Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/b4c97b-e005-4cd6-8335-8091ebce3bbf/1/s_-LqLAwoVzNq7MMJZajpyC4Khk.roa
File:                     s_-LqLAwoVzNq7MMJZajpyC4Khk.roa (raw, json)
Hash identifier:          ClKhGIdEbTXNOQjYUKo8kUllH20eM7IYqgOaHPxfrg4=
Subject key identifier:   B3:FF:8B:A8:B0:30:A1:5C:CD:AB:B3:0C:25:96:A3:A7:20:B8:2A:19
Certificate issuer:       /CN=e05d28f149793a3d72e8ef041e9c9e0d9a66b21e
Certificate serial:       019CE285E717DE7040A7DD78B2A6EBBFE1BC
Authority key identifier: E0:5D:28:F1:49:79:3A:3D:72:E8:EF:04:1E:9C:9E:0D:9A:66:B2:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4F0o8Ul5Oj1y6O8EHpyeDZpmsh4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/b4c97b-e005-4cd6-8335-8091ebce3bbf/1/s_-LqLAwoVzNq7MMJZajpyC4Khk.roa
Signing time:             Thu 12 Mar 2026 14:49:12 +0000
ROA not before:           Thu 12 Mar 2026 14:49:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     36239
IP address blocks:        2a0b:40c1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/b4c97b-e005-4cd6-8335-8091ebce3bbf/1/4F0o8Ul5Oj1y6O8EHpyeDZpmsh4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/b4c97b-e005-4cd6-8335-8091ebce3bbf/1/4F0o8Ul5Oj1y6O8EHpyeDZpmsh4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4F0o8Ul5Oj1y6O8EHpyeDZpmsh4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e2:85:e7:17:de:70:40:a7:dd:78:b2:a6:eb:bf:e1:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e05d28f149793a3d72e8ef041e9c9e0d9a66b21e
        Validity
            Not Before: Mar 12 14:49:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b3ff8ba8b030a15ccdabb30c2596a3a720b82a19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:55:2f:ad:ce:f5:1f:73:b0:28:ee:d3:97:15:
                    29:5b:e2:75:c4:cb:33:12:45:34:66:13:9f:f1:c8:
                    a4:41:ab:05:09:26:0e:a5:56:35:25:3a:9f:0c:4f:
                    d2:24:dd:18:47:64:d4:69:b1:27:1d:e0:26:c9:5b:
                    ee:00:72:c8:18:5f:a4:bb:bb:72:2e:8a:f1:00:c5:
                    0c:84:cf:93:3a:55:d4:c8:b4:0f:02:be:5a:33:39:
                    e8:d4:40:8c:04:4f:ca:e8:72:14:7c:ff:96:0c:ab:
                    8f:c9:5c:29:0d:97:22:b1:a3:11:68:d3:33:f8:95:
                    43:bd:1b:e7:7a:77:07:d0:e5:c4:b5:16:29:78:f5:
                    de:4b:29:cc:62:36:5d:a8:47:79:a8:4c:7f:00:11:
                    72:ea:52:3e:35:98:5e:b9:9d:2c:ec:ce:1d:a8:c2:
                    a7:ec:8d:ef:64:dd:4f:b3:e0:bf:b3:c3:37:88:ef:
                    f5:d6:5d:40:16:f1:03:fe:08:b9:ee:f6:1f:0c:eb:
                    09:32:71:26:29:56:45:e4:07:1f:e4:ce:79:95:c1:
                    b8:e7:8d:66:31:0e:c9:da:5c:75:2b:26:d4:00:75:
                    3e:11:ac:02:58:97:4d:0e:a4:b4:a7:67:5f:06:79:
                    e0:ce:44:4d:c9:af:e6:fd:8b:05:92:f5:ac:96:83:
                    de:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:FF:8B:A8:B0:30:A1:5C:CD:AB:B3:0C:25:96:A3:A7:20:B8:2A:19
            X509v3 Authority Key Identifier:
                keyid:E0:5D:28:F1:49:79:3A:3D:72:E8:EF:04:1E:9C:9E:0D:9A:66:B2:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4F0o8Ul5Oj1y6O8EHpyeDZpmsh4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/b4c97b-e005-4cd6-8335-8091ebce3bbf/1/s_-LqLAwoVzNq7MMJZajpyC4Khk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/b4c97b-e005-4cd6-8335-8091ebce3bbf/1/4F0o8Ul5Oj1y6O8EHpyeDZpmsh4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:40c1::/48

    Signature Algorithm: sha256WithRSAEncryption
         05:88:1b:43:99:43:23:db:95:63:e2:e1:63:c4:4a:d4:14:e1:
         6b:2e:27:dc:9d:6f:8b:b9:2c:6a:07:7f:22:eb:f6:e4:dd:a6:
         60:24:6a:20:a2:1e:15:5c:ff:92:94:4b:c5:8d:9d:ac:92:7f:
         91:88:1b:2b:30:d2:a3:8e:11:7c:38:9a:c4:6e:0d:b0:8c:57:
         01:5e:27:03:96:d9:02:8a:6d:84:23:e4:7f:29:df:49:f2:05:
         e1:a6:5a:bd:8a:65:f4:0d:5e:dc:ea:d1:57:e4:3a:26:99:99:
         a7:61:17:47:d8:59:87:13:77:f4:f3:ff:ef:96:df:7b:b4:92:
         f6:e7:61:5c:29:d7:aa:d6:1d:e1:e1:9e:25:07:b6:06:f2:41:
         51:5d:d2:40:5f:94:1b:2b:77:15:ae:bf:6c:60:ca:3a:36:1c:
         4c:f1:fe:89:d6:6b:e7:09:f2:cc:29:61:75:e2:4b:15:7c:52:
         5d:53:b9:80:89:99:34:70:b0:75:0e:ef:82:70:8d:d8:8f:d4:
         d6:03:01:89:94:63:33:85:89:45:d5:a6:0d:ab:ef:54:91:a4:
         c6:8a:39:4b:fc:05:45:b1:9b:16:b0:6b:d0:24:09:b7:4f:ae:
         4e:59:66:f2:2b:6f:8e:ef:91:b5:76:7c:90:05:3d:7d:0a:cd:
         6e:da:1a:95
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZzihecX3nBAp914sqbrv+G8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwNWQyOGYxNDk3OTNhM2Q3MmU4ZWYwNDFlOWM5ZTBkOWE2
NmIyMWUwHhcNMjYwMzEyMTQ0OTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2ZmOGJhOGIwMzBhMTVjY2RhYmIzMGMyNTk2YTNhNzIwYjgyYTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVUvrc71H3OwKO7TlxUpW+J1xMsz
EkU0ZhOf8cikQasFCSYOpVY1JTqfDE/SJN0YR2TUabEnHeAmyVvuAHLIGF+ku7ty
LorxAMUMhM+TOlXUyLQPAr5aMzno1ECMBE/K6HIUfP+WDKuPyVwpDZcisaMRaNMz
+JVDvRvnencH0OXEtRYpePXeSynMYjZdqEd5qEx/ABFy6lI+NZheuZ0s7M4dqMKn
7I3vZN1Ps+C/s8M3iO/11l1AFvED/gi57vYfDOsJMnEmKVZF5Acf5M55lcG4541m
MQ7J2lx1KybUAHU+EawCWJdNDqS0p2dfBnngzkRNya/m/YsFkvWsloPetwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLP/i6iwMKFczauzDCWWo6cguCoZMB8GA1UdIwQY
MBaAFOBdKPFJeTo9cujvBB6cng2aZrIeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEYwbzhVbDVPajF5Nk84RUhweWVEWnBtc2g0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9iNGM5N2ItZTAwNS00Y2Q2LTgzMzUt
ODA5MWViY2UzYmJmLzEvc18tTHFMQXdvVnpOcTdNTUpaYWpweUM0S2hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9iNGM5N2ItZTAwNS00Y2Q2LTgzMzUtODA5MWViY2UzYmJm
LzEvNEYwbzhVbDVPajF5Nk84RUhweWVEWnBtc2g0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgtAwQAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAFiBtDmUMj25Vj4uFjxErUFOFrLifcnW+LuSxq
B38i6/bk3aZgJGogoh4VXP+SlEvFjZ2skn+RiBsrMNKjjhF8OJrEbg2wjFcBXicD
ltkCim2EI+R/Kd9J8gXhplq9imX0DV7c6tFX5DommZmnYRdH2FmHE3f08//vlt97
tJL252FcKdeq1h3h4Z4lB7YG8kFRXdJAX5QbK3cVrr9sYMo6NhxM8f6J1mvnCfLM
KWF14ksVfFJdU7mAiZk0cLB1Du+CcI3Yj9TWAwGJlGMzhYlF1aYNq+9UkaTGijlL
/AVFsZsWsGvQJAm3T65OWWbyK2+O75G1dnyQBT19Cs1u2hqV
-----END CERTIFICATE-----