Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/pWdeWVGAaA4v81sq1kjJ90FAA0A.roa
File:                     pWdeWVGAaA4v81sq1kjJ90FAA0A.roa (raw, json)
Hash identifier:          lDM5S0lqVHfLAllpbRmwu5hInFsLyYY1O1ttwbVQ1Ow=
Subject key identifier:   A5:67:5E:59:51:80:68:0E:2F:F3:5B:2A:D6:48:C9:F7:41:40:03:40
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       019DB459F48E470BC3F303171EDA7480C7F4
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/pWdeWVGAaA4v81sq1kjJ90FAA0A.roa
Signing time:             Wed 22 Apr 2026 08:41:27 +0000
ROA not before:           Wed 22 Apr 2026 08:41:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198679
IP address blocks:        2a0c:9a40:8b60::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b4:59:f4:8e:47:0b:c3:f3:03:17:1e:da:74:80:c7:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Apr 22 08:41:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a5675e595180680e2ff35b2ad648c9f741400340
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:5d:0b:0e:38:5e:f9:56:d2:46:dd:93:4c:14:
                    65:72:2b:2c:23:a0:04:34:f2:c6:3b:7b:c9:39:fc:
                    5d:9c:12:25:80:fa:93:a8:af:dc:b4:b6:ea:cd:d5:
                    95:39:2c:c9:d5:ce:0a:a2:ed:1d:95:a5:a3:1f:36:
                    70:bc:66:f0:4b:7e:14:1a:af:c5:24:42:9a:bb:fb:
                    00:8f:3f:bf:a0:03:25:d8:fb:ad:7d:3c:7f:a2:da:
                    63:33:aa:d7:11:38:10:68:6a:b6:b4:73:5b:ed:87:
                    fc:1d:37:a9:0f:ed:e5:aa:60:72:72:bc:c8:1a:86:
                    a7:20:cb:de:58:02:c7:8b:c0:8d:10:03:a4:a4:a3:
                    b6:15:75:e0:85:f7:4c:4b:7f:f0:8c:b0:ed:17:19:
                    c1:38:f8:6a:75:cd:f4:40:99:e9:f7:64:18:f2:b9:
                    89:41:99:8b:c6:10:26:04:ac:1b:34:ee:47:6b:8d:
                    5e:5e:b7:76:c3:42:06:40:3e:31:27:6a:be:8e:4b:
                    d4:ad:69:a6:37:45:07:5d:4f:0a:eb:88:30:c6:00:
                    1d:16:e7:cf:99:45:d4:a1:9d:a5:70:48:16:a3:56:
                    9e:e9:57:7f:ab:23:3a:f1:f9:94:c3:cd:fd:a6:da:
                    e1:43:43:a6:75:ec:cc:23:e2:11:27:de:8f:e6:9c:
                    1b:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:67:5E:59:51:80:68:0E:2F:F3:5B:2A:D6:48:C9:F7:41:40:03:40
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/pWdeWVGAaA4v81sq1kjJ90FAA0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8b60::/48

    Signature Algorithm: sha256WithRSAEncryption
         78:98:5c:47:d4:53:94:c3:ee:4e:d5:be:52:13:da:16:c2:ec:
         f9:90:3e:c5:a3:87:0d:5b:b9:4b:62:ee:25:03:25:d3:4d:69:
         a4:eb:c5:ef:40:6f:06:4f:51:86:ba:f8:0f:04:7c:9b:ee:b2:
         72:01:85:1b:a0:9a:97:b9:51:18:e4:cf:9c:a1:67:44:8f:ad:
         9e:74:45:3b:dd:28:24:98:d8:5a:82:70:05:44:81:cf:de:1c:
         bf:4d:57:f0:6c:78:1d:d9:5e:61:e1:c9:7b:cc:21:4a:34:a5:
         4c:11:e6:67:73:b4:c7:be:b3:f0:be:3e:a6:7f:78:7a:07:eb:
         d1:a6:5f:63:f4:85:c7:73:c0:e0:32:23:a3:3f:d4:55:53:73:
         a2:c2:3c:fb:24:c2:97:d7:2a:00:92:05:57:18:71:09:f0:32:
         09:0b:97:b1:d2:f3:5e:44:7d:1d:50:25:4f:e6:1c:43:94:ce:
         d8:0c:b5:ec:e0:f4:11:7b:23:51:bc:b6:9d:da:f4:67:09:dc:
         a2:67:e4:53:18:db:66:27:8f:93:e7:d4:77:83:e9:14:ba:c0:
         a8:c9:27:cd:05:d5:73:98:a0:81:35:67:5d:2e:73:cd:13:9a:
         40:92:70:6e:8c:67:68:16:19:66:48:df:4b:47:25:f9:9f:9a:
         5c:22:e2:13
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ20WfSORwvD8wMXHtp0gMf0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjYwNDIyMDg0MTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTY3NWU1OTUxODA2ODBlMmZmMzViMmFkNjQ4YzlmNzQxNDAwMzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA210LDjhe+VbSRt2TTBRlcissI6AE
NPLGO3vJOfxdnBIlgPqTqK/ctLbqzdWVOSzJ1c4Kou0dlaWjHzZwvGbwS34UGq/F
JEKau/sAjz+/oAMl2PutfTx/otpjM6rXETgQaGq2tHNb7Yf8HTepD+3lqmBycrzI
GoanIMveWALHi8CNEAOkpKO2FXXghfdMS3/wjLDtFxnBOPhqdc30QJnp92QY8rmJ
QZmLxhAmBKwbNO5Ha41eXrd2w0IGQD4xJ2q+jkvUrWmmN0UHXU8K64gwxgAdFufP
mUXUoZ2lcEgWo1ae6Vd/qyM68fmUw839ptrhQ0OmdezMI+IRJ96P5pwbBQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKVnXllRgGgOL/NbKtZIyfdBQANAMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvcFdkZVdWR0FhQTR2ODFzcTFrako5MEZBQTBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQItg
MA0GCSqGSIb3DQEBCwUAA4IBAQB4mFxH1FOUw+5O1b5SE9oWwuz5kD7Fo4cNW7lL
Yu4lAyXTTWmk68XvQG8GT1GGuvgPBHyb7rJyAYUboJqXuVEY5M+coWdEj62edEU7
3SgkmNhagnAFRIHP3hy/TVfwbHgd2V5h4cl7zCFKNKVMEeZnc7THvrPwvj6mf3h6
B+vRpl9j9IXHc8DgMiOjP9RVU3Oiwjz7JMKX1yoAkgVXGHEJ8DIJC5ex0vNeRH0d
UCVP5hxDlM7YDLXs4PQReyNRvLad2vRnCdyiZ+RTGNtmJ4+T59R3g+kUusCoySfN
BdVzmKCBNWddLnPNE5pAknBujGdoFhlmSN9LRyX5n5pcIuIT
-----END CERTIFICATE-----