Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/da3b69-c814-4569-a54a-6a4682943dfc/1/r3PrgEIeKzFmjmt3ehPNebzdklM.roa
File:                     r3PrgEIeKzFmjmt3ehPNebzdklM.roa (raw, json)
Hash identifier:          kYXy/2MYPdosdaY9oR/2nCiXwCSlodRD/44n2jwFVoY=
Subject key identifier:   AF:73:EB:80:42:1E:2B:31:66:8E:6B:77:7A:13:CD:79:BC:DD:92:53
Certificate issuer:       /CN=ff6f26d7c82c690877dc3c2cb9226ba833d71f98
Certificate serial:       019D9C55778D3737A2CF490AADB8B7703257
Authority key identifier: FF:6F:26:D7:C8:2C:69:08:77:DC:3C:2C:B9:22:6B:A8:33:D7:1F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_28m18gsaQh33DwsuSJrqDPXH5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/da3b69-c814-4569-a54a-6a4682943dfc/1/r3PrgEIeKzFmjmt3ehPNebzdklM.roa
Signing time:             Fri 17 Apr 2026 16:45:40 +0000
ROA not before:           Fri 17 Apr 2026 16:45:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     61278
IP address blocks:        2a13:e2c0::/29 maxlen: 29
                          2a13:e2c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/da3b69-c814-4569-a54a-6a4682943dfc/1/_28m18gsaQh33DwsuSJrqDPXH5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/da3b69-c814-4569-a54a-6a4682943dfc/1/_28m18gsaQh33DwsuSJrqDPXH5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_28m18gsaQh33DwsuSJrqDPXH5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9c:55:77:8d:37:37:a2:cf:49:0a:ad:b8:b7:70:32:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff6f26d7c82c690877dc3c2cb9226ba833d71f98
        Validity
            Not Before: Apr 17 16:45:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=af73eb80421e2b31668e6b777a13cd79bcdd9253
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:9b:f0:d9:ca:ba:57:bc:35:5f:fa:88:d7:7a:
                    81:ab:19:c0:d9:e5:ad:21:6d:75:14:17:a9:26:25:
                    95:65:12:e4:3d:83:74:eb:68:6f:85:f6:7a:c1:0e:
                    2c:a7:7c:28:7b:8e:32:5d:fb:78:d1:2c:7c:41:4a:
                    3a:22:97:7f:c3:cc:33:93:29:08:88:85:0a:eb:3a:
                    da:83:7c:38:c5:98:16:a2:55:93:16:97:a6:3f:16:
                    5b:64:ae:0a:a4:0c:11:59:e9:65:f1:ea:f1:f3:c9:
                    88:e1:d4:13:a4:2d:7a:a2:c2:3b:a7:07:7a:3f:c3:
                    9c:f1:f2:de:c7:97:87:36:7c:77:c5:d8:d7:f2:30:
                    55:97:58:e7:79:8c:d2:4d:16:7c:44:1a:c0:75:52:
                    74:01:45:d1:b9:ac:84:40:9b:53:92:50:70:b5:af:
                    08:9b:8b:c0:a9:3e:2d:1c:b8:ee:d5:0d:95:8e:db:
                    2d:fe:4b:8e:16:10:2a:1a:8e:7a:f1:fb:eb:0e:f3:
                    84:0b:0d:71:69:77:70:5e:fc:cb:5d:10:2f:98:28:
                    88:12:67:a7:73:86:c4:2b:29:6d:4b:f5:ed:99:ac:
                    7c:51:d7:b0:51:f9:60:e4:2d:36:ed:7f:07:bc:c8:
                    75:d2:ba:61:67:71:a7:08:d3:99:67:c6:77:18:9f:
                    45:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:73:EB:80:42:1E:2B:31:66:8E:6B:77:7A:13:CD:79:BC:DD:92:53
            X509v3 Authority Key Identifier:
                keyid:FF:6F:26:D7:C8:2C:69:08:77:DC:3C:2C:B9:22:6B:A8:33:D7:1F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_28m18gsaQh33DwsuSJrqDPXH5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/da3b69-c814-4569-a54a-6a4682943dfc/1/r3PrgEIeKzFmjmt3ehPNebzdklM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/da3b69-c814-4569-a54a-6a4682943dfc/1/_28m18gsaQh33DwsuSJrqDPXH5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:e2c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         40:9f:02:8e:94:47:16:cc:bf:fd:52:33:7d:d6:09:dd:10:96:
         98:ef:ba:dd:c9:a7:5e:35:a9:74:81:f6:e1:71:3f:fc:ad:b0:
         8a:c6:b3:36:35:ef:6b:9d:d4:73:d5:07:9c:c3:ca:50:67:52:
         12:4a:c2:07:2d:81:b5:d0:fe:f4:45:25:85:75:f0:b6:55:31:
         b3:36:24:7e:40:4b:37:6d:69:71:07:dd:08:d1:4e:a8:b6:3d:
         ba:b1:83:f2:2b:c3:33:af:f4:4b:a3:9b:98:09:17:24:56:27:
         6b:bd:55:a2:31:86:ce:e6:b8:f1:6b:51:be:13:17:ee:f1:6c:
         26:d5:f4:85:f0:65:dc:78:35:1d:9c:1d:13:64:ee:7a:8d:21:
         64:3b:99:5b:e5:d3:a2:0d:98:90:bb:7b:7a:de:99:42:1d:91:
         37:df:3b:e0:b9:d2:c6:4b:67:ae:3e:9c:31:6e:1b:59:0a:ca:
         57:2c:81:cd:d1:6f:20:98:5c:62:dc:47:4c:72:c4:0a:cb:2d:
         46:7e:d3:3b:35:43:50:03:c9:9e:24:97:67:ac:fa:02:ce:39:
         45:6e:16:1c:05:81:88:59:e8:56:e1:1e:a9:8c:d8:d5:a9:90:
         5f:37:67:96:58:1d:34:f9:10:fd:06:64:20:0b:3b:2e:01:77:
         0f:19:5f:bd
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ2cVXeNNzeiz0kKrbi3cDJXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNmYyNmQ3YzgyYzY5MDg3N2RjM2MyY2I5MjI2YmE4MzNk
NzFmOTgwHhcNMjYwNDE3MTY0NTQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjczZWI4MDQyMWUyYjMxNjY4ZTZiNzc3YTEzY2Q3OWJjZGQ5MjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZvw2cq6V7w1X/qI13qBqxnA2eWt
IW11FBepJiWVZRLkPYN062hvhfZ6wQ4sp3woe44yXft40Sx8QUo6Ipd/w8wzkykI
iIUK6zrag3w4xZgWolWTFpemPxZbZK4KpAwRWell8erx88mI4dQTpC16osI7pwd6
P8Oc8fLex5eHNnx3xdjX8jBVl1jneYzSTRZ8RBrAdVJ0AUXRuayEQJtTklBwta8I
m4vAqT4tHLju1Q2Vjtst/kuOFhAqGo568fvrDvOECw1xaXdwXvzLXRAvmCiIEmen
c4bEKyltS/Xtmax8UdewUflg5C027X8HvMh10rphZ3GnCNOZZ8Z3GJ9FgQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFK9z64BCHisxZo5rd3oTzXm83ZJTMB8GA1UdIwQY
MBaAFP9vJtfILGkId9w8LLkia6gz1x+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzI4bTE4Z3NhUWgzM0R3c3VTSnJxRFBYSDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS9kYTNiNjktYzgxNC00NTY5LWE1NGEt
NmE0NjgyOTQzZGZjLzEvcjNQcmdFSWVLekZtam10M2VoUE5lYnpka2xNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS9kYTNiNjktYzgxNC00NTY5LWE1NGEtNmE0NjgyOTQzZGZj
LzEvXzI4bTE4Z3NhUWgzM0R3c3VTSnJxRFBYSDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPiwDAN
BgkqhkiG9w0BAQsFAAOCAQEAQJ8CjpRHFsy//VIzfdYJ3RCWmO+63cmnXjWpdIH2
4XE//K2wisazNjXva53Uc9UHnMPKUGdSEkrCBy2BtdD+9EUlhXXwtlUxszYkfkBL
N21pcQfdCNFOqLY9urGD8ivDM6/0S6ObmAkXJFYna71VojGGzua48WtRvhMX7vFs
JtX0hfBl3Hg1HZwdE2Tueo0hZDuZW+XTog2YkLt7et6ZQh2RN9874LnSxktnrj6c
MW4bWQrKVyyBzdFvIJhcYtxHTHLECsstRn7TOzVDUAPJniSXZ6z6As45RW4WHAWB
iFnoVuEeqYzY1amQXzdnllgdNPkQ/QZkIAs7LgF3DxlfvQ==
-----END CERTIFICATE-----