Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/KoAxChCFkAeIK98qjbf3bksCgHg.roa
File:                     KoAxChCFkAeIK98qjbf3bksCgHg.roa (raw, json)
Hash identifier:          GFujlbeBcjaBQBdj6uHIkxK5RA2RyoYqfL9mlDRfy0E=
Subject key identifier:   2A:80:31:0A:10:85:90:07:88:2B:DF:2A:8D:B7:F7:6E:4B:02:80:78
Certificate issuer:       /CN=137e5707444a16c68e1a1c52ac4909d0bdca62ae
Certificate serial:       019D52E6BAF817F0B60FB3EA8C359FCCF92B
Authority key identifier: 13:7E:57:07:44:4A:16:C6:8E:1A:1C:52:AC:49:09:D0:BD:CA:62:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/KoAxChCFkAeIK98qjbf3bksCgHg.roa
Signing time:             Fri 03 Apr 2026 10:32:25 +0000
ROA not before:           Fri 03 Apr 2026 10:32:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211575
IP address blocks:        2a12:cb42:200::/40 maxlen: 48
                          2a12:cb47:ffff::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 09:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:52:e6:ba:f8:17:f0:b6:0f:b3:ea:8c:35:9f:cc:f9:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=137e5707444a16c68e1a1c52ac4909d0bdca62ae
        Validity
            Not Before: Apr  3 10:32:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2a80310a10859007882bdf2a8db7f76e4b028078
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:37:39:91:18:9a:8d:55:f8:ac:eb:4d:83:10:
                    68:11:34:de:5f:22:96:d7:9f:17:8a:d9:ba:2e:9a:
                    8e:67:70:f8:1f:91:06:6e:94:ee:37:1f:30:38:80:
                    c9:8c:f6:59:c2:cb:73:f0:6b:dc:81:b6:f2:f5:c9:
                    3b:ff:a3:da:ee:86:c8:7a:a4:9a:0e:30:e1:35:76:
                    94:10:27:05:5b:2f:3a:46:10:07:ff:47:0b:eb:72:
                    6a:60:f9:a1:82:61:3b:35:be:7b:d9:25:74:2e:01:
                    1e:0c:18:6e:ab:a7:d5:fa:c6:85:48:81:03:35:26:
                    3e:f0:a5:3d:c0:90:a7:96:c0:90:1a:4b:ef:92:2e:
                    e3:86:35:d5:b7:61:85:81:0c:e1:82:62:fd:a8:97:
                    f6:e7:a0:36:f5:49:38:fa:40:33:ba:86:92:a9:97:
                    b3:85:54:75:eb:16:ad:09:07:20:b3:94:5d:09:dc:
                    69:05:ec:76:b1:38:b1:16:2e:9f:4f:9a:01:0d:b2:
                    1d:6a:f6:36:bf:f0:63:06:a8:c8:4e:f8:24:47:3b:
                    64:3a:1f:77:0f:21:cf:5a:eb:06:60:04:ac:6e:46:
                    75:b4:30:0f:34:d8:dc:18:da:4b:30:1d:a6:57:42:
                    59:9c:f0:24:ee:06:b3:f7:97:7c:04:49:ae:19:b4:
                    7f:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:80:31:0A:10:85:90:07:88:2B:DF:2A:8D:B7:F7:6E:4B:02:80:78
            X509v3 Authority Key Identifier:
                keyid:13:7E:57:07:44:4A:16:C6:8E:1A:1C:52:AC:49:09:D0:BD:CA:62:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/KoAxChCFkAeIK98qjbf3bksCgHg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:cb42:200::/40
                  2a12:cb47:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         41:cf:b1:41:1d:6c:31:af:92:60:d9:c9:89:86:7e:9e:20:72:
         bc:f0:db:c8:06:54:74:c5:b3:f4:6f:6f:5c:1b:2a:c1:39:37:
         57:35:10:5c:fa:e9:b6:32:cf:de:6e:8c:a6:8e:d0:0d:85:e9:
         41:c2:84:e7:68:e5:e0:e2:ea:5e:4a:76:59:34:4f:27:c3:ab:
         47:12:97:3d:cd:27:1f:c2:05:7a:25:1f:40:6c:de:89:57:e3:
         55:b6:60:ae:8b:38:44:8b:83:b7:64:14:9b:de:83:30:6f:65:
         bc:5a:5b:bf:51:bc:34:a1:32:db:04:35:5e:59:03:ee:47:d9:
         b7:c7:d7:75:2d:27:dc:c4:f2:0a:ba:c0:cb:c1:19:10:39:3e:
         a7:2b:32:cc:a4:58:18:72:0d:06:1f:99:d2:55:0e:8d:a1:83:
         de:34:7a:f5:05:c4:bd:12:70:cc:5f:0f:85:06:21:11:99:77:
         1f:98:74:f3:e0:58:f6:cf:f0:e7:dc:28:1c:fd:c4:df:cd:58:
         df:b2:50:a0:e5:89:30:0a:d8:b5:0e:db:63:3d:d7:f0:64:3e:
         91:68:0d:83:aa:a2:e4:28:cb:8f:b4:3c:81:09:c4:a7:96:44:
         53:c1:83:3b:68:18:24:89:53:4b:65:2a:bd:81:e2:7a:24:74:
         9b:68:8a:f9
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZ1S5rr4F/C2D7PqjDWfzPkrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzN2U1NzA3NDQ0YTE2YzY4ZTFhMWM1MmFjNDkwOWQwYmRj
YTYyYWUwHhcNMjYwNDAzMTAzMjI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTgwMzEwYTEwODU5MDA3ODgyYmRmMmE4ZGI3Zjc2ZTRiMDI4MDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzc5kRiajVX4rOtNgxBoETTeXyKW
158Xitm6LpqOZ3D4H5EGbpTuNx8wOIDJjPZZwstz8Gvcgbby9ck7/6Pa7obIeqSa
DjDhNXaUECcFWy86RhAH/0cL63JqYPmhgmE7Nb572SV0LgEeDBhuq6fV+saFSIED
NSY+8KU9wJCnlsCQGkvvki7jhjXVt2GFgQzhgmL9qJf256A29Uk4+kAzuoaSqZez
hVR16xatCQcgs5RdCdxpBex2sTixFi6fT5oBDbIdavY2v/BjBqjITvgkRztkOh93
DyHPWusGYASsbkZ1tDAPNNjcGNpLMB2mV0JZnPAk7gaz95d8BEmuGbR/6wIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFCqAMQoQhZAHiCvfKo23925LAoB4MB8GA1UdIwQY
MBaAFBN+VwdEShbGjhocUqxJCdC9ymKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTM1WEIwUktGc2FPR2h4U3JFa0owTDNLWXE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi82ZWFlYWUtZjQ1Yy00MzU1LTkzMmYt
YzBkMjA3YzAyZDI3LzEvS29BeENoQ0ZrQWVJSzk4cWpiZjNia3NDZ0hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi82ZWFlYWUtZjQ1Yy00MzU1LTkzMmYtYzBkMjA3YzAyZDI3
LzEvRTM1WEIwUktGc2FPR2h4U3JFa0owTDNLWXE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwYAKhLLQgID
BwAqEstH//8wDQYJKoZIhvcNAQELBQADggEBAEHPsUEdbDGvkmDZyYmGfp4gcrzw
28gGVHTFs/Rvb1wbKsE5N1c1EFz66bYyz95ujKaO0A2F6UHChOdo5eDi6l5Kdlk0
TyfDq0cSlz3NJx/CBXolH0Bs3olX41W2YK6LOESLg7dkFJvegzBvZbxaW79RvDSh
MtsENV5ZA+5H2bfH13UtJ9zE8gq6wMvBGRA5PqcrMsykWBhyDQYfmdJVDo2hg940
evUFxL0ScMxfD4UGIRGZdx+YdPPgWPbP8OfcKBz9xN/NWN+yUKDliTAK2LUO22M9
1/BkPpFoDYOqouQoy4+0PIEJxKeWRFPBgztoGCSJU0tlKr2B4nokdJtoivk=
-----END CERTIFICATE-----