Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/fa8f78-76e5-48a9-abb0-60ae76646dd4/1/2GIqOre8aovyQcr1e-R8g-dbRi4.roa
File:                     2GIqOre8aovyQcr1e-R8g-dbRi4.roa (raw, json)
Hash identifier:          4xC7s77noCbz+G4tY4JMBYQVDuhDu5K8B/uxESDNLmE=
Subject key identifier:   D8:62:2A:3A:B7:BC:6A:8B:F2:41:CA:F5:7B:E4:7C:83:E7:5B:46:2E
Certificate issuer:       /CN=1dab365ecc350458ada2b0949ee67ef9d8c6f4dc
Certificate serial:       019D29B98AEF7A5A402C8F9B501CB7F853C1
Authority key identifier: 1D:AB:36:5E:CC:35:04:58:AD:A2:B0:94:9E:E6:7E:F9:D8:C6:F4:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Has2Xsw1BFitorCUnuZ--djG9Nw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/fa8f78-76e5-48a9-abb0-60ae76646dd4/1/2GIqOre8aovyQcr1e-R8g-dbRi4.roa
Signing time:             Thu 26 Mar 2026 10:38:38 +0000
ROA not before:           Thu 26 Mar 2026 10:38:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20473
IP address blocks:        2001:678:1110::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/fa8f78-76e5-48a9-abb0-60ae76646dd4/1/Has2Xsw1BFitorCUnuZ--djG9Nw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/fa8f78-76e5-48a9-abb0-60ae76646dd4/1/Has2Xsw1BFitorCUnuZ--djG9Nw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Has2Xsw1BFitorCUnuZ--djG9Nw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:29:b9:8a:ef:7a:5a:40:2c:8f:9b:50:1c:b7:f8:53:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1dab365ecc350458ada2b0949ee67ef9d8c6f4dc
        Validity
            Not Before: Mar 26 10:38:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d8622a3ab7bc6a8bf241caf57be47c83e75b462e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:cd:64:ab:16:76:70:27:37:b0:a3:5e:e1:f3:
                    f6:9f:10:12:1e:e0:0e:9a:45:ba:ae:b7:81:4d:f4:
                    66:1c:cf:f6:c8:35:20:dc:2e:47:6e:b1:14:8b:dc:
                    e9:87:f0:b5:f5:93:1c:d5:46:be:a3:2c:35:d6:03:
                    48:41:53:0e:5b:1e:4f:0f:d4:11:3c:21:94:29:ec:
                    14:ae:f8:e9:b1:89:5c:97:1c:2b:ec:01:d7:17:5e:
                    ce:de:f2:91:4b:5f:09:51:e4:6a:b0:8e:80:8b:34:
                    bc:5e:10:15:dc:1f:1f:71:e4:20:14:59:b9:d4:aa:
                    75:cc:39:30:95:54:52:1a:30:ed:1c:50:fc:fb:94:
                    44:42:77:51:01:68:a7:b9:e9:c5:f3:3b:b9:57:aa:
                    f2:c3:d2:3c:f3:92:0a:74:c9:80:c2:6b:35:93:f8:
                    c7:50:29:31:5b:b5:77:69:09:9e:13:89:56:e9:81:
                    19:e0:9a:bc:d0:3b:0f:08:db:44:a9:b1:72:70:10:
                    e7:cd:6d:16:69:03:7d:50:e6:b2:9a:b5:08:00:04:
                    90:ef:70:20:13:71:2d:e0:ac:3a:31:5f:42:89:10:
                    1b:de:c3:68:48:91:9f:0e:5e:93:95:c1:4e:f3:c4:
                    68:a4:bf:6c:86:09:17:fc:4d:fe:f4:b2:f6:9d:5b:
                    8d:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:62:2A:3A:B7:BC:6A:8B:F2:41:CA:F5:7B:E4:7C:83:E7:5B:46:2E
            X509v3 Authority Key Identifier:
                keyid:1D:AB:36:5E:CC:35:04:58:AD:A2:B0:94:9E:E6:7E:F9:D8:C6:F4:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Has2Xsw1BFitorCUnuZ--djG9Nw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/fa8f78-76e5-48a9-abb0-60ae76646dd4/1/2GIqOre8aovyQcr1e-R8g-dbRi4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/fa8f78-76e5-48a9-abb0-60ae76646dd4/1/Has2Xsw1BFitorCUnuZ--djG9Nw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:1110::/48

    Signature Algorithm: sha256WithRSAEncryption
         b2:64:9a:2e:06:ab:35:24:3e:79:38:15:60:46:a9:fa:89:be:
         b5:09:32:6e:a0:25:45:ca:ce:17:4e:46:c1:99:e4:18:96:f7:
         29:72:d0:ac:ea:1b:99:7e:81:bd:66:d3:f6:89:f6:b6:23:3a:
         65:bf:74:32:52:5a:29:c6:16:3a:54:02:16:b1:71:ed:68:b6:
         fb:46:bf:d4:49:06:11:24:8c:da:93:d2:60:6c:30:aa:e0:fe:
         d6:a5:f9:7b:dd:4d:a8:09:15:c7:0e:bc:98:1b:5d:81:b6:c1:
         d7:0c:b5:dc:eb:1c:47:05:b4:52:6a:40:78:9a:d5:67:28:2a:
         47:f5:4b:9b:bb:a1:c0:98:ac:38:d7:4d:95:28:ff:8a:df:a5:
         a2:4c:54:fb:31:da:91:df:1c:65:d2:11:09:2d:64:76:85:4e:
         38:36:9c:22:ed:e7:55:f0:26:41:bd:ff:03:22:6d:6c:dd:a1:
         d5:03:51:a4:e3:56:af:25:24:03:fe:d4:4e:47:0d:4e:16:86:
         df:f8:d3:41:18:ff:a5:26:7e:8f:d7:d9:b1:aa:60:49:bb:a7:
         16:d9:a5:d3:05:e6:b0:db:07:b0:77:f7:39:bc:f9:f9:15:72:
         41:12:25:e9:5c:a2:c7:ab:94:31:49:16:ec:55:f9:06:24:a6:
         df:07:53:79
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ0puYrvelpALI+bUBy3+FPBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkYWIzNjVlY2MzNTA0NThhZGEyYjA5NDllZTY3ZWY5ZDhj
NmY0ZGMwHhcNMjYwMzI2MTAzODM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODYyMmEzYWI3YmM2YThiZjI0MWNhZjU3YmU0N2M4M2U3NWI0NjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2s1kqxZ2cCc3sKNe4fP2nxASHuAO
mkW6rreBTfRmHM/2yDUg3C5HbrEUi9zph/C19ZMc1Ua+oyw11gNIQVMOWx5PD9QR
PCGUKewUrvjpsYlclxwr7AHXF17O3vKRS18JUeRqsI6AizS8XhAV3B8fceQgFFm5
1Kp1zDkwlVRSGjDtHFD8+5REQndRAWinuenF8zu5V6ryw9I885IKdMmAwms1k/jH
UCkxW7V3aQmeE4lW6YEZ4Jq80DsPCNtEqbFycBDnzW0WaQN9UOaymrUIAASQ73Ag
E3Et4Kw6MV9CiRAb3sNoSJGfDl6TlcFO88RopL9shgkX/E3+9LL2nVuNlwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNhiKjq3vGqL8kHK9XvkfIPnW0YuMB8GA1UdIwQY
MBaAFB2rNl7MNQRYraKwlJ7mfvnYxvTcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGFzMlhzdzFCRml0b3JDVW51Wi0tZGpHOU53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9mYThmNzgtNzZlNS00OGE5LWFiYjAt
NjBhZTc2NjQ2ZGQ0LzEvMkdJcU9yZThhb3Z5UWNyMWUtUjhnLWRiUmk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9mYThmNzgtNzZlNS00OGE5LWFiYjAtNjBhZTc2NjQ2ZGQ0
LzEvSGFzMlhzdzFCRml0b3JDVW51Wi0tZGpHOU53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBEQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCyZJouBqs1JD55OBVgRqn6ib61CTJuoCVFys4X
TkbBmeQYlvcpctCs6huZfoG9ZtP2ifa2Izplv3QyUlopxhY6VAIWsXHtaLb7Rr/U
SQYRJIzak9JgbDCq4P7Wpfl73U2oCRXHDryYG12BtsHXDLXc6xxHBbRSakB4mtVn
KCpH9Uubu6HAmKw4102VKP+K36WiTFT7MdqR3xxl0hEJLWR2hU44Npwi7edV8CZB
vf8DIm1s3aHVA1Gk41avJSQD/tRORw1OFobf+NNBGP+lJn6P19mxqmBJu6cW2aXT
Beaw2wewd/c5vPn5FXJBEiXpXKLHq5QxSRbsVfkGJKbfB1N5
-----END CERTIFICATE-----