Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/9ded2e-3973-4bcf-9562-3774881e7e1e/1/0GT7y41M2U2Z4n9p1prIFuSSpCU.roa
File:                     0GT7y41M2U2Z4n9p1prIFuSSpCU.roa (raw, json)
Hash identifier:          5PN+tyrRAZ9I2OtQw0DrVEloHpHu5PekIGAzz+vR1XM=
Subject key identifier:   D0:64:FB:CB:8D:4C:D9:4D:99:E2:7F:69:D6:9A:C8:16:E4:92:A4:25
Certificate issuer:       /CN=c2937b9461a3d266e935834e5047a182238362c8
Certificate serial:       019B7DC9D3C60655F996AE9AA02EA6CA07D3
Authority key identifier: C2:93:7B:94:61:A3:D2:66:E9:35:83:4E:50:47:A1:82:23:83:62:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wpN7lGGj0mbpNYNOUEehgiODYsg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/9ded2e-3973-4bcf-9562-3774881e7e1e/1/0GT7y41M2U2Z4n9p1prIFuSSpCU.roa
Signing time:             Fri 02 Jan 2026 08:18:57 +0000
ROA not before:           Fri 02 Jan 2026 08:18:57 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204228
IP address blocks:        2001:67c:24d8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/9ded2e-3973-4bcf-9562-3774881e7e1e/1/wpN7lGGj0mbpNYNOUEehgiODYsg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/9ded2e-3973-4bcf-9562-3774881e7e1e/1/wpN7lGGj0mbpNYNOUEehgiODYsg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wpN7lGGj0mbpNYNOUEehgiODYsg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 20:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:c9:d3:c6:06:55:f9:96:ae:9a:a0:2e:a6:ca:07:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2937b9461a3d266e935834e5047a182238362c8
        Validity
            Not Before: Jan  2 08:18:57 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d064fbcb8d4cd94d99e27f69d69ac816e492a425
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:03:9b:41:ef:79:5e:d0:03:97:46:cb:ca:a7:
                    37:49:24:55:9f:ac:0c:4d:54:f2:38:e2:38:e1:43:
                    aa:a8:ce:0e:b4:7e:7f:a3:a0:3f:ee:7a:04:05:21:
                    37:28:63:6d:5a:5b:29:be:ae:a2:00:30:46:03:c3:
                    a5:0a:89:b0:16:3f:59:d7:38:55:3a:e8:13:5a:df:
                    7c:42:03:0e:bd:75:7a:2b:de:bf:ab:e4:24:3f:48:
                    2e:7b:5d:7f:cb:37:e1:83:3b:63:fd:76:e1:78:2b:
                    20:dc:c5:c5:66:03:35:ca:bf:d6:e1:9b:2c:41:5a:
                    c5:5b:05:38:2f:63:ed:f1:4f:a7:54:cd:f9:83:11:
                    89:bf:de:21:8e:9f:af:e1:b2:0c:d6:56:cd:fa:b3:
                    24:de:24:86:9f:79:65:5d:eb:b0:c8:09:69:3d:be:
                    fd:fb:9e:75:ed:09:8f:0d:6f:55:13:cf:b1:97:9a:
                    ff:a4:fb:73:98:45:44:22:6d:f9:5d:2c:c1:fa:f3:
                    9c:45:58:81:2d:47:f2:a0:82:45:60:a3:43:09:3f:
                    8c:a4:b5:b7:05:49:ea:b2:2a:17:92:72:a5:bf:a2:
                    f9:df:10:b6:d1:0d:e9:19:42:4c:b6:64:d9:a8:7e:
                    65:9a:d4:61:68:28:f2:be:36:0e:1e:ba:ca:ea:e7:
                    a2:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:64:FB:CB:8D:4C:D9:4D:99:E2:7F:69:D6:9A:C8:16:E4:92:A4:25
            X509v3 Authority Key Identifier:
                keyid:C2:93:7B:94:61:A3:D2:66:E9:35:83:4E:50:47:A1:82:23:83:62:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wpN7lGGj0mbpNYNOUEehgiODYsg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/9ded2e-3973-4bcf-9562-3774881e7e1e/1/0GT7y41M2U2Z4n9p1prIFuSSpCU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/9ded2e-3973-4bcf-9562-3774881e7e1e/1/wpN7lGGj0mbpNYNOUEehgiODYsg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:24d8::/48

    Signature Algorithm: sha256WithRSAEncryption
         14:15:ce:86:14:c0:87:e0:40:8c:46:8a:52:b7:99:ac:96:d4:
         b5:bf:d6:ad:4e:69:d9:bb:cb:e8:c5:f1:2b:d3:59:9e:7e:88:
         a5:ed:47:b3:be:d6:36:6b:13:d3:a6:95:ef:da:27:1f:85:34:
         95:e4:7f:6e:c1:c1:cd:f0:9a:9a:bb:0e:f8:ef:0c:7e:9c:e7:
         14:14:b7:a8:1e:03:3f:9a:6b:67:72:8a:e5:01:9e:27:24:e3:
         ff:7f:f4:06:bd:49:3c:96:5a:b7:cc:ef:24:2f:a8:5e:aa:ea:
         e5:0f:32:26:04:4f:b9:77:63:70:f5:c5:b0:1c:1e:19:3c:e5:
         e0:01:c7:5e:6d:ed:02:d4:65:6b:14:95:a6:66:e1:86:f3:99:
         46:54:f7:56:f0:9c:59:e8:db:20:77:23:d6:74:eb:3f:50:93:
         8e:68:1d:fe:b6:70:66:fc:05:6c:45:1c:d0:6d:85:1c:63:4f:
         b0:fa:36:8c:89:51:5a:43:83:d8:1f:eb:e7:57:41:22:43:d6:
         53:42:3f:35:b8:01:14:d9:2e:e9:a1:af:14:d4:f8:c4:85:76:
         69:e6:e6:91:55:3e:33:87:51:54:ff:88:ce:cf:8a:c2:92:93:
         3c:b9:38:a7:1c:5d:0c:cf:71:ec:3a:e2:b3:12:56:f1:0e:c1:
         14:c0:42:0b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt9ydPGBlX5lq6aoC6mygfTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyOTM3Yjk0NjFhM2QyNjZlOTM1ODM0ZTUwNDdhMTgyMjM4
MzYyYzgwHhcNMjYwMTAyMDgxODU3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDY0ZmJjYjhkNGNkOTRkOTllMjdmNjlkNjlhYzgxNmU0OTJhNDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArAObQe95XtADl0bLyqc3SSRVn6wM
TVTyOOI44UOqqM4OtH5/o6A/7noEBSE3KGNtWlspvq6iADBGA8OlComwFj9Z1zhV
OugTWt98QgMOvXV6K96/q+QkP0gue11/yzfhgztj/XbheCsg3MXFZgM1yr/W4Zss
QVrFWwU4L2Pt8U+nVM35gxGJv94hjp+v4bIM1lbN+rMk3iSGn3llXeuwyAlpPb79
+5517QmPDW9VE8+xl5r/pPtzmEVEIm35XSzB+vOcRViBLUfyoIJFYKNDCT+MpLW3
BUnqsioXknKlv6L53xC20Q3pGUJMtmTZqH5lmtRhaCjyvjYOHrrK6ueiIQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNBk+8uNTNlNmeJ/adaayBbkkqQlMB8GA1UdIwQY
MBaAFMKTe5Rho9Jm6TWDTlBHoYIjg2LIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3BON2xHR2owbWJwTllOT1VFZWhnaU9EWXNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC85ZGVkMmUtMzk3My00YmNmLTk1NjIt
Mzc3NDg4MWU3ZTFlLzEvMEdUN3k0MU0yVTJaNG45cDFwcklGdVNTcENVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC85ZGVkMmUtMzk3My00YmNmLTk1NjItMzc3NDg4MWU3ZTFl
LzEvd3BON2xHR2owbWJwTllOT1VFZWhnaU9EWXNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCTY
MA0GCSqGSIb3DQEBCwUAA4IBAQAUFc6GFMCH4ECMRopSt5msltS1v9atTmnZu8vo
xfEr01mefoil7UezvtY2axPTppXv2icfhTSV5H9uwcHN8Jqauw747wx+nOcUFLeo
HgM/mmtncorlAZ4nJOP/f/QGvUk8llq3zO8kL6hequrlDzImBE+5d2Nw9cWwHB4Z
POXgAcdebe0C1GVrFJWmZuGG85lGVPdW8JxZ6NsgdyPWdOs/UJOOaB3+tnBm/AVs
RRzQbYUcY0+w+jaMiVFaQ4PYH+vnV0EiQ9ZTQj81uAEU2S7poa8U1PjEhXZp5uaR
VT4zh1FU/4jOz4rCkpM8uTinHF0Mz3HsOuKzElbxDsEUwEIL
-----END CERTIFICATE-----