Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/7UPsirlxpKuP8hKhqODBLNE5vtA.roa
File:                     7UPsirlxpKuP8hKhqODBLNE5vtA.roa (raw, json)
Hash identifier:          PePm3sLBRcxrsU1furHc6CpDfOs+Cb66xa/tWRwdwvU=
Subject key identifier:   ED:43:EC:8A:B9:71:A4:AB:8F:F2:12:A1:A8:E0:C1:2C:D1:39:BE:D0
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019E1682958C3BFD1306A717D595B3A99DFC
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/7UPsirlxpKuP8hKhqODBLNE5vtA.roa
Signing time:             Mon 11 May 2026 10:08:37 +0000
ROA not before:           Mon 11 May 2026 10:08:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201676
IP address blocks:        2a06:9801:8::/48 maxlen: 48
                          2a06:9801:710::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:16:82:95:8c:3b:fd:13:06:a7:17:d5:95:b3:a9:9d:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: May 11 10:08:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ed43ec8ab971a4ab8ff212a1a8e0c12cd139bed0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:09:a4:cd:8c:e8:46:6f:94:ba:a9:0c:f5:d6:
                    0d:d1:17:1c:3d:ed:86:fa:69:4d:0b:19:4a:cb:99:
                    1c:8a:fe:4b:56:d8:d2:2e:aa:ee:a4:ed:8c:4b:df:
                    2c:13:f0:44:34:1a:5b:a8:ec:ff:e3:cc:bc:e9:af:
                    16:3c:f9:ea:22:6c:5e:78:b7:f0:20:04:3a:5f:61:
                    f9:61:df:39:6c:38:06:dc:af:c7:bb:e4:c3:61:61:
                    91:1b:9a:57:16:06:8c:b1:0e:16:67:66:c8:4a:c9:
                    63:e0:95:58:7d:78:63:e2:d5:74:8f:18:46:aa:ba:
                    aa:49:30:54:ea:d7:16:e4:3b:d0:08:b5:e2:3e:cb:
                    8b:17:9b:d5:0d:f4:43:b2:55:3f:08:c6:56:34:0c:
                    14:60:74:95:60:55:86:c5:fa:c4:31:b3:28:4f:d4:
                    6a:5e:c3:73:06:ca:f3:e8:76:28:f6:ab:41:a8:6a:
                    ba:71:96:ee:70:e4:46:fc:82:e3:cd:94:d7:ff:c0:
                    76:60:21:53:47:3a:c3:c4:8b:a9:a2:3f:79:5e:f3:
                    44:6f:64:d8:05:25:4c:4f:f3:ba:aa:1b:98:f9:48:
                    8d:57:16:52:95:c0:6e:0d:f9:d8:ca:f6:14:69:95:
                    ef:de:00:8b:8c:b6:97:9e:a9:21:6c:15:81:ad:8e:
                    a5:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:43:EC:8A:B9:71:A4:AB:8F:F2:12:A1:A8:E0:C1:2C:D1:39:BE:D0
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/7UPsirlxpKuP8hKhqODBLNE5vtA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:8::/48
                  2a06:9801:710::/44

    Signature Algorithm: sha256WithRSAEncryption
         94:3b:96:7f:34:dc:a5:68:f6:b2:a2:5a:de:b8:f7:40:5f:05:
         e3:87:b7:07:a3:9d:14:c7:38:82:ce:a5:c8:f9:ee:67:af:63:
         0f:9b:70:fa:02:ab:18:56:88:d2:a9:23:7a:43:02:93:5f:89:
         29:dc:b6:ab:99:68:49:95:5e:6b:b7:47:c6:cb:0e:7d:05:5a:
         7d:03:64:6c:0a:95:48:94:61:dd:74:2f:d9:a5:82:50:25:af:
         7b:2a:ce:fd:fe:63:8a:62:36:71:e4:75:32:f2:e6:3c:21:dc:
         67:4a:38:8e:a4:1d:25:db:4f:87:bf:6e:4d:60:2e:2a:9e:88:
         56:7e:d8:b2:30:06:a3:9a:96:61:47:c0:2b:17:27:38:f4:83:
         05:4d:df:45:b6:ee:29:d4:e9:17:92:f8:f4:ea:d8:1d:00:41:
         3b:84:bc:e8:6b:ab:aa:00:6a:da:c0:95:12:28:3c:22:bf:31:
         9b:2d:76:4c:19:5b:7a:ff:3d:b7:13:0b:8a:03:c9:53:a0:63:
         db:1d:69:ad:84:01:af:b1:82:da:e5:d8:8c:10:c7:52:2f:03:
         2a:fc:07:8c:bd:db:4e:d6:5a:4b:0f:a3:bf:54:e8:eb:6b:ed:
         0f:eb:f6:77:27:9d:7f:17:39:6f:ff:5d:6f:35:2f:70:83:76:
         8f:62:3a:08
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ4WgpWMO/0TBqcX1ZWzqZ38MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNTExMTAwODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDQzZWM4YWI5NzFhNGFiOGZmMjEyYTFhOGUwYzEyY2QxMzliZWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwmkzYzoRm+UuqkM9dYN0RccPe2G
+mlNCxlKy5kciv5LVtjSLqrupO2MS98sE/BENBpbqOz/48y86a8WPPnqImxeeLfw
IAQ6X2H5Yd85bDgG3K/Hu+TDYWGRG5pXFgaMsQ4WZ2bISslj4JVYfXhj4tV0jxhG
qrqqSTBU6tcW5DvQCLXiPsuLF5vVDfRDslU/CMZWNAwUYHSVYFWGxfrEMbMoT9Rq
XsNzBsrz6HYo9qtBqGq6cZbucORG/ILjzZTX/8B2YCFTRzrDxIupoj95XvNEb2TY
BSVMT/O6qhuY+UiNVxZSlcBuDfnYyvYUaZXv3gCLjLaXnqkhbBWBrY6lDQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFO1D7Iq5caSrj/ISoajgwSzROb7QMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvN1VQc2lybHhwS3VQOGhLaHFPREJMTkU1dnRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgaYAQAI
AwcEKgaYAQcQMA0GCSqGSIb3DQEBCwUAA4IBAQCUO5Z/NNylaPayolreuPdAXwXj
h7cHo50UxziCzqXI+e5nr2MPm3D6AqsYVojSqSN6QwKTX4kp3LarmWhJlV5rt0fG
yw59BVp9A2RsCpVIlGHddC/ZpYJQJa97Ks79/mOKYjZx5HUy8uY8IdxnSjiOpB0l
20+Hv25NYC4qnohWftiyMAajmpZhR8ArFyc49IMFTd9Ftu4p1OkXkvj06tgdAEE7
hLzoa6uqAGrawJUSKDwivzGbLXZMGVt6/z23EwuKA8lToGPbHWmthAGvsYLa5diM
EMdSLwMq/AeMvdtO1lpLD6O/VOjra+0P6/Z3J51/Fzlv/11vNS9wg3aPYjoI
-----END CERTIFICATE-----