Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/O4VprbzN8EPNcHFBocFpyT_DRnQ.roa
File:                     O4VprbzN8EPNcHFBocFpyT_DRnQ.roa (raw, json)
Hash identifier:          owmW4/pNN065d/soInxFw9lhIVjWZjZL09oDLnCyFng=
Subject key identifier:   3B:85:69:AD:BC:CD:F0:43:CD:70:71:41:A1:C1:69:C9:3F:C3:46:74
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019DD159F7E651CB21D96EDDCD069861AC10
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/O4VprbzN8EPNcHFBocFpyT_DRnQ.roa
Signing time:             Mon 27 Apr 2026 23:50:27 +0000
ROA not before:           Mon 27 Apr 2026 23:50:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203202
IP address blocks:        2a06:9801:2c0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 13:34:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d1:59:f7:e6:51:cb:21:d9:6e:dd:cd:06:98:61:ac:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Apr 27 23:50:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3b8569adbccdf043cd707141a1c169c93fc34674
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:47:ce:43:8d:18:cc:5f:ed:50:bb:35:3c:34:
                    28:09:27:6b:b5:8b:96:ac:fc:17:39:01:41:a4:ff:
                    90:e8:da:bc:b1:dc:17:81:67:69:e2:89:45:ff:9b:
                    a4:90:00:00:c0:89:d3:c7:bc:10:62:ec:d8:cb:18:
                    fb:7a:38:83:83:26:80:a9:58:37:d2:e0:50:e9:2d:
                    15:44:09:a4:d1:7c:06:d0:ba:bf:5b:91:c6:29:18:
                    57:19:09:89:56:ab:67:10:2a:72:b5:7d:6b:a0:68:
                    e7:7f:84:cd:8d:d1:cd:f0:0f:a3:23:7e:42:34:4d:
                    20:9f:f9:17:9f:be:85:02:f4:89:65:69:01:8f:1b:
                    66:d6:ec:bc:b9:ed:d8:0a:44:1e:26:52:40:7b:8e:
                    29:18:ef:08:f0:f4:d8:24:4a:c3:f2:eb:82:b7:7a:
                    48:2d:58:e9:6c:98:73:1b:c9:ce:3c:43:ae:8a:3d:
                    17:46:ce:1f:af:bf:a1:9b:0f:c0:04:ce:13:43:3f:
                    fd:33:99:63:26:fd:55:e8:8b:03:e2:99:4b:a1:4a:
                    ef:40:d4:c1:e3:01:a2:bb:58:f7:4a:fe:01:e1:db:
                    4d:0b:e5:65:a7:f5:e4:b2:33:31:f8:2d:6b:02:8d:
                    b9:d8:5e:58:3f:14:84:14:b1:de:07:81:13:98:f2:
                    81:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:85:69:AD:BC:CD:F0:43:CD:70:71:41:A1:C1:69:C9:3F:C3:46:74
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/O4VprbzN8EPNcHFBocFpyT_DRnQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:2c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         11:6e:ab:5c:03:52:3d:c1:42:4a:d8:ca:3a:02:f5:21:b8:8e:
         cb:7b:75:1a:e8:d0:21:4d:91:20:9d:af:bb:e5:66:4b:a2:bb:
         0c:e9:e9:91:8e:54:0e:0b:a8:f6:78:a9:dc:48:b9:13:8c:ce:
         d9:0c:ce:34:50:56:1b:b7:4c:7f:c1:fb:a6:1b:40:d1:a9:8b:
         9f:58:57:50:86:d3:a2:a6:2c:28:3d:45:e1:ad:cd:aa:c3:a5:
         18:49:37:e9:99:ba:ed:18:a7:aa:f4:59:66:0a:d5:e4:9f:b6:
         8d:b8:10:72:75:4a:c6:6d:5c:2f:29:61:29:23:95:50:97:cb:
         a3:8e:90:be:fd:95:1c:44:e9:0e:2c:66:6a:74:32:3c:ea:ea:
         62:eb:43:b4:79:c4:75:87:15:dd:61:a5:28:6a:86:b9:12:2c:
         21:dd:d2:4e:ce:3f:42:66:de:81:7c:cd:95:15:0b:37:7c:8f:
         b9:cf:e1:2e:5f:7c:8b:aa:af:93:cb:64:3c:6c:6e:6d:f4:63:
         d7:7f:5a:37:13:b9:99:7a:bb:1f:fc:4b:6d:10:45:3b:7f:37:
         c9:10:08:7a:9a:0e:5a:47:91:81:94:fc:7a:ca:61:a4:96:5a:
         6f:90:c0:7d:fb:cc:c8:f2:f4:ab:12:30:80:32:04:66:c2:28:
         be:f3:bd:8d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ3RWffmUcsh2W7dzQaYYawQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNDI3MjM1MDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjg1NjlhZGJjY2RmMDQzY2Q3MDcxNDFhMWMxNjljOTNmYzM0Njc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAikfOQ40YzF/tULs1PDQoCSdrtYuW
rPwXOQFBpP+Q6Nq8sdwXgWdp4olF/5ukkAAAwInTx7wQYuzYyxj7ejiDgyaAqVg3
0uBQ6S0VRAmk0XwG0Lq/W5HGKRhXGQmJVqtnECpytX1roGjnf4TNjdHN8A+jI35C
NE0gn/kXn76FAvSJZWkBjxtm1uy8ue3YCkQeJlJAe44pGO8I8PTYJErD8uuCt3pI
LVjpbJhzG8nOPEOuij0XRs4fr7+hmw/ABM4TQz/9M5ljJv1V6IsD4plLoUrvQNTB
4wGiu1j3Sv4B4dtNC+Vlp/XksjMx+C1rAo252F5YPxSEFLHeB4ETmPKBBQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDuFaa28zfBDzXBxQaHBack/w0Z0MB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvTzRWcHJiek44RVBOY0hGQm9jRnB5VF9EUm5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgaYAQLA
MA0GCSqGSIb3DQEBCwUAA4IBAQARbqtcA1I9wUJK2Mo6AvUhuI7Le3Ua6NAhTZEg
na+75WZLorsM6emRjlQOC6j2eKncSLkTjM7ZDM40UFYbt0x/wfumG0DRqYufWFdQ
htOipiwoPUXhrc2qw6UYSTfpmbrtGKeq9FlmCtXkn7aNuBBydUrGbVwvKWEpI5VQ
l8ujjpC+/ZUcROkOLGZqdDI86upi60O0ecR1hxXdYaUoaoa5Eiwh3dJOzj9CZt6B
fM2VFQs3fI+5z+EuX3yLqq+Ty2Q8bG5t9GPXf1o3E7mZersf/EttEEU7fzfJEAh6
mg5aR5GBlPx6ymGkllpvkMB9+8zI8vSrEjCAMgRmwii+872N
-----END CERTIFICATE-----