be0afaa17ec682acbf
Certificate serial:       019E49C6B72736C1AAB94D56F4890CBDD415
Authority key identifier: B0:B5:6D:10:CC:AD:9D:69:C0:18:56:BE:0A:FA:A1:7E:C6:82:AC:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sLVtEMytnWnAGFa-CvqhfsaCrL8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/Xdk8I6JYy_SCM1oHaAX3xwZNY84.roa
Signing time:             Thu 21 May 2026 09:03:40 +0000
ROA not before:           Thu 21 May 2026 09:03:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200193
IP address blocks:        2a01:f900:203::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/sLVtEMytnWnAGFa-CvqhfsaCrL8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/sLVtEMytnWnAGFa-CvqhfsaCrL8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sLVtEMytnWnAGFa-CvqhfsaCrL8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:49:c6:b7:27:36:c1:aa:b9:4d:56:f4:89:0c:bd:d4:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0b56d10ccad9d69c01856be0afaa17ec682acbf
        Validity
            Not Before: May 21 09:03:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5dd93c23a258cbf482335a076805f7c7064d63ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:30:66:01:17:af:eb:c4:ac:29:66:0b:0f:5b:
                    72:f6:45:f0:e5:b9:6f:14:69:81:e7:1a:1e:fe:4a:
                    f9:66:7e:56:03:c8:3e:bb:17:cf:1d:fa:5b:49:18:
                    c1:04:59:3a:c4:22:11:0f:f4:c3:2f:23:bd:34:f9:
                    eb:97:e8:0f:44:52:83:a7:cf:87:69:17:16:9c:37:
                    02:1d:8a:a3:b5:0a:50:61:b6:8d:be:da:27:df:80:
                    55:99:ba:1d:b7:a0:0d:df:c6:51:a1:35:e5:1d:09:
                    77:d7:65:78:64:62:5c:c0:ca:4d:93:93:20:b2:d7:
                    ca:44:0a:d0:bd:02:d6:c3:c8:a9:04:03:6f:e8:b4:
                    2b:58:51:f9:90:09:ea:d3:87:6a:fd:46:b7:33:ac:
                    b7:c9:78:bc:0d:5f:cb:61:f3:e1:f3:15:67:88:32:
                    56:87:cc:5f:6c:23:ce:d6:a6:4b:4d:03:01:cc:14:
                    12:f1:90:10:d9:2f:63:aa:e7:2d:a0:3a:43:7a:d5:
                    0a:82:fd:d9:cf:65:53:dd:a5:46:6a:20:98:ba:b5:
                    55:52:81:57:20:f9:e3:25:0d:19:4c:8e:c1:ed:9b:
                    f3:74:66:d1:60:63:94:be:40:33:f6:c0:a9:2d:e8:
                    6a:8d:73:da:ad:9f:af:74:88:ff:66:4b:45:46:7e:
                    13:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:D9:3C:23:A2:58:CB:F4:82:33:5A:07:68:05:F7:C7:06:4D:63:CE
            X509v3 Authority Key Identifier:
                keyid:B0:B5:6D:10:CC:AD:9D:69:C0:18:56:BE:0A:FA:A1:7E:C6:82:AC:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sLVtEMytnWnAGFa-CvqhfsaCrL8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/Xdk8I6JYy_SCM1oHaAX3xwZNY84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/69409e-1ec4-489d-b61f-a19cc8a76d04/1/sLVtEMytnWnAGFa-CvqhfsaCrL8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f900:203::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:22:a2:28:14:ec:38:6b:db:dd:d2:74:9e:12:56:5e:54:2c:
         32:20:91:c3:aa:2f:4b:0f:e0:57:ce:05:7c:6b:17:a7:5d:30:
         c4:06:36:51:b3:ad:26:33:4c:d0:2e:6d:0b:ef:91:a6:34:b9:
         a3:23:01:20:d0:84:e2:97:18:4a:85:b2:a6:58:db:0e:ed:a9:
         f5:99:17:ab:9f:11:10:56:d6:61:71:d8:bd:38:ad:52:84:e6:
         57:f0:47:82:be:9a:ed:32:e5:6f:d5:5a:29:66:a0:e0:06:2b:
         17:6c:d1:59:34:f9:45:8f:3f:fb:f7:3a:7f:a9:47:68:0d:ef:
         a1:19:af:a4:84:86:54:c5:92:b3:01:7b:88:41:09:d5:e5:fa:
         cb:3c:e2:4f:9e:84:31:02:ae:d8:f4:aa:f0:ee:6a:ea:9b:f9:
         c7:b9:d4:6a:77:67:ee:8d:7a:6a:ab:89:18:d5:ef:82:95:79:
         00:29:0b:da:e4:c8:b1:68:e6:ba:36:e3:bc:d3:dc:43:e6:e0:
         f2:7e:f9:4f:c1:30:b4:89:b0:22:48:f1:c9:25:d8:50:38:3c:
         74:05:0f:cb:d8:b8:46:b8:05:14:e9:87:59:3d:de:d2:df:3e:
         75:0b:47:59:73:34:f9:b1:d0:c3:59:80:29:cf:c0:91:e9:c0:
         d3:e6:a5:23
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ5JxrcnNsGquU1W9IkMvdQVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYjU2ZDEwY2NhZDlkNjljMDE4NTZiZTBhZmFhMTdlYzY4
MmFjYmYwHhcNMjYwNTIxMDkwMzQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGQ5M2MyM2EyNThjYmY0ODIzMzVhMDc2ODA1ZjdjNzA2NGQ2M2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzjBmARev68SsKWYLD1ty9kXw5blv
FGmB5xoe/kr5Zn5WA8g+uxfPHfpbSRjBBFk6xCIRD/TDLyO9NPnrl+gPRFKDp8+H
aRcWnDcCHYqjtQpQYbaNvton34BVmbodt6AN38ZRoTXlHQl312V4ZGJcwMpNk5Mg
stfKRArQvQLWw8ipBANv6LQrWFH5kAnq04dq/Ua3M6y3yXi8DV/LYfPh8xVniDJW
h8xfbCPO1qZLTQMBzBQS8ZAQ2S9jquctoDpDetUKgv3Zz2VT3aVGaiCYurVVUoFX
IPnjJQ0ZTI7B7ZvzdGbRYGOUvkAz9sCpLehqjXParZ+vdIj/ZktFRn4T9wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF3ZPCOiWMv0gjNaB2gF98cGTWPOMB8GA1UdIwQY
MBaAFLC1bRDMrZ1pwBhWvgr6oX7Ggqy/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0xWdEVNeXRuV25BR0ZhLUN2cWhmc2FDckw4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC82OTQwOWUtMWVjNC00ODlkLWI2MWYt
YTE5Y2M4YTc2ZDA0LzEvWGRrOEk2Sll5X1NDTTFvSGFBWDN4d1pOWTg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC82OTQwOWUtMWVjNC00ODlkLWI2MWYtYTE5Y2M4YTc2ZDA0
LzEvc0xWdEVNeXRuV25BR0ZhLUN2cWhmc2FDckw4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgH5AAID
MA0GCSqGSIb3DQEBCwUAA4IBAQB/IqIoFOw4a9vd0nSeElZeVCwyIJHDqi9LD+BX
zgV8axenXTDEBjZRs60mM0zQLm0L75GmNLmjIwEg0ITilxhKhbKmWNsO7an1mRer
nxEQVtZhcdi9OK1ShOZX8EeCvprtMuVv1VopZqDgBisXbNFZNPlFjz/79zp/qUdo
De+hGa+khIZUxZKzAXuIQQnV5frLPOJPnoQxAq7Y9Krw7mrqm/nHudRqd2fujXpq
q4kY1e+ClXkAKQva5MixaOa6NuO809xD5uDyfvlPwTC0ibAiSPHJJdhQODx0BQ/L
2LhGuAUU6YdZPd7S3z51C0dZczT5sdDDWYApz8CR6cDT5qUj
-----END CERTIFICATE-----