Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8d0d74-726a-4e6d-b06c-c86a8ff8d2eb/1/Gr0wbsf4oUxk-h0Zfp6SPQjHzcI.roa
File:                     Gr0wbsf4oUxk-h0Zfp6SPQjHzcI.roa (raw, json)
Hash identifier:          mjnXAIcUpMVO0TV6dBNgW8JY1xLBZLbzGH2H/vpCwsw=
Subject key identifier:   1A:BD:30:6E:C7:F8:A1:4C:64:FA:1D:19:7E:9E:92:3D:08:C7:CD:C2
Certificate issuer:       /CN=2c40b6a8faa17ae5318b57265f86ea55ca1f4b02
Certificate serial:       019D4E1F14BB2AAEE75BAD2164D719021430
Authority key identifier: 2C:40:B6:A8:FA:A1:7A:E5:31:8B:57:26:5F:86:EA:55:CA:1F:4B:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LEC2qPqheuUxi1cmX4bqVcofSwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8d0d74-726a-4e6d-b06c-c86a8ff8d2eb/1/Gr0wbsf4oUxk-h0Zfp6SPQjHzcI.roa
Signing time:             Thu 02 Apr 2026 12:15:52 +0000
ROA not before:           Thu 02 Apr 2026 12:15:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199714
IP address blocks:        2001:678:1220::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8d0d74-726a-4e6d-b06c-c86a8ff8d2eb/1/LEC2qPqheuUxi1cmX4bqVcofSwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8d0d74-726a-4e6d-b06c-c86a8ff8d2eb/1/LEC2qPqheuUxi1cmX4bqVcofSwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LEC2qPqheuUxi1cmX4bqVcofSwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 13:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:4e:1f:14:bb:2a:ae:e7:5b:ad:21:64:d7:19:02:14:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c40b6a8faa17ae5318b57265f86ea55ca1f4b02
        Validity
            Not Before: Apr  2 12:15:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1abd306ec7f8a14c64fa1d197e9e923d08c7cdc2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:d7:30:d0:b6:18:4b:71:f1:d7:80:0a:c8:4f:
                    86:0e:e8:2b:b3:ad:be:fc:18:51:66:04:3b:44:04:
                    1d:2a:bd:30:9c:6b:8c:c4:4d:ea:eb:61:03:16:7a:
                    40:87:46:4a:6f:31:46:d0:64:a2:19:fb:9e:33:c7:
                    fa:69:97:e4:4f:64:e8:67:5b:64:ba:e5:19:62:54:
                    b9:e8:f5:16:a8:ee:10:73:13:2b:69:87:f3:c9:d8:
                    fd:bc:71:fb:63:0a:ff:e1:58:0f:2e:fb:c7:74:05:
                    c6:b5:39:57:93:2b:dc:6e:56:d1:c2:7a:73:bb:0c:
                    8a:b4:33:90:7a:b9:44:32:26:dc:0b:b2:2d:eb:1f:
                    54:2f:d6:a5:ed:55:08:30:3b:34:b5:f3:fd:84:61:
                    cb:a7:3e:f0:94:fb:55:e3:43:9d:54:96:89:2b:de:
                    59:cd:00:33:a0:52:85:a3:e3:fc:06:21:b0:9e:af:
                    c1:fa:c9:6a:f6:8e:49:09:f3:57:3a:1f:07:9f:b5:
                    c4:51:13:33:89:7d:b8:f7:67:15:9d:de:6e:8c:04:
                    f6:95:4d:e5:31:87:8c:c5:86:19:06:e5:43:40:c8:
                    c6:21:46:fb:df:34:91:fe:43:4a:fc:d4:61:5c:ef:
                    46:5b:ce:c4:b8:b5:03:17:76:b2:a5:a1:80:55:6a:
                    8c:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:BD:30:6E:C7:F8:A1:4C:64:FA:1D:19:7E:9E:92:3D:08:C7:CD:C2
            X509v3 Authority Key Identifier:
                keyid:2C:40:B6:A8:FA:A1:7A:E5:31:8B:57:26:5F:86:EA:55:CA:1F:4B:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LEC2qPqheuUxi1cmX4bqVcofSwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8d0d74-726a-4e6d-b06c-c86a8ff8d2eb/1/Gr0wbsf4oUxk-h0Zfp6SPQjHzcI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8d0d74-726a-4e6d-b06c-c86a8ff8d2eb/1/LEC2qPqheuUxi1cmX4bqVcofSwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:1220::/48

    Signature Algorithm: sha256WithRSAEncryption
         65:e4:08:15:90:00:f2:2e:d7:96:f2:7e:6b:74:97:69:71:e0:
         50:2b:f8:12:aa:9b:08:b9:f9:b5:6a:06:65:e6:6d:44:0b:6a:
         52:37:56:84:04:fc:fb:1c:2f:51:7a:13:67:da:dd:f5:84:6f:
         d4:20:a8:e5:69:d5:f4:36:fc:7c:92:c8:32:fd:f8:4f:22:ae:
         71:11:1a:42:0e:2c:41:d4:9a:6e:09:75:f6:fa:18:31:20:0b:
         3f:f0:14:01:00:27:94:5f:1b:c8:76:be:ea:e2:b2:69:52:89:
         10:80:38:db:35:df:92:46:6b:85:ee:dc:98:e7:af:70:51:3e:
         14:89:50:0a:4d:13:df:f5:15:35:c2:a9:18:c2:76:b5:74:47:
         fb:20:1a:24:91:93:ed:e5:bb:a1:8b:a4:2c:bf:b0:15:72:c8:
         2c:f2:2d:73:f9:ff:f1:ec:db:61:d5:35:95:54:1f:6c:61:e1:
         85:5a:5f:4b:2c:13:71:12:3b:5f:00:13:0e:79:a8:6f:79:de:
         fb:1d:ed:6c:da:85:70:71:e5:f6:d6:e9:81:4a:95:23:e8:24:
         ee:b9:e7:26:7a:97:29:d4:51:ef:c2:58:91:fd:6b:0d:b5:e9:
         a1:69:4e:46:6f:0f:ba:d5:12:20:6e:2e:7a:85:ff:c4:f8:78:
         0c:48:b4:f1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ1OHxS7Kq7nW60hZNcZAhQwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjNDBiNmE4ZmFhMTdhZTUzMThiNTcyNjVmODZlYTU1Y2Ex
ZjRiMDIwHhcNMjYwNDAyMTIxNTUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYWJkMzA2ZWM3ZjhhMTRjNjRmYTFkMTk3ZTllOTIzZDA4YzdjZGMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr9cw0LYYS3Hx14AKyE+GDugrs62+
/BhRZgQ7RAQdKr0wnGuMxE3q62EDFnpAh0ZKbzFG0GSiGfueM8f6aZfkT2ToZ1tk
uuUZYlS56PUWqO4QcxMraYfzydj9vHH7Ywr/4VgPLvvHdAXGtTlXkyvcblbRwnpz
uwyKtDOQerlEMibcC7It6x9UL9al7VUIMDs0tfP9hGHLpz7wlPtV40OdVJaJK95Z
zQAzoFKFo+P8BiGwnq/B+slq9o5JCfNXOh8Hn7XEURMziX2492cVnd5ujAT2lU3l
MYeMxYYZBuVDQMjGIUb73zSR/kNK/NRhXO9GW87EuLUDF3aypaGAVWqMQwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBq9MG7H+KFMZPodGX6ekj0Ix83CMB8GA1UdIwQY
MBaAFCxAtqj6oXrlMYtXJl+G6lXKH0sCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEVDMnFQcWhldVV4aTFjbVg0YnFWY29mU3dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZDBkNzQtNzI2YS00ZTZkLWIwNmMt
Yzg2YThmZjhkMmViLzEvR3Iwd2JzZjRvVXhrLWgwWmZwNlNQUWpIemNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZDBkNzQtNzI2YS00ZTZkLWIwNmMtYzg2YThmZjhkMmVi
LzEvTEVDMnFQcWhldVV4aTFjbVg0YnFWY29mU3dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBIg
MA0GCSqGSIb3DQEBCwUAA4IBAQBl5AgVkADyLteW8n5rdJdpceBQK/gSqpsIufm1
agZl5m1EC2pSN1aEBPz7HC9RehNn2t31hG/UIKjladX0Nvx8ksgy/fhPIq5xERpC
DixB1JpuCXX2+hgxIAs/8BQBACeUXxvIdr7q4rJpUokQgDjbNd+SRmuF7tyY569w
UT4UiVAKTRPf9RU1wqkYwna1dEf7IBokkZPt5buhi6Qsv7AVcsgs8i1z+f/x7Nth
1TWVVB9sYeGFWl9LLBNxEjtfABMOeahved77He1s2oVwceX21umBSpUj6CTuuecm
epcp1FHvwliR/WsNtemhaU5Gbw+61RIgbi56hf/E+HgMSLTx
-----END CERTIFICATE-----