Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/iYRydtn28vqpqCP4zz0aEw9fsl4.roa
File:                     iYRydtn28vqpqCP4zz0aEw9fsl4.roa (raw, json)
Hash identifier:          07ZlSh2GML4mST0arWu48KMNOjJpITz8gl57pdwJRxk=
Subject key identifier:   89:84:72:76:D9:F6:F2:FA:A9:A8:23:F8:CF:3D:1A:13:0F:5F:B2:5E
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       019DF9B79B0FFF8107C7646868C136E951B1
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/iYRydtn28vqpqCP4zz0aEw9fsl4.roa
Signing time:             Tue 05 May 2026 19:57:32 +0000
ROA not before:           Tue 05 May 2026 19:57:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207135
IP address blocks:        2a0c:9a40:8b70::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 22:28:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f9:b7:9b:0f:ff:81:07:c7:64:68:68:c1:36:e9:51:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: May  5 19:57:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=89847276d9f6f2faa9a823f8cf3d1a130f5fb25e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:e1:37:a9:63:61:b9:0d:dd:c8:39:30:b4:c3:
                    1e:5e:ea:a6:f6:2a:b7:4a:83:33:6d:90:7d:4a:ae:
                    e3:5d:99:ba:6e:b9:2c:20:73:93:3c:b9:8d:8e:89:
                    e0:77:ef:5e:2e:2f:80:85:1d:cd:4b:40:ee:f0:6c:
                    a3:62:9e:d0:14:8f:95:44:11:9b:f4:05:fa:2e:f8:
                    6d:40:74:e1:12:5e:b2:cc:90:cd:e4:89:a3:05:fe:
                    e8:aa:88:a9:1e:28:3c:1f:ad:88:e8:14:64:5a:50:
                    0d:82:12:80:fe:ed:75:65:b2:6c:ce:4e:f8:31:3e:
                    cf:fa:0f:20:5b:d0:db:a7:0f:3c:8c:54:67:c6:22:
                    a9:7c:69:b8:3a:a7:a9:1b:be:3b:91:19:b6:17:c9:
                    97:81:e6:f3:d7:56:76:b9:2a:d3:ce:a5:d1:21:c9:
                    ae:3e:6e:e1:a5:5f:ef:9e:21:47:a0:29:fb:96:66:
                    04:b0:90:45:2c:3a:80:30:2f:50:98:a9:82:ab:b7:
                    0f:4f:f7:f3:ab:64:93:9c:8d:8e:3c:da:ec:68:47:
                    1b:23:8d:fc:f6:b6:5e:91:de:3a:f7:2d:37:07:88:
                    cd:f3:b5:a9:bd:61:ff:df:5f:0a:72:2c:8f:c6:f5:
                    10:bc:b7:41:e1:6b:1c:5e:ae:7e:94:b8:fd:fe:2c:
                    0c:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:84:72:76:D9:F6:F2:FA:A9:A8:23:F8:CF:3D:1A:13:0F:5F:B2:5E
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/iYRydtn28vqpqCP4zz0aEw9fsl4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8b70::/48

    Signature Algorithm: sha256WithRSAEncryption
         54:ec:f4:55:c5:60:5a:a3:79:b2:ce:dd:1d:d6:8a:8c:81:34:
         b3:11:4b:5b:72:f6:6f:05:98:b2:ab:a2:cf:a8:80:c9:b6:70:
         21:42:02:83:d7:30:a5:39:28:13:18:96:86:ef:77:00:9a:b1:
         1d:13:62:a2:4f:ec:f8:54:10:cc:4b:11:5c:2d:26:23:ad:f2:
         44:f1:28:3d:48:91:cd:1f:52:5b:ad:77:4e:6c:2b:63:2b:02:
         3e:c2:68:e4:b2:d8:5f:81:44:d3:26:ce:69:d2:86:da:61:a7:
         54:c1:e5:a0:bf:02:9a:e4:ae:43:64:87:dd:9a:90:1d:a6:e2:
         a0:8e:23:fe:38:f5:7a:cd:75:54:b0:f4:42:2c:15:72:93:5e:
         55:c4:3e:c6:30:03:20:db:f4:36:fc:5d:b2:dd:f2:94:f0:8e:
         6d:60:90:8e:38:a4:1d:5e:b6:b8:ed:6f:05:07:31:80:18:b6:
         51:3f:30:c9:77:c8:01:d6:1a:33:52:ac:9b:9d:46:34:77:0d:
         2b:04:c0:71:02:53:d3:52:a6:15:fb:96:8f:03:65:e3:67:9c:
         96:7c:41:20:d0:1a:d3:7e:b0:ff:51:6b:20:7a:f3:f3:e0:53:
         c2:68:e4:cb:55:a0:a2:00:08:6a:a2:64:f0:8d:d0:71:3a:9d:
         44:89:f3:1e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ35t5sP/4EHx2RoaME26VGxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjYwNTA1MTk1NzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTg0NzI3NmQ5ZjZmMmZhYTlhODIzZjhjZjNkMWExMzBmNWZiMjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyOE3qWNhuQ3dyDkwtMMeXuqm9iq3
SoMzbZB9Sq7jXZm6brksIHOTPLmNjongd+9eLi+AhR3NS0Du8GyjYp7QFI+VRBGb
9AX6LvhtQHThEl6yzJDN5ImjBf7oqoipHig8H62I6BRkWlANghKA/u11ZbJszk74
MT7P+g8gW9Dbpw88jFRnxiKpfGm4OqepG747kRm2F8mXgebz11Z2uSrTzqXRIcmu
Pm7hpV/vniFHoCn7lmYEsJBFLDqAMC9QmKmCq7cPT/fzq2STnI2OPNrsaEcbI438
9rZekd469y03B4jN87WpvWH/318KciyPxvUQvLdB4WscXq5+lLj9/iwMnQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFImEcnbZ9vL6qagj+M89GhMPX7JeMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvaVlSeWR0bjI4dnFwcUNQNHp6MGFFdzlmc2w0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQItw
MA0GCSqGSIb3DQEBCwUAA4IBAQBU7PRVxWBao3myzt0d1oqMgTSzEUtbcvZvBZiy
q6LPqIDJtnAhQgKD1zClOSgTGJaG73cAmrEdE2KiT+z4VBDMSxFcLSYjrfJE8Sg9
SJHNH1JbrXdObCtjKwI+wmjksthfgUTTJs5p0obaYadUweWgvwKa5K5DZIfdmpAd
puKgjiP+OPV6zXVUsPRCLBVyk15VxD7GMAMg2/Q2/F2y3fKU8I5tYJCOOKQdXra4
7W8FBzGAGLZRPzDJd8gB1hozUqybnUY0dw0rBMBxAlPTUqYV+5aPA2XjZ5yWfEEg
0BrTfrD/UWsgevPz4FPCaOTLVaCiAAhqomTwjdBxOp1EifMe
-----END CERTIFICATE-----