Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/UoHbh7ZhqE8CZGjAt_vB2ViBXLc.roa
File:                     UoHbh7ZhqE8CZGjAt_vB2ViBXLc.roa (raw, json)
Hash identifier:          XoZwp9QtLS/pa/5lWVigHZOSpncO1MEOy8ZT5NkNYe0=
Subject key identifier:   52:81:DB:87:B6:61:A8:4F:02:64:68:C0:B7:FB:C1:D9:58:81:5C:B7
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019DB6485675B0D8D0D64187889252AAD249
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/UoHbh7ZhqE8CZGjAt_vB2ViBXLc.roa
Signing time:             Wed 22 Apr 2026 17:41:27 +0000
ROA not before:           Wed 22 Apr 2026 17:41:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198585
IP address blocks:        2a0c:b641:ae0::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b6:48:56:75:b0:d8:d0:d6:41:87:88:92:52:aa:d2:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Apr 22 17:41:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5281db87b661a84f026468c0b7fbc1d958815cb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:26:cc:8a:f2:40:fa:d0:90:bb:a0:13:ad:52:
                    d0:9c:94:c4:6a:6c:ec:2d:fa:63:c3:28:5e:37:2d:
                    7e:6a:b2:94:49:66:5a:a3:b3:ba:80:76:b3:e1:0d:
                    78:4f:f0:b7:a6:9e:20:29:c6:50:a0:cb:85:5b:19:
                    9c:91:da:f3:6c:d6:d5:6c:99:03:54:dd:47:fa:22:
                    e3:b2:fb:7c:c6:fb:a6:4d:de:05:11:2e:c0:12:55:
                    28:87:9a:86:68:55:4b:cb:04:d0:99:3e:6f:27:84:
                    84:07:5c:aa:3b:67:42:b3:f6:1c:e4:d8:74:c8:eb:
                    c0:fd:ec:5d:be:e5:9b:6f:81:fb:76:88:4b:fa:b7:
                    aa:01:71:4c:13:9b:f4:85:73:29:a5:57:b3:db:1e:
                    c8:6f:c0:2f:19:5c:6a:56:9d:1a:68:0f:11:a2:74:
                    3d:d5:67:36:27:ff:ac:20:bb:dc:00:62:1f:ca:d8:
                    6e:83:90:4a:73:c0:50:48:c7:4d:ba:d1:c8:2d:2c:
                    53:d5:f5:5f:77:ef:f1:61:c3:52:87:36:d9:64:d8:
                    1d:5c:fd:aa:a8:b8:5d:08:0f:0f:a0:dc:55:0d:b2:
                    79:93:cb:00:7d:94:eb:98:9e:d5:7e:f9:18:27:f4:
                    12:62:9d:f0:83:95:b0:e1:d4:d5:f1:66:1f:de:42:
                    e6:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:81:DB:87:B6:61:A8:4F:02:64:68:C0:B7:FB:C1:D9:58:81:5C:B7
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/UoHbh7ZhqE8CZGjAt_vB2ViBXLc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:ae0::/44

    Signature Algorithm: sha256WithRSAEncryption
         8c:c2:e0:fa:ba:7d:98:8a:4d:80:01:8d:fd:db:6b:ea:d4:0d:
         f5:0a:99:bc:1e:23:98:05:0e:cf:f6:b9:00:49:cb:6a:8f:de:
         07:01:a7:f2:f6:3e:2e:68:33:6c:64:48:4f:ec:f8:6a:01:85:
         80:98:d7:fa:5c:a9:22:fa:91:74:f9:ff:57:b0:54:75:21:35:
         67:d1:3d:42:10:44:2b:c0:44:dd:7f:f4:57:1f:ed:54:43:02:
         95:63:a0:3d:cc:a7:bc:aa:1f:b3:12:5d:de:5a:68:ff:78:d0:
         3d:c2:47:87:14:53:e4:3f:58:63:eb:42:eb:c4:b8:10:c7:5d:
         da:e1:28:3c:5d:1e:fb:9d:2b:f2:5d:59:7b:7f:a3:9b:0e:11:
         54:47:bb:6f:3d:0c:b8:30:3e:6d:8b:19:0d:21:cd:f8:a7:6f:
         53:ba:90:fd:22:78:f2:5c:b9:c1:b3:7d:9a:f5:47:b4:b0:aa:
         82:d6:3f:be:20:53:33:91:cb:8d:e7:18:53:83:bd:eb:dd:e0:
         5e:09:fa:1d:92:96:91:76:cc:01:c8:97:0c:3a:46:69:31:1c:
         6f:6d:7b:2a:ae:2a:70:eb:11:7b:ba:ff:85:23:9f:8b:14:f9:
         51:cc:61:40:5e:e3:ab:89:d4:29:e3:6c:35:99:71:fe:8b:86:
         0d:df:ec:05
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ22SFZ1sNjQ1kGHiJJSqtJJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwNDIyMTc0MTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjgxZGI4N2I2NjFhODRmMDI2NDY4YzBiN2ZiYzFkOTU4ODE1Y2I3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ibMivJA+tCQu6ATrVLQnJTEamzs
LfpjwyheNy1+arKUSWZao7O6gHaz4Q14T/C3pp4gKcZQoMuFWxmckdrzbNbVbJkD
VN1H+iLjsvt8xvumTd4FES7AElUoh5qGaFVLywTQmT5vJ4SEB1yqO2dCs/Yc5Nh0
yOvA/exdvuWbb4H7dohL+reqAXFME5v0hXMppVez2x7Ib8AvGVxqVp0aaA8RonQ9
1Wc2J/+sILvcAGIfythug5BKc8BQSMdNutHILSxT1fVfd+/xYcNShzbZZNgdXP2q
qLhdCA8PoNxVDbJ5k8sAfZTrmJ7VfvkYJ/QSYp3wg5Ww4dTV8WYf3kLmGwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFKB24e2YahPAmRowLf7wdlYgVy3MB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvVW9IYmg3WmhxRThDWkdqQXRfdkIyVmlCWExjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQrg
MA0GCSqGSIb3DQEBCwUAA4IBAQCMwuD6un2Yik2AAY3922vq1A31Cpm8HiOYBQ7P
9rkASctqj94HAafy9j4uaDNsZEhP7PhqAYWAmNf6XKki+pF0+f9XsFR1ITVn0T1C
EEQrwETdf/RXH+1UQwKVY6A9zKe8qh+zEl3eWmj/eNA9wkeHFFPkP1hj60LrxLgQ
x13a4Sg8XR77nSvyXVl7f6ObDhFUR7tvPQy4MD5tixkNIc34p29TupD9InjyXLnB
s32a9Ue0sKqC1j++IFMzkcuN5xhTg73r3eBeCfodkpaRdswByJcMOkZpMRxvbXsq
ripw6xF7uv+FI5+LFPlRzGFAXuOridQp42w1mXH+i4YN3+wF
-----END CERTIFICATE-----