Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/hxVbnDv-8RxTbfiY7s3H-uucIHc.roa
File:                     hxVbnDv-8RxTbfiY7s3H-uucIHc.roa (raw, json)
Hash identifier:          HnKD5J2QISqFsFs+fvJiSjEUujHu59Z7tuhBwzStNJU=
Subject key identifier:   87:15:5B:9C:3B:FE:F1:1C:53:6D:F8:98:EE:CD:C7:FA:EB:9C:20:77
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019DD9DE344D51C330C60630DB5300417421
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/hxVbnDv-8RxTbfiY7s3H-uucIHc.roa
Signing time:             Wed 29 Apr 2026 15:31:51 +0000
ROA not before:           Wed 29 Apr 2026 15:31:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212708
IP address blocks:        2a0e:97c0:c70::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 12:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d9:de:34:4d:51:c3:30:c6:06:30:db:53:00:41:74:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Apr 29 15:31:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=87155b9c3bfef11c536df898eecdc7faeb9c2077
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:ad:fa:a5:43:58:0e:1a:75:a3:c8:09:8d:6c:
                    25:c8:1c:3c:85:53:c3:78:58:4e:ee:af:53:f9:1a:
                    b0:64:31:c8:ac:33:24:a2:20:bf:18:e6:64:7b:76:
                    f2:c2:bb:0d:97:af:43:df:fc:e5:9a:24:7a:5d:8b:
                    28:45:04:17:38:b8:7d:eb:32:bf:8a:e5:a4:64:73:
                    3c:94:af:98:63:43:aa:b8:a6:ae:51:a8:40:49:43:
                    b2:f8:dc:c3:f7:70:87:55:d7:7b:42:47:55:a4:89:
                    1b:30:c4:79:1a:48:53:38:7c:32:06:4b:92:f3:6f:
                    86:7c:c7:56:ac:c5:53:f3:c3:e9:6b:62:ef:73:e4:
                    13:35:43:d3:40:1e:2d:d0:f7:76:69:1d:4c:86:f7:
                    c9:e8:4c:07:e5:09:00:36:f0:e1:61:ec:c3:40:55:
                    05:40:e2:9d:bc:51:b2:03:cb:65:d1:9b:26:0c:ed:
                    c0:39:70:a6:ee:fe:a6:61:c3:a5:a9:e1:2c:3d:e2:
                    ae:da:e4:bc:14:17:74:db:c7:e6:f7:20:4a:c3:18:
                    4b:37:c4:63:c2:14:73:69:7c:f7:33:1d:7f:7a:69:
                    1b:4c:4b:e6:a5:e1:b0:bf:4c:c1:a2:75:fe:19:56:
                    fd:1f:ab:f7:7f:66:9b:05:ff:a9:5a:cc:44:7c:bf:
                    19:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:15:5B:9C:3B:FE:F1:1C:53:6D:F8:98:EE:CD:C7:FA:EB:9C:20:77
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/hxVbnDv-8RxTbfiY7s3H-uucIHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:c70::/44

    Signature Algorithm: sha256WithRSAEncryption
         9c:1d:95:80:ce:d8:81:45:f9:9a:19:33:20:c0:0e:e9:84:1b:
         fc:d7:ee:cb:68:ef:44:67:2b:b6:43:25:f8:91:42:15:51:48:
         15:8e:ec:c5:17:b3:30:2f:ec:92:4b:68:e7:60:7b:b7:f1:0d:
         1a:e8:ba:9f:94:ec:92:ac:7a:52:64:a3:72:af:0f:35:55:e9:
         de:f5:a7:71:98:d4:54:04:0c:75:ea:91:73:78:60:62:d2:b8:
         bc:d9:77:3d:70:cb:ea:20:e5:e6:90:14:41:96:db:8a:d2:57:
         7e:6e:20:df:1a:22:c1:ba:c3:32:de:a7:cf:ef:59:19:8b:b8:
         26:70:f6:30:b4:1f:85:f3:6a:92:b2:31:4b:b6:84:38:65:0d:
         5f:6a:66:99:81:de:06:0f:c9:79:c9:e9:a1:46:78:fa:86:80:
         ed:25:a4:47:34:0e:5f:d8:83:da:89:9b:6b:d8:68:46:48:a5:
         1b:cd:95:5c:b5:14:77:60:b2:04:64:f4:8e:9a:17:0c:74:df:
         29:ba:fe:ca:17:41:6e:99:d0:d2:20:9d:11:52:29:14:d0:a7:
         15:d7:c4:1b:95:2c:01:13:c3:ea:09:da:24:bf:75:4b:15:8c:
         e7:46:8c:ae:91:ba:f4:f6:51:21:a6:27:a8:90:30:05:44:39:
         d0:8d:50:ab
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ3Z3jRNUcMwxgYw21MAQXQhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjYwNDI5MTUzMTUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzE1NWI5YzNiZmVmMTFjNTM2ZGY4OThlZWNkYzdmYWViOWMyMDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2636pUNYDhp1o8gJjWwlyBw8hVPD
eFhO7q9T+RqwZDHIrDMkoiC/GOZke3bywrsNl69D3/zlmiR6XYsoRQQXOLh96zK/
iuWkZHM8lK+YY0OquKauUahASUOy+NzD93CHVdd7QkdVpIkbMMR5GkhTOHwyBkuS
82+GfMdWrMVT88Ppa2Lvc+QTNUPTQB4t0Pd2aR1MhvfJ6EwH5QkANvDhYezDQFUF
QOKdvFGyA8tl0ZsmDO3AOXCm7v6mYcOlqeEsPeKu2uS8FBd028fm9yBKwxhLN8Rj
whRzaXz3Mx1/emkbTEvmpeGwv0zBonX+GVb9H6v3f2abBf+pWsxEfL8ZUQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIcVW5w7/vEcU234mO7Nx/rrnCB3MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvaHhWYm5Edi04UnhUYmZpWTdzM0gtdXVjSUhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAxw
MA0GCSqGSIb3DQEBCwUAA4IBAQCcHZWAztiBRfmaGTMgwA7phBv81+7LaO9EZyu2
QyX4kUIVUUgVjuzFF7MwL+ySS2jnYHu38Q0a6LqflOySrHpSZKNyrw81Vene9adx
mNRUBAx16pFzeGBi0ri82Xc9cMvqIOXmkBRBltuK0ld+biDfGiLBusMy3qfP71kZ
i7gmcPYwtB+F82qSsjFLtoQ4ZQ1famaZgd4GD8l5yemhRnj6hoDtJaRHNA5f2IPa
iZtr2GhGSKUbzZVctRR3YLIEZPSOmhcMdN8puv7KF0FumdDSIJ0RUikU0KcV18Qb
lSwBE8PqCdokv3VLFYznRoyukbr09lEhpieokDAFRDnQjVCr
-----END CERTIFICATE-----