Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/quaP5HcdcMDvclPP159XEPozhYk.roa
File:                     quaP5HcdcMDvclPP159XEPozhYk.roa (raw, json)
Hash identifier:          uBdRUfud/XYG0gmnL4SwfKaNneaszJifuNJ05zUe0Gk=
Subject key identifier:   AA:E6:8F:E4:77:1D:70:C0:EF:72:53:CF:D7:9F:57:10:FA:33:85:89
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       019D0D692CB7AD76236D467CD45CDCBD69D3
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/quaP5HcdcMDvclPP159XEPozhYk.roa
Signing time:             Fri 20 Mar 2026 22:41:29 +0000
ROA not before:           Fri 20 Mar 2026 22:41:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201269
IP address blocks:        2a0d:d940:110::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 22:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0d:69:2c:b7:ad:76:23:6d:46:7c:d4:5c:dc:bd:69:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Mar 20 22:41:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=aae68fe4771d70c0ef7253cfd79f5710fa338589
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:84:84:05:57:74:63:48:ba:76:82:4b:07:e5:
                    e5:02:08:5f:cd:5f:e6:b1:46:45:e7:ee:d7:ca:cd:
                    02:6f:f2:d7:39:8c:69:84:be:d6:99:b5:b7:61:27:
                    41:ca:66:fd:cd:70:a6:76:6b:82:07:af:ca:67:cc:
                    03:fa:81:46:1c:3b:46:14:fc:18:11:d9:bc:49:64:
                    d4:1e:5b:ee:4b:51:67:33:af:4d:03:c0:b6:49:da:
                    b6:61:5b:c5:6b:ff:7e:3b:1f:d4:25:9c:05:1b:f6:
                    23:7c:aa:8c:5a:6b:5b:c5:2f:ad:c0:1e:38:0e:d6:
                    38:b6:be:17:9c:6b:bb:b1:bc:73:b8:d4:53:f6:30:
                    c2:f5:25:f5:58:f1:af:1e:58:c8:a4:63:7c:9a:f6:
                    dd:75:b9:d7:d0:54:3a:4f:c9:a7:36:0a:94:af:36:
                    db:82:6c:f7:0f:81:81:81:51:84:65:3c:9e:c3:a0:
                    c3:47:30:2e:f1:80:f7:b0:57:dd:d0:4d:99:ab:84:
                    78:dd:5a:bb:68:19:57:5b:5b:a8:03:e0:68:2f:9a:
                    66:6f:e1:d5:16:ac:d7:87:16:d4:95:33:a8:58:14:
                    31:0c:96:53:39:8e:60:c5:18:f1:14:27:c0:d0:79:
                    79:c3:da:0d:ab:82:db:b0:4b:a9:31:7c:57:7f:e8:
                    71:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:E6:8F:E4:77:1D:70:C0:EF:72:53:CF:D7:9F:57:10:FA:33:85:89
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/quaP5HcdcMDvclPP159XEPozhYk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:110::/44

    Signature Algorithm: sha256WithRSAEncryption
         41:43:91:4d:6d:88:28:5f:f6:d6:8e:3f:ed:8a:23:ad:1d:1c:
         77:79:d9:14:fd:4d:72:34:69:5a:3f:3a:70:13:28:1d:3e:e8:
         ca:7a:ad:ea:e6:4d:0a:4b:b0:00:f0:2b:ec:c2:30:ec:48:fe:
         f7:47:91:97:13:c7:14:27:69:4c:30:93:74:ce:eb:1b:90:f8:
         39:e4:bd:7f:36:6a:ee:2e:18:2d:b0:6d:c4:b4:4e:f9:3e:01:
         96:0f:fc:ef:2a:8b:5a:64:d4:a9:41:32:3b:54:5c:71:9d:ad:
         4b:de:16:6d:91:eb:8e:59:2d:df:53:9e:c1:2f:5c:8b:26:3a:
         9b:c7:22:31:cb:ad:c7:c6:26:e3:51:ef:a6:2f:18:3d:2d:e7:
         d6:43:8c:83:c7:39:03:4c:9b:a2:46:b4:18:c3:42:fc:74:3a:
         2f:a0:a3:97:06:f2:a3:a7:25:e6:1a:27:d1:f1:1c:bc:d2:db:
         63:eb:f5:c6:12:81:72:ab:79:eb:f4:c1:1f:97:d3:ed:37:d5:
         f6:7e:c4:25:89:09:21:33:87:f1:af:be:a1:9c:b2:ba:c5:8a:
         3e:27:dc:cc:66:7c:c7:95:78:c1:c4:b7:8a:2e:63:90:f0:04:
         e3:30:41:09:dc:c7:58:84:d5:4b:99:c9:84:ab:0b:72:18:a4:
         da:60:92:6c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ0NaSy3rXYjbUZ81FzcvWnTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjYwMzIwMjI0MTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWU2OGZlNDc3MWQ3MGMwZWY3MjUzY2ZkNzlmNTcxMGZhMzM4NTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwoSEBVd0Y0i6doJLB+XlAghfzV/m
sUZF5+7Xys0Cb/LXOYxphL7WmbW3YSdBymb9zXCmdmuCB6/KZ8wD+oFGHDtGFPwY
Edm8SWTUHlvuS1FnM69NA8C2Sdq2YVvFa/9+Ox/UJZwFG/YjfKqMWmtbxS+twB44
DtY4tr4XnGu7sbxzuNRT9jDC9SX1WPGvHljIpGN8mvbddbnX0FQ6T8mnNgqUrzbb
gmz3D4GBgVGEZTyew6DDRzAu8YD3sFfd0E2Zq4R43Vq7aBlXW1uoA+BoL5pmb+HV
FqzXhxbUlTOoWBQxDJZTOY5gxRjxFCfA0Hl5w9oNq4LbsEupMXxXf+hxywIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKrmj+R3HXDA73JTz9efVxD6M4WJMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvcXVhUDVIY2RjTUR2Y2xQUDE1OVhFUG96aFlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg3ZQAEQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBBQ5FNbYgoX/bWjj/tiiOtHRx3edkU/U1yNGla
PzpwEygdPujKeq3q5k0KS7AA8CvswjDsSP73R5GXE8cUJ2lMMJN0zusbkPg55L1/
NmruLhgtsG3EtE75PgGWD/zvKotaZNSpQTI7VFxxna1L3hZtkeuOWS3fU57BL1yL
JjqbxyIxy63HxibjUe+mLxg9LefWQ4yDxzkDTJuiRrQYw0L8dDovoKOXBvKjpyXm
GifR8Ry80ttj6/XGEoFyq3nr9MEfl9PtN9X2fsQliQkhM4fxr76hnLK6xYo+J9zM
ZnzHlXjBxLeKLmOQ8ATjMEEJ3MdYhNVLmcmEqwtyGKTaYJJs
-----END CERTIFICATE-----