Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/2688b6-da70-4abd-8f59-1a831b599c18/1/AOW7VFoYlHG3-sxANF5TLuzaheQ.roa
File:                     AOW7VFoYlHG3-sxANF5TLuzaheQ.roa (raw, json)
Hash identifier:          hpcDkITFLx/A7At/MkFfv6s25x+NQbgrbFZE7lx1pGc=
Subject key identifier:   00:E5:BB:54:5A:18:94:71:B7:FA:CC:40:34:5E:53:2E:EC:DA:85:E4
Certificate issuer:       /CN=9e1533c4702c2ccb5a9e0e87ab27ad56b15f2c76
Certificate serial:       019D1FFC90C16D0E1666BA7702268400A25A
Authority key identifier: 9E:15:33:C4:70:2C:2C:CB:5A:9E:0E:87:AB:27:AD:56:B1:5F:2C:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nhUzxHAsLMtang6HqyetVrFfLHY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/2688b6-da70-4abd-8f59-1a831b599c18/1/AOW7VFoYlHG3-sxANF5TLuzaheQ.roa
Signing time:             Tue 24 Mar 2026 13:15:38 +0000
ROA not before:           Tue 24 Mar 2026 13:15:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     150739
IP address blocks:        2a12:e6c0:c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/2688b6-da70-4abd-8f59-1a831b599c18/1/nhUzxHAsLMtang6HqyetVrFfLHY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/2688b6-da70-4abd-8f59-1a831b599c18/1/nhUzxHAsLMtang6HqyetVrFfLHY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nhUzxHAsLMtang6HqyetVrFfLHY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 16:32:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1f:fc:90:c1:6d:0e:16:66:ba:77:02:26:84:00:a2:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e1533c4702c2ccb5a9e0e87ab27ad56b15f2c76
        Validity
            Not Before: Mar 24 13:15:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=00e5bb545a189471b7facc40345e532eecda85e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:1a:e6:79:40:3d:49:3b:f4:64:6c:38:f1:0d:
                    3b:bc:78:07:29:07:06:18:ab:1a:82:3d:cc:d1:c2:
                    57:2d:29:f4:18:9f:86:78:88:33:72:b0:f4:4d:e3:
                    69:c7:5e:98:17:5f:72:9e:fe:c4:96:bf:ef:8b:0e:
                    33:02:ea:7e:64:4a:79:a9:2e:52:f9:a8:b7:fe:a5:
                    72:22:c9:ab:8f:3e:5d:e5:52:f3:31:4e:23:44:e4:
                    e5:a9:92:10:1f:d5:38:d1:07:fc:b3:a4:b8:4e:50:
                    8d:ea:ff:f8:bf:51:73:e6:25:1c:4a:32:6f:e2:94:
                    58:9e:e7:04:e1:dc:f0:f8:c6:aa:78:ee:f3:b5:1e:
                    5f:bd:b7:3a:58:30:06:dd:25:12:40:5f:ce:8b:bf:
                    fd:33:ef:7b:46:96:8b:a9:fe:79:d2:50:1f:60:3a:
                    af:0c:84:ca:2f:f2:92:d0:d0:33:84:e5:60:39:cd:
                    d9:23:09:09:8b:99:41:84:2f:9f:69:8d:d0:71:de:
                    ca:36:98:c9:ab:ae:89:5a:88:fb:46:5b:ac:00:ac:
                    39:d5:21:c5:d5:68:56:c5:e8:a2:70:b4:e8:0a:8a:
                    cf:02:3f:a9:e4:26:c6:b6:2b:6a:b6:e1:d7:b8:d6:
                    18:91:ce:62:72:a5:3d:9e:e8:fa:8d:a8:a8:4d:aa:
                    f2:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:E5:BB:54:5A:18:94:71:B7:FA:CC:40:34:5E:53:2E:EC:DA:85:E4
            X509v3 Authority Key Identifier:
                keyid:9E:15:33:C4:70:2C:2C:CB:5A:9E:0E:87:AB:27:AD:56:B1:5F:2C:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nhUzxHAsLMtang6HqyetVrFfLHY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/2688b6-da70-4abd-8f59-1a831b599c18/1/AOW7VFoYlHG3-sxANF5TLuzaheQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/2688b6-da70-4abd-8f59-1a831b599c18/1/nhUzxHAsLMtang6HqyetVrFfLHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:e6c0:c::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:a6:01:cb:77:32:51:e1:97:7a:27:2d:4b:1c:36:34:e5:a3:
         6f:35:a0:c7:bb:d4:4c:e2:06:62:9f:83:5a:f9:e9:58:db:99:
         83:6c:74:51:72:98:da:cd:80:5d:d4:1c:5c:9c:75:57:4e:cd:
         4a:36:b1:99:b7:34:b7:1f:a8:ad:14:7a:2a:59:dc:55:54:1d:
         da:e8:53:c3:eb:57:3f:4a:8d:81:1b:bc:7e:6e:85:fd:3b:b5:
         0a:90:30:3f:9d:c9:e2:c0:48:37:3f:94:de:e9:f8:9b:3a:18:
         75:04:a7:b2:1a:09:2a:88:b2:92:c8:4e:17:c7:ec:51:08:ba:
         97:44:c8:51:c2:8e:60:f2:3c:52:ea:e1:f6:5a:39:86:bc:35:
         95:f3:2a:1e:08:4d:9e:85:65:a4:23:8b:bc:d3:1c:6a:8a:da:
         28:7c:2a:ee:70:f1:bb:7a:9a:8b:0d:0f:3c:36:e0:3d:7c:3e:
         c8:58:b9:eb:74:5e:33:b5:0f:e3:29:00:8d:6d:53:d9:48:1f:
         de:b7:7e:76:7e:7c:c8:0d:1c:52:28:23:82:65:4f:6d:f1:9b:
         a2:8d:b4:42:40:f7:13:ba:19:d5:60:7f:a8:05:9b:fa:b3:e5:
         b2:72:09:12:6d:30:d3:8d:a4:fd:71:4a:f5:f8:cb:1a:b0:e6:
         db:eb:6e:40
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ0f/JDBbQ4WZrp3AiaEAKJaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllMTUzM2M0NzAyYzJjY2I1YTllMGU4N2FiMjdhZDU2YjE1
ZjJjNzYwHhcNMjYwMzI0MTMxNTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGU1YmI1NDVhMTg5NDcxYjdmYWNjNDAzNDVlNTMyZWVjZGE4NWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxhrmeUA9STv0ZGw48Q07vHgHKQcG
GKsagj3M0cJXLSn0GJ+GeIgzcrD0TeNpx16YF19ynv7Elr/viw4zAup+ZEp5qS5S
+ai3/qVyIsmrjz5d5VLzMU4jROTlqZIQH9U40Qf8s6S4TlCN6v/4v1Fz5iUcSjJv
4pRYnucE4dzw+MaqeO7ztR5fvbc6WDAG3SUSQF/Oi7/9M+97RpaLqf550lAfYDqv
DITKL/KS0NAzhOVgOc3ZIwkJi5lBhC+faY3Qcd7KNpjJq66JWoj7RlusAKw51SHF
1WhWxeiicLToCorPAj+p5CbGtitqtuHXuNYYkc5icqU9nuj6jaioTaryYQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFADlu1RaGJRxt/rMQDReUy7s2oXkMB8GA1UdIwQY
MBaAFJ4VM8RwLCzLWp4Oh6snrVaxXyx2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmhVenhIQXNMTXRhbmc2SHF5ZXRWckZmTEhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS8yNjg4YjYtZGE3MC00YWJkLThmNTkt
MWE4MzFiNTk5YzE4LzEvQU9XN1ZGb1lsSEczLXN4QU5GNVRMdXphaGVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS8yNjg4YjYtZGE3MC00YWJkLThmNTktMWE4MzFiNTk5YzE4
LzEvbmhVenhIQXNMTXRhbmc2SHF5ZXRWckZmTEhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhLmwAAM
MA0GCSqGSIb3DQEBCwUAA4IBAQAcpgHLdzJR4Zd6Jy1LHDY05aNvNaDHu9RM4gZi
n4Na+elY25mDbHRRcpjazYBd1BxcnHVXTs1KNrGZtzS3H6itFHoqWdxVVB3a6FPD
61c/So2BG7x+boX9O7UKkDA/ncniwEg3P5Te6fibOhh1BKeyGgkqiLKSyE4Xx+xR
CLqXRMhRwo5g8jxS6uH2WjmGvDWV8yoeCE2ehWWkI4u80xxqitoofCrucPG7epqL
DQ88NuA9fD7IWLnrdF4ztQ/jKQCNbVPZSB/et352fnzIDRxSKCOCZU9t8ZuijbRC
QPcTuhnVYH+oBZv6s+WycgkSbTDTjaT9cUr1+MsasObb625A
-----END CERTIFICATE-----