Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/a5d286-8670-47e4-97b4-24cf8a61d7e8/1/Uj5ULHb6pyjQ0Dae7foiE-ljxJs.roa
File:                     Uj5ULHb6pyjQ0Dae7foiE-ljxJs.roa (raw, json)
Hash identifier:          L/jRLCYGvoP3gC9D3+3HlVqnaf/R9WFuYfVBfpOL8qA=
Subject key identifier:   52:3E:54:2C:76:FA:A7:28:D0:D0:36:9E:ED:FA:22:13:E9:63:C4:9B
Certificate issuer:       /CN=8a28ff310da7df8309cfab4dcf9a235842b60872
Certificate serial:       019B7F1473D289B4BE95695167FFEEBD1BE6
Authority key identifier: 8A:28:FF:31:0D:A7:DF:83:09:CF:AB:4D:CF:9A:23:58:42:B6:08:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iij_MQ2n34MJz6tNz5ojWEK2CHI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/a5d286-8670-47e4-97b4-24cf8a61d7e8/1/Uj5ULHb6pyjQ0Dae7foiE-ljxJs.roa
Signing time:             Fri 02 Jan 2026 14:20:05 +0000
ROA not before:           Fri 02 Jan 2026 14:20:05 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208085
IP address blocks:        2a06:b700:1002::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/a5d286-8670-47e4-97b4-24cf8a61d7e8/1/iij_MQ2n34MJz6tNz5ojWEK2CHI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/a5d286-8670-47e4-97b4-24cf8a61d7e8/1/iij_MQ2n34MJz6tNz5ojWEK2CHI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iij_MQ2n34MJz6tNz5ojWEK2CHI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7f:14:73:d2:89:b4:be:95:69:51:67:ff:ee:bd:1b:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a28ff310da7df8309cfab4dcf9a235842b60872
        Validity
            Not Before: Jan  2 14:20:05 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=523e542c76faa728d0d0369eedfa2213e963c49b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:ff:09:7b:d1:5e:18:16:f0:de:37:a4:3b:37:
                    07:05:09:32:0f:78:42:fc:04:63:d8:e6:5f:0f:5a:
                    49:a3:76:66:ce:2f:80:8a:62:2c:62:31:15:25:ac:
                    02:47:26:32:41:ce:51:e2:81:06:f0:f7:89:1c:f8:
                    d3:3f:a5:76:f7:ec:cd:20:95:2c:8a:2e:ef:e4:b2:
                    92:7d:66:31:82:cf:25:67:b4:01:51:e3:fd:12:f9:
                    ce:01:ae:24:5f:04:da:9f:d3:93:0c:8f:c6:90:f9:
                    21:a9:a9:7c:78:84:2d:73:09:21:64:62:f6:9d:99:
                    1a:00:45:dc:b5:f6:c6:22:76:67:bb:83:6e:fd:ff:
                    5a:a0:10:50:a3:95:4b:4d:40:6c:c1:0b:b0:f2:d6:
                    0e:7c:4c:9a:1b:17:dd:93:cf:d8:c2:2b:9e:8e:ba:
                    ed:47:f6:1f:7e:89:a0:80:a8:45:cd:a1:a6:7a:fe:
                    f9:ff:90:6a:be:a2:7e:cb:65:cb:ed:18:a1:bc:c5:
                    92:a6:f8:08:fe:24:75:a2:8c:23:ad:f5:78:a2:f3:
                    a0:f1:e6:1d:0f:7a:f3:65:64:69:73:86:d0:72:37:
                    f0:88:1c:3b:ab:a6:44:4f:7d:a4:1a:33:aa:ce:c6:
                    e9:55:ad:df:ad:81:d4:f7:e5:d5:4c:08:f6:6d:73:
                    99:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:3E:54:2C:76:FA:A7:28:D0:D0:36:9E:ED:FA:22:13:E9:63:C4:9B
            X509v3 Authority Key Identifier:
                keyid:8A:28:FF:31:0D:A7:DF:83:09:CF:AB:4D:CF:9A:23:58:42:B6:08:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iij_MQ2n34MJz6tNz5ojWEK2CHI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/a5d286-8670-47e4-97b4-24cf8a61d7e8/1/Uj5ULHb6pyjQ0Dae7foiE-ljxJs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/a5d286-8670-47e4-97b4-24cf8a61d7e8/1/iij_MQ2n34MJz6tNz5ojWEK2CHI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:b700:1002::/48

    Signature Algorithm: sha256WithRSAEncryption
         7d:ec:82:45:e5:82:32:d4:57:6a:9a:ff:bf:e3:e0:ea:23:0f:
         32:68:f2:68:31:01:e3:ba:25:95:0f:ba:a9:18:25:01:cc:fc:
         33:dc:bf:08:4e:ab:87:40:d5:26:bb:2f:c4:05:1e:ad:09:f2:
         ec:21:ca:d9:99:43:de:71:19:3e:d1:b7:cf:07:4e:55:61:4f:
         06:a2:5c:71:75:53:4f:67:eb:0f:b7:85:8c:02:e0:6b:35:36:
         5e:77:33:49:cf:69:6d:d7:ec:7b:7b:cc:2c:42:f6:4f:8f:4f:
         c1:99:ec:3a:b8:cc:ca:2f:cd:a0:02:94:30:dc:35:19:48:ed:
         53:3a:df:3e:6f:88:7d:c4:18:80:8f:c9:23:0d:cd:aa:b1:b7:
         91:a9:17:43:3a:c4:06:f2:ab:b2:8e:73:3b:49:7b:93:c5:ba:
         17:c9:ea:56:f9:f2:ad:d1:3e:60:27:c6:24:3a:77:21:bf:58:
         5f:d8:cd:55:68:c8:f7:18:37:82:28:e1:57:1b:a8:2b:4b:b3:
         c6:0a:2d:8d:a1:6f:fe:17:1f:25:48:29:02:45:ba:7c:06:43:
         63:59:97:75:91:e5:b6:08:6b:4a:b2:f5:e1:28:38:17:ac:47:
         b0:fa:38:e2:83:d1:f2:ff:f3:40:81:4b:bb:cc:84:32:09:7f:
         98:a1:91:73
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt/FHPSibS+lWlRZ//uvRvmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMjhmZjMxMGRhN2RmODMwOWNmYWI0ZGNmOWEyMzU4NDJi
NjA4NzIwHhcNMjYwMTAyMTQyMDA1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjNlNTQyYzc2ZmFhNzI4ZDBkMDM2OWVlZGZhMjIxM2U5NjNjNDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw/8Je9FeGBbw3jekOzcHBQkyD3hC
/ARj2OZfD1pJo3Zmzi+AimIsYjEVJawCRyYyQc5R4oEG8PeJHPjTP6V29+zNIJUs
ii7v5LKSfWYxgs8lZ7QBUeP9EvnOAa4kXwTan9OTDI/GkPkhqal8eIQtcwkhZGL2
nZkaAEXctfbGInZnu4Nu/f9aoBBQo5VLTUBswQuw8tYOfEyaGxfdk8/Ywiuejrrt
R/YffomggKhFzaGmev75/5BqvqJ+y2XL7RihvMWSpvgI/iR1oowjrfV4ovOg8eYd
D3rzZWRpc4bQcjfwiBw7q6ZET32kGjOqzsbpVa3frYHU9+XVTAj2bXOZgwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFI+VCx2+qco0NA2nu36IhPpY8SbMB8GA1UdIwQY
MBaAFIoo/zENp9+DCc+rTc+aI1hCtghyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWlqX01RMm4zNE1KejZ0Tno1b2pXRUsyQ0hJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9hNWQyODYtODY3MC00N2U0LTk3YjQt
MjRjZjhhNjFkN2U4LzEvVWo1VUxIYjZweWpRMERhZTdmb2lFLWxqeEpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9hNWQyODYtODY3MC00N2U0LTk3YjQtMjRjZjhhNjFkN2U4
LzEvaWlqX01RMm4zNE1KejZ0Tno1b2pXRUsyQ0hJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKga3ABAC
MA0GCSqGSIb3DQEBCwUAA4IBAQB97IJF5YIy1Fdqmv+/4+DqIw8yaPJoMQHjuiWV
D7qpGCUBzPwz3L8ITquHQNUmuy/EBR6tCfLsIcrZmUPecRk+0bfPB05VYU8Golxx
dVNPZ+sPt4WMAuBrNTZedzNJz2lt1+x7e8wsQvZPj0/Bmew6uMzKL82gApQw3DUZ
SO1TOt8+b4h9xBiAj8kjDc2qsbeRqRdDOsQG8quyjnM7SXuTxboXyepW+fKt0T5g
J8YkOnchv1hf2M1VaMj3GDeCKOFXG6grS7PGCi2NoW/+Fx8lSCkCRbp8BkNjWZd1
keW2CGtKsvXhKDgXrEew+jjig9Hy//NAgUu7zIQyCX+YoZFz
-----END CERTIFICATE-----