Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/Qdhbdjqf8Yf8_6En5yDMAkiRCRY.roa
File:                     Qdhbdjqf8Yf8_6En5yDMAkiRCRY.roa (raw, json)
Hash identifier:          94UTQ86ip61PcY8ZlRHIuKcjQtkFhO9Ev/mvuparfng=
Subject key identifier:   41:D8:5B:76:3A:9F:F1:87:FC:FF:A1:27:E7:20:CC:02:48:91:09:16
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019DF9068AA625FD748AC717BF1DE4D28ADF
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/Qdhbdjqf8Yf8_6En5yDMAkiRCRY.roa
Signing time:             Tue 05 May 2026 16:44:08 +0000
ROA not before:           Tue 05 May 2026 16:44:08 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197871
IP address blocks:        2a06:9801:2f1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 13:34:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f9:06:8a:a6:25:fd:74:8a:c7:17:bf:1d:e4:d2:8a:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: May  5 16:44:08 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=41d85b763a9ff187fcffa127e720cc0248910916
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:f5:85:35:e6:d3:3f:7c:64:45:4d:46:2b:14:
                    62:4f:db:38:8f:b6:13:a1:1c:7e:8b:26:cf:a2:b1:
                    83:c7:6b:13:d6:6c:71:05:a1:b0:c7:27:ba:3d:5b:
                    60:9e:82:53:85:32:ee:2c:e2:08:a1:5a:12:10:bc:
                    06:e3:81:d1:75:71:1b:ad:84:81:ec:46:ed:34:26:
                    9f:6d:76:2b:01:f5:cd:03:dc:e8:44:ce:d3:e1:20:
                    87:5e:70:50:83:c9:0c:98:77:77:7f:68:b5:1c:ee:
                    c5:89:3e:ac:24:66:55:11:88:7e:53:1c:b1:f1:ae:
                    4f:d0:54:4a:e7:dd:b3:76:1d:44:cb:8a:e2:2f:ec:
                    2a:78:52:78:12:f3:e2:fd:7d:1e:3a:58:c6:33:ba:
                    9a:94:3b:82:a5:35:e3:1a:1a:76:b1:6c:94:7c:2d:
                    14:85:4a:e2:a8:0d:50:7b:96:0a:65:26:7d:90:5d:
                    61:55:17:c0:52:43:8c:bc:30:49:25:51:d1:9c:22:
                    19:ae:bf:e0:3f:6e:2b:6d:a9:22:6d:12:54:14:8b:
                    41:7f:be:ec:42:ab:97:5a:10:ae:38:2d:c8:3a:55:
                    29:59:52:46:5a:f6:f8:13:ea:dd:29:cf:d9:b0:e1:
                    87:5b:52:e2:d8:b6:1b:d0:f1:a7:0c:7c:e1:aa:ea:
                    60:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:D8:5B:76:3A:9F:F1:87:FC:FF:A1:27:E7:20:CC:02:48:91:09:16
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/Qdhbdjqf8Yf8_6En5yDMAkiRCRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:2f1::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:b7:6b:f4:5d:af:c1:42:1c:4a:0c:3c:1c:71:a7:2d:4e:bf:
         67:b9:89:a8:6b:b1:24:86:0a:09:8b:be:7e:8e:e5:ae:4f:83:
         0b:82:d4:3b:19:71:d9:dc:a1:f9:e8:c4:a5:12:2a:64:2c:6b:
         ec:d6:78:ea:4d:2c:fa:e1:07:a2:7d:a5:41:3c:a8:76:6c:7f:
         bf:7a:df:82:f7:82:0b:f0:2b:34:7b:27:6f:05:89:6d:75:20:
         bc:ff:97:58:ba:af:73:68:a7:a6:a6:79:ec:54:11:cf:90:e9:
         35:ec:f3:ac:f3:81:cb:6e:4d:4b:bb:5f:fe:a7:2e:72:ff:57:
         29:ce:10:a5:e4:41:40:e7:fa:ab:7c:4b:19:22:1f:14:42:00:
         63:77:aa:23:bc:3e:2e:88:69:54:52:0d:37:46:95:ad:8b:b9:
         b1:71:3c:88:08:32:d2:24:1d:48:d9:89:1b:63:70:bb:1c:8c:
         2b:80:65:83:4b:b7:1c:61:40:3b:6d:04:13:7f:51:ee:4a:20:
         e0:99:d4:4c:59:41:47:89:99:ae:06:f3:08:2c:f7:5d:48:17:
         f0:6c:36:23:0e:ac:6d:22:e2:f4:43:85:c5:67:b0:33:ad:3f:
         a2:43:2b:3e:eb:13:b3:14:e8:99:98:10:ee:81:12:ed:a8:bc:
         60:46:92:e8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ35BoqmJf10iscXvx3k0orfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNTA1MTY0NDA4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWQ4NWI3NjNhOWZmMTg3ZmNmZmExMjdlNzIwY2MwMjQ4OTEwOTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvWFNebTP3xkRU1GKxRiT9s4j7YT
oRx+iybPorGDx2sT1mxxBaGwxye6PVtgnoJThTLuLOIIoVoSELwG44HRdXEbrYSB
7EbtNCafbXYrAfXNA9zoRM7T4SCHXnBQg8kMmHd3f2i1HO7FiT6sJGZVEYh+Uxyx
8a5P0FRK592zdh1Ey4riL+wqeFJ4EvPi/X0eOljGM7qalDuCpTXjGhp2sWyUfC0U
hUriqA1Qe5YKZSZ9kF1hVRfAUkOMvDBJJVHRnCIZrr/gP24rbakibRJUFItBf77s
QquXWhCuOC3IOlUpWVJGWvb4E+rdKc/ZsOGHW1Li2LYb0PGnDHzhqupgOwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEHYW3Y6n/GH/P+hJ+cgzAJIkQkWMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvUWRoYmRqcWY4WWY4XzZFbjV5RE1Ba2lSQ1JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQLx
MA0GCSqGSIb3DQEBCwUAA4IBAQB7t2v0Xa/BQhxKDDwccactTr9nuYmoa7EkhgoJ
i75+juWuT4MLgtQ7GXHZ3KH56MSlEipkLGvs1njqTSz64QeifaVBPKh2bH+/et+C
94IL8Cs0eydvBYltdSC8/5dYuq9zaKempnnsVBHPkOk17POs84HLbk1Lu1/+py5y
/1cpzhCl5EFA5/qrfEsZIh8UQgBjd6ojvD4uiGlUUg03RpWti7mxcTyICDLSJB1I
2YkbY3C7HIwrgGWDS7ccYUA7bQQTf1HuSiDgmdRMWUFHiZmuBvMILPddSBfwbDYj
DqxtIuL0Q4XFZ7AzrT+iQys+6xOzFOiZmBDugRLtqLxgRpLo
-----END CERTIFICATE-----