Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/p2rIKtu-usbhph2PfPBQ7LXfY0o.roa
File:                     p2rIKtu-usbhph2PfPBQ7LXfY0o.roa (raw, json)
Hash identifier:          ahvL68Upnm198HtnlMKYNTvjtLwCEUtUVNikK0fwaBo=
Subject key identifier:   A7:6A:C8:2A:DB:BE:BA:C6:E1:A6:1D:8F:7C:F0:50:EC:B5:DF:63:4A
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019DFE95CBB09F6AF3866F5E2FA56BDAE5F4
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/p2rIKtu-usbhph2PfPBQ7LXfY0o.roa
Signing time:             Wed 06 May 2026 18:38:43 +0000
ROA not before:           Wed 06 May 2026 18:38:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197904
IP address blocks:        2a06:9801:2bf::/48 maxlen: 48
                          2a06:9801:720::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 13:34:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fe:95:cb:b0:9f:6a:f3:86:6f:5e:2f:a5:6b:da:e5:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: May  6 18:38:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a76ac82adbbebac6e1a61d8f7cf050ecb5df634a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:a2:08:a4:99:b9:cf:50:20:ef:68:10:c6:6c:
                    84:79:7e:c6:17:24:cf:53:c4:97:da:57:e5:45:96:
                    ea:0b:4d:75:e4:2f:75:25:c0:a0:cd:7f:a8:32:c3:
                    cc:6f:8f:77:3f:43:a1:a1:13:bd:8d:5e:c4:b3:f5:
                    2e:9e:be:dd:66:45:9b:5b:ca:2c:e5:dd:aa:1f:c4:
                    51:c2:68:d4:c9:9a:7d:4c:00:42:63:af:76:20:c4:
                    24:76:e2:c6:ba:42:a3:7f:0c:04:e4:6c:ca:76:c8:
                    dd:46:ab:e5:6d:e0:e1:84:cb:c1:95:4c:dc:e6:55:
                    ec:b3:1a:d1:a5:c4:3f:04:36:e6:90:e0:11:84:7f:
                    d5:e8:20:8b:60:ec:f6:52:1b:56:cd:7b:e9:dc:54:
                    ea:e6:98:d6:65:c0:0b:69:ab:14:cc:55:77:62:be:
                    a6:da:be:be:6a:3a:8c:07:9c:8e:0e:6a:85:41:95:
                    d7:50:dd:01:b2:9b:a3:23:ed:32:73:88:89:40:fd:
                    f4:ee:0f:32:62:d7:5c:9c:9b:b6:fb:45:b0:83:19:
                    28:ee:dc:fc:21:19:25:ed:f0:74:33:c1:88:80:b0:
                    6b:23:8b:ad:09:18:94:f1:0b:6d:25:48:88:30:1e:
                    9a:f3:c2:7c:1d:38:bf:c3:23:4c:5c:b3:dd:aa:e5:
                    14:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:6A:C8:2A:DB:BE:BA:C6:E1:A6:1D:8F:7C:F0:50:EC:B5:DF:63:4A
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/p2rIKtu-usbhph2PfPBQ7LXfY0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:2bf::/48
                  2a06:9801:720::/44

    Signature Algorithm: sha256WithRSAEncryption
         85:17:b1:87:fa:03:15:02:f5:f5:34:25:ba:43:5e:1b:8d:4e:
         69:bf:b6:01:63:1f:e3:a3:28:43:29:9a:0d:35:f0:c4:90:3c:
         61:3d:aa:24:b4:e6:1d:4e:de:3b:4c:c2:79:7e:2e:46:e6:af:
         d7:a3:28:c2:3e:a7:dc:34:36:8a:ab:09:1e:90:48:f4:5a:ad:
         0d:81:68:79:34:f6:fa:37:58:a2:cc:30:1d:1e:84:eb:fa:61:
         7d:e6:8e:2f:dc:1f:b4:7d:ad:43:3e:4d:37:b0:20:6b:af:6e:
         b2:45:f6:41:fb:33:78:00:66:5a:fa:ab:99:fe:7b:b7:f2:3e:
         4c:2b:97:28:e4:86:6e:eb:e3:73:bc:e0:9a:d6:e1:a9:07:65:
         4e:0c:3f:73:6b:21:37:b6:48:87:44:74:fb:cf:6f:84:15:42:
         16:73:ef:ba:53:05:0d:4f:83:cf:63:a2:4c:10:99:3b:44:ec:
         c8:71:a8:a0:19:71:8f:41:4b:53:7c:f2:3b:26:bb:0c:68:24:
         5c:d6:89:f6:2d:56:ea:06:75:fb:52:97:b7:57:14:c7:6f:5f:
         b2:ef:1b:8e:27:e7:1b:4e:72:66:b1:b9:12:e5:8d:ec:f7:f0:
         34:a4:e9:3a:a2:d5:5a:35:36:0c:2d:42:82:48:73:d8:9a:0c:
         a0:fd:84:47
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ3+lcuwn2rzhm9eL6Vr2uX0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNTA2MTgzODQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzZhYzgyYWRiYmViYWM2ZTFhNjFkOGY3Y2YwNTBlY2I1ZGY2MzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4KIIpJm5z1Ag72gQxmyEeX7GFyTP
U8SX2lflRZbqC0115C91JcCgzX+oMsPMb493P0OhoRO9jV7Es/Uunr7dZkWbW8os
5d2qH8RRwmjUyZp9TABCY692IMQkduLGukKjfwwE5GzKdsjdRqvlbeDhhMvBlUzc
5lXssxrRpcQ/BDbmkOARhH/V6CCLYOz2UhtWzXvp3FTq5pjWZcALaasUzFV3Yr6m
2r6+ajqMB5yODmqFQZXXUN0BspujI+0yc4iJQP307g8yYtdcnJu2+0Wwgxko7tz8
IRkl7fB0M8GIgLBrI4utCRiU8QttJUiIMB6a88J8HTi/wyNMXLPdquUUFQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKdqyCrbvrrG4aYdj3zwUOy132NKMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvcDJySUt0dS11c2JocGgyUGZQQlE3TFhmWTBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgaYAQK/
AwcEKgaYAQcgMA0GCSqGSIb3DQEBCwUAA4IBAQCFF7GH+gMVAvX1NCW6Q14bjU5p
v7YBYx/joyhDKZoNNfDEkDxhPaoktOYdTt47TMJ5fi5G5q/XoyjCPqfcNDaKqwke
kEj0Wq0NgWh5NPb6N1iizDAdHoTr+mF95o4v3B+0fa1DPk03sCBrr26yRfZB+zN4
AGZa+quZ/nu38j5MK5co5IZu6+NzvOCa1uGpB2VODD9zayE3tkiHRHT7z2+EFUIW
c++6UwUNT4PPY6JMEJk7ROzIcaigGXGPQUtTfPI7JrsMaCRc1on2LVbqBnX7Upe3
VxTHb1+y7xuOJ+cbTnJmsbkS5Y3s9/A0pOk6otVaNTYMLUKCSHPYmgyg/YRH
-----END CERTIFICATE-----