Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/rnJfzmu2BtJK8rFBdT4C9yEqtyo.roa
File:                     rnJfzmu2BtJK8rFBdT4C9yEqtyo.roa (raw, json)
Hash identifier:          wNc34qBoMabTzuzWprFygpK2qiPnecjEmaMUrlgukE0=
Subject key identifier:   AE:72:5F:CE:6B:B6:06:D2:4A:F2:B1:41:75:3E:02:F7:21:2A:B7:2A
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       019D1B9DCA80FF04400548E842E33D742484
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/rnJfzmu2BtJK8rFBdT4C9yEqtyo.roa
Signing time:             Mon 23 Mar 2026 16:53:38 +0000
ROA not before:           Mon 23 Mar 2026 16:53:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215152
IP address blocks:        2a0d:d940:110::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 07:01:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1b:9d:ca:80:ff:04:40:05:48:e8:42:e3:3d:74:24:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Mar 23 16:53:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ae725fce6bb606d24af2b141753e02f7212ab72a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:c6:5c:a2:68:82:1a:40:5d:19:cc:34:7e:02:
                    af:cf:3a:58:2a:3f:3a:b5:9f:18:7a:aa:db:60:08:
                    7e:d3:0b:31:ec:9e:df:6e:5e:f0:07:30:af:eb:4a:
                    62:46:5f:d6:58:ec:61:2e:a9:8d:c9:28:6e:0f:e2:
                    c9:10:0f:1f:15:cf:ea:30:b8:4b:0e:c2:3d:eb:c6:
                    4b:81:60:36:f6:cb:2f:ff:b2:cd:31:4c:6c:d9:14:
                    8a:c2:5c:87:9c:90:4b:34:68:52:cf:52:71:35:58:
                    2e:c4:ab:e9:f3:79:84:b0:f6:2b:01:14:a4:12:c9:
                    aa:e9:1d:31:01:11:a7:3b:e7:27:0b:cd:4a:1c:68:
                    bb:11:67:3e:32:08:be:49:0f:f8:55:94:99:34:9d:
                    d3:8a:38:c5:1f:97:03:83:5f:62:6c:6f:47:d8:49:
                    11:53:82:36:32:4c:3d:63:03:5e:c5:b6:6b:63:73:
                    a4:76:d2:ec:c6:79:c8:d4:d6:95:44:51:d6:f6:08:
                    f4:9b:6b:02:b9:fa:9d:14:d1:7e:53:13:d5:4e:ea:
                    8e:e0:43:58:b7:fc:55:57:a1:c0:17:57:77:ab:83:
                    db:3e:75:9e:34:19:b3:b3:be:43:07:ad:03:5e:26:
                    1e:2c:73:68:54:09:76:26:1e:8c:6e:4d:67:b1:31:
                    20:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:72:5F:CE:6B:B6:06:D2:4A:F2:B1:41:75:3E:02:F7:21:2A:B7:2A
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/rnJfzmu2BtJK8rFBdT4C9yEqtyo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:110::/44

    Signature Algorithm: sha256WithRSAEncryption
         1e:14:35:47:95:4f:d7:e6:4e:20:9e:25:05:9b:ff:8a:d8:70:
         f6:51:bc:3b:c5:d4:fc:18:68:10:88:12:23:b2:92:bb:65:6b:
         82:82:6e:f4:97:94:2d:3d:5f:a2:13:11:77:40:07:61:ec:e5:
         d7:9f:d7:a1:6e:07:ab:e5:4a:1d:10:69:51:71:48:c1:0b:0f:
         03:ff:4e:b8:ed:b6:23:5e:ee:31:9a:76:a3:b7:66:f8:70:d8:
         8b:f1:e4:e9:97:80:77:4d:d8:9c:aa:91:19:b5:82:fd:7b:20:
         b8:00:19:cf:f2:36:47:0c:eb:cd:9f:26:14:46:0c:6b:e5:b5:
         cf:a9:62:2b:9e:46:b3:87:fe:58:12:03:87:bf:a5:89:d2:3d:
         9a:da:b6:f9:78:4d:11:fb:52:c3:6a:f8:51:63:b2:46:22:9d:
         b9:95:3f:e6:6a:8b:ad:84:ba:41:85:a8:83:e6:72:45:9b:03:
         02:21:83:13:db:9c:97:d3:8e:ce:1e:ba:2c:87:3b:05:8b:5c:
         a9:dc:22:b3:7b:d7:37:a9:de:68:c2:cd:59:66:85:2e:4d:50:
         68:37:b9:82:51:44:1c:15:8e:df:a0:c9:93:55:de:4d:29:a3:
         12:1a:21:02:60:c4:cb:e9:a2:e7:6f:0d:65:02:9b:33:bb:55:
         0f:9e:92:a0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ0bncqA/wRABUjoQuM9dCSEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjYwMzIzMTY1MzM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTcyNWZjZTZiYjYwNmQyNGFmMmIxNDE3NTNlMDJmNzIxMmFiNzJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuMZcomiCGkBdGcw0fgKvzzpYKj86
tZ8YeqrbYAh+0wsx7J7fbl7wBzCv60piRl/WWOxhLqmNyShuD+LJEA8fFc/qMLhL
DsI968ZLgWA29ssv/7LNMUxs2RSKwlyHnJBLNGhSz1JxNVguxKvp83mEsPYrARSk
Esmq6R0xARGnO+cnC81KHGi7EWc+Mgi+SQ/4VZSZNJ3TijjFH5cDg19ibG9H2EkR
U4I2Mkw9YwNexbZrY3OkdtLsxnnI1NaVRFHW9gj0m2sCufqdFNF+UxPVTuqO4ENY
t/xVV6HAF1d3q4PbPnWeNBmzs75DB60DXiYeLHNoVAl2Jh6Mbk1nsTEgewIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK5yX85rtgbSSvKxQXU+AvchKrcqMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvcm5KZnptdTJCdEpLOHJGQmRUNEM5eUVxdHlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg3ZQAEQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAeFDVHlU/X5k4gniUFm/+K2HD2Ubw7xdT8GGgQ
iBIjspK7ZWuCgm70l5QtPV+iExF3QAdh7OXXn9ehbger5UodEGlRcUjBCw8D/064
7bYjXu4xmnajt2b4cNiL8eTpl4B3TdicqpEZtYL9eyC4ABnP8jZHDOvNnyYURgxr
5bXPqWIrnkazh/5YEgOHv6WJ0j2a2rb5eE0R+1LDavhRY7JGIp25lT/maouthLpB
haiD5nJFmwMCIYMT25yX047OHroshzsFi1yp3CKze9c3qd5ows1ZZoUuTVBoN7mC
UUQcFY7foMmTVd5NKaMSGiECYMTL6aLnbw1lApszu1UPnpKg
-----END CERTIFICATE-----