Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/55bd95-c637-451b-b07c-79b409c1bd38/1/tHTr07ZBhUD8R_5r3PxqgiRA1CA.roa
File:                     tHTr07ZBhUD8R_5r3PxqgiRA1CA.roa (raw, json)
Hash identifier:          /8DCcSpchfgecurYBVc/dGLfkDOCG1kP3rKMMF22VmY=
Subject key identifier:   B4:74:EB:D3:B6:41:85:40:FC:47:FE:6B:DC:FC:6A:82:24:40:D4:20
Certificate issuer:       /CN=aa7bfd420db5caebada1a2055d87bc7da2b09c07
Certificate serial:       019CE860E2E8A01EF59CEA413539EB2CB7EF
Authority key identifier: AA:7B:FD:42:0D:B5:CA:EB:AD:A1:A2:05:5D:87:BC:7D:A2:B0:9C:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qnv9Qg21yuutoaIFXYe8faKwnAc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/55bd95-c637-451b-b07c-79b409c1bd38/1/tHTr07ZBhUD8R_5r3PxqgiRA1CA.roa
Signing time:             Fri 13 Mar 2026 18:06:29 +0000
ROA not before:           Fri 13 Mar 2026 18:06:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211377
IP address blocks:        2001:67c:26c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/55bd95-c637-451b-b07c-79b409c1bd38/1/qnv9Qg21yuutoaIFXYe8faKwnAc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/55bd95-c637-451b-b07c-79b409c1bd38/1/qnv9Qg21yuutoaIFXYe8faKwnAc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qnv9Qg21yuutoaIFXYe8faKwnAc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e8:60:e2:e8:a0:1e:f5:9c:ea:41:35:39:eb:2c:b7:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa7bfd420db5caebada1a2055d87bc7da2b09c07
        Validity
            Not Before: Mar 13 18:06:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b474ebd3b6418540fc47fe6bdcfc6a822440d420
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:9b:e4:21:5c:21:71:da:fc:32:55:30:45:cf:
                    ac:6b:67:c2:18:52:28:7d:88:c0:b8:fc:71:2c:3a:
                    64:bf:f4:49:74:ac:f0:7a:cf:91:ee:4f:71:00:eb:
                    cb:fc:34:ec:0b:bc:ea:d0:20:b5:10:20:75:34:68:
                    d2:91:21:fc:b7:99:07:94:aa:43:9b:8f:59:a3:47:
                    ef:3d:ff:da:a9:4c:b4:cf:e8:b9:ee:50:2b:d9:87:
                    7f:67:28:a1:46:35:40:40:ef:41:0b:15:70:8d:47:
                    bd:83:2b:0e:57:11:ab:d6:05:5e:55:ac:8e:9b:6a:
                    20:90:35:8e:94:cf:00:09:85:25:de:b0:67:b1:64:
                    9d:9f:9c:d9:89:68:9f:05:fa:af:90:90:11:1c:77:
                    45:76:e8:bc:ef:cc:41:9e:e5:e0:96:e8:1a:a0:17:
                    96:90:76:fb:75:6d:e7:64:e9:d1:e0:e7:a4:b8:be:
                    77:bc:04:ce:54:9e:4e:62:c1:d9:d1:f8:12:77:4e:
                    13:66:43:24:c3:a6:b8:76:76:93:8b:0d:07:4e:12:
                    cf:9c:57:a8:c9:fd:95:52:d0:ac:1c:70:b3:62:ea:
                    b7:2c:68:25:c9:a3:cd:7a:53:cb:16:af:98:0c:b1:
                    57:13:57:a1:c2:87:99:2e:c7:b8:c6:70:d6:88:c8:
                    12:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:74:EB:D3:B6:41:85:40:FC:47:FE:6B:DC:FC:6A:82:24:40:D4:20
            X509v3 Authority Key Identifier:
                keyid:AA:7B:FD:42:0D:B5:CA:EB:AD:A1:A2:05:5D:87:BC:7D:A2:B0:9C:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qnv9Qg21yuutoaIFXYe8faKwnAc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/55bd95-c637-451b-b07c-79b409c1bd38/1/tHTr07ZBhUD8R_5r3PxqgiRA1CA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/55bd95-c637-451b-b07c-79b409c1bd38/1/qnv9Qg21yuutoaIFXYe8faKwnAc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:26c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         ac:68:fe:c9:98:32:dc:bd:03:24:2c:11:db:f5:42:52:2b:ab:
         64:a3:f2:cc:1d:12:ca:dd:76:bb:19:8d:99:b0:1b:c4:f4:a6:
         46:c5:de:09:36:2b:e1:3b:2d:ae:bd:09:0f:c6:d6:9c:52:f8:
         a8:d5:e5:93:24:ec:86:5b:68:fb:62:be:0d:43:87:9a:6e:de:
         e1:4b:a5:a0:88:40:b0:71:38:11:e3:b3:6e:46:73:81:22:a8:
         ab:4b:90:48:ca:1c:7e:2e:48:8a:ba:6d:c6:09:b3:96:41:83:
         92:c9:f3:ba:75:35:65:29:85:19:1f:5d:d0:5f:5b:27:6b:6a:
         40:78:3f:f4:4e:3d:2f:f3:20:0d:4d:9a:93:44:42:23:84:86:
         27:67:e3:a3:39:42:c6:20:72:eb:61:3f:ba:2e:0d:c5:64:b3:
         f3:ab:6a:0f:d2:3c:79:64:72:5b:38:7d:e4:52:d1:77:38:f9:
         c4:2a:93:70:f9:08:b2:46:1c:67:71:88:d0:0d:b4:04:34:1d:
         b1:ef:fc:d9:d0:cb:fa:83:8e:aa:c6:40:61:87:a6:63:dc:f2:
         98:05:19:10:7e:83:34:46:5d:c9:60:74:1c:73:7b:d1:10:49:
         81:5b:3a:61:d7:6d:4f:d6:e1:5c:d8:f4:9f:08:00:09:45:f1:
         95:2d:77:2a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZzoYOLooB71nOpBNTnrLLfvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhN2JmZDQyMGRiNWNhZWJhZGExYTIwNTVkODdiYzdkYTJi
MDljMDcwHhcNMjYwMzEzMTgwNjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDc0ZWJkM2I2NDE4NTQwZmM0N2ZlNmJkY2ZjNmE4MjI0NDBkNDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZvkIVwhcdr8MlUwRc+sa2fCGFIo
fYjAuPxxLDpkv/RJdKzwes+R7k9xAOvL/DTsC7zq0CC1ECB1NGjSkSH8t5kHlKpD
m49Zo0fvPf/aqUy0z+i57lAr2Yd/ZyihRjVAQO9BCxVwjUe9gysOVxGr1gVeVayO
m2ogkDWOlM8ACYUl3rBnsWSdn5zZiWifBfqvkJARHHdFdui878xBnuXglugaoBeW
kHb7dW3nZOnR4OekuL53vATOVJ5OYsHZ0fgSd04TZkMkw6a4dnaTiw0HThLPnFeo
yf2VUtCsHHCzYuq3LGglyaPNelPLFq+YDLFXE1ehwoeZLse4xnDWiMgSbQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLR069O2QYVA/Ef+a9z8aoIkQNQgMB8GA1UdIwQY
MBaAFKp7/UINtcrrraGiBV2HvH2isJwHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcW52OVFnMjF5dXV0b2FJRlhZZThmYUt3bkFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS81NWJkOTUtYzYzNy00NTFiLWIwN2Mt
NzliNDA5YzFiZDM4LzEvdEhUcjA3WkJoVUQ4Ul81cjNQeHFnaVJBMUNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS81NWJkOTUtYzYzNy00NTFiLWIwN2MtNzliNDA5YzFiZDM4
LzEvcW52OVFnMjF5dXV0b2FJRlhZZThmYUt3bkFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCbA
MA0GCSqGSIb3DQEBCwUAA4IBAQCsaP7JmDLcvQMkLBHb9UJSK6tko/LMHRLK3Xa7
GY2ZsBvE9KZGxd4JNivhOy2uvQkPxtacUvio1eWTJOyGW2j7Yr4NQ4eabt7hS6Wg
iECwcTgR47NuRnOBIqirS5BIyhx+LkiKum3GCbOWQYOSyfO6dTVlKYUZH13QX1sn
a2pAeD/0Tj0v8yANTZqTREIjhIYnZ+OjOULGIHLrYT+6Lg3FZLPzq2oP0jx5ZHJb
OH3kUtF3OPnEKpNw+QiyRhxncYjQDbQENB2x7/zZ0Mv6g46qxkBhh6Zj3PKYBRkQ
foM0Rl3JYHQcc3vREEmBWzph121P1uFc2PSfCAAJRfGVLXcq
-----END CERTIFICATE-----