Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/dqQXNUyv3CZiaUHjnp1vdmGfegQ.roa
File:                     dqQXNUyv3CZiaUHjnp1vdmGfegQ.roa (raw, json)
Hash identifier:          nkA+OnYR5PwlVCwj5zhi2zKOYUiNpA/KaJbAVJy9Hq0=
Subject key identifier:   76:A4:17:35:4C:AF:DC:26:62:69:41:E3:9E:9D:6F:76:61:9F:7A:04
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019DD159F70F9B1607C1A478185E910642B9
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/dqQXNUyv3CZiaUHjnp1vdmGfegQ.roa
Signing time:             Mon 27 Apr 2026 23:50:27 +0000
ROA not before:           Mon 27 Apr 2026 23:50:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198617
IP address blocks:        2a06:9801:273::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 22:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d1:59:f7:0f:9b:16:07:c1:a4:78:18:5e:91:06:42:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Apr 27 23:50:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=76a417354cafdc26626941e39e9d6f76619f7a04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:41:87:74:ca:70:ae:fa:09:b1:6f:1d:96:05:
                    64:bc:b5:75:a0:a1:9e:d7:cd:5e:9f:c1:e8:f5:a4:
                    8b:f0:4e:5f:72:79:b3:ae:96:e5:fe:fa:c1:49:cc:
                    da:d3:15:50:ca:9f:42:18:d6:16:c9:d4:97:64:ff:
                    ce:eb:0e:19:30:e6:0c:e3:c6:cf:ad:65:3f:42:39:
                    53:87:81:15:dd:e2:a3:2c:8b:1a:b5:9c:52:7e:f0:
                    86:87:2c:d5:f1:ab:57:37:07:74:68:34:ad:ab:a8:
                    2d:5f:4e:62:7f:20:e1:bf:86:a6:35:01:68:67:c8:
                    d2:60:82:ee:dd:da:09:5f:cc:0f:5b:4b:5d:61:04:
                    c3:04:c6:66:73:96:c1:50:d7:36:5a:22:8a:45:49:
                    27:95:d3:67:70:f9:5a:cc:e0:6f:20:b4:3a:a7:c6:
                    8f:6e:83:25:bd:fd:1a:93:e9:e5:8a:13:09:b9:15:
                    9f:f9:a1:74:cb:5d:78:94:33:92:ba:e7:0a:e3:04:
                    a0:17:3f:14:d7:69:5f:61:c4:8f:06:43:cb:4b:96:
                    70:e9:58:2f:5f:c5:e2:e0:fa:c1:60:cb:1f:31:03:
                    e0:fc:a2:0d:f3:da:4e:ec:74:d5:fc:7f:80:66:32:
                    17:53:46:0f:17:90:85:f7:ba:ee:c1:4c:59:49:97:
                    0e:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:A4:17:35:4C:AF:DC:26:62:69:41:E3:9E:9D:6F:76:61:9F:7A:04
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/dqQXNUyv3CZiaUHjnp1vdmGfegQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:273::/48

    Signature Algorithm: sha256WithRSAEncryption
         21:aa:1b:b0:fb:fe:37:54:0b:b6:63:98:dc:07:4f:e5:09:ff:
         8d:86:76:1a:2f:fd:9a:34:3c:f6:15:31:63:52:bc:0f:9e:3f:
         3a:56:f7:45:58:8b:c6:0a:6a:33:3b:51:c4:83:89:a5:1b:67:
         15:08:0c:e9:dd:11:42:ff:5b:32:82:18:95:e3:a2:1a:0b:ce:
         f6:a0:98:03:18:20:65:34:cd:84:d1:1d:22:50:be:18:f0:74:
         eb:37:db:50:03:14:ed:bd:d4:e2:69:e3:06:68:fd:cc:85:73:
         74:c5:c6:db:41:d7:3a:ca:bc:ae:bf:d5:9b:ee:ef:17:0e:c1:
         9f:58:8a:af:f1:28:01:bd:26:74:be:16:69:0d:c4:13:d2:a7:
         a5:db:2a:55:00:04:cc:4e:84:2b:2c:e2:c6:5f:0d:63:8e:de:
         d0:3d:ea:14:17:0c:70:3a:c1:c8:44:88:52:f1:f2:ab:e1:ed:
         4f:da:ef:8d:17:40:60:76:89:ee:a4:b6:27:7a:6e:cc:bd:9c:
         3b:12:69:fc:a0:35:f2:28:1c:e8:b3:d9:a7:9f:63:7f:9f:96:
         1c:62:08:c7:60:a1:4a:21:14:88:2e:df:31:64:12:7f:16:05:
         b8:2d:c9:39:90:a1:dd:e1:8d:86:5a:e8:68:2e:bb:a5:4a:3b:
         53:d7:da:4b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ3RWfcPmxYHwaR4GF6RBkK5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNDI3MjM1MDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmE0MTczNTRjYWZkYzI2NjI2OTQxZTM5ZTlkNmY3NjYxOWY3YTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkUGHdMpwrvoJsW8dlgVkvLV1oKGe
181en8Ho9aSL8E5fcnmzrpbl/vrBScza0xVQyp9CGNYWydSXZP/O6w4ZMOYM48bP
rWU/QjlTh4EV3eKjLIsatZxSfvCGhyzV8atXNwd0aDStq6gtX05ifyDhv4amNQFo
Z8jSYILu3doJX8wPW0tdYQTDBMZmc5bBUNc2WiKKRUknldNncPlazOBvILQ6p8aP
boMlvf0ak+nlihMJuRWf+aF0y114lDOSuucK4wSgFz8U12lfYcSPBkPLS5Zw6Vgv
X8Xi4PrBYMsfMQPg/KIN89pO7HTV/H+AZjIXU0YPF5CF97ruwUxZSZcOuwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHakFzVMr9wmYmlB456db3Zhn3oEMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvZHFRWE5VeXYzQ1ppYVVIam5wMXZkbUdmZWdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQJz
MA0GCSqGSIb3DQEBCwUAA4IBAQAhqhuw+/43VAu2Y5jcB0/lCf+NhnYaL/2aNDz2
FTFjUrwPnj86VvdFWIvGCmozO1HEg4mlG2cVCAzp3RFC/1syghiV46IaC872oJgD
GCBlNM2E0R0iUL4Y8HTrN9tQAxTtvdTiaeMGaP3MhXN0xcbbQdc6yryuv9Wb7u8X
DsGfWIqv8SgBvSZ0vhZpDcQT0qel2ypVAATMToQrLOLGXw1jjt7QPeoUFwxwOsHI
RIhS8fKr4e1P2u+NF0BgdonupLYnem7MvZw7Emn8oDXyKBzos9mnn2N/n5YcYgjH
YKFKIRSILt8xZBJ/FgW4Lck5kKHd4Y2GWuhoLrulSjtT19pL
-----END CERTIFICATE-----