Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/e31LPF2I7WVZ4OHv2fzXoWCPjU8.roa
File:                     e31LPF2I7WVZ4OHv2fzXoWCPjU8.roa (raw, json)
Hash identifier:          h+qyqBirTYQmTGXACnFSDlosdrzs6qhfbvIOGGa1gY0=
Subject key identifier:   7B:7D:4B:3C:5D:88:ED:65:59:E0:E1:EF:D9:FC:D7:A1:60:8F:8D:4F
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019D2BE987CB19B63CB971012E000D38721B
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/e31LPF2I7WVZ4OHv2fzXoWCPjU8.roa
Signing time:             Thu 26 Mar 2026 20:50:18 +0000
ROA not before:           Thu 26 Mar 2026 20:50:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209641
IP address blocks:        2a0e:19c0::/32 maxlen: 32
                          2a12:2804::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2b:e9:87:cb:19:b6:3c:b9:71:01:2e:00:0d:38:72:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Mar 26 20:50:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7b7d4b3c5d88ed6559e0e1efd9fcd7a1608f8d4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:0d:4a:a0:f0:a1:ec:3d:65:36:9b:1a:24:ea:
                    40:3b:72:6c:ae:de:2c:88:86:ff:88:f3:bf:ee:88:
                    bb:cc:bd:98:66:3c:76:85:a1:c0:50:29:d7:35:94:
                    6f:09:e6:76:ec:ac:a9:6a:ae:71:d2:0f:18:c7:7c:
                    25:04:f4:a4:1e:8b:0e:50:ac:c4:96:25:4d:83:8c:
                    73:f7:81:60:86:6d:34:a2:d7:5e:67:05:a6:b8:f1:
                    8f:b3:0b:af:93:15:25:58:57:b6:88:9e:01:fc:bc:
                    83:cb:d6:5b:ed:95:11:38:6d:78:2c:d1:38:e2:f5:
                    e0:7d:a0:b3:55:a3:3a:13:b1:4a:49:80:1d:5b:d8:
                    33:8a:ea:7c:e6:37:33:93:c3:03:c0:da:b2:24:91:
                    d2:67:4d:a4:92:70:86:d4:c2:4e:7b:cd:82:eb:13:
                    3b:ce:df:a3:38:60:88:f7:2c:e3:07:33:98:29:cf:
                    6f:4c:e0:f2:d4:61:5c:47:86:2b:a8:91:59:4d:89:
                    74:f5:5c:23:be:24:89:2f:ec:75:c5:fb:79:a4:6e:
                    81:e0:7c:28:fd:04:22:7a:30:a6:09:e3:09:f2:69:
                    1d:9d:ab:54:82:75:6b:ab:80:31:16:5c:fe:a7:df:
                    37:5f:46:10:f3:fd:e3:38:89:16:e5:2a:a5:21:2b:
                    e1:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:7D:4B:3C:5D:88:ED:65:59:E0:E1:EF:D9:FC:D7:A1:60:8F:8D:4F
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/e31LPF2I7WVZ4OHv2fzXoWCPjU8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:19c0::/32
                  2a12:2804::/32

    Signature Algorithm: sha256WithRSAEncryption
         57:e8:b0:79:da:58:4b:3b:f5:cc:aa:e7:80:65:72:ac:77:cf:
         be:2e:dc:24:25:94:1f:2b:2b:97:6e:c8:36:89:f7:27:a5:8a:
         fe:37:3c:4a:d3:df:86:56:8d:f4:3c:10:95:d0:11:48:c2:b2:
         31:fa:d1:e9:f6:42:1f:ee:bf:2a:8b:18:7b:a6:15:77:40:90:
         79:30:1e:57:ef:24:92:e0:37:1e:36:10:dd:80:85:a5:5d:b6:
         81:2f:9f:7a:16:5b:da:f4:10:df:55:01:1a:aa:84:07:7e:75:
         58:00:72:9f:e7:46:fd:17:9d:5a:73:75:51:bf:eb:06:5d:4b:
         7b:9a:89:9e:71:f1:fe:cb:fc:24:28:82:57:81:50:c2:c2:ce:
         53:f0:80:cd:77:bf:47:c1:a0:9f:b7:46:4b:e8:f0:a5:cd:2c:
         01:1b:8e:67:f9:f5:53:af:19:1b:12:bb:16:27:99:95:ed:44:
         cb:d7:3c:c3:ec:66:b1:23:8a:9d:64:82:94:7f:5c:30:c3:ba:
         2b:40:aa:9f:27:dc:87:be:5d:7d:89:a1:dd:9d:08:1c:af:b3:
         5a:85:ad:42:a9:0f:1a:ea:c5:5e:a3:be:66:79:4c:61:74:ff:
         2a:2b:e4:de:b0:9e:e8:a1:21:dd:8d:bc:34:b4:ec:8e:f8:0c:
         6b:f7:a3:10
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ0r6YfLGbY8uXEBLgANOHIbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjYwMzI2MjA1MDE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjdkNGIzYzVkODhlZDY1NTllMGUxZWZkOWZjZDdhMTYwOGY4ZDRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyA1KoPCh7D1lNpsaJOpAO3Jsrt4s
iIb/iPO/7oi7zL2YZjx2haHAUCnXNZRvCeZ27Kypaq5x0g8Yx3wlBPSkHosOUKzE
liVNg4xz94Fghm00otdeZwWmuPGPswuvkxUlWFe2iJ4B/LyDy9Zb7ZUROG14LNE4
4vXgfaCzVaM6E7FKSYAdW9gziup85jczk8MDwNqyJJHSZ02kknCG1MJOe82C6xM7
zt+jOGCI9yzjBzOYKc9vTODy1GFcR4YrqJFZTYl09VwjviSJL+x1xft5pG6B4Hwo
/QQiejCmCeMJ8mkdnatUgnVrq4AxFlz+p983X0YQ8/3jOIkW5SqlISvhLQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHt9SzxdiO1lWeDh79n816Fgj41PMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvZTMxTFBGMkk3V1ZaNE9IdjJmelhvV0NQalU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKg4ZwAMF
ACoSKAQwDQYJKoZIhvcNAQELBQADggEBAFfosHnaWEs79cyq54Blcqx3z74u3CQl
lB8rK5duyDaJ9yeliv43PErT34ZWjfQ8EJXQEUjCsjH60en2Qh/uvyqLGHumFXdA
kHkwHlfvJJLgNx42EN2AhaVdtoEvn3oWW9r0EN9VARqqhAd+dVgAcp/nRv0XnVpz
dVG/6wZdS3uaiZ5x8f7L/CQogleBUMLCzlPwgM13v0fBoJ+3Rkvo8KXNLAEbjmf5
9VOvGRsSuxYnmZXtRMvXPMPsZrEjip1kgpR/XDDDuitAqp8n3Ie+XX2Jod2dCByv
s1qFrUKpDxrqxV6jvmZ5TGF0/yor5N6wnuihId2NvDS07I74DGv3oxA=
-----END CERTIFICATE-----