Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/KrE6lWOjU33Vm82tJGQXyxnbKA0.roa
File:                     KrE6lWOjU33Vm82tJGQXyxnbKA0.roa (raw, json)
Hash identifier:          wifluHUZIoqhacVWys8UBC4yv7Xdu0azeq6uYBJIOnM=
Subject key identifier:   2A:B1:3A:95:63:A3:53:7D:D5:9B:CD:AD:24:64:17:CB:19:DB:28:0D
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019D211CF65396F8387EEF46182143C56C84
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/KrE6lWOjU33Vm82tJGQXyxnbKA0.roa
Signing time:             Tue 24 Mar 2026 18:30:39 +0000
ROA not before:           Tue 24 Mar 2026 18:30:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16276
IP address blocks:        2a06:9801:261::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:21:1c:f6:53:96:f8:38:7e:ef:46:18:21:43:c5:6c:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Mar 24 18:30:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2ab13a9563a3537dd59bcdad246417cb19db280d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:29:74:24:e4:03:db:e9:6b:52:ba:03:3e:15:
                    1c:01:8d:c7:d9:38:0f:33:0e:1b:d1:34:a1:a3:32:
                    84:2f:dc:31:8d:1f:f8:f5:54:d6:00:e9:c1:98:8f:
                    73:75:51:2d:b9:67:d3:25:4d:48:06:cb:4d:90:ad:
                    dc:8e:27:1f:bd:7b:f6:a8:4c:3d:51:1e:55:40:75:
                    fc:08:de:d4:61:61:f9:53:ce:4e:65:34:45:15:b9:
                    e9:05:20:7b:98:62:7e:f4:58:a2:42:98:85:0e:00:
                    5c:e9:13:05:89:7a:51:f6:fc:b1:51:c2:00:04:dc:
                    2c:32:d0:5f:6b:51:f9:df:26:19:5a:3f:b6:e3:7f:
                    fc:25:0b:fe:87:f8:da:e0:6c:0e:6c:65:0f:a8:74:
                    1c:7f:51:81:41:27:b8:4e:4f:9a:c4:d1:20:fa:17:
                    eb:73:db:28:2b:6d:bc:0e:93:8b:b4:d8:e5:bf:0d:
                    e1:33:b6:9c:a9:cb:e3:29:57:58:35:d5:d3:05:08:
                    25:f7:86:54:15:ac:bf:5a:1e:7e:e5:48:9a:6d:27:
                    09:7b:ef:e9:91:c2:74:7f:90:b0:b9:dc:93:0e:d9:
                    3e:10:99:aa:5a:f0:0e:3c:23:16:d5:6d:6e:30:65:
                    7f:c5:50:d0:1c:41:f9:32:bf:85:4e:91:2f:8c:14:
                    0d:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:B1:3A:95:63:A3:53:7D:D5:9B:CD:AD:24:64:17:CB:19:DB:28:0D
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/KrE6lWOjU33Vm82tJGQXyxnbKA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:261::/48

    Signature Algorithm: sha256WithRSAEncryption
         8a:81:88:60:fa:26:6f:4e:a0:69:14:46:57:04:42:7f:88:7c:
         49:96:c7:ff:1f:60:d5:a0:b2:88:cf:de:9b:66:f5:6c:cd:ed:
         a6:da:e3:6e:f2:ef:72:5f:70:63:1e:9a:a6:1e:c6:b5:00:fb:
         1d:57:53:a6:64:ef:54:29:36:ab:4f:26:78:64:7a:ed:2d:1c:
         2b:5c:1f:3b:a5:44:54:53:6e:07:bd:4f:19:6a:1b:ed:9a:99:
         58:f2:e2:a0:52:cc:aa:e1:44:42:80:65:b9:26:6a:64:e8:b2:
         93:bb:da:0d:c3:a5:b3:21:e2:84:48:38:3a:55:d1:c2:fe:33:
         e6:fe:77:2e:86:0d:13:1c:f1:3c:77:28:29:d8:43:b1:4f:a9:
         ee:59:f4:34:31:d0:db:40:be:f3:95:c0:6d:db:ba:c3:05:ea:
         2d:12:d0:c1:86:b9:74:6a:49:ac:f1:96:85:19:6b:ce:45:b1:
         ef:4c:27:89:fa:c4:3b:40:b2:23:e5:3b:8c:06:09:81:bb:3c:
         9d:b4:3f:49:5f:0c:df:4e:0c:f5:f5:38:2a:dd:df:b5:04:1b:
         62:1e:87:b0:b2:04:1f:b4:6c:bc:5b:f0:21:df:32:3a:ed:fc:
         7d:1a:39:01:64:35:ec:ea:29:c4:0c:d5:1a:fa:6f:55:10:0c:
         1e:c7:4d:a7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ0hHPZTlvg4fu9GGCFDxWyEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwMzI0MTgzMDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWIxM2E5NTYzYTM1MzdkZDU5YmNkYWQyNDY0MTdjYjE5ZGIyODBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiyl0JOQD2+lrUroDPhUcAY3H2TgP
Mw4b0TShozKEL9wxjR/49VTWAOnBmI9zdVEtuWfTJU1IBstNkK3cjicfvXv2qEw9
UR5VQHX8CN7UYWH5U85OZTRFFbnpBSB7mGJ+9FiiQpiFDgBc6RMFiXpR9vyxUcIA
BNwsMtBfa1H53yYZWj+243/8JQv+h/ja4GwObGUPqHQcf1GBQSe4Tk+axNEg+hfr
c9soK228DpOLtNjlvw3hM7acqcvjKVdYNdXTBQgl94ZUFay/Wh5+5UiabScJe+/p
kcJ0f5CwudyTDtk+EJmqWvAOPCMW1W1uMGV/xVDQHEH5Mr+FTpEvjBQNOQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCqxOpVjo1N91ZvNrSRkF8sZ2ygNMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvS3JFNmxXT2pVMzNWbTgydEpHUVh5eG5iS0EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQJh
MA0GCSqGSIb3DQEBCwUAA4IBAQCKgYhg+iZvTqBpFEZXBEJ/iHxJlsf/H2DVoLKI
z96bZvVsze2m2uNu8u9yX3BjHpqmHsa1APsdV1OmZO9UKTarTyZ4ZHrtLRwrXB87
pURUU24HvU8ZahvtmplY8uKgUsyq4URCgGW5Jmpk6LKTu9oNw6WzIeKESDg6VdHC
/jPm/ncuhg0THPE8dygp2EOxT6nuWfQ0MdDbQL7zlcBt27rDBeotEtDBhrl0akms
8ZaFGWvORbHvTCeJ+sQ7QLIj5TuMBgmBuzydtD9JXwzfTgz19Tgq3d+1BBtiHoew
sgQftGy8W/Ah3zI67fx9GjkBZDXs6inEDNUa+m9VEAwex02n
-----END CERTIFICATE-----