Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/a7538a-69be-4fbe-97e1-87d97e2aadc4/1/a7dc7sTXBG9g6baqXZ5n-zFcW2U.roa
File:                     a7dc7sTXBG9g6baqXZ5n-zFcW2U.roa (raw, json)
Hash identifier:          NAb+NkDlWJd04gSzwtykl0+s9KlRgbw76dF4Fu82HXg=
Subject key identifier:   6B:B7:5C:EE:C4:D7:04:6F:60:E9:B6:AA:5D:9E:67:FB:31:5C:5B:65
Certificate issuer:       /CN=7e6e2e6966e06ab25ca0e1da66e1e3d64248b3a1
Certificate serial:       019E161FB3A984DA0AA5E53743E35E04642E
Authority key identifier: 7E:6E:2E:69:66:E0:6A:B2:5C:A0:E1:DA:66:E1:E3:D6:42:48:B3:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fm4uaWbgarJcoOHaZuHj1kJIs6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/a7538a-69be-4fbe-97e1-87d97e2aadc4/1/a7dc7sTXBG9g6baqXZ5n-zFcW2U.roa
Signing time:             Mon 11 May 2026 08:20:36 +0000
ROA not before:           Mon 11 May 2026 08:20:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212540
IP address blocks:        2001:678:3a4::/48 maxlen: 48
                          2a14:9b80::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/a7538a-69be-4fbe-97e1-87d97e2aadc4/1/fm4uaWbgarJcoOHaZuHj1kJIs6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/a7538a-69be-4fbe-97e1-87d97e2aadc4/1/fm4uaWbgarJcoOHaZuHj1kJIs6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fm4uaWbgarJcoOHaZuHj1kJIs6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:16:1f:b3:a9:84:da:0a:a5:e5:37:43:e3:5e:04:64:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e6e2e6966e06ab25ca0e1da66e1e3d64248b3a1
        Validity
            Not Before: May 11 08:20:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6bb75ceec4d7046f60e9b6aa5d9e67fb315c5b65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c6:ac:45:2c:87:e7:43:48:87:50:25:f1:90:
                    ef:f6:58:a0:fc:ae:85:5f:3c:3c:1e:03:7f:85:0f:
                    1f:9a:3e:6d:5a:67:b6:e9:a2:32:56:f3:fd:8f:2c:
                    07:3a:c3:99:f1:cc:56:ba:88:93:08:6c:35:7a:6c:
                    e2:a4:af:86:bb:15:78:e9:56:c1:67:b5:6a:0a:b9:
                    69:3a:87:27:62:1a:9a:4b:4d:88:e8:a0:96:f1:a3:
                    7f:6a:37:dc:82:e3:cf:bd:23:f0:ac:88:84:14:ad:
                    96:c7:76:08:e4:cc:2f:11:b1:f2:4b:d2:d6:b0:19:
                    27:a8:81:37:45:8f:67:91:3e:d0:7c:23:55:fe:4e:
                    1c:d8:55:dd:1e:52:fa:21:32:37:7e:a8:a5:0a:18:
                    da:56:40:bf:e5:7d:0e:8a:e5:42:be:1f:9e:06:a1:
                    d0:1d:ee:e6:1a:78:e8:9b:95:e5:93:7a:33:94:3b:
                    31:f2:05:10:7b:88:08:96:e3:90:c2:11:9c:4c:b9:
                    1d:da:bc:8f:85:29:b8:72:ac:55:1a:e9:6f:b5:aa:
                    03:ba:43:68:f7:2f:20:31:fc:94:bb:6e:4a:6a:f7:
                    18:2b:7f:ab:e3:4a:b4:e7:ef:30:97:42:44:a7:9e:
                    1b:7b:7a:ec:ed:39:d9:e8:07:25:76:2f:02:78:bb:
                    55:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:B7:5C:EE:C4:D7:04:6F:60:E9:B6:AA:5D:9E:67:FB:31:5C:5B:65
            X509v3 Authority Key Identifier:
                keyid:7E:6E:2E:69:66:E0:6A:B2:5C:A0:E1:DA:66:E1:E3:D6:42:48:B3:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fm4uaWbgarJcoOHaZuHj1kJIs6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/a7538a-69be-4fbe-97e1-87d97e2aadc4/1/a7dc7sTXBG9g6baqXZ5n-zFcW2U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/a7538a-69be-4fbe-97e1-87d97e2aadc4/1/fm4uaWbgarJcoOHaZuHj1kJIs6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:3a4::/48
                  2a14:9b80::/32

    Signature Algorithm: sha256WithRSAEncryption
         79:6e:00:87:4a:33:64:00:27:bd:19:eb:c2:50:66:09:93:98:
         02:df:8e:6b:16:e6:a7:66:c6:cc:a9:11:6b:7a:95:96:f6:08:
         1d:1a:89:b2:f4:93:70:07:5a:c3:03:f5:4b:28:ba:1f:63:76:
         bc:b8:68:cc:0f:07:56:cb:74:04:38:89:b1:d7:2a:9a:09:74:
         4d:61:81:e2:46:0f:53:66:23:22:b0:3b:19:57:76:00:3b:95:
         c1:83:a1:7b:26:b5:7e:0c:f3:f5:eb:a1:e2:b5:75:65:fa:ed:
         db:5c:6b:49:e2:92:12:fa:bf:60:3b:f7:2f:24:d7:f1:f6:80:
         f2:91:43:ef:48:c8:81:40:2f:13:9e:c1:6b:94:19:d0:d5:28:
         23:31:3b:43:fa:87:13:ab:02:00:96:37:bf:61:55:7c:08:f3:
         46:9e:67:03:8f:b6:2a:e7:55:b9:b4:82:96:7e:86:d3:18:00:
         0b:5a:a1:87:a4:42:b9:8d:05:43:3d:6f:e6:19:52:f5:61:b4:
         17:1e:d1:17:00:72:2b:cb:3c:df:92:70:66:a6:15:36:5c:22:
         d5:f4:5a:d6:45:74:73:59:ad:3f:89:85:eb:f8:98:0a:96:aa:
         17:ae:85:b9:1e:0c:65:3e:9e:90:27:1d:8c:d0:25:38:25:ba:
         89:1e:28:36
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZ4WH7OphNoKpeU3Q+NeBGQuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlNmUyZTY5NjZlMDZhYjI1Y2EwZTFkYTY2ZTFlM2Q2NDI0
OGIzYTEwHhcNMjYwNTExMDgyMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmI3NWNlZWM0ZDcwNDZmNjBlOWI2YWE1ZDllNjdmYjMxNWM1YjY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMasRSyH50NIh1Al8ZDv9lig/K6F
Xzw8HgN/hQ8fmj5tWme26aIyVvP9jywHOsOZ8cxWuoiTCGw1emzipK+GuxV46VbB
Z7VqCrlpOocnYhqaS02I6KCW8aN/ajfcguPPvSPwrIiEFK2Wx3YI5MwvEbHyS9LW
sBknqIE3RY9nkT7QfCNV/k4c2FXdHlL6ITI3fqilChjaVkC/5X0OiuVCvh+eBqHQ
He7mGnjom5Xlk3ozlDsx8gUQe4gIluOQwhGcTLkd2ryPhSm4cqxVGulvtaoDukNo
9y8gMfyUu25KavcYK3+r40q05+8wl0JEp54be3rs7TnZ6Acldi8CeLtVawIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFGu3XO7E1wRvYOm2ql2eZ/sxXFtlMB8GA1UdIwQY
MBaAFH5uLmlm4GqyXKDh2mbh49ZCSLOhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZm00dWFXYmdhckpjb09IYVp1SGoxa0pJczZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi9hNzUzOGEtNjliZS00ZmJlLTk3ZTEt
ODdkOTdlMmFhZGM0LzEvYTdkYzdzVFhCRzlnNmJhcVhaNW4tekZjVzJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi9hNzUzOGEtNjliZS00ZmJlLTk3ZTEtODdkOTdlMmFhZGM0
LzEvZm00dWFXYmdhckpjb09IYVp1SGoxa0pJczZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwcAIAEGeAOk
AwUAKhSbgDANBgkqhkiG9w0BAQsFAAOCAQEAeW4Ah0ozZAAnvRnrwlBmCZOYAt+O
axbmp2bGzKkRa3qVlvYIHRqJsvSTcAdawwP1Syi6H2N2vLhozA8HVst0BDiJsdcq
mgl0TWGB4kYPU2YjIrA7GVd2ADuVwYOheya1fgzz9euh4rV1Zfrt21xrSeKSEvq/
YDv3LyTX8faA8pFD70jIgUAvE57Ba5QZ0NUoIzE7Q/qHE6sCAJY3v2FVfAjzRp5n
A4+2KudVubSCln6G0xgAC1qhh6RCuY0FQz1v5hlS9WG0Fx7RFwByK8s835JwZqYV
Nlwi1fRa1kV0c1mtP4mF6/iYCpaqF66FuR4MZT6ekCcdjNAlOCW6iR4oNg==
-----END CERTIFICATE-----