Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/d097bf-b0f5-43e1-86a2-cfb8da549067/1/dA2kQy1CEpRjG-WpcIPDo0fNj_U.roa
File:                     dA2kQy1CEpRjG-WpcIPDo0fNj_U.roa (raw, json)
Hash identifier:          34qC0ba+jHJ0/HlrlkGPxR8gsGyNsT6joxkYh8yI9wI=
Subject key identifier:   74:0D:A4:43:2D:42:12:94:63:1B:E5:A9:70:83:C3:A3:47:CD:8F:F5
Certificate issuer:       /CN=2a1e65f8083c859bcd0d2c52a1e061eb5131f5f1
Certificate serial:       019D44F6CAFABC27CF81C394729FD436ACF3
Authority key identifier: 2A:1E:65:F8:08:3C:85:9B:CD:0D:2C:52:A1:E0:61:EB:51:31:F5:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kh5l-Ag8hZvNDSxSoeBh61Ex9fE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/d097bf-b0f5-43e1-86a2-cfb8da549067/1/dA2kQy1CEpRjG-WpcIPDo0fNj_U.roa
Signing time:             Tue 31 Mar 2026 17:35:17 +0000
ROA not before:           Tue 31 Mar 2026 17:35:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210972
IP address blocks:        2a03:302:ffff::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/d097bf-b0f5-43e1-86a2-cfb8da549067/1/Kh5l-Ag8hZvNDSxSoeBh61Ex9fE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/d097bf-b0f5-43e1-86a2-cfb8da549067/1/Kh5l-Ag8hZvNDSxSoeBh61Ex9fE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kh5l-Ag8hZvNDSxSoeBh61Ex9fE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:44:f6:ca:fa:bc:27:cf:81:c3:94:72:9f:d4:36:ac:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a1e65f8083c859bcd0d2c52a1e061eb5131f5f1
        Validity
            Not Before: Mar 31 17:35:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=740da4432d421294631be5a97083c3a347cd8ff5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:46:94:75:d2:6a:e2:d5:e6:4d:3c:50:e3:da:
                    db:43:6f:16:b6:02:45:18:a2:58:da:8d:b3:ca:e7:
                    0c:35:83:fb:05:20:29:fe:1c:be:03:da:ff:27:e0:
                    94:6c:63:18:84:f3:e0:3e:42:0a:1e:2b:48:d2:7e:
                    98:99:54:c0:9d:d7:87:7c:3c:01:24:80:7c:04:bc:
                    69:78:ab:d6:e3:c4:7e:1b:3b:9f:60:c3:fb:b1:ee:
                    ae:49:c3:eb:f1:a0:c9:ea:28:df:20:70:17:be:69:
                    bf:f0:76:29:93:e4:c3:bb:cc:1c:76:e3:05:c3:60:
                    80:07:ed:1f:83:97:a5:de:a5:0f:eb:23:39:b2:ad:
                    be:89:c6:37:c3:fa:d5:c0:8a:9a:5c:0b:17:d5:5c:
                    8a:57:a3:3a:c0:79:d4:0f:93:79:65:d1:d0:24:0c:
                    18:06:cb:b4:60:86:8e:5c:72:38:24:e5:ce:46:23:
                    9e:28:d5:17:74:e8:dd:df:68:0d:2f:ac:3c:9f:99:
                    54:95:04:2d:45:78:b4:0b:ea:e5:9b:48:22:c7:c4:
                    da:ee:c2:06:a1:7f:1f:88:fb:e6:c4:5f:94:71:6e:
                    4f:93:f4:23:1f:02:4b:b9:c0:bb:d6:9e:50:cb:1a:
                    ee:93:cb:47:13:5f:5a:f6:a0:45:fb:b8:d5:8c:6c:
                    70:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:0D:A4:43:2D:42:12:94:63:1B:E5:A9:70:83:C3:A3:47:CD:8F:F5
            X509v3 Authority Key Identifier:
                keyid:2A:1E:65:F8:08:3C:85:9B:CD:0D:2C:52:A1:E0:61:EB:51:31:F5:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kh5l-Ag8hZvNDSxSoeBh61Ex9fE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/d097bf-b0f5-43e1-86a2-cfb8da549067/1/dA2kQy1CEpRjG-WpcIPDo0fNj_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/d097bf-b0f5-43e1-86a2-cfb8da549067/1/Kh5l-Ag8hZvNDSxSoeBh61Ex9fE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:302:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:10:d5:b2:81:3f:84:9f:bf:a4:0c:57:9d:5f:e8:8e:22:2d:
         fe:c2:46:32:e3:cf:03:ae:ac:f2:c4:23:10:c6:7a:e4:9b:8d:
         2f:ab:91:6c:d5:e7:0b:c9:73:16:71:14:e6:ee:a9:37:5e:e1:
         2c:e0:d3:dd:7c:4e:b5:72:be:dd:e8:ca:7a:e1:b4:8c:36:69:
         10:93:ff:3d:7d:83:43:87:36:87:c5:8e:bf:89:e8:55:24:05:
         92:97:4a:a1:39:09:c1:d1:86:56:a7:39:82:e1:0d:c6:73:6a:
         ae:99:29:ed:b8:e4:5f:a8:cb:73:d9:e6:34:61:27:e4:1e:da:
         08:19:9d:0e:14:79:f7:68:53:9c:39:47:10:95:5e:26:33:e8:
         44:48:f8:9d:73:bd:0b:bc:19:ec:ea:bb:f9:b6:39:41:0b:68:
         73:45:05:a3:a3:55:d3:d5:58:a0:06:af:14:71:21:23:40:6c:
         5c:88:0b:de:23:5d:c4:b6:f8:7d:64:9b:9a:41:ea:63:08:4f:
         3c:23:f1:6a:7a:2f:eb:da:47:aa:f4:8a:cb:ff:94:2c:ed:e3:
         8c:99:93:fb:d8:d9:a9:bd:7c:08:d8:aa:56:70:74:4e:37:eb:
         05:ec:d5:6c:ca:10:52:d7:ab:2d:36:7f:38:2a:ad:50:09:be:
         a5:af:aa:ea
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ1E9sr6vCfPgcOUcp/UNqzzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhMWU2NWY4MDgzYzg1OWJjZDBkMmM1MmExZTA2MWViNTEz
MWY1ZjEwHhcNMjYwMzMxMTczNTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDBkYTQ0MzJkNDIxMjk0NjMxYmU1YTk3MDgzYzNhMzQ3Y2Q4ZmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2EaUddJq4tXmTTxQ49rbQ28WtgJF
GKJY2o2zyucMNYP7BSAp/hy+A9r/J+CUbGMYhPPgPkIKHitI0n6YmVTAndeHfDwB
JIB8BLxpeKvW48R+GzufYMP7se6uScPr8aDJ6ijfIHAXvmm/8HYpk+TDu8wcduMF
w2CAB+0fg5el3qUP6yM5sq2+icY3w/rVwIqaXAsX1VyKV6M6wHnUD5N5ZdHQJAwY
Bsu0YIaOXHI4JOXORiOeKNUXdOjd32gNL6w8n5lUlQQtRXi0C+rlm0gix8Ta7sIG
oX8fiPvmxF+UcW5Pk/QjHwJLucC71p5Qyxruk8tHE19a9qBF+7jVjGxw4QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHQNpEMtQhKUYxvlqXCDw6NHzY/1MB8GA1UdIwQY
MBaAFCoeZfgIPIWbzQ0sUqHgYetRMfXxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2g1bC1BZzhoWnZORFN4U29lQmg2MUV4OWZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9kMDk3YmYtYjBmNS00M2UxLTg2YTIt
Y2ZiOGRhNTQ5MDY3LzEvZEEya1F5MUNFcFJqRy1XcGNJUERvMGZOal9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9kMDk3YmYtYjBmNS00M2UxLTg2YTItY2ZiOGRhNTQ5MDY3
LzEvS2g1bC1BZzhoWnZORFN4U29lQmg2MUV4OWZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgMDAv//
MA0GCSqGSIb3DQEBCwUAA4IBAQAGENWygT+En7+kDFedX+iOIi3+wkYy488Drqzy
xCMQxnrkm40vq5Fs1ecLyXMWcRTm7qk3XuEs4NPdfE61cr7d6Mp64bSMNmkQk/89
fYNDhzaHxY6/iehVJAWSl0qhOQnB0YZWpzmC4Q3Gc2qumSntuORfqMtz2eY0YSfk
HtoIGZ0OFHn3aFOcOUcQlV4mM+hESPidc70LvBns6rv5tjlBC2hzRQWjo1XT1Vig
Bq8UcSEjQGxciAveI13Etvh9ZJuaQepjCE88I/Fqei/r2keq9IrL/5Qs7eOMmZP7
2NmpvXwI2KpWcHRON+sF7NVsyhBS16stNn84Kq1QCb6lr6rq
-----END CERTIFICATE-----