Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/sRwrUFPu8IufvUSdc5VMbpkKMcw.roa
File:                     sRwrUFPu8IufvUSdc5VMbpkKMcw.roa (raw, json)
Hash identifier:          lN69V7XtAFJGqTEtBBnFGAJOekVEyr0Idgtc+5393lw=
Subject key identifier:   B1:1C:2B:50:53:EE:F0:8B:9F:BD:44:9D:73:95:4C:6E:99:0A:31:CC
Certificate issuer:       /CN=137e5707444a16c68e1a1c52ac4909d0bdca62ae
Certificate serial:       019D70AE3C89E2665D7EDB3FE234453840E3
Authority key identifier: 13:7E:57:07:44:4A:16:C6:8E:1A:1C:52:AC:49:09:D0:BD:CA:62:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/sRwrUFPu8IufvUSdc5VMbpkKMcw.roa
Signing time:             Thu 09 Apr 2026 05:19:20 +0000
ROA not before:           Thu 09 Apr 2026 05:19:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204211
IP address blocks:        2a12:cb47:ffff::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:70:ae:3c:89:e2:66:5d:7e:db:3f:e2:34:45:38:40:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=137e5707444a16c68e1a1c52ac4909d0bdca62ae
        Validity
            Not Before: Apr  9 05:19:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b11c2b5053eef08b9fbd449d73954c6e990a31cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:0b:c6:8a:3f:81:bc:64:40:aa:c2:27:ba:11:
                    a9:85:49:14:05:30:1a:6d:3b:cc:ab:9b:93:05:7a:
                    ed:d3:c8:07:4a:78:cf:72:40:83:a5:c8:18:ca:3e:
                    3a:72:09:21:e2:9b:e9:1c:11:64:7b:fe:3a:e4:8d:
                    70:45:4f:2c:28:44:2e:90:f2:39:f2:6d:ac:2e:98:
                    a3:01:55:a3:6b:0d:f3:22:98:73:5c:57:21:8f:c6:
                    f3:2c:3e:36:71:a3:7b:7b:ad:9a:4e:12:97:a9:44:
                    b1:a9:1d:a9:74:fc:f3:59:ea:62:2a:35:e2:7d:ab:
                    e7:50:46:1b:6d:39:fe:89:7d:c8:06:61:02:ba:e7:
                    75:5c:13:7b:96:6b:11:40:0d:34:ec:13:8a:39:8a:
                    23:de:59:de:1f:bd:d6:48:31:50:65:9d:98:e2:8f:
                    7a:a3:d2:94:4c:5e:6b:ec:81:46:48:47:ee:05:7e:
                    5c:2f:ef:80:12:70:70:94:2f:0c:d9:a7:09:09:8d:
                    5e:1a:0e:e8:68:75:bd:68:60:eb:e1:8f:b6:ac:ec:
                    41:a6:7f:3a:cc:7b:8a:e2:fa:3b:83:1f:6b:93:0c:
                    20:2d:46:b2:ac:ec:63:21:dd:94:7e:e3:25:3e:6b:
                    34:4c:a9:90:df:bf:9a:79:c1:be:e9:5d:ab:ec:ff:
                    ac:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:1C:2B:50:53:EE:F0:8B:9F:BD:44:9D:73:95:4C:6E:99:0A:31:CC
            X509v3 Authority Key Identifier:
                keyid:13:7E:57:07:44:4A:16:C6:8E:1A:1C:52:AC:49:09:D0:BD:CA:62:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/sRwrUFPu8IufvUSdc5VMbpkKMcw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:cb47:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         b5:6c:5d:ef:a6:4c:11:d7:59:47:67:81:ba:ec:e7:8c:97:c6:
         33:68:ee:b2:59:e5:23:ff:85:4e:0c:fe:35:cd:9b:28:58:f9:
         c8:a3:1c:c0:d3:34:b9:d5:aa:3a:2c:e8:3f:0f:01:90:66:13:
         90:39:4e:29:a0:90:7a:57:22:5b:c0:b1:1a:83:a5:be:b5:8b:
         45:9e:5c:99:b9:88:5b:9c:4d:d1:15:f7:d3:44:84:53:c2:9f:
         37:04:0c:8d:d1:31:0b:e5:25:2d:24:12:57:1f:16:ba:cc:09:
         83:80:dc:3e:90:a9:e6:76:4c:6e:5f:06:a9:26:36:9d:38:fc:
         44:2d:14:87:fb:1d:20:cc:83:7a:f3:76:11:2d:69:53:d2:96:
         1e:48:a9:ed:03:24:c6:3b:49:54:8f:b2:5e:ed:cc:9e:95:d6:
         af:74:33:60:c3:86:fa:50:c7:39:d0:ee:dd:ab:3d:7d:14:22:
         b5:2c:ba:b2:33:76:06:49:ae:e3:a5:83:dc:d2:b9:44:eb:ac:
         7b:42:53:7b:9a:1c:d8:8c:49:14:40:9b:60:59:d9:7e:cc:e7:
         9e:1e:6e:12:95:71:ef:2b:71:29:e3:2d:f1:6d:bc:df:a9:47:
         4d:57:40:59:ed:82:32:2c:18:8d:92:60:a4:63:d1:68:c2:f9:
         99:63:2a:a9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ1wrjyJ4mZdfts/4jRFOEDjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzN2U1NzA3NDQ0YTE2YzY4ZTFhMWM1MmFjNDkwOWQwYmRj
YTYyYWUwHhcNMjYwNDA5MDUxOTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTFjMmI1MDUzZWVmMDhiOWZiZDQ0OWQ3Mzk1NGM2ZTk5MGEzMWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmQvGij+BvGRAqsInuhGphUkUBTAa
bTvMq5uTBXrt08gHSnjPckCDpcgYyj46cgkh4pvpHBFke/465I1wRU8sKEQukPI5
8m2sLpijAVWjaw3zIphzXFchj8bzLD42caN7e62aThKXqUSxqR2pdPzzWepiKjXi
favnUEYbbTn+iX3IBmECuud1XBN7lmsRQA007BOKOYoj3lneH73WSDFQZZ2Y4o96
o9KUTF5r7IFGSEfuBX5cL++AEnBwlC8M2acJCY1eGg7oaHW9aGDr4Y+2rOxBpn86
zHuK4vo7gx9rkwwgLUayrOxjId2UfuMlPms0TKmQ37+aecG+6V2r7P+sDwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLEcK1BT7vCLn71EnXOVTG6ZCjHMMB8GA1UdIwQY
MBaAFBN+VwdEShbGjhocUqxJCdC9ymKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTM1WEIwUktGc2FPR2h4U3JFa0owTDNLWXE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi82ZWFlYWUtZjQ1Yy00MzU1LTkzMmYt
YzBkMjA3YzAyZDI3LzEvc1J3clVGUHU4SXVmdlVTZGM1Vk1icGtLTWN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi82ZWFlYWUtZjQ1Yy00MzU1LTkzMmYtYzBkMjA3YzAyZDI3
LzEvRTM1WEIwUktGc2FPR2h4U3JFa0owTDNLWXE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhLLR///
MA0GCSqGSIb3DQEBCwUAA4IBAQC1bF3vpkwR11lHZ4G67OeMl8YzaO6yWeUj/4VO
DP41zZsoWPnIoxzA0zS51ao6LOg/DwGQZhOQOU4poJB6VyJbwLEag6W+tYtFnlyZ
uYhbnE3RFffTRIRTwp83BAyN0TEL5SUtJBJXHxa6zAmDgNw+kKnmdkxuXwapJjad
OPxELRSH+x0gzIN683YRLWlT0pYeSKntAyTGO0lUj7Je7cyeldavdDNgw4b6UMc5
0O7dqz19FCK1LLqyM3YGSa7jpYPc0rlE66x7QlN7mhzYjEkUQJtgWdl+zOeeHm4S
lXHvK3Ep4y3xbbzfqUdNV0BZ7YIyLBiNkmCkY9FowvmZYyqp
-----END CERTIFICATE-----