Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/np7U-XpqEBEPoDvP-EMc8cL78JE.roa
File:                     np7U-XpqEBEPoDvP-EMc8cL78JE.roa (raw, json)
Hash identifier:          Eqer23B+84CL09GgCb1Kx+yFS1YQA/RSQksqG2+POoI=
Subject key identifier:   9E:9E:D4:F9:7A:6A:10:11:0F:A0:3B:CF:F8:43:1C:F1:C2:FB:F0:91
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       019E1B7CFE79D86CD43EFB80FABECBB4A2AB
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/np7U-XpqEBEPoDvP-EMc8cL78JE.roa
Signing time:             Tue 12 May 2026 09:20:36 +0000
ROA not before:           Tue 12 May 2026 09:20:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198138
IP address blocks:        2a0d:d940:1b::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 18:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1b:7c:fe:79:d8:6c:d4:3e:fb:80:fa:be:cb:b4:a2:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: May 12 09:20:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9e9ed4f97a6a10110fa03bcff8431cf1c2fbf091
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c7:78:c3:df:c4:dd:d9:a9:05:82:0d:ca:60:
                    bc:3c:6b:f5:1d:4c:21:cf:5e:10:af:f8:cd:f5:d7:
                    74:63:54:c4:da:a0:c8:ff:6f:21:f1:63:2f:b5:50:
                    22:16:28:9a:65:58:94:e2:63:1b:64:cc:b3:25:4f:
                    26:b9:7c:7a:2d:fd:5c:ed:f0:f9:69:7b:08:e2:08:
                    87:67:e6:bb:48:bf:b0:ea:b1:50:8b:f2:b2:fa:99:
                    07:7c:af:cd:39:eb:f3:df:54:99:54:b7:bd:32:a2:
                    00:67:06:76:82:68:b7:67:68:17:48:7a:7a:62:83:
                    b6:ea:d4:e2:3d:c8:82:fb:df:40:e8:ea:57:e4:09:
                    24:29:1e:67:c7:7a:d4:c9:dd:ef:68:b5:9d:ca:44:
                    0c:6d:0a:f3:9a:f8:c5:11:38:08:e3:17:35:5e:92:
                    6e:73:08:21:6a:cb:03:38:3e:87:ac:59:91:98:60:
                    af:d8:d8:30:ec:59:41:65:36:a6:ff:ae:31:44:97:
                    cc:72:33:67:f3:25:d1:1a:bf:71:fc:c7:6f:97:50:
                    39:99:98:5e:96:d1:5d:c2:d9:c9:2f:1b:c0:45:41:
                    c3:bd:cd:b2:6d:f5:cc:8a:b9:6c:fa:c9:e5:f9:28:
                    6f:b3:eb:5a:b4:55:ce:8c:78:da:0c:85:5d:0f:3a:
                    00:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:9E:D4:F9:7A:6A:10:11:0F:A0:3B:CF:F8:43:1C:F1:C2:FB:F0:91
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/np7U-XpqEBEPoDvP-EMc8cL78JE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:1b::/48

    Signature Algorithm: sha256WithRSAEncryption
         a7:45:de:e6:b9:e5:8a:7e:b7:24:2f:33:38:45:3d:7e:a9:78:
         07:d7:3e:79:b3:0c:e5:8e:ab:d8:b3:92:81:b8:73:5c:24:af:
         ae:30:d5:46:dd:7f:78:fe:15:f4:f6:ec:e3:3f:05:74:ac:1f:
         8e:df:6b:49:b7:70:7e:62:12:f8:0d:59:b0:50:72:4f:8d:6b:
         f3:f0:f8:28:58:62:37:ad:91:64:0c:6b:bc:7a:b6:df:e2:83:
         c2:af:0f:e0:9a:08:14:fc:cc:96:fd:d7:7f:21:18:f6:aa:3a:
         ca:4d:21:21:e8:d9:85:43:dc:5a:91:55:a1:94:a1:51:3e:e2:
         aa:eb:96:41:4c:ff:59:ad:7a:97:fa:7a:44:e6:3e:9e:8a:7d:
         1b:71:16:41:5e:88:60:93:ca:d6:d4:4a:3e:5c:b3:d8:35:03:
         bb:3f:b5:af:18:54:53:04:e1:2f:9b:b2:2a:d5:05:b6:f4:b0:
         9f:35:dc:1c:84:98:a0:ec:bf:f5:04:9b:bf:3e:cb:83:2e:7c:
         37:67:8a:54:55:6a:d1:26:a5:61:0c:55:0b:06:79:23:13:8a:
         3c:8b:ab:fc:83:09:ed:86:d2:3b:2d:c8:06:7a:d5:1f:66:45:
         a9:ea:03:91:cf:fa:ff:8c:ed:30:50:78:e5:80:6f:fe:70:79:
         f0:8f:0e:e4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ4bfP552GzUPvuA+r7LtKKrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjYwNTEyMDkyMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTllZDRmOTdhNmExMDExMGZhMDNiY2ZmODQzMWNmMWMyZmJmMDkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcd4w9/E3dmpBYINymC8PGv1HUwh
z14Qr/jN9dd0Y1TE2qDI/28h8WMvtVAiFiiaZViU4mMbZMyzJU8muXx6Lf1c7fD5
aXsI4giHZ+a7SL+w6rFQi/Ky+pkHfK/NOevz31SZVLe9MqIAZwZ2gmi3Z2gXSHp6
YoO26tTiPciC+99A6OpX5AkkKR5nx3rUyd3vaLWdykQMbQrzmvjFETgI4xc1XpJu
cwghassDOD6HrFmRmGCv2Ngw7FlBZTam/64xRJfMcjNn8yXRGr9x/Mdvl1A5mZhe
ltFdwtnJLxvARUHDvc2ybfXMirls+snl+Shvs+tatFXOjHjaDIVdDzoAwQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ6e1Pl6ahARD6A7z/hDHPHC+/CRMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvbnA3VS1YcHFFQkVQb0R2UC1FTWM4Y0w3OEpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg3ZQAAb
MA0GCSqGSIb3DQEBCwUAA4IBAQCnRd7mueWKfrckLzM4RT1+qXgH1z55swzljqvY
s5KBuHNcJK+uMNVG3X94/hX09uzjPwV0rB+O32tJt3B+YhL4DVmwUHJPjWvz8Pgo
WGI3rZFkDGu8erbf4oPCrw/gmggU/MyW/dd/IRj2qjrKTSEh6NmFQ9xakVWhlKFR
PuKq65ZBTP9ZrXqX+npE5j6ein0bcRZBXohgk8rW1Eo+XLPYNQO7P7WvGFRTBOEv
m7Iq1QW29LCfNdwchJig7L/1BJu/PsuDLnw3Z4pUVWrRJqVhDFULBnkjE4o8i6v8
gwnthtI7LcgGetUfZkWp6gORz/r/jO0wUHjlgG/+cHnwjw7k
-----END CERTIFICATE-----