Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/9ygPxb-5GKY7-D5YBksKD7wBN64.roa
File:                     9ygPxb-5GKY7-D5YBksKD7wBN64.roa (raw, json)
Hash identifier:          ELSG3x1DsWBGA4H/p5MW2PduO8fbZJHeQ2FM4fcH0yg=
Subject key identifier:   F7:28:0F:C5:BF:B9:18:A6:3B:F8:3E:58:06:4B:0A:0F:BC:01:37:AE
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019DF9100FE528D5361333DE791F761B1268
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/9ygPxb-5GKY7-D5YBksKD7wBN64.roa
Signing time:             Tue 05 May 2026 16:54:32 +0000
ROA not before:           Tue 05 May 2026 16:54:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198887
IP address blocks:        2a06:9801:279::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f9:10:0f:e5:28:d5:36:13:33:de:79:1f:76:1b:12:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: May  5 16:54:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f7280fc5bfb918a63bf83e58064b0a0fbc0137ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:73:98:15:63:44:63:84:eb:39:12:8b:60:ce:
                    89:b5:01:d0:5d:cf:34:13:38:f7:b8:c0:83:c6:00:
                    b2:63:cb:b2:bd:92:53:ab:fd:38:af:1c:51:37:52:
                    b9:d9:bd:3a:62:3f:a7:83:46:7b:95:24:54:eb:0b:
                    e3:e0:f3:e0:58:84:ac:72:bb:c6:49:7d:7f:44:2b:
                    21:65:60:b0:13:68:1b:bc:b9:0c:ad:34:be:45:78:
                    e4:67:c5:d2:2a:04:cf:d0:7f:3c:42:4f:ed:2b:f6:
                    ac:f2:28:7b:03:1d:5f:47:87:41:c6:94:98:26:45:
                    ce:7d:08:cf:b2:bd:ad:8c:dc:98:5d:13:0c:da:c3:
                    12:24:6d:a0:7a:1d:c2:ec:f4:8e:3f:57:44:03:0b:
                    28:9b:fd:6b:fe:db:11:e5:0a:e4:a4:ec:f5:0f:af:
                    4a:88:d2:ff:08:97:17:68:17:22:69:2d:ff:d3:14:
                    a2:ce:72:d8:16:e4:e5:38:81:20:21:47:47:3e:6e:
                    75:c6:f0:50:39:8f:93:fe:be:8f:fd:13:73:e7:73:
                    46:b7:fe:40:fa:ea:17:6f:1a:d1:af:43:6c:71:bd:
                    d4:95:75:f8:3b:6a:f8:26:3c:9d:ce:4e:26:8e:10:
                    34:1e:35:3e:f9:7c:a9:b9:f1:b9:f8:ab:f0:57:79:
                    d5:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:28:0F:C5:BF:B9:18:A6:3B:F8:3E:58:06:4B:0A:0F:BC:01:37:AE
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/9ygPxb-5GKY7-D5YBksKD7wBN64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:279::/48

    Signature Algorithm: sha256WithRSAEncryption
         9a:49:85:be:4c:1f:89:c6:56:46:bc:9e:59:aa:18:37:ba:4b:
         e9:af:16:3a:18:10:24:0b:05:ea:29:33:a8:58:cc:05:71:a0:
         56:5a:a0:d7:1b:f9:2a:8a:7f:7b:8b:06:fb:a0:7f:f2:5a:b4:
         57:3e:48:d8:d3:5a:4e:37:ee:a4:7a:8f:c7:e7:0f:3b:13:ce:
         71:1d:4b:14:6c:11:8c:bf:cd:8b:ad:6d:30:2a:a2:57:d3:89:
         ec:ae:5d:dc:7b:b2:16:e5:25:10:2f:75:42:80:78:7e:77:95:
         1b:71:90:e7:36:19:12:f5:df:ed:49:b9:15:a9:01:11:1e:11:
         e6:0f:0d:a3:cf:11:ef:50:e7:90:2f:1c:1d:ce:df:be:6a:c8:
         95:35:9a:d3:05:7c:7c:ed:40:d0:8a:14:05:19:fd:3f:9f:39:
         39:0b:c9:ef:5f:8e:b1:bb:0a:aa:87:bd:d3:c7:c5:2f:61:3b:
         cb:09:8a:46:da:06:2a:db:cc:56:6e:07:49:e4:b4:3f:d3:17:
         2b:7a:9a:a0:f3:cb:48:4b:e9:98:3a:b2:78:4c:02:bd:3d:62:
         79:dc:4f:2f:53:88:f2:2e:3b:a8:f5:60:30:41:5e:68:3e:0b:
         25:01:fa:74:02:93:bf:55:32:95:3e:b3:04:9c:05:95:bd:e5:
         99:b6:99:1e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ35EA/lKNU2EzPeeR92GxJoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNTA1MTY1NDMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzI4MGZjNWJmYjkxOGE2M2JmODNlNTgwNjRiMGEwZmJjMDEzN2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz3OYFWNEY4TrORKLYM6JtQHQXc80
Ezj3uMCDxgCyY8uyvZJTq/04rxxRN1K52b06Yj+ng0Z7lSRU6wvj4PPgWISscrvG
SX1/RCshZWCwE2gbvLkMrTS+RXjkZ8XSKgTP0H88Qk/tK/as8ih7Ax1fR4dBxpSY
JkXOfQjPsr2tjNyYXRMM2sMSJG2geh3C7PSOP1dEAwsom/1r/tsR5QrkpOz1D69K
iNL/CJcXaBciaS3/0xSiznLYFuTlOIEgIUdHPm51xvBQOY+T/r6P/RNz53NGt/5A
+uoXbxrRr0Nscb3UlXX4O2r4Jjydzk4mjhA0HjU++XypufG5+KvwV3nVOQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPcoD8W/uRimO/g+WAZLCg+8ATeuMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvOXlnUHhiLTVHS1k3LUQ1WUJrc0tEN3dCTjY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQJ5
MA0GCSqGSIb3DQEBCwUAA4IBAQCaSYW+TB+JxlZGvJ5Zqhg3ukvprxY6GBAkCwXq
KTOoWMwFcaBWWqDXG/kqin97iwb7oH/yWrRXPkjY01pON+6keo/H5w87E85xHUsU
bBGMv82LrW0wKqJX04nsrl3ce7IW5SUQL3VCgHh+d5UbcZDnNhkS9d/tSbkVqQER
HhHmDw2jzxHvUOeQLxwdzt++asiVNZrTBXx87UDQihQFGf0/nzk5C8nvX46xuwqq
h73Tx8UvYTvLCYpG2gYq28xWbgdJ5LQ/0xcrepqg88tIS+mYOrJ4TAK9PWJ53E8v
U4jyLjuo9WAwQV5oPgslAfp0ApO/VTKVPrMEnAWVveWZtpke
-----END CERTIFICATE-----