Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/080e92-fffe-47d9-a6e2-c238eae0663b/1/yclqX8OxwLUeoLNmUdSazDYDII4.roa
File:                     yclqX8OxwLUeoLNmUdSazDYDII4.roa (raw, json)
Hash identifier:          Rr2Lk5K8PcJhPAAwTj/NBcChacy1opQ3AXffZPPG+hQ=
Subject key identifier:   C9:C9:6A:5F:C3:B1:C0:B5:1E:A0:B3:66:51:D4:9A:CC:36:03:20:8E
Certificate issuer:       /CN=4f4b2aab1d67f6d4c058392b9137bd03228f7d2a
Certificate serial:       019E108B7ACB7FAD40BD29325291C24D659A
Authority key identifier: 4F:4B:2A:AB:1D:67:F6:D4:C0:58:39:2B:91:37:BD:03:22:8F:7D:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T0sqqx1n9tTAWDkrkTe9AyKPfSo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/080e92-fffe-47d9-a6e2-c238eae0663b/1/yclqX8OxwLUeoLNmUdSazDYDII4.roa
Signing time:             Sun 10 May 2026 06:20:36 +0000
ROA not before:           Sun 10 May 2026 06:20:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     1299
IP address blocks:        2a02:60a0:1000::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/080e92-fffe-47d9-a6e2-c238eae0663b/1/T0sqqx1n9tTAWDkrkTe9AyKPfSo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/080e92-fffe-47d9-a6e2-c238eae0663b/1/T0sqqx1n9tTAWDkrkTe9AyKPfSo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T0sqqx1n9tTAWDkrkTe9AyKPfSo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 12:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:10:8b:7a:cb:7f:ad:40:bd:29:32:52:91:c2:4d:65:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f4b2aab1d67f6d4c058392b9137bd03228f7d2a
        Validity
            Not Before: May 10 06:20:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c9c96a5fc3b1c0b51ea0b36651d49acc3603208e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:83:88:44:d9:fc:b2:72:77:93:4a:f3:cd:ba:
                    8c:9a:5a:8e:61:1d:cd:48:25:95:7f:3a:ca:f5:2b:
                    ab:c4:f1:7c:d5:9c:21:11:20:d2:3e:8d:d0:6a:e2:
                    5e:33:fe:61:b1:82:78:40:49:4f:44:11:6a:06:5a:
                    e4:ee:3d:3f:d6:45:97:cb:5d:82:32:c4:cc:00:e4:
                    2f:a7:de:00:94:06:81:a7:1e:df:6e:7d:e8:f8:33:
                    14:95:d8:2c:13:72:0c:8e:0f:ff:4f:bb:24:4b:41:
                    eb:59:11:84:10:6f:84:dc:b9:5a:9c:a8:db:b6:ae:
                    2e:51:b1:04:60:bb:e5:96:0d:cb:df:88:8a:4a:a2:
                    4d:5b:ce:dc:63:db:c3:84:9b:4c:cc:b3:41:d3:ef:
                    9a:00:54:fa:f3:98:a9:43:47:93:90:03:4b:3e:80:
                    d3:87:65:8b:62:f7:88:3d:98:90:a4:ec:27:46:03:
                    32:dd:74:46:95:7f:0a:48:9f:05:89:79:07:d6:16:
                    d1:ed:e3:af:cc:ca:0a:55:b4:52:8d:16:32:ec:9f:
                    7e:da:61:c9:68:d4:80:fe:3d:27:b5:2b:5f:6f:8b:
                    c6:90:18:d9:a4:0b:af:44:ab:01:7a:a2:bd:19:8f:
                    ba:c2:0e:2d:12:36:b7:5b:14:2f:8a:8a:dc:3b:70:
                    69:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:C9:6A:5F:C3:B1:C0:B5:1E:A0:B3:66:51:D4:9A:CC:36:03:20:8E
            X509v3 Authority Key Identifier:
                keyid:4F:4B:2A:AB:1D:67:F6:D4:C0:58:39:2B:91:37:BD:03:22:8F:7D:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T0sqqx1n9tTAWDkrkTe9AyKPfSo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/080e92-fffe-47d9-a6e2-c238eae0663b/1/yclqX8OxwLUeoLNmUdSazDYDII4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/080e92-fffe-47d9-a6e2-c238eae0663b/1/T0sqqx1n9tTAWDkrkTe9AyKPfSo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:60a0:1000::/44

    Signature Algorithm: sha256WithRSAEncryption
         56:8f:1b:dc:f2:02:6f:66:42:5d:b7:bd:fe:2a:52:e5:6e:14:
         1c:c6:49:86:ec:07:10:ab:e6:47:ef:00:48:3f:50:9e:36:e2:
         c8:21:ae:db:d0:6b:38:6a:c2:db:57:d8:d8:be:2d:72:af:cf:
         6c:2d:55:d3:74:31:d8:7f:e3:37:80:fd:29:cb:33:a5:07:c2:
         f6:ab:f1:f8:07:fa:e6:dc:b2:7c:98:ca:2e:da:6c:86:42:57:
         37:63:e7:52:42:73:fe:1d:de:6f:92:b4:08:d0:9a:61:7d:61:
         d4:08:c6:fd:4c:97:f7:0f:0a:2e:b9:d2:29:10:2d:ed:08:68:
         72:16:36:4e:40:32:b6:7c:b9:0b:f7:d6:12:cd:b6:26:4d:8b:
         83:9e:66:25:2d:68:91:51:90:b4:0a:19:94:48:5e:08:58:55:
         94:97:83:be:36:06:cd:3f:da:01:dd:a6:e7:c4:22:83:95:63:
         7b:22:6e:51:4d:88:8a:cc:6a:95:dd:25:9f:84:f5:95:64:f3:
         f5:8a:89:71:50:9b:c3:cd:74:c6:b7:75:ac:10:b5:ad:89:ef:
         16:20:62:f5:98:8b:04:78:de:5b:5b:72:35:15:58:3f:87:8d:
         e7:ec:66:14:e0:c1:5f:dc:ea:6b:35:69:90:e1:28:d7:ea:40:
         44:57:89:db
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ4Qi3rLf61AvSkyUpHCTWWaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmNGIyYWFiMWQ2N2Y2ZDRjMDU4MzkyYjkxMzdiZDAzMjI4
ZjdkMmEwHhcNMjYwNTEwMDYyMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWM5NmE1ZmMzYjFjMGI1MWVhMGIzNjY1MWQ0OWFjYzM2MDMyMDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApYOIRNn8snJ3k0rzzbqMmlqOYR3N
SCWVfzrK9SurxPF81ZwhESDSPo3QauJeM/5hsYJ4QElPRBFqBlrk7j0/1kWXy12C
MsTMAOQvp94AlAaBpx7fbn3o+DMUldgsE3IMjg//T7skS0HrWRGEEG+E3LlanKjb
tq4uUbEEYLvllg3L34iKSqJNW87cY9vDhJtMzLNB0++aAFT685ipQ0eTkANLPoDT
h2WLYveIPZiQpOwnRgMy3XRGlX8KSJ8FiXkH1hbR7eOvzMoKVbRSjRYy7J9+2mHJ
aNSA/j0ntStfb4vGkBjZpAuvRKsBeqK9GY+6wg4tEja3WxQviorcO3BpNwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMnJal/DscC1HqCzZlHUmsw2AyCOMB8GA1UdIwQY
MBaAFE9LKqsdZ/bUwFg5K5E3vQMij30qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDBzcXF4MW45dFRBV0RrcmtUZTlBeUtQZlNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC8wODBlOTItZmZmZS00N2Q5LWE2ZTIt
YzIzOGVhZTA2NjNiLzEveWNscVg4T3h3TFVlb0xObVVkU2F6RFlESUk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC8wODBlOTItZmZmZS00N2Q5LWE2ZTItYzIzOGVhZTA2NjNi
LzEvVDBzcXF4MW45dFRBV0RrcmtUZTlBeUtQZlNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgJgoBAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBWjxvc8gJvZkJdt73+KlLlbhQcxkmG7AcQq+ZH
7wBIP1CeNuLIIa7b0Gs4asLbV9jYvi1yr89sLVXTdDHYf+M3gP0pyzOlB8L2q/H4
B/rm3LJ8mMou2myGQlc3Y+dSQnP+Hd5vkrQI0JphfWHUCMb9TJf3DwouudIpEC3t
CGhyFjZOQDK2fLkL99YSzbYmTYuDnmYlLWiRUZC0ChmUSF4IWFWUl4O+NgbNP9oB
3abnxCKDlWN7Im5RTYiKzGqV3SWfhPWVZPP1iolxUJvDzXTGt3WsELWtie8WIGL1
mIsEeN5bW3I1FVg/h43n7GYU4MFf3OprNWmQ4SjX6kBEV4nb
-----END CERTIFICATE-----