Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/rMlVln36L7qYkGjOV4atnSwdcME.roa
File:                     rMlVln36L7qYkGjOV4atnSwdcME.roa (raw, json)
Hash identifier:          jU+XjU9m0wdGChmI4YnHdXvRlgrhwp/jgcgJPCBPFgY=
Subject key identifier:   AC:C9:55:96:7D:FA:2F:BA:98:90:68:CE:57:86:AD:9D:2C:1D:70:C1
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019DFC89F592E977771F0BEF86EC4F8FC6ED
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/rMlVln36L7qYkGjOV4atnSwdcME.roa
Signing time:             Wed 06 May 2026 09:06:32 +0000
ROA not before:           Wed 06 May 2026 09:06:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197866
IP address blocks:        2a0c:b641:3e0::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fc:89:f5:92:e9:77:77:1f:0b:ef:86:ec:4f:8f:c6:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: May  6 09:06:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=acc955967dfa2fba989068ce5786ad9d2c1d70c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:1f:72:69:65:d3:ea:48:f3:81:3e:87:c2:7f:
                    6e:07:ed:dd:cf:97:db:b4:69:b8:c2:50:9d:19:2e:
                    bb:97:1e:4d:df:97:86:18:5a:b8:44:3f:a9:f8:7b:
                    69:63:4b:fd:b1:b2:f1:a1:fb:7a:e4:25:c8:22:64:
                    7f:93:e2:73:29:d7:fc:46:5c:65:09:6e:90:a1:7f:
                    79:08:ed:86:aa:ed:bb:3b:82:e8:c3:ba:af:1b:94:
                    71:71:1a:c8:2b:ed:20:3d:75:33:4f:c8:2a:07:95:
                    30:8d:4d:50:fb:3d:05:61:ed:ec:65:87:87:bd:65:
                    91:42:b6:18:c4:9c:03:89:0f:b6:df:be:e2:8a:b0:
                    2a:d3:fe:26:96:03:01:eb:35:e5:54:31:62:59:28:
                    bf:c3:27:e2:a2:76:35:af:98:ed:96:cd:54:41:e2:
                    4e:ae:a9:70:36:7e:31:c6:ad:81:9c:65:1f:78:b3:
                    91:6a:8d:ec:f7:6d:b6:7d:6e:89:c5:be:4a:82:09:
                    5d:0e:fc:15:38:0e:b0:06:57:d2:87:d2:20:16:10:
                    8b:ab:f5:d0:03:bb:2a:4d:4b:53:a8:c1:4b:fb:d5:
                    92:1c:2e:c7:c9:49:f3:6f:f0:41:68:45:34:16:b8:
                    56:63:42:c3:53:9b:99:09:f6:11:fd:74:d5:e5:87:
                    40:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:C9:55:96:7D:FA:2F:BA:98:90:68:CE:57:86:AD:9D:2C:1D:70:C1
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/rMlVln36L7qYkGjOV4atnSwdcME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:3e0::/44

    Signature Algorithm: sha256WithRSAEncryption
         8b:40:b8:8b:cf:b2:b2:c5:5b:b0:25:3b:3b:3a:36:e1:ac:f6:
         95:2f:6b:54:77:b9:f0:6f:b9:9d:6e:cf:19:3e:d3:11:9b:4f:
         63:63:db:be:6c:bb:44:be:30:13:77:ae:47:9c:14:fb:ac:25:
         7f:e3:a5:af:5c:be:91:ba:ef:47:28:d8:69:d3:11:b4:e6:66:
         a2:66:60:c8:92:ec:b2:e7:6c:e2:97:d2:c9:9b:46:99:0c:71:
         e0:2e:e4:4e:ee:43:10:31:c4:dd:d7:f4:61:67:f7:b1:3d:3c:
         80:16:cc:54:ab:59:f9:9d:de:c8:ed:07:29:83:48:b8:17:93:
         7d:63:03:01:fb:b7:3d:d6:7e:bf:91:bb:f9:c3:cf:25:aa:c3:
         96:4a:13:ab:22:1d:f1:0e:a7:5f:7a:f7:71:4b:f8:ba:44:4c:
         7d:1e:1d:8b:53:3b:ed:ce:2d:33:90:aa:cf:6f:c0:bd:3f:34:
         bc:83:a9:22:cc:98:f4:66:31:c4:7f:ee:bb:38:86:68:89:ef:
         49:8e:3e:42:d6:31:ea:9a:4a:2f:3f:47:02:b1:81:96:ed:9f:
         fc:66:b7:8e:53:a4:d7:c4:c0:7e:b0:57:dd:45:57:dc:aa:99:
         4a:6d:4c:38:66:3b:71:0b:39:52:eb:52:fb:39:4e:aa:55:79:
         6f:46:e3:9f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ38ifWS6Xd3HwvvhuxPj8btMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwNTA2MDkwNjMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhY2M5NTU5NjdkZmEyZmJhOTg5MDY4Y2U1Nzg2YWQ5ZDJjMWQ3MGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuR9yaWXT6kjzgT6Hwn9uB+3dz5fb
tGm4wlCdGS67lx5N35eGGFq4RD+p+HtpY0v9sbLxoft65CXIImR/k+JzKdf8Rlxl
CW6QoX95CO2Gqu27O4Low7qvG5RxcRrIK+0gPXUzT8gqB5UwjU1Q+z0FYe3sZYeH
vWWRQrYYxJwDiQ+2377iirAq0/4mlgMB6zXlVDFiWSi/wyfionY1r5jtls1UQeJO
rqlwNn4xxq2BnGUfeLORao3s9222fW6Jxb5KggldDvwVOA6wBlfSh9IgFhCLq/XQ
A7sqTUtTqMFL+9WSHC7HyUnzb/BBaEU0FrhWY0LDU5uZCfYR/XTV5YdAEwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKzJVZZ9+i+6mJBozleGrZ0sHXDBMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvck1sVmxuMzZMN3FZa0dqT1Y0YXRuU3dkY01FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQPg
MA0GCSqGSIb3DQEBCwUAA4IBAQCLQLiLz7KyxVuwJTs7OjbhrPaVL2tUd7nwb7md
bs8ZPtMRm09jY9u+bLtEvjATd65HnBT7rCV/46WvXL6Ruu9HKNhp0xG05maiZmDI
kuyy52zil9LJm0aZDHHgLuRO7kMQMcTd1/RhZ/exPTyAFsxUq1n5nd7I7Qcpg0i4
F5N9YwMB+7c91n6/kbv5w88lqsOWShOrIh3xDqdfevdxS/i6REx9Hh2LUzvtzi0z
kKrPb8C9PzS8g6kizJj0ZjHEf+67OIZoie9Jjj5C1jHqmkovP0cCsYGW7Z/8ZreO
U6TXxMB+sFfdRVfcqplKbUw4ZjtxCzlS61L7OU6qVXlvRuOf
-----END CERTIFICATE-----