Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/FghCADOw6Oojunwkfe8vTiF9pLI.roa
File:                     FghCADOw6Oojunwkfe8vTiF9pLI.roa (raw, json)
Hash identifier:          uykM6bNYozSsy+cKMaytW2YENRFibcbs2I4eVEk75Gk=
Subject key identifier:   16:08:42:00:33:B0:E8:EA:23:BA:7C:24:7D:EF:2F:4E:21:7D:A4:B2
Certificate issuer:       /CN=57182aab5ad9efa380a6c6f06c016e158be977bc
Certificate serial:       019D0682852B6878CB47D730052B057E49AC
Authority key identifier: 57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/FghCADOw6Oojunwkfe8vTiF9pLI.roa
Signing time:             Thu 19 Mar 2026 14:31:50 +0000
ROA not before:           Thu 19 Mar 2026 14:31:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12337
IP address blocks:        2a02:1140:113::/48 maxlen: 48
                          2a02:1140:213::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:06:82:85:2b:68:78:cb:47:d7:30:05:2b:05:7e:49:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57182aab5ad9efa380a6c6f06c016e158be977bc
        Validity
            Not Before: Mar 19 14:31:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1608420033b0e8ea23ba7c247def2f4e217da4b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:2b:6b:67:00:89:fd:07:d3:ea:1e:ab:3c:a4:
                    68:50:10:26:64:6a:09:c9:cf:68:e9:a3:2b:0e:68:
                    48:5d:4c:00:9b:f5:7d:95:ad:f7:b6:d2:b9:a2:a7:
                    44:96:2e:e2:00:a7:71:e4:c7:d1:e3:f1:d1:49:e1:
                    71:dc:d0:bd:ed:f3:82:bb:d4:f5:26:84:17:1e:43:
                    aa:ed:86:4b:c5:b9:63:83:f6:45:ce:66:36:f2:ce:
                    c8:1e:48:65:f2:df:e1:89:b3:3a:9e:8b:4b:03:3c:
                    8c:4a:b6:5f:b4:04:36:a3:6c:d9:05:7c:f3:fb:cd:
                    3c:cb:b5:34:a4:14:44:e1:8d:10:cc:03:b7:59:52:
                    4f:5f:bc:10:2b:4a:ba:69:21:1a:4e:20:fe:c7:c0:
                    d2:ed:f8:9d:a4:a0:ef:8e:77:3c:df:20:0f:74:72:
                    69:8c:11:f5:17:6c:12:92:3c:87:cf:02:67:f2:27:
                    58:ac:53:09:0b:c9:03:b4:72:ed:05:78:e6:f9:82:
                    07:32:bb:36:dd:84:c0:13:6a:d3:ee:a7:67:c5:34:
                    95:06:9f:e1:c9:b3:98:9c:62:82:ee:87:ba:fe:9f:
                    0c:41:ac:fe:ff:9c:82:18:02:04:7b:16:30:b6:cb:
                    92:8c:32:44:a6:17:c1:06:05:50:ce:d4:b1:b4:55:
                    4c:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:08:42:00:33:B0:E8:EA:23:BA:7C:24:7D:EF:2F:4E:21:7D:A4:B2
            X509v3 Authority Key Identifier:
                keyid:57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/FghCADOw6Oojunwkfe8vTiF9pLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:1140:113::/48
                  2a02:1140:213::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:56:ed:45:3d:ed:a1:38:5b:23:23:8e:13:15:0b:b5:0d:a2:
         5e:f4:79:0b:0d:e3:37:12:5f:d0:e5:0f:29:76:c4:2f:8b:17:
         90:de:55:a5:7c:ab:a4:24:76:d4:37:ff:f0:1a:af:b7:ef:fc:
         2f:f1:a6:94:8e:24:3d:d0:02:b0:c1:17:9b:89:67:ab:33:0e:
         ad:d6:3e:e3:cd:7a:75:c9:91:0a:16:75:94:eb:8b:aa:e4:fd:
         84:d0:b2:ff:9e:21:14:37:55:e6:78:29:fe:21:36:d6:78:75:
         4a:91:0a:be:41:05:8e:aa:49:3f:44:67:16:c1:19:f6:87:2b:
         68:2d:94:eb:d1:c8:e7:df:e1:05:99:6c:4e:fd:1b:ec:d7:8e:
         f4:ae:55:fd:9a:1c:5d:df:7f:4c:b5:3a:6b:8f:7a:38:61:1a:
         e1:03:29:f2:4b:ab:6b:e1:24:75:d5:bd:72:ad:e7:0f:27:24:
         d2:0b:0c:88:3b:2c:2b:e1:2e:61:73:a5:25:00:14:2e:0f:b0:
         cb:82:06:0b:72:29:cb:ef:2f:11:1d:b3:7a:f4:12:9c:90:6d:
         1f:7d:b6:58:c3:82:54:0b:02:cb:4e:7d:b6:d6:5a:2c:cb:c7:
         6c:49:65:23:35:17:15:71:2c:41:6c:c9:11:b1:ec:e5:8e:5e:
         99:d8:0a:bf
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ0GgoUraHjLR9cwBSsFfkmsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MTgyYWFiNWFkOWVmYTM4MGE2YzZmMDZjMDE2ZTE1OGJl
OTc3YmMwHhcNMjYwMzE5MTQzMTUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjA4NDIwMDMzYjBlOGVhMjNiYTdjMjQ3ZGVmMmY0ZTIxN2RhNGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsytrZwCJ/QfT6h6rPKRoUBAmZGoJ
yc9o6aMrDmhIXUwAm/V9la33ttK5oqdEli7iAKdx5MfR4/HRSeFx3NC97fOCu9T1
JoQXHkOq7YZLxbljg/ZFzmY28s7IHkhl8t/hibM6notLAzyMSrZftAQ2o2zZBXzz
+808y7U0pBRE4Y0QzAO3WVJPX7wQK0q6aSEaTiD+x8DS7fidpKDvjnc83yAPdHJp
jBH1F2wSkjyHzwJn8idYrFMJC8kDtHLtBXjm+YIHMrs23YTAE2rT7qdnxTSVBp/h
ybOYnGKC7oe6/p8MQaz+/5yCGAIEexYwtsuSjDJEphfBBgVQztSxtFVM/wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBYIQgAzsOjqI7p8JH3vL04hfaSyMB8GA1UdIwQY
MBaAFFcYKqta2e+jgKbG8GwBbhWL6Xe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYt
YTk2YzYyNjZhYmRiLzEvRmdoQ0FET3c2T29qdW53a2ZlOHZUaUY5cExJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYtYTk2YzYyNjZhYmRi
LzEvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgIRQAET
AwcAKgIRQAITMA0GCSqGSIb3DQEBCwUAA4IBAQBKVu1FPe2hOFsjI44TFQu1DaJe
9HkLDeM3El/Q5Q8pdsQvixeQ3lWlfKukJHbUN//wGq+37/wv8aaUjiQ90AKwwReb
iWerMw6t1j7jzXp1yZEKFnWU64uq5P2E0LL/niEUN1XmeCn+ITbWeHVKkQq+QQWO
qkk/RGcWwRn2hytoLZTr0cjn3+EFmWxO/Rvs1470rlX9mhxd339MtTprj3o4YRrh
AynyS6tr4SR11b1yrecPJyTSCwyIOywr4S5hc6UlABQuD7DLggYLcinL7y8RHbN6
9BKckG0ffbZYw4JUCwLLTn221losy8dsSWUjNRcVcSxBbMkRsezljl6Z2Aq/
-----END CERTIFICATE-----