Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/oH65Sp-7j1dyLTMeNIHc8sX1LUI.roa
File:                     oH65Sp-7j1dyLTMeNIHc8sX1LUI.roa (raw, json)
Hash identifier:          v8i1h4bqtby00HPQCDVHgaQkd1k5d8Jx3++28dYBYvQ=
Subject key identifier:   A0:7E:B9:4A:9F:BB:8F:57:72:2D:33:1E:34:81:DC:F2:C5:F5:2D:42
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019CAE82B46106214543FCBC4265CE58FA31
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/oH65Sp-7j1dyLTMeNIHc8sX1LUI.roa
Signing time:             Mon 02 Mar 2026 12:25:27 +0000
ROA not before:           Mon 02 Mar 2026 12:25:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215464
IP address blocks:        2a06:9801:8a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ae:82:b4:61:06:21:45:43:fc:bc:42:65:ce:58:fa:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Mar  2 12:25:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a07eb94a9fbb8f57722d331e3481dcf2c5f52d42
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:39:58:f6:13:87:bc:3d:80:f8:06:a7:07:11:
                    45:22:3c:05:ab:8b:a7:f7:52:6a:d6:e5:f1:37:ae:
                    52:25:7c:6c:7f:3b:5b:bb:12:ac:b4:a9:84:41:c9:
                    dc:19:bf:89:37:a7:4c:48:22:f1:da:42:72:95:0e:
                    7a:4c:f8:fb:d5:e0:6c:7d:26:a2:bf:15:dd:c9:62:
                    a2:60:1f:be:78:27:97:83:c0:da:a4:02:57:8d:98:
                    39:f6:07:e2:ad:e9:d3:11:5f:56:1c:0b:9c:5c:68:
                    23:f1:e3:9a:62:d2:e3:6b:37:e9:4e:8c:18:9c:fd:
                    dc:fc:c3:60:c0:bd:e8:0c:2e:ab:0a:ee:52:29:c1:
                    5a:14:cc:25:dc:56:4f:83:32:a2:35:87:cd:d1:fe:
                    65:d3:ae:e2:55:1c:de:1f:74:e1:8c:06:03:e4:81:
                    4d:7a:fe:2a:76:df:2f:53:92:c8:ba:72:16:1e:bf:
                    e8:23:61:cc:f0:94:20:44:33:b4:71:61:0b:99:91:
                    31:fb:42:58:7f:be:90:c4:53:ac:69:96:f8:6c:83:
                    04:c9:28:db:f8:a2:0c:be:5d:95:3e:98:f1:37:4f:
                    04:0c:1b:c9:27:eb:b5:99:78:2d:b2:37:48:a5:98:
                    90:9d:1f:03:a3:bf:51:88:25:df:a3:e0:89:8a:a6:
                    bc:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:7E:B9:4A:9F:BB:8F:57:72:2D:33:1E:34:81:DC:F2:C5:F5:2D:42
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/oH65Sp-7j1dyLTMeNIHc8sX1LUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:8a::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:7c:f8:c3:87:e1:1e:5a:b4:c4:c3:83:58:4c:1f:00:f4:8c:
         ef:ee:2b:dd:b4:a2:6f:30:ca:83:5c:ff:50:50:b8:40:c0:e6:
         68:36:c9:50:4c:7d:5a:dd:41:d7:40:2a:66:26:50:36:53:dd:
         e4:3c:63:70:d0:68:ef:ee:da:92:a5:48:e3:57:a0:a8:ca:c3:
         5d:f8:84:0a:2c:d6:f8:49:66:b5:ef:d5:e0:9c:4e:aa:d2:87:
         8b:50:a6:d0:15:62:2b:ed:c7:40:1c:33:ab:6e:94:98:d0:c8:
         cf:2d:3f:55:74:7b:10:f6:f9:b4:7b:8b:cb:d2:9f:c8:0d:47:
         dc:e6:0f:a4:ce:07:9b:6d:b0:55:2e:4f:9e:9a:b0:d8:69:ac:
         8b:87:cf:20:23:90:a3:ad:f9:01:9e:6f:88:3c:de:b0:ce:77:
         67:ee:79:03:c5:a6:d0:8e:de:11:b7:3f:7b:32:f8:c3:e4:73:
         7d:73:3d:19:6a:7e:99:b5:28:b2:7a:7a:18:d0:65:18:4d:db:
         f9:b0:c2:ab:f2:a6:b1:f0:11:cb:fc:87:96:26:96:9f:ea:42:
         e8:53:e4:73:ea:10:1d:04:61:65:a2:bd:9c:2d:e6:d0:8e:42:
         ff:6d:aa:2f:6e:7a:1c:84:fe:b9:93:6d:3c:f7:84:2f:1f:6d:
         0f:3a:52:79
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZyugrRhBiFFQ/y8QmXOWPoxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwMzAyMTIyNTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDdlYjk0YTlmYmI4ZjU3NzIyZDMzMWUzNDgxZGNmMmM1ZjUyZDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArzlY9hOHvD2A+AanBxFFIjwFq4un
91Jq1uXxN65SJXxsfztbuxKstKmEQcncGb+JN6dMSCLx2kJylQ56TPj71eBsfSai
vxXdyWKiYB++eCeXg8DapAJXjZg59gfirenTEV9WHAucXGgj8eOaYtLjazfpTowY
nP3c/MNgwL3oDC6rCu5SKcFaFMwl3FZPgzKiNYfN0f5l067iVRzeH3ThjAYD5IFN
ev4qdt8vU5LIunIWHr/oI2HM8JQgRDO0cWELmZEx+0JYf76QxFOsaZb4bIMEySjb
+KIMvl2VPpjxN08EDBvJJ+u1mXgtsjdIpZiQnR8Do79RiCXfo+CJiqa87QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKB+uUqfu49Xci0zHjSB3PLF9S1CMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvb0g2NVNwLTdqMWR5TFRNZU5JSGM4c1gxTFVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQCK
MA0GCSqGSIb3DQEBCwUAA4IBAQBofPjDh+EeWrTEw4NYTB8A9Izv7ivdtKJvMMqD
XP9QULhAwOZoNslQTH1a3UHXQCpmJlA2U93kPGNw0Gjv7tqSpUjjV6CoysNd+IQK
LNb4SWa179XgnE6q0oeLUKbQFWIr7cdAHDOrbpSY0MjPLT9VdHsQ9vm0e4vL0p/I
DUfc5g+kzgebbbBVLk+emrDYaayLh88gI5CjrfkBnm+IPN6wzndn7nkDxabQjt4R
tz97MvjD5HN9cz0Zan6ZtSiyenoY0GUYTdv5sMKr8qax8BHL/IeWJpaf6kLoU+Rz
6hAdBGFlor2cLebQjkL/baovbnochP65k20894QvH20POlJ5
-----END CERTIFICATE-----