Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/1-VeUGdh70OOuMsgg3TvEBTl3l0c.roa
File:                     1-VeUGdh70OOuMsgg3TvEBTl3l0c.roa (raw, json)
Hash identifier:          BA27m94pF8YnnsyNZlXps/Kdv4sTWDrcXrOji3e493w=
Subject key identifier:   F9:57:94:19:D8:7B:D0:E3:AE:32:C8:20:DD:3B:C4:05:39:77:97:47
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019CE93376B07435E379E1C96226C433C36D
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/1-VeUGdh70OOuMsgg3TvEBTl3l0c.roa
Signing time:             Fri 13 Mar 2026 21:56:29 +0000
ROA not before:           Fri 13 Mar 2026 21:56:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200104
IP address blocks:        2a06:9801:1f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e9:33:76:b0:74:35:e3:79:e1:c9:62:26:c4:33:c3:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Mar 13 21:56:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f9579419d87bd0e3ae32c820dd3bc40539779747
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:93:91:8b:68:fe:e4:a2:9a:3b:86:e9:3e:60:
                    1a:67:b9:ba:09:6c:35:29:5c:3d:2e:39:eb:df:13:
                    8c:53:06:15:05:83:2d:5a:50:f4:03:f2:4d:5f:fd:
                    14:ad:4a:c4:35:07:74:a7:36:d8:d4:ae:4c:34:d8:
                    27:b5:e6:08:69:c6:d9:af:89:a3:d2:65:b5:d4:71:
                    24:79:b5:8a:77:9c:b5:5d:b6:dc:46:32:17:12:5e:
                    a4:cb:c2:56:ae:89:e5:e6:35:e8:9c:80:b5:03:73:
                    10:ba:0c:e8:63:b3:48:35:6f:f2:47:43:6c:01:35:
                    ef:8f:56:db:f1:3a:f8:46:44:d8:47:c8:67:fb:e8:
                    37:ab:29:9b:7c:7d:f1:af:dd:fa:03:62:11:18:81:
                    62:2a:01:12:8f:2a:1a:29:6f:71:08:0a:19:4d:46:
                    95:ce:3a:1d:68:2c:e6:ef:39:8e:da:35:fb:76:91:
                    ab:62:da:23:3e:73:e1:4e:f2:88:6d:fd:de:2b:d7:
                    8a:4f:23:3d:e8:4b:85:7e:e2:be:94:74:40:cc:c7:
                    ec:5f:ca:5f:5c:bc:07:96:86:1e:85:87:40:9e:fa:
                    d0:8f:2d:75:1b:00:49:ca:b0:31:87:33:6b:8d:90:
                    40:c9:34:63:32:7d:1b:de:5e:e1:f3:27:b9:8d:db:
                    92:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:57:94:19:D8:7B:D0:E3:AE:32:C8:20:DD:3B:C4:05:39:77:97:47
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/1-VeUGdh70OOuMsgg3TvEBTl3l0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:1f::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:f5:ad:7c:43:08:0f:d2:2e:40:6b:18:64:2f:1b:57:8c:66:
         4c:81:f3:d6:0c:9a:a4:81:1f:0e:44:13:dd:ce:40:db:25:68:
         ae:86:20:9a:44:17:39:2d:35:6d:f4:83:38:64:82:b9:6a:18:
         d3:a7:f9:74:df:ca:fa:c7:23:55:97:29:b4:30:ad:23:c4:20:
         3b:ab:02:d7:a8:4b:4c:c6:64:79:fe:bf:ff:3a:2e:dd:97:9d:
         f7:aa:24:47:46:0c:67:2b:51:43:a4:69:8f:91:21:3c:1f:aa:
         27:de:9a:02:cb:5b:b2:03:1b:a5:f3:40:74:88:4d:b4:66:e6:
         f6:7a:80:09:c1:90:6a:b5:8f:23:9e:81:ee:3d:05:3b:1a:89:
         27:a6:c1:b1:98:1e:75:e0:1b:21:5b:ea:ab:50:41:f0:95:87:
         fb:21:4e:04:c1:70:b1:b3:11:b4:30:28:64:1d:02:07:73:4f:
         45:59:03:f1:f6:4b:21:a5:56:b1:ee:49:48:89:5f:d4:61:a6:
         ab:8f:31:d2:71:5a:b7:db:04:51:20:87:37:f8:66:d0:a3:89:
         d1:dd:da:7e:3c:ab:d0:5b:b9:25:78:aa:4e:a8:af:97:36:6b:
         64:0d:f4:12:53:74:27:55:0f:cb:da:9f:cb:de:eb:b4:6e:58:
         a5:3e:65:a6
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAZzpM3awdDXjeeHJYibEM8NtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwMzEzMjE1NjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTU3OTQxOWQ4N2JkMGUzYWUzMmM4MjBkZDNiYzQwNTM5Nzc5NzQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzpORi2j+5KKaO4bpPmAaZ7m6CWw1
KVw9Ljnr3xOMUwYVBYMtWlD0A/JNX/0UrUrENQd0pzbY1K5MNNgnteYIacbZr4mj
0mW11HEkebWKd5y1XbbcRjIXEl6ky8JWronl5jXonIC1A3MQugzoY7NINW/yR0Ns
ATXvj1bb8Tr4RkTYR8hn++g3qymbfH3xr936A2IRGIFiKgESjyoaKW9xCAoZTUaV
zjodaCzm7zmO2jX7dpGrYtojPnPhTvKIbf3eK9eKTyM96EuFfuK+lHRAzMfsX8pf
XLwHloYehYdAnvrQjy11GwBJyrAxhzNrjZBAyTRjMn0b3l7h8ye5jduSjwIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPlXlBnYe9DjrjLIIN07xAU5d5dHMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvMS1WZVVHZGg3ME9PdU1zZ2czVHZFQlRsM2wwYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNTkvMWE2YjE3LWUzZmUtNGM2ZC1iOGMxLWVkOGNmYWYxYjgx
Zi8xL01kSkNRU1B0QjNKVE1MLUJlVVQ5SjJ0OG8ycy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoGmAEA
HzANBgkqhkiG9w0BAQsFAAOCAQEAHPWtfEMID9IuQGsYZC8bV4xmTIHz1gyapIEf
DkQT3c5A2yVoroYgmkQXOS01bfSDOGSCuWoY06f5dN/K+scjVZcptDCtI8QgO6sC
16hLTMZkef6//zou3Zed96okR0YMZytRQ6Rpj5EhPB+qJ96aAstbsgMbpfNAdIhN
tGbm9nqACcGQarWPI56B7j0FOxqJJ6bBsZgedeAbIVvqq1BB8JWH+yFOBMFwsbMR
tDAoZB0CB3NPRVkD8fZLIaVWse5JSIlf1GGmq48x0nFat9sEUSCHN/hm0KOJ0d3a
fjyr0Fu5JXiqTqivlzZrZA30ElN0J1UPy9qfy97rtG5YpT5lpg==
-----END CERTIFICATE-----