Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/322ec7-2131-4db4-8755-8b8b2ac56c9b/1/4EdrLDFUP3iWouyRj8ojMv-wZ0o.roa
File:                     4EdrLDFUP3iWouyRj8ojMv-wZ0o.roa (raw, json)
Hash identifier:          GtXnTL/+45Y5av8qXszA2u7eccCLsSnYi+qFq2ei+iI=
Subject key identifier:   E0:47:6B:2C:31:54:3F:78:96:A2:EC:91:8F:CA:23:32:FF:B0:67:4A
Certificate issuer:       /CN=7cc8bacbe73a40ce818a4bafa393a85297c19c0d
Certificate serial:       019E074A18398020B48E56395BC3600508CE
Authority key identifier: 7C:C8:BA:CB:E7:3A:40:CE:81:8A:4B:AF:A3:93:A8:52:97:C1:9C:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fMi6y-c6QM6Bikuvo5OoUpfBnA0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/322ec7-2131-4db4-8755-8b8b2ac56c9b/1/4EdrLDFUP3iWouyRj8ojMv-wZ0o.roa
Signing time:             Fri 08 May 2026 11:12:36 +0000
ROA not before:           Fri 08 May 2026 11:12:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     56718
IP address blocks:        2a05:9780::/32 maxlen: 32
                          2a05:9780::/40 maxlen: 40
                          2a05:9780:200::/40 maxlen: 40
                          2a05:9787::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/322ec7-2131-4db4-8755-8b8b2ac56c9b/1/fMi6y-c6QM6Bikuvo5OoUpfBnA0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/322ec7-2131-4db4-8755-8b8b2ac56c9b/1/fMi6y-c6QM6Bikuvo5OoUpfBnA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fMi6y-c6QM6Bikuvo5OoUpfBnA0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:07:4a:18:39:80:20:b4:8e:56:39:5b:c3:60:05:08:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7cc8bacbe73a40ce818a4bafa393a85297c19c0d
        Validity
            Not Before: May  8 11:12:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e0476b2c31543f7896a2ec918fca2332ffb0674a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:fd:92:cc:73:e9:42:42:7f:b0:19:31:81:39:
                    05:42:b5:1a:39:b7:32:a0:39:10:00:72:55:e5:41:
                    27:05:89:a8:94:e0:80:88:82:5f:60:30:8b:28:82:
                    4d:91:55:16:45:46:39:d9:ed:c7:74:1a:73:8f:a0:
                    bc:97:40:0e:5f:2a:3b:5f:33:71:e4:e6:e9:03:84:
                    6f:eb:20:36:fd:3c:61:c6:3e:bb:08:b6:12:76:ff:
                    a3:ad:a3:e8:7b:d7:d4:c3:74:dc:84:c8:c1:11:6d:
                    0d:72:05:c1:6a:be:26:4b:6a:7f:e2:3a:76:f9:b6:
                    5a:65:54:c3:49:52:b8:3d:f6:3c:96:9c:e5:5e:8e:
                    32:0f:6b:38:36:6b:ae:83:6e:c3:8f:7a:52:64:8a:
                    9f:74:2f:81:97:93:0e:41:63:a4:c7:25:53:88:5a:
                    b4:c6:30:8e:ac:2a:5d:f4:f6:ba:8f:98:87:d8:f7:
                    cb:d4:78:69:ad:4f:7e:96:9d:db:a2:2a:aa:be:38:
                    0d:b0:07:12:c0:7b:fb:f5:75:ed:e8:68:49:15:1a:
                    22:fb:ba:47:40:6d:48:05:27:d0:61:d8:71:59:d2:
                    29:55:eb:bb:6e:61:73:c0:ec:e1:46:3a:fc:65:57:
                    ad:81:f4:bf:64:09:b4:7b:b7:55:bf:b9:aa:19:a1:
                    1b:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:47:6B:2C:31:54:3F:78:96:A2:EC:91:8F:CA:23:32:FF:B0:67:4A
            X509v3 Authority Key Identifier:
                keyid:7C:C8:BA:CB:E7:3A:40:CE:81:8A:4B:AF:A3:93:A8:52:97:C1:9C:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fMi6y-c6QM6Bikuvo5OoUpfBnA0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/322ec7-2131-4db4-8755-8b8b2ac56c9b/1/4EdrLDFUP3iWouyRj8ojMv-wZ0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/322ec7-2131-4db4-8755-8b8b2ac56c9b/1/fMi6y-c6QM6Bikuvo5OoUpfBnA0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:9780::/32
                  2a05:9787::/32

    Signature Algorithm: sha256WithRSAEncryption
         77:00:bd:18:1a:fa:a3:88:7d:f4:85:4e:f8:8b:4e:cc:d1:58:
         b3:ab:77:58:92:c3:9b:09:33:71:cc:18:37:87:92:97:36:3e:
         c7:f7:7f:9e:01:78:d0:4e:39:e3:7a:77:85:b4:7b:86:3b:ef:
         a4:98:9a:19:cc:7e:b1:b4:3b:ae:05:25:e6:1b:23:26:c6:ca:
         ed:08:54:5b:c7:4a:a5:cd:c3:f5:3c:17:48:5a:55:0b:08:5a:
         c7:17:15:58:de:da:8a:09:09:d8:c4:1a:cd:e9:7b:38:de:37:
         3b:b8:7c:d2:f2:95:ab:08:8c:50:ad:ae:d8:f2:b9:5d:12:a6:
         40:a4:b2:26:d0:5f:18:be:cf:0d:2d:9a:d8:28:e4:78:93:17:
         62:1b:c4:b8:37:74:11:0e:5f:3a:e0:d5:c5:c9:94:5c:cd:fb:
         25:6f:23:93:5e:6a:be:a5:b6:d2:8d:ac:a8:9c:af:1b:35:7a:
         b5:f1:43:9d:5f:b6:04:ae:86:1f:c3:44:a6:74:9e:62:1d:a1:
         06:e9:c3:9d:cb:ee:19:7b:85:38:69:2b:d0:23:3c:39:cb:63:
         b9:3a:34:30:06:ff:1d:0e:81:10:89:d9:bd:4c:6e:f7:ee:76:
         8d:af:ca:68:59:d8:37:c9:05:11:f7:56:22:29:cb:e2:bd:99:
         57:01:24:9d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ4HShg5gCC0jlY5W8NgBQjOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjYzhiYWNiZTczYTQwY2U4MThhNGJhZmEzOTNhODUyOTdj
MTljMGQwHhcNMjYwNTA4MTExMjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDQ3NmIyYzMxNTQzZjc4OTZhMmVjOTE4ZmNhMjMzMmZmYjA2NzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqv2SzHPpQkJ/sBkxgTkFQrUaObcy
oDkQAHJV5UEnBYmolOCAiIJfYDCLKIJNkVUWRUY52e3HdBpzj6C8l0AOXyo7XzNx
5ObpA4Rv6yA2/Txhxj67CLYSdv+jraPoe9fUw3TchMjBEW0NcgXBar4mS2p/4jp2
+bZaZVTDSVK4PfY8lpzlXo4yD2s4Nmuug27Dj3pSZIqfdC+Bl5MOQWOkxyVTiFq0
xjCOrCpd9Pa6j5iH2PfL1HhprU9+lp3boiqqvjgNsAcSwHv79XXt6GhJFRoi+7pH
QG1IBSfQYdhxWdIpVeu7bmFzwOzhRjr8ZVetgfS/ZAm0e7dVv7mqGaEbRwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOBHaywxVD94lqLskY/KIzL/sGdKMB8GA1UdIwQY
MBaAFHzIusvnOkDOgYpLr6OTqFKXwZwNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZk1pNnktYzZRTTZCaWt1dm81T29VcGZCbkEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi8zMjJlYzctMjEzMS00ZGI0LTg3NTUt
OGI4YjJhYzU2YzliLzEvNEVkckxERlVQM2lXb3V5Umo4b2pNdi13WjBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi8zMjJlYzctMjEzMS00ZGI0LTg3NTUtOGI4YjJhYzU2Yzli
LzEvZk1pNnktYzZRTTZCaWt1dm81T29VcGZCbkEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgWXgAMF
ACoFl4cwDQYJKoZIhvcNAQELBQADggEBAHcAvRga+qOIffSFTviLTszRWLOrd1iS
w5sJM3HMGDeHkpc2Psf3f54BeNBOOeN6d4W0e4Y776SYmhnMfrG0O64FJeYbIybG
yu0IVFvHSqXNw/U8F0haVQsIWscXFVje2ooJCdjEGs3pezjeNzu4fNLylasIjFCt
rtjyuV0SpkCksibQXxi+zw0tmtgo5HiTF2IbxLg3dBEOXzrg1cXJlFzN+yVvI5Ne
ar6lttKNrKicrxs1erXxQ51ftgSuhh/DRKZ0nmIdoQbpw53L7hl7hThpK9AjPDnL
Y7k6NDAG/x0OgRCJ2b1Mbvfudo2vymhZ2DfJBRH3ViIpy+K9mVcBJJ0=
-----END CERTIFICATE-----