Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/de5411-4da9-4c86-a629-a44987accecc/1/pMAiTF1ySg9ogcwhwA1KzWh15ZU.roa
File:                     pMAiTF1ySg9ogcwhwA1KzWh15ZU.roa (raw, json)
Hash identifier:          cD1iyHvMqU0IUOL/sirhVf8EXZ1S7JtYKgjAxXeAnfA=
Subject key identifier:   A4:C0:22:4C:5D:72:4A:0F:68:81:CC:21:C0:0D:4A:CD:68:75:E5:95
Certificate issuer:       /CN=a3e62dfb95c8ee3058eab085fc50f45aab7a03ef
Certificate serial:       019CE09CFF33F8C35CE3CD1BDC408568E716
Authority key identifier: A3:E6:2D:FB:95:C8:EE:30:58:EA:B0:85:FC:50:F4:5A:AB:7A:03:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o-Yt-5XI7jBY6rCF_FD0Wqt6A-8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/de5411-4da9-4c86-a629-a44987accecc/1/pMAiTF1ySg9ogcwhwA1KzWh15ZU.roa
Signing time:             Thu 12 Mar 2026 05:55:11 +0000
ROA not before:           Thu 12 Mar 2026 05:55:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44941
IP address blocks:        2a12:b787:fff8::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/de5411-4da9-4c86-a629-a44987accecc/1/o-Yt-5XI7jBY6rCF_FD0Wqt6A-8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/de5411-4da9-4c86-a629-a44987accecc/1/o-Yt-5XI7jBY6rCF_FD0Wqt6A-8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o-Yt-5XI7jBY6rCF_FD0Wqt6A-8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e0:9c:ff:33:f8:c3:5c:e3:cd:1b:dc:40:85:68:e7:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3e62dfb95c8ee3058eab085fc50f45aab7a03ef
        Validity
            Not Before: Mar 12 05:55:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a4c0224c5d724a0f6881cc21c00d4acd6875e595
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:00:4a:6b:13:91:5a:a6:76:f8:22:f2:ee:61:
                    20:73:2b:fc:9d:be:7e:57:31:8c:69:94:8e:08:f1:
                    ac:1f:ac:c4:2f:f9:63:af:7b:fb:cc:75:e9:c5:41:
                    38:d9:33:e7:c5:45:ab:5c:f2:b0:c2:63:a5:d6:73:
                    24:5f:f4:be:da:3f:3d:c5:97:2f:45:62:f8:1a:e0:
                    b1:2d:13:5a:91:dd:42:67:a1:4b:73:2e:05:8c:85:
                    7a:e6:1f:d8:a9:08:8f:7f:0b:e0:f2:3b:fd:8c:20:
                    eb:3e:ae:1b:7a:e9:68:32:56:40:13:54:52:47:83:
                    e8:17:40:61:0d:d8:98:ee:d2:62:78:fa:0c:70:f5:
                    61:e0:7b:90:8c:c2:fc:60:85:df:1e:a0:be:03:f6:
                    86:fe:4d:88:78:a1:60:53:4a:1e:d7:43:22:2c:2d:
                    05:73:c9:5c:46:9e:9e:8a:f3:1b:62:ed:51:b8:dd:
                    61:67:f9:a4:25:a0:80:bb:92:f8:54:e1:b6:f6:d8:
                    6b:d7:ea:8b:a9:2a:cd:4c:c1:72:96:ae:e6:00:1d:
                    6d:9d:e2:33:31:92:4f:79:3a:96:37:61:b3:1c:1c:
                    ce:75:08:f1:bf:8b:12:d6:79:8d:e2:66:a3:f1:4c:
                    d2:28:a2:70:4c:1d:07:3e:01:c9:37:ad:e8:3d:40:
                    b6:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:C0:22:4C:5D:72:4A:0F:68:81:CC:21:C0:0D:4A:CD:68:75:E5:95
            X509v3 Authority Key Identifier:
                keyid:A3:E6:2D:FB:95:C8:EE:30:58:EA:B0:85:FC:50:F4:5A:AB:7A:03:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o-Yt-5XI7jBY6rCF_FD0Wqt6A-8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/de5411-4da9-4c86-a629-a44987accecc/1/pMAiTF1ySg9ogcwhwA1KzWh15ZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/de5411-4da9-4c86-a629-a44987accecc/1/o-Yt-5XI7jBY6rCF_FD0Wqt6A-8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:b787:fff8::/46

    Signature Algorithm: sha256WithRSAEncryption
         10:aa:5b:04:cd:3d:97:f6:2e:d2:5c:e3:75:d4:c4:5a:9b:9b:
         d7:83:8a:4c:b5:05:a2:92:b6:5c:ce:eb:fc:fa:3b:fb:95:e8:
         cc:c5:26:3a:5c:16:8d:43:5c:9d:f7:34:8b:ad:d7:7f:35:ca:
         41:aa:1b:07:d7:ec:3b:d2:4e:a0:55:9a:3e:66:20:b1:a0:1c:
         eb:63:22:6d:f7:1f:05:86:97:16:d4:8d:a4:bd:b9:18:45:ef:
         c6:58:1b:2f:14:ef:c9:83:80:4b:9b:6b:b2:f8:2e:66:e7:4c:
         b9:e1:37:64:46:3d:e3:61:4f:47:1f:5b:92:3d:4b:19:4a:d4:
         28:e3:73:3b:d3:06:4f:ec:34:82:05:b1:9c:1c:8a:37:ce:02:
         03:16:bf:f8:05:55:4e:f5:98:37:dd:ed:21:ff:64:41:96:91:
         cc:62:2b:1a:44:d7:34:75:05:d2:65:fb:56:60:bf:03:95:b0:
         48:38:7a:af:d7:e2:47:a8:5c:99:9a:ff:49:14:9e:80:9a:ed:
         4f:c9:65:f3:17:de:84:4f:74:cc:17:57:ce:a0:8c:80:f8:e5:
         19:1c:4c:f7:61:49:f8:95:18:62:a1:ec:96:a5:d7:92:51:74:
         ae:97:c3:e2:dc:d0:c5:f3:c4:f8:6f:a8:e1:3e:c5:96:b1:a4:
         e9:30:58:b6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZzgnP8z+MNc480b3ECFaOcWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzZTYyZGZiOTVjOGVlMzA1OGVhYjA4NWZjNTBmNDVhYWI3
YTAzZWYwHhcNMjYwMzEyMDU1NTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGMwMjI0YzVkNzI0YTBmNjg4MWNjMjFjMDBkNGFjZDY4NzVlNTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgBKaxORWqZ2+CLy7mEgcyv8nb5+
VzGMaZSOCPGsH6zEL/ljr3v7zHXpxUE42TPnxUWrXPKwwmOl1nMkX/S+2j89xZcv
RWL4GuCxLRNakd1CZ6FLcy4FjIV65h/YqQiPfwvg8jv9jCDrPq4beuloMlZAE1RS
R4PoF0BhDdiY7tJiePoMcPVh4HuQjML8YIXfHqC+A/aG/k2IeKFgU0oe10MiLC0F
c8lcRp6eivMbYu1RuN1hZ/mkJaCAu5L4VOG29thr1+qLqSrNTMFylq7mAB1tneIz
MZJPeTqWN2GzHBzOdQjxv4sS1nmN4maj8UzSKKJwTB0HPgHJN63oPUC2IwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKTAIkxdckoPaIHMIcANSs1odeWVMB8GA1UdIwQY
MBaAFKPmLfuVyO4wWOqwhfxQ9FqregPvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvby1ZdC01WEk3akJZNnJDRl9GRDBXcXQ2QS04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9kZTU0MTEtNGRhOS00Yzg2LWE2Mjkt
YTQ0OTg3YWNjZWNjLzEvcE1BaVRGMXlTZzlvZ2N3aHdBMUt6V2gxNVpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9kZTU0MTEtNGRhOS00Yzg2LWE2MjktYTQ0OTg3YWNjZWNj
LzEvby1ZdC01WEk3akJZNnJDRl9GRDBXcXQ2QS04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKhK3h//4
MA0GCSqGSIb3DQEBCwUAA4IBAQAQqlsEzT2X9i7SXON11MRam5vXg4pMtQWikrZc
zuv8+jv7lejMxSY6XBaNQ1yd9zSLrdd/NcpBqhsH1+w70k6gVZo+ZiCxoBzrYyJt
9x8FhpcW1I2kvbkYRe/GWBsvFO/Jg4BLm2uy+C5m50y54TdkRj3jYU9HH1uSPUsZ
StQo43M70wZP7DSCBbGcHIo3zgIDFr/4BVVO9Zg33e0h/2RBlpHMYisaRNc0dQXS
ZftWYL8DlbBIOHqv1+JHqFyZmv9JFJ6Amu1PyWXzF96ET3TMF1fOoIyA+OUZHEz3
YUn4lRhioeyWpdeSUXSul8Pi3NDF88T4b6jhPsWWsaTpMFi2
-----END CERTIFICATE-----