Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/AmtKUjuh5SxjhuaUnD8Vz5CAfN4.roa
File:                     AmtKUjuh5SxjhuaUnD8Vz5CAfN4.roa (raw, json)
Hash identifier:          4uKbdqJU0s4FKpWjrV3twqEqlW+oqm1HWpwtHIp9x+Y=
Subject key identifier:   02:6B:4A:52:3B:A1:E5:2C:63:86:E6:94:9C:3F:15:CF:90:80:7C:DE
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       019CD0BECCD78529476D9BD6A071438B5A90
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/AmtKUjuh5SxjhuaUnD8Vz5CAfN4.roa
Signing time:             Mon 09 Mar 2026 03:58:10 +0000
ROA not before:           Mon 09 Mar 2026 03:58:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201823
IP address blocks:        2a0d:d940:200b::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 07:01:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d0:be:cc:d7:85:29:47:6d:9b:d6:a0:71:43:8b:5a:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Mar  9 03:58:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=026b4a523ba1e52c6386e6949c3f15cf90807cde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:83:9a:76:ca:bd:d9:43:bd:63:64:fb:22:e3:
                    29:7d:ef:aa:c4:26:5d:86:47:ab:1d:49:74:97:3b:
                    13:f4:89:e4:91:48:bd:2b:3d:8f:36:af:79:8e:40:
                    4f:a0:bc:02:14:22:09:e9:4e:34:c0:cb:a8:0a:db:
                    71:dd:52:1a:59:a0:76:a0:dc:b1:30:e9:ed:b7:aa:
                    b4:42:7e:c6:4a:b7:d8:f3:0b:5c:c5:da:67:07:38:
                    fc:04:b4:42:aa:94:1f:20:83:4c:c0:be:1a:2f:ea:
                    a1:75:94:e9:40:a7:d4:fb:60:29:7b:52:f1:ba:ba:
                    89:58:16:30:db:1e:57:97:13:eb:53:85:7b:5b:03:
                    ee:49:11:0b:30:0c:25:4a:cc:18:35:f9:48:cc:4f:
                    aa:ef:95:9b:eb:ba:58:43:3f:c4:f2:02:84:c2:a1:
                    55:e6:9a:ae:f8:64:96:79:7b:ff:0d:1c:75:1b:e2:
                    73:14:34:f8:7d:97:ee:eb:a3:ba:39:be:0f:6c:42:
                    94:6a:36:ea:5b:e0:b0:67:c5:59:4a:67:47:88:e3:
                    9a:0a:87:f3:3d:6e:ec:c8:46:a2:26:54:e9:d9:6c:
                    29:b1:d3:56:88:23:d0:44:f3:84:8f:92:1b:87:50:
                    d4:52:ba:60:c0:85:f4:91:c4:f0:a2:d3:41:e8:f2:
                    4b:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:6B:4A:52:3B:A1:E5:2C:63:86:E6:94:9C:3F:15:CF:90:80:7C:DE
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/AmtKUjuh5SxjhuaUnD8Vz5CAfN4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:200b::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:65:8b:d4:34:bd:dc:8c:c7:26:8e:52:71:ff:22:3f:44:1e:
         a6:46:cb:0c:7a:09:52:cb:0a:89:eb:39:29:f0:be:0e:b3:a1:
         d6:bf:8f:52:4b:07:07:2c:0b:66:46:c9:e2:fa:98:64:65:11:
         44:c9:c2:76:50:5d:e3:1c:89:6d:5c:a4:ed:d8:bc:2e:94:71:
         48:d5:43:08:52:e9:d9:03:ac:3f:71:c4:58:9e:37:a2:da:ce:
         4e:34:fc:a5:8a:58:4b:5c:50:10:bb:b4:2f:cf:db:da:b9:3b:
         2f:0b:4c:f3:9d:e6:e2:ad:28:1c:45:92:dc:0f:56:e1:7c:65:
         b3:1c:91:01:66:52:75:18:d4:b7:bd:2b:b0:e4:2d:27:75:42:
         ba:96:74:fb:87:be:f7:d1:9b:ef:c6:0b:fd:93:12:19:db:c3:
         92:ec:b9:b9:8f:60:64:ac:4c:ce:c9:46:45:81:89:8a:08:02:
         73:bf:64:cf:e2:0d:74:c3:47:e5:68:9e:2c:30:cd:16:1c:da:
         da:5c:09:26:d7:c4:f8:8c:23:33:ed:bf:df:dc:ad:c3:9a:6b:
         03:52:19:b1:d3:f7:3a:60:a5:07:96:85:70:a2:c7:84:51:1e:
         49:28:c4:ae:9b:6e:9b:b1:06:29:3c:cc:f9:5e:4e:44:db:94:
         b8:79:ea:fc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZzQvszXhSlHbZvWoHFDi1qQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjYwMzA5MDM1ODEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjZiNGE1MjNiYTFlNTJjNjM4NmU2OTQ5YzNmMTVjZjkwODA3Y2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5YOadsq92UO9Y2T7IuMpfe+qxCZd
hkerHUl0lzsT9InkkUi9Kz2PNq95jkBPoLwCFCIJ6U40wMuoCttx3VIaWaB2oNyx
MOntt6q0Qn7GSrfY8wtcxdpnBzj8BLRCqpQfIINMwL4aL+qhdZTpQKfU+2Ape1Lx
urqJWBYw2x5XlxPrU4V7WwPuSRELMAwlSswYNflIzE+q75Wb67pYQz/E8gKEwqFV
5pqu+GSWeXv/DRx1G+JzFDT4fZfu66O6Ob4PbEKUajbqW+CwZ8VZSmdHiOOaCofz
PW7syEaiJlTp2WwpsdNWiCPQRPOEj5Ibh1DUUrpgwIX0kcTwotNB6PJLaQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAJrSlI7oeUsY4bmlJw/Fc+QgHzeMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvQW10S1VqdWg1U3hqaHVhVW5EOFZ6NUNBZk40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg3ZQCAL
MA0GCSqGSIb3DQEBCwUAA4IBAQAyZYvUNL3cjMcmjlJx/yI/RB6mRssMeglSywqJ
6zkp8L4Os6HWv49SSwcHLAtmRsni+phkZRFEycJ2UF3jHIltXKTt2LwulHFI1UMI
UunZA6w/ccRYnjei2s5ONPylilhLXFAQu7Qvz9vauTsvC0zznebirSgcRZLcD1bh
fGWzHJEBZlJ1GNS3vSuw5C0ndUK6lnT7h7730Zvvxgv9kxIZ28OS7Lm5j2BkrEzO
yUZFgYmKCAJzv2TP4g10w0flaJ4sMM0WHNraXAkm18T4jCMz7b/f3K3DmmsDUhmx
0/c6YKUHloVwoseEUR5JKMSum26bsQYpPMz5Xk5E25S4eer8
-----END CERTIFICATE-----