Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/brIJhXE127mnZSH-sgVgPTdMriQ.roa
File:                     brIJhXE127mnZSH-sgVgPTdMriQ.roa (raw, json)
Hash identifier:          OPHDQPDKv2sbNbcG8M/if1+Q1GQUEy9nOuk2NkDBWwk=
Subject key identifier:   6E:B2:09:85:71:35:DB:B9:A7:65:21:FE:B2:05:60:3D:37:4C:AE:24
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       019D8FC6BF0CA04459CB6607E7D5D06E855F
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/brIJhXE127mnZSH-sgVgPTdMriQ.roa
Signing time:             Wed 15 Apr 2026 06:14:20 +0000
ROA not before:           Wed 15 Apr 2026 06:14:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199019
IP address blocks:        2a13:a440:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8f:c6:bf:0c:a0:44:59:cb:66:07:e7:d5:d0:6e:85:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: Apr 15 06:14:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6eb209857135dbb9a76521feb205603d374cae24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:b2:61:3a:3e:15:13:71:1b:99:a3:a5:ba:6f:
                    cb:58:55:6a:f2:2a:27:8c:dd:08:74:db:bd:5d:39:
                    7e:ff:f8:12:59:d5:a6:20:4c:28:92:1c:15:c3:bd:
                    31:d7:f7:fa:2d:65:80:f3:86:5c:45:1e:09:eb:6c:
                    e1:c2:47:06:0c:b7:6b:39:ad:f9:a8:4f:57:ad:b8:
                    65:98:ff:d1:0c:45:08:3e:4f:19:ad:ea:85:4f:a4:
                    a2:ed:19:ee:b4:6c:84:f8:23:8b:aa:21:92:a3:82:
                    8d:35:4e:79:81:fe:4e:ab:04:12:8a:14:86:7d:10:
                    40:86:79:02:92:37:d5:07:b1:2a:ae:13:ad:91:56:
                    ea:32:de:81:98:f7:d1:d3:b3:f2:9a:83:a0:ab:1e:
                    be:b5:e0:f4:93:b1:39:f7:df:24:8f:c1:21:4d:ec:
                    cd:8e:70:21:2c:db:b0:6c:a6:8f:97:db:ec:fc:2c:
                    f5:c4:f3:9c:07:98:66:b0:be:64:d3:fc:6e:df:0e:
                    8b:20:5a:78:fc:33:d7:67:ae:89:42:fb:2d:8e:c7:
                    98:06:dc:16:eb:90:f4:2d:f5:6d:44:60:96:f6:ee:
                    c5:0c:0b:33:14:7d:41:91:de:cb:41:e4:3d:38:cb:
                    75:37:6d:ef:c6:b9:df:61:af:dd:b8:3a:95:03:84:
                    3b:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:B2:09:85:71:35:DB:B9:A7:65:21:FE:B2:05:60:3D:37:4C:AE:24
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/brIJhXE127mnZSH-sgVgPTdMriQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a440:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         44:4b:08:61:3b:b1:85:c9:a3:a1:02:c1:79:f0:53:d0:a8:ec:
         a3:f7:7b:f0:d2:82:6e:f7:c1:90:a2:1a:44:52:bc:1a:bc:8c:
         e1:eb:8c:e3:eb:e4:a0:21:66:28:56:bd:0f:d0:8d:bd:9e:ff:
         17:06:e0:55:26:de:db:75:6c:51:c4:b3:76:69:d5:10:16:98:
         87:98:14:ba:0f:10:19:62:d6:ca:c3:ca:5d:82:b3:97:88:e5:
         08:3f:36:23:9f:4c:28:2d:9a:db:df:bb:c3:1a:8d:cb:ce:a9:
         a5:62:1a:01:da:1f:b5:7e:bc:97:8c:13:43:06:f2:21:8a:a3:
         54:ac:4c:03:87:f4:b6:45:6f:1f:67:c8:da:5a:62:ad:f6:f0:
         f7:bc:13:0a:13:87:ba:4a:ff:83:aa:76:db:6c:a9:f1:4a:69:
         10:b8:49:4a:c2:11:cd:4c:eb:0a:b1:43:d0:26:28:74:b1:d4:
         7a:0a:69:99:3e:4d:79:6d:e6:75:3b:d5:0f:05:6c:0d:e9:b2:
         3a:e0:93:2c:49:f8:c3:37:6b:1f:70:4f:03:a6:98:09:8c:8d:
         d1:90:bf:5c:f7:08:48:1c:00:ab:c3:fd:7f:73:c6:03:30:d2:
         b8:8f:79:0e:1f:09:6f:fd:d2:50:2f:3c:38:c5:c5:0f:f9:0c:
         7e:3e:42:a6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ2Pxr8MoERZy2YH59XQboVfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjYwNDE1MDYxNDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWIyMDk4NTcxMzVkYmI5YTc2NTIxZmViMjA1NjAzZDM3NGNhZTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw7JhOj4VE3EbmaOlum/LWFVq8ion
jN0IdNu9XTl+//gSWdWmIEwokhwVw70x1/f6LWWA84ZcRR4J62zhwkcGDLdrOa35
qE9XrbhlmP/RDEUIPk8ZreqFT6Si7RnutGyE+COLqiGSo4KNNU55gf5OqwQSihSG
fRBAhnkCkjfVB7EqrhOtkVbqMt6BmPfR07PymoOgqx6+teD0k7E5998kj8EhTezN
jnAhLNuwbKaPl9vs/Cz1xPOcB5hmsL5k0/xu3w6LIFp4/DPXZ66JQvstjseYBtwW
65D0LfVtRGCW9u7FDAszFH1Bkd7LQeQ9OMt1N23vxrnfYa/duDqVA4Q72wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFG6yCYVxNdu5p2Uh/rIFYD03TK4kMB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvYnJJSmhYRTEyN21uWlNILXNnVmdQVGRNcmlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOkQAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQBESwhhO7GFyaOhAsF58FPQqOyj93vw0oJu98GQ
ohpEUrwavIzh64zj6+SgIWYoVr0P0I29nv8XBuBVJt7bdWxRxLN2adUQFpiHmBS6
DxAZYtbKw8pdgrOXiOUIPzYjn0woLZrb37vDGo3LzqmlYhoB2h+1fryXjBNDBvIh
iqNUrEwDh/S2RW8fZ8jaWmKt9vD3vBMKE4e6Sv+DqnbbbKnxSmkQuElKwhHNTOsK
sUPQJih0sdR6CmmZPk15beZ1O9UPBWwN6bI64JMsSfjDN2sfcE8DppgJjI3RkL9c
9whIHACrw/1/c8YDMNK4j3kOHwlv/dJQLzw4xcUP+Qx+PkKm
-----END CERTIFICATE-----