Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/327952-4c66-4b95-b6de-43118e496d40/1/GfAsYpDk3JdpBBe4_XIzDYh0QSE.roa
File:                     GfAsYpDk3JdpBBe4_XIzDYh0QSE.roa (raw, json)
Hash identifier:          lVTXGaCmhZJguYNLRM+hHj1aOjVITrXWPxHky7Z6oMQ=
Subject key identifier:   19:F0:2C:62:90:E4:DC:97:69:04:17:B8:FD:72:33:0D:88:74:41:21
Certificate issuer:       /CN=c2d82ccf0c8dea7d7f6ad72e8e62462d7be20d56
Certificate serial:       019E6EA943791907BE640734A5FC80E18957
Authority key identifier: C2:D8:2C:CF:0C:8D:EA:7D:7F:6A:D7:2E:8E:62:46:2D:7B:E2:0D:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wtgszwyN6n1_atcujmJGLXviDVY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/327952-4c66-4b95-b6de-43118e496d40/1/GfAsYpDk3JdpBBe4_XIzDYh0QSE.roa
Signing time:             Thu 28 May 2026 12:57:27 +0000
ROA not before:           Thu 28 May 2026 12:57:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49810
IP address blocks:        2a04:d202::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/327952-4c66-4b95-b6de-43118e496d40/1/wtgszwyN6n1_atcujmJGLXviDVY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/327952-4c66-4b95-b6de-43118e496d40/1/wtgszwyN6n1_atcujmJGLXviDVY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wtgszwyN6n1_atcujmJGLXviDVY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 19:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:6e:a9:43:79:19:07:be:64:07:34:a5:fc:80:e1:89:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2d82ccf0c8dea7d7f6ad72e8e62462d7be20d56
        Validity
            Not Before: May 28 12:57:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=19f02c6290e4dc97690417b8fd72330d88744121
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:5c:af:b5:c2:88:02:df:80:23:71:f1:af:03:
                    54:8c:1d:90:cb:fd:3f:7c:98:61:23:4a:91:ad:a3:
                    53:2e:2f:24:0f:47:50:a5:1b:56:44:0a:6f:31:9e:
                    46:3f:ec:31:6d:1a:89:75:8a:b5:b3:e0:23:c5:fe:
                    2e:50:c1:d5:fc:43:e9:e0:62:1f:d4:57:32:b2:18:
                    f6:39:ce:f0:62:7f:0b:47:ac:d0:b1:97:ec:b3:f4:
                    c5:9e:2f:a5:51:ac:a0:87:36:6a:7f:98:90:ad:74:
                    57:4f:9c:93:1a:9e:98:fd:55:c1:9f:8c:7e:f1:de:
                    16:b1:25:a0:ca:10:d0:c8:2d:05:50:3c:88:a0:aa:
                    11:b7:43:82:63:f8:d0:ad:00:58:7a:93:2d:35:f6:
                    c0:b2:c8:a2:e1:0c:c7:46:2e:88:54:e3:ad:5b:29:
                    45:b7:aa:f0:13:4d:d1:dc:20:37:2d:5b:57:11:a2:
                    90:fd:db:07:cc:ef:ce:ea:09:63:09:45:eb:db:ae:
                    b4:4f:26:a9:5b:75:21:0a:eb:c1:d0:77:c7:57:a3:
                    24:b8:a9:90:6d:ab:db:05:97:41:62:cb:2b:4b:bb:
                    51:89:6c:56:e9:51:a1:fa:c2:cf:02:1b:e7:f5:e6:
                    64:9f:9a:63:b5:b5:36:fc:2e:03:07:37:cc:8e:c6:
                    71:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:F0:2C:62:90:E4:DC:97:69:04:17:B8:FD:72:33:0D:88:74:41:21
            X509v3 Authority Key Identifier:
                keyid:C2:D8:2C:CF:0C:8D:EA:7D:7F:6A:D7:2E:8E:62:46:2D:7B:E2:0D:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wtgszwyN6n1_atcujmJGLXviDVY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/327952-4c66-4b95-b6de-43118e496d40/1/GfAsYpDk3JdpBBe4_XIzDYh0QSE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/327952-4c66-4b95-b6de-43118e496d40/1/wtgszwyN6n1_atcujmJGLXviDVY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:d202::/32

    Signature Algorithm: sha256WithRSAEncryption
         58:4f:ec:9a:84:58:15:0c:94:a3:6b:8f:02:f6:71:d6:5c:42:
         1d:58:84:54:aa:16:97:9f:a0:41:ef:67:f0:b4:b3:c7:b2:e8:
         8f:ba:ec:63:9e:13:b8:11:a3:f3:b1:58:06:65:24:f3:41:b7:
         e2:93:d9:de:33:8f:48:9f:e9:89:6d:10:ed:93:33:92:ed:e5:
         b6:5f:46:08:91:06:17:6a:eb:10:1d:3b:a8:7d:38:97:58:c7:
         30:72:6c:b8:0e:b6:22:62:0d:a6:a9:34:53:34:a8:d1:44:17:
         c4:a1:12:bd:a0:52:c5:ee:19:12:ff:15:1d:15:29:3b:68:0d:
         7e:66:27:93:70:9e:94:e9:ca:e1:1f:07:f6:82:66:61:54:b5:
         24:b0:9d:79:f9:cb:7b:fa:31:1d:02:78:c3:ff:82:36:33:cc:
         fc:7b:6b:60:5b:6b:a0:74:51:c4:59:05:6c:9a:fe:6a:65:77:
         41:e7:06:00:f8:da:5c:69:2d:02:33:ae:53:4a:96:6a:45:29:
         cc:80:c5:d0:d7:a2:93:12:02:43:e1:92:91:48:69:6d:7f:53:
         13:5d:5d:3e:7a:b7:50:78:d2:47:a7:b5:82:11:a5:6a:ab:fb:
         71:cc:51:38:8d:f9:2d:25:0b:0c:34:1a:ff:82:de:26:bf:b1:
         62:76:90:34
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ5uqUN5GQe+ZAc0pfyA4YlXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyZDgyY2NmMGM4ZGVhN2Q3ZjZhZDcyZThlNjI0NjJkN2Jl
MjBkNTYwHhcNMjYwNTI4MTI1NzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWYwMmM2MjkwZTRkYzk3NjkwNDE3YjhmZDcyMzMwZDg4NzQ0MTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFyvtcKIAt+AI3HxrwNUjB2Qy/0/
fJhhI0qRraNTLi8kD0dQpRtWRApvMZ5GP+wxbRqJdYq1s+Ajxf4uUMHV/EPp4GIf
1Fcyshj2Oc7wYn8LR6zQsZfss/TFni+lUayghzZqf5iQrXRXT5yTGp6Y/VXBn4x+
8d4WsSWgyhDQyC0FUDyIoKoRt0OCY/jQrQBYepMtNfbAssii4QzHRi6IVOOtWylF
t6rwE03R3CA3LVtXEaKQ/dsHzO/O6gljCUXr2660TyapW3UhCuvB0HfHV6MkuKmQ
bavbBZdBYssrS7tRiWxW6VGh+sLPAhvn9eZkn5pjtbU2/C4DBzfMjsZxkwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBnwLGKQ5NyXaQQXuP1yMw2IdEEhMB8GA1UdIwQY
MBaAFMLYLM8Mjep9f2rXLo5iRi174g1WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3Rnc3p3eU42bjFfYXRjdWptSkdMWHZpRFZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8zMjc5NTItNGM2Ni00Yjk1LWI2ZGUt
NDMxMThlNDk2ZDQwLzEvR2ZBc1lwRGszSmRwQkJlNF9YSXpEWWgwUVNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8zMjc5NTItNGM2Ni00Yjk1LWI2ZGUtNDMxMThlNDk2ZDQw
LzEvd3Rnc3p3eU42bjFfYXRjdWptSkdMWHZpRFZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgTSAjAN
BgkqhkiG9w0BAQsFAAOCAQEAWE/smoRYFQyUo2uPAvZx1lxCHViEVKoWl5+gQe9n
8LSzx7Loj7rsY54TuBGj87FYBmUk80G34pPZ3jOPSJ/piW0Q7ZMzku3ltl9GCJEG
F2rrEB07qH04l1jHMHJsuA62ImINpqk0UzSo0UQXxKESvaBSxe4ZEv8VHRUpO2gN
fmYnk3CelOnK4R8H9oJmYVS1JLCdefnLe/oxHQJ4w/+CNjPM/HtrYFtroHRRxFkF
bJr+amV3QecGAPjaXGktAjOuU0qWakUpzIDF0NeikxICQ+GSkUhpbX9TE11dPnq3
UHjSR6e1ghGlaqv7ccxROI35LSULDDQa/4LeJr+xYnaQNA==
-----END CERTIFICATE-----