Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/kHFQD3RhEOnyrVTDx3o-llrWptY.roa
File:                     kHFQD3RhEOnyrVTDx3o-llrWptY.roa (raw, json)
Hash identifier:          CGGcQvVt3iwshKyrjpcJ9zweA4jbEFPV7zvf1+47qtQ=
Subject key identifier:   90:71:50:0F:74:61:10:E9:F2:AD:54:C3:C7:7A:3E:96:5A:D6:A6:D6
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019D0B4A546D07B24071431FCCC51ED7462F
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/kHFQD3RhEOnyrVTDx3o-llrWptY.roa
Signing time:             Fri 20 Mar 2026 12:48:33 +0000
ROA not before:           Fri 20 Mar 2026 12:48:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199854
IP address blocks:        2a0c:b641:b30::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0b:4a:54:6d:07:b2:40:71:43:1f:cc:c5:1e:d7:46:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Mar 20 12:48:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9071500f746110e9f2ad54c3c77a3e965ad6a6d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:6f:1b:2c:c9:4c:a0:33:50:68:a3:86:ca:7c:
                    3b:d5:c9:93:b2:7b:df:61:de:63:89:32:16:84:7d:
                    c7:27:27:93:f1:64:07:5f:5e:a5:5e:a1:52:e6:6f:
                    67:87:d7:15:d0:d5:dd:ac:5b:c9:75:79:e2:39:83:
                    9f:69:b6:d3:1c:3b:4e:1d:94:d8:a9:28:d5:91:c2:
                    29:4d:80:88:8a:f4:f2:84:5d:15:fd:65:02:c3:b4:
                    3a:db:f5:e5:24:60:df:b9:ef:a8:96:60:3f:72:19:
                    61:73:2f:70:ab:64:28:fc:64:be:00:ff:dc:97:1d:
                    3f:99:26:61:16:72:da:ee:e2:6d:41:4e:e5:fb:77:
                    32:14:ca:96:c7:aa:0f:95:d0:ec:4c:8e:4a:43:1e:
                    10:a1:6b:72:b7:1c:51:89:73:ba:b5:0a:15:45:20:
                    50:da:51:d8:8d:f8:db:72:3e:d3:fe:43:bf:2e:83:
                    78:ea:08:d4:f6:2c:9d:c4:83:34:08:3f:57:61:20:
                    f6:12:39:37:2a:12:0b:9a:6e:d3:f4:be:1c:d1:70:
                    e5:ae:a5:24:9d:8c:f0:ef:4d:ae:38:d4:b1:d3:82:
                    76:c9:09:00:e4:1b:6b:f6:62:c7:db:dc:ee:c5:35:
                    12:51:f8:bb:5a:f2:98:43:c1:d2:8c:65:f5:80:e0:
                    f4:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:71:50:0F:74:61:10:E9:F2:AD:54:C3:C7:7A:3E:96:5A:D6:A6:D6
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/kHFQD3RhEOnyrVTDx3o-llrWptY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:b30::/44

    Signature Algorithm: sha256WithRSAEncryption
         51:0c:7c:ac:4a:c0:07:51:13:35:2a:33:5e:07:32:1d:fb:af:
         1c:3c:6f:f0:c4:73:f9:f6:43:15:ce:4d:88:30:5d:4a:bc:cb:
         71:2d:78:99:d8:a0:38:af:7b:d8:0a:f2:25:72:c5:f5:8c:53:
         b1:49:46:4f:33:c4:45:0d:6d:1a:6d:e0:06:1d:67:00:44:51:
         1b:46:81:bd:f7:e0:8f:5f:3c:58:fb:39:1a:42:76:f1:99:53:
         a8:4d:d8:0f:79:b2:52:0c:77:b0:fe:95:81:e2:43:54:91:96:
         fb:2c:b7:09:30:26:74:37:a4:e5:80:c4:95:79:66:20:c5:aa:
         80:0e:06:2c:2f:9c:cf:de:e1:de:f2:06:8e:19:9e:65:ba:4c:
         b6:17:23:78:f7:18:f8:c1:2d:c9:2a:d3:89:63:e4:8b:b5:61:
         0a:17:fd:e2:49:df:8d:e5:c5:31:d1:28:c7:de:0d:de:ea:45:
         b5:e4:03:81:f1:ac:d8:f3:81:8e:f1:ad:4f:2b:1e:00:14:df:
         ef:98:f0:af:ee:f0:e3:50:28:bc:f2:35:e2:81:93:37:00:59:
         a8:00:a6:9d:5c:69:0c:0c:8c:e7:65:22:11:35:5e:74:2d:f3:
         9c:a0:b2:ed:2e:fa:2d:03:f5:e9:bf:6d:1d:e3:b0:a9:68:ae:
         1a:c0:c5:ce
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ0LSlRtB7JAcUMfzMUe10YvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwMzIwMTI0ODMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDcxNTAwZjc0NjExMGU5ZjJhZDU0YzNjNzdhM2U5NjVhZDZhNmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlW8bLMlMoDNQaKOGynw71cmTsnvf
Yd5jiTIWhH3HJyeT8WQHX16lXqFS5m9nh9cV0NXdrFvJdXniOYOfabbTHDtOHZTY
qSjVkcIpTYCIivTyhF0V/WUCw7Q62/XlJGDfue+olmA/chlhcy9wq2Qo/GS+AP/c
lx0/mSZhFnLa7uJtQU7l+3cyFMqWx6oPldDsTI5KQx4QoWtytxxRiXO6tQoVRSBQ
2lHYjfjbcj7T/kO/LoN46gjU9iydxIM0CD9XYSD2Ejk3KhILmm7T9L4c0XDlrqUk
nYzw702uONSx04J2yQkA5Btr9mLH29zuxTUSUfi7WvKYQ8HSjGX1gOD0fQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJBxUA90YRDp8q1Uw8d6PpZa1qbWMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEva0hGUUQzUmhFT255clZURHgzby1sbHJXcHRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQsw
MA0GCSqGSIb3DQEBCwUAA4IBAQBRDHysSsAHURM1KjNeBzId+68cPG/wxHP59kMV
zk2IMF1KvMtxLXiZ2KA4r3vYCvIlcsX1jFOxSUZPM8RFDW0abeAGHWcARFEbRoG9
9+CPXzxY+zkaQnbxmVOoTdgPebJSDHew/pWB4kNUkZb7LLcJMCZ0N6TlgMSVeWYg
xaqADgYsL5zP3uHe8gaOGZ5luky2FyN49xj4wS3JKtOJY+SLtWEKF/3iSd+N5cUx
0SjH3g3e6kW15AOB8azY84GO8a1PKx4AFN/vmPCv7vDjUCi88jXigZM3AFmoAKad
XGkMDIznZSIRNV50LfOcoLLtLvotA/Xpv20d47CpaK4awMXO
-----END CERTIFICATE-----