Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/jKY6Bz38HLM2rQB9tvBoTPfU0IA.roa
File:                     jKY6Bz38HLM2rQB9tvBoTPfU0IA.roa (raw, json)
Hash identifier:          MZGAZ89flkkH7mZ2VRu8oyNy20pIi8IBjfDXCXeVIKw=
Subject key identifier:   8C:A6:3A:07:3D:FC:1C:B3:36:AD:00:7D:B6:F0:68:4C:F7:D4:D0:80
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019DD91957C9690C5E593FAE506B97A329F5
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/jKY6Bz38HLM2rQB9tvBoTPfU0IA.roa
Signing time:             Wed 29 Apr 2026 11:56:49 +0000
ROA not before:           Wed 29 Apr 2026 11:56:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198339
IP address blocks:        2a0c:b641:440::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d9:19:57:c9:69:0c:5e:59:3f:ae:50:6b:97:a3:29:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Apr 29 11:56:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8ca63a073dfc1cb336ad007db6f0684cf7d4d080
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:0a:89:fe:29:ff:79:04:5e:c3:c1:90:5f:7d:
                    2b:2a:b4:e2:e5:e1:8f:97:bb:3b:3e:65:58:ef:4e:
                    69:a8:6f:a2:43:b7:1a:fe:43:ee:4a:f4:75:0d:97:
                    99:71:9b:17:64:e7:0f:cf:8b:be:92:84:26:b0:d6:
                    36:df:75:60:09:c0:4a:82:4e:f4:38:28:1b:d1:d8:
                    88:b2:a8:4f:76:ce:ed:5a:5a:b1:b6:9b:55:e5:00:
                    29:ab:96:da:2f:f2:ce:3f:e8:c6:cf:ad:09:a0:a1:
                    c0:3c:63:c0:d7:f2:c5:43:49:f2:5d:b9:6a:0e:06:
                    06:5a:9d:ca:aa:d2:92:9b:67:d2:75:a2:e1:d6:70:
                    fd:73:87:27:c2:d7:8b:49:19:2e:d3:ea:f5:1e:1d:
                    05:ad:08:ff:a2:7d:47:a9:01:a3:cd:b5:40:20:86:
                    e7:f0:5c:c2:f6:d3:35:b9:fe:4e:0f:ea:d8:06:d5:
                    0b:06:19:06:de:c5:a6:c6:63:68:8e:a0:89:2a:73:
                    e5:62:78:53:73:a6:85:12:75:55:a3:5e:c0:d7:57:
                    ea:73:a3:41:e1:6f:41:6b:e4:e7:67:68:d5:91:80:
                    fa:b3:ae:b6:c1:5b:1b:61:3a:0f:14:28:b9:45:e0:
                    3a:03:4c:bb:2c:3c:f9:2b:44:6d:5e:75:77:96:42:
                    5f:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:A6:3A:07:3D:FC:1C:B3:36:AD:00:7D:B6:F0:68:4C:F7:D4:D0:80
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/jKY6Bz38HLM2rQB9tvBoTPfU0IA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:440::/44

    Signature Algorithm: sha256WithRSAEncryption
         19:77:ab:72:5e:b0:b7:14:59:12:eb:60:b0:82:a6:7d:52:3e:
         0e:fb:eb:93:f8:e7:cf:89:b9:24:ab:b3:73:54:f7:2d:f3:43:
         28:cf:b6:40:c1:89:3e:67:be:2a:de:0a:eb:7b:59:4d:41:1a:
         65:d1:85:7d:4d:d5:46:d2:48:49:3b:b2:6e:00:da:cc:7c:98:
         f2:36:f3:88:2b:35:c3:d5:4c:57:85:98:4f:e9:94:36:8b:3e:
         f9:77:f1:50:79:51:9c:68:f3:42:68:a2:73:1b:8e:4d:52:5c:
         fd:d1:53:7f:16:fa:a1:89:8d:71:2f:24:58:72:ae:6b:8b:3f:
         da:4a:56:3b:0b:af:e9:52:13:10:c0:86:cb:b7:6d:a1:3d:f3:
         b6:5e:d4:a5:44:f5:a6:1c:83:ae:6d:21:17:f9:32:00:ab:fd:
         e4:d8:97:26:ec:3d:17:56:9f:ab:90:d8:26:59:31:d1:fa:36:
         0e:c3:c5:18:33:fe:24:01:57:6d:40:35:17:ec:17:59:d2:28:
         70:09:50:d4:20:98:7a:36:4d:1d:e7:f0:73:a1:93:46:d4:f0:
         7d:44:cf:85:31:49:7a:4c:8d:59:07:45:e0:05:6c:d1:ca:63:
         09:e8:01:47:df:3b:e0:35:c7:4d:c1:f4:53:5e:32:34:31:8f:
         88:ec:62:a1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ3ZGVfJaQxeWT+uUGuXoyn1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwNDI5MTE1NjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2E2M2EwNzNkZmMxY2IzMzZhZDAwN2RiNmYwNjg0Y2Y3ZDRkMDgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAowqJ/in/eQRew8GQX30rKrTi5eGP
l7s7PmVY705pqG+iQ7ca/kPuSvR1DZeZcZsXZOcPz4u+koQmsNY233VgCcBKgk70
OCgb0diIsqhPds7tWlqxtptV5QApq5baL/LOP+jGz60JoKHAPGPA1/LFQ0nyXblq
DgYGWp3KqtKSm2fSdaLh1nD9c4cnwteLSRku0+r1Hh0FrQj/on1HqQGjzbVAIIbn
8FzC9tM1uf5OD+rYBtULBhkG3sWmxmNojqCJKnPlYnhTc6aFEnVVo17A11fqc6NB
4W9Ba+TnZ2jVkYD6s662wVsbYToPFCi5ReA6A0y7LDz5K0RtXnV3lkJfrQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIymOgc9/ByzNq0AfbbwaEz31NCAMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvaktZNkJ6MzhITE0yclFCOXR2Qm9UUGZVMElBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQRA
MA0GCSqGSIb3DQEBCwUAA4IBAQAZd6tyXrC3FFkS62CwgqZ9Uj4O++uT+OfPibkk
q7NzVPct80Moz7ZAwYk+Z74q3grre1lNQRpl0YV9TdVG0khJO7JuANrMfJjyNvOI
KzXD1UxXhZhP6ZQ2iz75d/FQeVGcaPNCaKJzG45NUlz90VN/FvqhiY1xLyRYcq5r
iz/aSlY7C6/pUhMQwIbLt22hPfO2XtSlRPWmHIOubSEX+TIAq/3k2Jcm7D0XVp+r
kNgmWTHR+jYOw8UYM/4kAVdtQDUX7BdZ0ihwCVDUIJh6Nk0d5/BzoZNG1PB9RM+F
MUl6TI1ZB0XgBWzRymMJ6AFH3zvgNcdNwfRTXjI0MY+I7GKh
-----END CERTIFICATE-----