Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/8b7867-0a70-44ca-81fd-63f5fe110e76/1/2DuCV_W-U_DjGo5XDf9E-S3sShM.roa
File:                     2DuCV_W-U_DjGo5XDf9E-S3sShM.roa (raw, json)
Hash identifier:          cc9HcaIk4ywCecPBpWCavoWGQGYzOyoXbURNvhX6CYg=
Subject key identifier:   D8:3B:82:57:F5:BE:53:F0:E3:1A:8E:57:0D:FF:44:F9:2D:EC:4A:13
Certificate issuer:       /CN=c50eea130721e9cd1976fd7e0f34c96df6eac6b0
Certificate serial:       019B7BA4E5904F8A9D24836D2F1CF87793D4
Authority key identifier: C5:0E:EA:13:07:21:E9:CD:19:76:FD:7E:0F:34:C9:6D:F6:EA:C6:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xQ7qEwch6c0Zdv1-DzTJbfbqxrA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/8b7867-0a70-44ca-81fd-63f5fe110e76/1/2DuCV_W-U_DjGo5XDf9E-S3sShM.roa
Signing time:             Thu 01 Jan 2026 22:19:22 +0000
ROA not before:           Thu 01 Jan 2026 22:19:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     138270
IP address blocks:        2a00:cb20:3a00::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/8b7867-0a70-44ca-81fd-63f5fe110e76/1/xQ7qEwch6c0Zdv1-DzTJbfbqxrA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/8b7867-0a70-44ca-81fd-63f5fe110e76/1/xQ7qEwch6c0Zdv1-DzTJbfbqxrA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xQ7qEwch6c0Zdv1-DzTJbfbqxrA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 13:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:e5:90:4f:8a:9d:24:83:6d:2f:1c:f8:77:93:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c50eea130721e9cd1976fd7e0f34c96df6eac6b0
        Validity
            Not Before: Jan  1 22:19:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d83b8257f5be53f0e31a8e570dff44f92dec4a13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:1e:e6:47:d9:94:82:4c:3f:92:72:5d:96:80:
                    74:09:b1:56:88:d6:e8:b8:e7:6c:e6:eb:7f:a9:0d:
                    9e:04:c9:75:56:40:a4:ce:18:3a:b4:59:01:26:54:
                    a2:f3:92:d2:e0:16:e2:35:70:b4:18:af:57:a3:cc:
                    05:9d:d3:8b:8c:88:43:94:fd:a9:e7:4d:3a:45:c6:
                    a2:3d:51:a6:9e:fc:53:47:1a:86:64:38:23:5b:fa:
                    48:8d:7c:fa:e2:43:c6:d1:b8:4c:32:5d:03:e7:54:
                    7d:22:09:3e:00:c2:d4:10:cf:94:50:e7:15:58:48:
                    b9:b8:57:83:74:29:16:95:41:1e:c9:02:44:10:69:
                    8e:6a:56:ea:60:29:7f:4a:1a:bd:94:a6:64:e6:80:
                    af:af:b8:c1:a4:9c:8c:33:ee:9a:aa:33:ba:7d:0e:
                    15:dc:20:6f:48:c4:df:67:8e:b8:ae:8a:f0:27:e6:
                    b3:51:55:31:f7:2d:8f:37:b8:86:08:40:4b:17:d4:
                    b5:eb:ab:4b:83:8c:27:4c:0a:b1:04:ff:11:36:ef:
                    bf:54:5e:1a:14:d9:0d:23:34:30:78:3c:d8:2d:a0:
                    22:fc:b1:e7:c5:23:65:b6:dc:66:60:f0:3f:ae:ab:
                    3c:df:37:d0:85:b9:a7:bc:a3:95:43:01:cb:f0:a9:
                    25:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:3B:82:57:F5:BE:53:F0:E3:1A:8E:57:0D:FF:44:F9:2D:EC:4A:13
            X509v3 Authority Key Identifier:
                keyid:C5:0E:EA:13:07:21:E9:CD:19:76:FD:7E:0F:34:C9:6D:F6:EA:C6:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xQ7qEwch6c0Zdv1-DzTJbfbqxrA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/8b7867-0a70-44ca-81fd-63f5fe110e76/1/2DuCV_W-U_DjGo5XDf9E-S3sShM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/8b7867-0a70-44ca-81fd-63f5fe110e76/1/xQ7qEwch6c0Zdv1-DzTJbfbqxrA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:cb20:3a00::/40

    Signature Algorithm: sha256WithRSAEncryption
         a9:e7:63:68:6a:1f:24:c6:ce:4b:03:91:26:9c:d9:c6:49:77:
         52:1b:35:8e:ed:ec:1e:24:40:ad:c4:35:03:a0:34:16:80:01:
         76:9c:56:23:d5:11:fa:9a:bb:d7:c8:d8:4c:73:5b:15:20:20:
         e6:09:51:f6:d0:4b:8a:03:95:aa:9c:5d:0e:2c:14:9c:4c:0d:
         be:28:48:ad:d0:d8:6c:68:7e:1c:b8:8b:94:ce:1d:1c:6e:8b:
         e2:b6:6a:70:19:7c:33:62:07:d8:ad:75:9a:67:6b:ee:17:74:
         a6:53:e6:24:75:73:07:8c:79:97:82:8b:a9:a3:e1:7c:f6:ce:
         fb:d5:4a:b3:84:eb:e3:28:7e:be:cf:d5:2e:77:32:ac:88:b6:
         8e:18:a6:a0:fb:f2:d9:0d:f4:76:12:7d:33:a9:65:12:91:df:
         e5:1a:d1:6c:45:09:01:9f:20:65:93:ec:34:00:00:54:1a:65:
         ec:55:05:ba:71:67:43:a5:e9:5a:60:dc:36:5a:66:87:98:ac:
         f5:cf:50:fc:7d:ac:e8:83:93:40:a1:08:f0:0b:c4:42:45:cf:
         24:cd:1d:fa:20:c1:03:54:f6:e9:c7:10:f9:88:51:45:c8:67:
         7c:35:dd:be:d8:02:cd:34:2c:d3:1a:5d:18:56:a1:d0:10:04:
         f8:ea:e0:18
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZt7pOWQT4qdJINtLxz4d5PUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1MGVlYTEzMDcyMWU5Y2QxOTc2ZmQ3ZTBmMzRjOTZkZjZl
YWM2YjAwHhcNMjYwMTAxMjIxOTIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODNiODI1N2Y1YmU1M2YwZTMxYThlNTcwZGZmNDRmOTJkZWM0YTEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyx7mR9mUgkw/knJdloB0CbFWiNbo
uOds5ut/qQ2eBMl1VkCkzhg6tFkBJlSi85LS4BbiNXC0GK9Xo8wFndOLjIhDlP2p
5006RcaiPVGmnvxTRxqGZDgjW/pIjXz64kPG0bhMMl0D51R9Igk+AMLUEM+UUOcV
WEi5uFeDdCkWlUEeyQJEEGmOalbqYCl/Shq9lKZk5oCvr7jBpJyMM+6aqjO6fQ4V
3CBvSMTfZ464rorwJ+azUVUx9y2PN7iGCEBLF9S166tLg4wnTAqxBP8RNu+/VF4a
FNkNIzQweDzYLaAi/LHnxSNlttxmYPA/rqs83zfQhbmnvKOVQwHL8KklCwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNg7glf1vlPw4xqOVw3/RPkt7EoTMB8GA1UdIwQY
MBaAFMUO6hMHIenNGXb9fg80yW326sawMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFE3cUV3Y2g2YzBaZHYxLUR6VEpiZmJxeHJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC84Yjc4NjctMGE3MC00NGNhLTgxZmQt
NjNmNWZlMTEwZTc2LzEvMkR1Q1ZfVy1VX0RqR281WERmOUUtUzNzU2hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC84Yjc4NjctMGE3MC00NGNhLTgxZmQtNjNmNWZlMTEwZTc2
LzEveFE3cUV3Y2g2YzBaZHYxLUR6VEpiZmJxeHJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgDLIDow
DQYJKoZIhvcNAQELBQADggEBAKnnY2hqHyTGzksDkSac2cZJd1IbNY7t7B4kQK3E
NQOgNBaAAXacViPVEfqau9fI2ExzWxUgIOYJUfbQS4oDlaqcXQ4sFJxMDb4oSK3Q
2Gxofhy4i5TOHRxui+K2anAZfDNiB9itdZpna+4XdKZT5iR1cweMeZeCi6mj4Xz2
zvvVSrOE6+Mofr7P1S53MqyIto4YpqD78tkN9HYSfTOpZRKR3+Ua0WxFCQGfIGWT
7DQAAFQaZexVBbpxZ0Ol6Vpg3DZaZoeYrPXPUPx9rOiDk0ChCPALxEJFzyTNHfog
wQNU9unHEPmIUUXIZ3w13b7YAs00LNMaXRhWodAQBPjq4Bg=
-----END CERTIFICATE-----