Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/AYBhm-n2DtjBD2-_VERC8enxMWk.roa
File:                     AYBhm-n2DtjBD2-_VERC8enxMWk.roa (raw, json)
Hash identifier:          iqyny5FgxwGBplZSuXLriIUaCy7cAoMGn0iYdefGN7Q=
Subject key identifier:   01:80:61:9B:E9:F6:0E:D8:C1:0F:6F:BF:54:44:42:F1:E9:F1:31:69
Certificate issuer:       /CN=25776c77f8ebe7094ca007ace1a9c0bfdc2b3aec
Certificate serial:       019D8EE67122D95271514EAED159A0EFD18F
Authority key identifier: 25:77:6C:77:F8:EB:E7:09:4C:A0:07:AC:E1:A9:C0:BF:DC:2B:3A:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JXdsd_jr5wlMoAes4anAv9wrOuw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/AYBhm-n2DtjBD2-_VERC8enxMWk.roa
Signing time:             Wed 15 Apr 2026 02:09:20 +0000
ROA not before:           Wed 15 Apr 2026 02:09:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     38854
IP address blocks:        2a0b:21c1:602b::/48 maxlen: 48
                          2a0b:21c1:602c::/48 maxlen: 48
                          2a0b:21c1:6031::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/JXdsd_jr5wlMoAes4anAv9wrOuw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/JXdsd_jr5wlMoAes4anAv9wrOuw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JXdsd_jr5wlMoAes4anAv9wrOuw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8e:e6:71:22:d9:52:71:51:4e:ae:d1:59:a0:ef:d1:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25776c77f8ebe7094ca007ace1a9c0bfdc2b3aec
        Validity
            Not Before: Apr 15 02:09:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0180619be9f60ed8c10f6fbf544442f1e9f13169
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:c9:44:5b:8e:d4:01:85:40:fc:37:c3:28:49:
                    1d:59:11:d9:54:4e:83:06:42:5b:3c:07:6f:93:84:
                    93:29:8a:bc:20:e3:f4:4e:82:e4:58:d9:e4:21:da:
                    a8:9f:b4:e8:81:48:2c:42:05:5a:47:54:3d:b2:d0:
                    21:31:a8:cf:b5:c3:33:ba:23:13:9b:b1:27:2d:6b:
                    5d:73:3b:1b:b7:8e:14:58:eb:53:7d:9f:89:3c:04:
                    f2:30:93:cf:61:b6:68:aa:62:9f:f9:6f:ac:c0:86:
                    df:3e:c7:d7:b0:8f:8a:42:ea:bd:4d:b0:55:47:e6:
                    b9:53:36:c1:9f:1d:8a:f8:33:99:63:52:a0:46:a5:
                    c7:80:17:55:de:bd:c3:b7:0a:df:80:00:cd:65:3b:
                    ae:21:2f:c5:aa:52:34:41:64:d6:80:43:20:08:97:
                    78:3a:72:c3:52:2c:b1:8a:af:7a:a5:21:a9:98:84:
                    70:f3:a4:24:e7:d6:19:44:58:28:64:f7:49:5f:63:
                    6b:03:31:1d:c3:1a:f8:a2:18:22:09:02:41:c9:11:
                    b6:51:fe:8d:f6:df:8f:a9:f0:b6:19:e4:0a:f4:e4:
                    fc:3e:b3:c8:5c:14:7c:79:b2:04:19:ca:a0:37:31:
                    19:0d:e8:46:45:8b:e6:e1:67:54:67:7b:72:a5:06:
                    a7:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:80:61:9B:E9:F6:0E:D8:C1:0F:6F:BF:54:44:42:F1:E9:F1:31:69
            X509v3 Authority Key Identifier:
                keyid:25:77:6C:77:F8:EB:E7:09:4C:A0:07:AC:E1:A9:C0:BF:DC:2B:3A:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JXdsd_jr5wlMoAes4anAv9wrOuw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/AYBhm-n2DtjBD2-_VERC8enxMWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/57e08c-ca3a-4099-ae74-e7daec194a69/1/JXdsd_jr5wlMoAes4anAv9wrOuw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:21c1:602b::-2a0b:21c1:602c:ffff:ffff:ffff:ffff:ffff
                  2a0b:21c1:6031::/48

    Signature Algorithm: sha256WithRSAEncryption
         a4:54:d1:e4:08:9d:ad:d9:0a:ba:f9:00:20:89:67:77:e8:53:
         52:2b:76:6d:a7:5a:97:e8:92:45:11:6b:2b:79:86:4b:c8:2d:
         0c:82:09:bc:8c:05:9d:ea:9b:58:9a:1a:e0:89:b7:19:e8:19:
         ea:ea:5c:3c:b6:4a:58:41:b3:bf:1d:a7:31:54:9b:e3:ae:55:
         0a:e2:e0:24:17:36:ef:c9:e6:3b:a1:77:f1:eb:7f:ab:18:4a:
         1d:93:1e:60:47:98:7b:a2:76:9a:a3:db:7b:b4:d1:7e:7e:f9:
         4a:44:3b:b3:a3:6e:86:f7:39:47:dd:8e:ac:be:b6:48:4b:7d:
         31:3a:28:d5:a0:b6:9d:c6:d2:7b:79:7b:03:70:b2:74:e2:b8:
         c8:12:19:f7:42:bb:37:90:61:89:b7:5a:c6:8a:f4:5f:39:f4:
         e9:29:26:b3:18:e6:51:a8:9a:0b:03:46:1e:01:10:2f:a9:b9:
         2e:0d:16:fd:f2:fe:9b:e3:bf:c9:2b:ea:37:57:02:ea:8b:09:
         26:3c:eb:19:58:3a:d1:06:85:dd:66:fa:ad:6f:5d:af:1a:5b:
         b1:31:a6:b2:ff:09:d7:e7:54:7b:e1:48:79:e5:8b:26:61:c5:
         ae:7d:1c:51:82:74:4e:e4:c9:64:bb:20:c0:99:81:89:3d:cb:
         72:85:1e:9f
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZ2O5nEi2VJxUU6u0Vmg79GPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1Nzc2Yzc3ZjhlYmU3MDk0Y2EwMDdhY2UxYTljMGJmZGMy
YjNhZWMwHhcNMjYwNDE1MDIwOTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTgwNjE5YmU5ZjYwZWQ4YzEwZjZmYmY1NDQ0NDJmMWU5ZjEzMTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArMlEW47UAYVA/DfDKEkdWRHZVE6D
BkJbPAdvk4STKYq8IOP0ToLkWNnkIdqon7TogUgsQgVaR1Q9stAhMajPtcMzuiMT
m7EnLWtdczsbt44UWOtTfZ+JPATyMJPPYbZoqmKf+W+swIbfPsfXsI+KQuq9TbBV
R+a5UzbBnx2K+DOZY1KgRqXHgBdV3r3DtwrfgADNZTuuIS/FqlI0QWTWgEMgCJd4
OnLDUiyxiq96pSGpmIRw86Qk59YZRFgoZPdJX2NrAzEdwxr4ohgiCQJByRG2Uf6N
9t+PqfC2GeQK9OT8PrPIXBR8ebIEGcqgNzEZDehGRYvm4WdUZ3typQan9wIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFAGAYZvp9g7YwQ9vv1REQvHp8TFpMB8GA1UdIwQY
MBaAFCV3bHf46+cJTKAHrOGpwL/cKzrsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlhkc2RfanI1d2xNb0FlczRhbkF2OXdyT3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS81N2UwOGMtY2EzYS00MDk5LWFlNzQt
ZTdkYWVjMTk0YTY5LzEvQVlCaG0tbjJEdGpCRDItX1ZFUkM4ZW54TVdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS81N2UwOGMtY2EzYS00MDk5LWFlNzQtZTdkYWVjMTk0YTY5
LzEvSlhkc2RfanI1d2xNb0FlczRhbkF2OXdyT3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAjBAIAAjAdMBIDBwAqCyHB
YCsDBwAqCyHBYCwDBwAqCyHBYDEwDQYJKoZIhvcNAQELBQADggEBAKRU0eQIna3Z
Crr5ACCJZ3foU1Irdm2nWpfokkURayt5hkvILQyCCbyMBZ3qm1iaGuCJtxnoGerq
XDy2SlhBs78dpzFUm+OuVQri4CQXNu/J5juhd/Hrf6sYSh2THmBHmHuidpqj23u0
0X5++UpEO7Ojbob3OUfdjqy+tkhLfTE6KNWgtp3G0nt5ewNwsnTiuMgSGfdCuzeQ
YYm3WsaK9F859OkpJrMY5lGomgsDRh4BEC+puS4NFv3y/pvjv8kr6jdXAuqLCSY8
6xlYOtEGhd1m+q1vXa8aW7ExprL/CdfnVHvhSHnliyZhxa59HFGCdE7kyWS7IMCZ
gYk9y3KFHp8=
-----END CERTIFICATE-----