Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/4f8124-4142-4dd5-8c62-07c8b5a985ba/1/Vr9B-zHNKLHeB8Xx57Kq7jsYtHM.roa
File:                     Vr9B-zHNKLHeB8Xx57Kq7jsYtHM.roa (raw, json)
Hash identifier:          OzngqieZsxcHJ4EZWwYuegusT/oah57Gh4sMFZUQ7jw=
Subject key identifier:   56:BF:41:FB:31:CD:28:B1:DE:07:C5:F1:E7:B2:AA:EE:3B:18:B4:73
Certificate issuer:       /CN=f4e36bd4bf3825740c905a67cdc16b301872aa71
Certificate serial:       019DB184D8AD64D12E181C1B8324581B02F8
Authority key identifier: F4:E3:6B:D4:BF:38:25:74:0C:90:5A:67:CD:C1:6B:30:18:72:AA:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9ONr1L84JXQMkFpnzcFrMBhyqnE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/4f8124-4142-4dd5-8c62-07c8b5a985ba/1/Vr9B-zHNKLHeB8Xx57Kq7jsYtHM.roa
Signing time:             Tue 21 Apr 2026 19:29:26 +0000
ROA not before:           Tue 21 Apr 2026 19:29:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214408
IP address blocks:        2a0b:2a00::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/4f8124-4142-4dd5-8c62-07c8b5a985ba/1/9ONr1L84JXQMkFpnzcFrMBhyqnE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/4f8124-4142-4dd5-8c62-07c8b5a985ba/1/9ONr1L84JXQMkFpnzcFrMBhyqnE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9ONr1L84JXQMkFpnzcFrMBhyqnE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b1:84:d8:ad:64:d1:2e:18:1c:1b:83:24:58:1b:02:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4e36bd4bf3825740c905a67cdc16b301872aa71
        Validity
            Not Before: Apr 21 19:29:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=56bf41fb31cd28b1de07c5f1e7b2aaee3b18b473
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:3d:2a:d2:c7:85:c1:96:4d:66:5b:1b:2b:1f:
                    b8:4f:3f:72:0b:4c:4a:cd:1b:24:f4:04:6e:ce:d0:
                    1b:d3:1d:98:8d:ea:f0:81:83:09:b3:25:9c:56:6d:
                    90:50:f0:df:a5:98:54:80:6d:ff:15:c4:fe:99:26:
                    6e:12:f2:18:89:e3:a2:51:77:a2:7e:6f:e1:f5:ce:
                    ba:b3:05:4f:90:83:1d:df:32:a9:84:39:d5:53:0d:
                    a0:08:e1:2b:27:2c:84:aa:53:c1:4a:e6:e2:77:b2:
                    5b:88:95:6f:f4:3d:f9:82:4e:74:80:ca:2f:78:70:
                    04:b6:90:62:0b:a8:12:c6:dd:ef:08:cf:13:64:9e:
                    e1:89:cd:ed:dd:e6:98:da:1e:51:cb:05:00:65:e6:
                    95:00:bc:c3:c8:2d:c8:20:f9:5a:1b:95:90:03:bd:
                    e3:c9:a3:6c:51:78:8e:30:a8:20:29:ed:82:a7:64:
                    bb:27:15:0c:0d:76:38:5b:0c:d1:23:33:8d:03:9f:
                    e1:ef:c1:5f:b4:e5:eb:19:c3:c6:c0:75:8f:f5:cd:
                    59:ac:6f:29:0e:9e:86:7a:99:9d:7b:86:42:5f:f3:
                    2b:3f:47:79:63:a0:89:a6:ef:71:5e:1b:fb:ae:03:
                    25:ab:9d:45:4b:89:d5:9a:e3:e2:58:95:41:35:a7:
                    8e:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:BF:41:FB:31:CD:28:B1:DE:07:C5:F1:E7:B2:AA:EE:3B:18:B4:73
            X509v3 Authority Key Identifier:
                keyid:F4:E3:6B:D4:BF:38:25:74:0C:90:5A:67:CD:C1:6B:30:18:72:AA:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9ONr1L84JXQMkFpnzcFrMBhyqnE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/4f8124-4142-4dd5-8c62-07c8b5a985ba/1/Vr9B-zHNKLHeB8Xx57Kq7jsYtHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/4f8124-4142-4dd5-8c62-07c8b5a985ba/1/9ONr1L84JXQMkFpnzcFrMBhyqnE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:2a00::/32

    Signature Algorithm: sha256WithRSAEncryption
         2e:88:5b:93:25:2c:00:76:e2:75:12:c4:01:b7:5b:43:ef:fe:
         1b:0f:95:16:e2:6b:82:ae:25:07:5d:96:2c:de:92:9c:35:bc:
         71:b4:7b:d0:ba:54:9f:92:91:2a:93:95:d2:5a:f6:5c:b2:ee:
         aa:75:0b:a7:4a:47:b7:d8:3e:21:1a:48:a0:cf:ed:39:68:eb:
         8c:90:db:2b:20:b4:39:bb:8b:6d:4a:f4:6f:82:bf:3e:86:fe:
         59:6a:15:46:32:ba:7c:5f:31:9c:39:35:1c:c1:a2:32:39:3a:
         79:1b:95:2a:83:e0:ad:1c:94:e7:bf:b7:91:46:19:19:fb:37:
         9d:f5:50:46:13:07:7a:02:44:68:ee:13:66:6e:d3:28:f6:9c:
         d1:a5:ed:c7:30:49:70:6e:af:4d:84:46:55:86:2f:d1:b7:1b:
         c0:29:ef:67:22:8c:b4:68:0c:76:02:4d:74:8f:3c:cf:2d:00:
         89:c4:36:f6:b9:a8:3a:69:11:3c:a2:95:6a:fb:03:da:a9:f2:
         e0:07:9b:be:cd:89:09:54:0a:69:b4:ba:bc:0f:90:3d:73:fb:
         fa:cc:41:82:bc:f2:c5:88:ff:63:4c:dd:13:df:e5:ba:39:9b:
         66:c4:fa:68:50:50:b5:38:66:26:38:9c:11:7b:1f:f3:15:e7:
         ab:c5:a7:d8
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ2xhNitZNEuGBwbgyRYGwL4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZTM2YmQ0YmYzODI1NzQwYzkwNWE2N2NkYzE2YjMwMTg3
MmFhNzEwHhcNMjYwNDIxMTkyOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmJmNDFmYjMxY2QyOGIxZGUwN2M1ZjFlN2IyYWFlZTNiMThiNDczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1j0q0seFwZZNZlsbKx+4Tz9yC0xK
zRsk9ARuztAb0x2YjerwgYMJsyWcVm2QUPDfpZhUgG3/FcT+mSZuEvIYieOiUXei
fm/h9c66swVPkIMd3zKphDnVUw2gCOErJyyEqlPBSubid7JbiJVv9D35gk50gMov
eHAEtpBiC6gSxt3vCM8TZJ7hic3t3eaY2h5RywUAZeaVALzDyC3IIPlaG5WQA73j
yaNsUXiOMKggKe2Cp2S7JxUMDXY4WwzRIzONA5/h78FftOXrGcPGwHWP9c1ZrG8p
Dp6Gepmde4ZCX/MrP0d5Y6CJpu9xXhv7rgMlq51FS4nVmuPiWJVBNaeOuQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFa/QfsxzSix3gfF8eeyqu47GLRzMB8GA1UdIwQY
MBaAFPTja9S/OCV0DJBaZ83BazAYcqpxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU9OcjFMODRKWFFNa0ZwbnpjRnJNQmh5cW5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS80ZjgxMjQtNDE0Mi00ZGQ1LThjNjIt
MDdjOGI1YTk4NWJhLzEvVnI5Qi16SE5LTEhlQjhYeDU3S3E3anNZdEhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS80ZjgxMjQtNDE0Mi00ZGQ1LThjNjItMDdjOGI1YTk4NWJh
LzEvOU9OcjFMODRKWFFNa0ZwbnpjRnJNQmh5cW5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgsqADAN
BgkqhkiG9w0BAQsFAAOCAQEALohbkyUsAHbidRLEAbdbQ+/+Gw+VFuJrgq4lB12W
LN6SnDW8cbR70LpUn5KRKpOV0lr2XLLuqnULp0pHt9g+IRpIoM/tOWjrjJDbKyC0
ObuLbUr0b4K/Pob+WWoVRjK6fF8xnDk1HMGiMjk6eRuVKoPgrRyU57+3kUYZGfs3
nfVQRhMHegJEaO4TZm7TKPac0aXtxzBJcG6vTYRGVYYv0bcbwCnvZyKMtGgMdgJN
dI88zy0AicQ29rmoOmkRPKKVavsD2qny4Aebvs2JCVQKabS6vA+QPXP7+sxBgrzy
xYj/Y0zdE9/lujmbZsT6aFBQtThmJjicEXsf8xXnq8Wn2A==
-----END CERTIFICATE-----