Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/2c866a-131e-4bab-962c-64604518bcbf/1/MpAtPvXf2NUZLrtZHr5wLDE9ing.roa
File:                     MpAtPvXf2NUZLrtZHr5wLDE9ing.roa (raw, json)
Hash identifier:          wDbKs3VjtAP4258J/lY8NrGeGS7zhrnbtOERXhqM3tU=
Subject key identifier:   32:90:2D:3E:F5:DF:D8:D5:19:2E:BB:59:1E:BE:70:2C:31:3D:8A:78
Certificate issuer:       /CN=069483175568ff6308da25ce69042f49a51e6ecb
Certificate serial:       019E1C2AF07D36DED5D68BFBE35E1C2DC14D
Authority key identifier: 06:94:83:17:55:68:FF:63:08:DA:25:CE:69:04:2F:49:A5:1E:6E:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BpSDF1Vo_2MI2iXOaQQvSaUebss.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/2c866a-131e-4bab-962c-64604518bcbf/1/MpAtPvXf2NUZLrtZHr5wLDE9ing.roa
Signing time:             Tue 12 May 2026 12:30:36 +0000
ROA not before:           Tue 12 May 2026 12:30:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198120
IP address blocks:        2a0d:2500::/29 maxlen: 32
                          2a0d:2500::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/2c866a-131e-4bab-962c-64604518bcbf/1/BpSDF1Vo_2MI2iXOaQQvSaUebss.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/2c866a-131e-4bab-962c-64604518bcbf/1/BpSDF1Vo_2MI2iXOaQQvSaUebss.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BpSDF1Vo_2MI2iXOaQQvSaUebss.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 12:30:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:1c:2a:f0:7d:36:de:d5:d6:8b:fb:e3:5e:1c:2d:c1:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=069483175568ff6308da25ce69042f49a51e6ecb
        Validity
            Not Before: May 12 12:30:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=32902d3ef5dfd8d5192ebb591ebe702c313d8a78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:d9:0f:36:e2:be:1d:0a:12:db:e3:e5:44:df:
                    ad:11:1e:2e:57:93:99:e2:cf:7a:e6:93:d9:83:ea:
                    ff:a4:ee:cb:46:c5:ee:5e:a1:b1:92:42:91:fc:55:
                    23:c1:06:30:d3:f9:45:59:f0:1e:f5:2d:76:d0:c3:
                    c9:3e:8b:c3:ad:58:65:83:30:63:7a:7a:f3:cd:ab:
                    67:ac:2e:c5:44:b9:f2:fa:74:6e:7e:b0:23:00:43:
                    85:d4:38:33:2e:fe:20:55:0a:e8:d1:41:9f:21:73:
                    39:63:78:c3:41:de:d5:ab:6d:ba:8f:65:5f:6a:c6:
                    a5:2d:6d:0a:e2:ef:43:c0:d4:8f:e6:a8:47:5c:0c:
                    64:23:ff:19:7d:06:0c:51:f2:c7:f0:24:95:d9:52:
                    08:cd:0c:d0:f8:be:3f:e9:04:c9:92:4a:d9:af:16:
                    f9:09:83:d1:b1:14:69:58:36:8e:ae:9a:c9:38:a8:
                    6d:bb:fd:b1:bd:40:17:52:31:f2:6e:fb:0c:e9:c3:
                    51:85:f1:f5:fe:7a:13:0b:11:c3:da:42:04:92:b7:
                    ce:11:49:7d:6e:34:8b:67:4c:8e:14:b7:ea:0b:ef:
                    88:06:ef:1d:1d:4d:3f:17:4f:d2:8c:51:b1:47:e5:
                    19:8c:15:29:a1:dd:c0:05:88:19:f0:d4:89:cd:2d:
                    e1:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:90:2D:3E:F5:DF:D8:D5:19:2E:BB:59:1E:BE:70:2C:31:3D:8A:78
            X509v3 Authority Key Identifier:
                keyid:06:94:83:17:55:68:FF:63:08:DA:25:CE:69:04:2F:49:A5:1E:6E:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BpSDF1Vo_2MI2iXOaQQvSaUebss.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/2c866a-131e-4bab-962c-64604518bcbf/1/MpAtPvXf2NUZLrtZHr5wLDE9ing.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/2c866a-131e-4bab-962c-64604518bcbf/1/BpSDF1Vo_2MI2iXOaQQvSaUebss.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:2500::/29

    Signature Algorithm: sha256WithRSAEncryption
         42:05:9d:e7:78:41:7f:81:e9:a8:b3:77:73:6b:5b:b5:06:9b:
         76:8e:63:2d:0e:07:c7:75:df:4b:b6:cd:5e:2a:89:a0:5b:29:
         54:d2:29:05:e1:84:ce:52:c0:54:67:3c:7e:92:7d:6d:62:bc:
         11:df:5f:d5:32:d3:a6:6c:c1:17:51:42:d2:16:14:13:c0:f6:
         a4:4f:f0:c3:20:d5:d0:4c:ab:2a:f6:57:ba:91:a4:64:34:4c:
         d1:0d:5e:1a:c7:e8:a3:f9:f0:6d:2c:7b:ae:6a:c8:e1:74:31:
         70:84:6a:d2:2c:84:92:b7:c6:15:f9:49:21:30:59:42:19:ae:
         f4:d7:70:3d:5a:e2:78:84:39:2f:39:ef:a5:b9:b3:3a:5b:37:
         6b:bf:40:a4:5b:3e:a7:b1:9f:94:52:e9:75:ac:b8:6e:60:16:
         b7:5f:82:65:2f:57:7b:11:8a:d0:be:2d:2e:b4:19:2f:7c:89:
         20:08:e1:b1:d1:69:33:a8:a5:b4:1b:ee:c1:b9:41:05:d2:e9:
         de:64:78:47:78:51:74:13:b9:f7:59:54:8f:a7:a5:f4:a2:47:
         af:e2:96:cf:fb:fb:da:8c:34:34:f3:9b:4a:81:fa:7f:e5:37:
         f7:1b:f7:f8:75:c6:d9:fe:a1:52:48:9b:1c:52:d9:dc:88:b3:
         a8:02:04:73
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ4cKvB9Nt7V1ov7414cLcFNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2OTQ4MzE3NTU2OGZmNjMwOGRhMjVjZTY5MDQyZjQ5YTUx
ZTZlY2IwHhcNMjYwNTEyMTIzMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjkwMmQzZWY1ZGZkOGQ1MTkyZWJiNTkxZWJlNzAyYzMxM2Q4YTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7tkPNuK+HQoS2+PlRN+tER4uV5OZ
4s965pPZg+r/pO7LRsXuXqGxkkKR/FUjwQYw0/lFWfAe9S120MPJPovDrVhlgzBj
enrzzatnrC7FRLny+nRufrAjAEOF1DgzLv4gVQro0UGfIXM5Y3jDQd7Vq226j2Vf
asalLW0K4u9DwNSP5qhHXAxkI/8ZfQYMUfLH8CSV2VIIzQzQ+L4/6QTJkkrZrxb5
CYPRsRRpWDaOrprJOKhtu/2xvUAXUjHybvsM6cNRhfH1/noTCxHD2kIEkrfOEUl9
bjSLZ0yOFLfqC++IBu8dHU0/F0/SjFGxR+UZjBUpod3ABYgZ8NSJzS3haQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDKQLT7139jVGS67WR6+cCwxPYp4MB8GA1UdIwQY
MBaAFAaUgxdVaP9jCNolzmkEL0mlHm7LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnBTREYxVm9fMk1JMmlYT2FRUXZTYVVlYnNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi8yYzg2NmEtMTMxZS00YmFiLTk2MmMt
NjQ2MDQ1MThiY2JmLzEvTXBBdFB2WGYyTlVaTHJ0WkhyNXdMREU5aW5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi8yYzg2NmEtMTMxZS00YmFiLTk2MmMtNjQ2MDQ1MThiY2Jm
LzEvQnBTREYxVm9fMk1JMmlYT2FRUXZTYVVlYnNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg0lADAN
BgkqhkiG9w0BAQsFAAOCAQEAQgWd53hBf4HpqLN3c2tbtQabdo5jLQ4Hx3XfS7bN
XiqJoFspVNIpBeGEzlLAVGc8fpJ9bWK8Ed9f1TLTpmzBF1FC0hYUE8D2pE/wwyDV
0EyrKvZXupGkZDRM0Q1eGsfoo/nwbSx7rmrI4XQxcIRq0iyEkrfGFflJITBZQhmu
9NdwPVrieIQ5LznvpbmzOls3a79ApFs+p7GflFLpday4bmAWt1+CZS9XexGK0L4t
LrQZL3yJIAjhsdFpM6iltBvuwblBBdLp3mR4R3hRdBO591lUj6el9KJHr+KWz/v7
2ow0NPObSoH6f+U39xv3+HXG2f6hUkibHFLZ3IizqAIEcw==
-----END CERTIFICATE-----