Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/aA43AKXBpPD55MMmVxyuP1Yik7E.roa
File:                     aA43AKXBpPD55MMmVxyuP1Yik7E.roa (raw, json)
Hash identifier:          nvzzETpW/lgxqCkNAQfHMFLgb7SKQ1XmYXM7pM5Epno=
Subject key identifier:   68:0E:37:00:A5:C1:A4:F0:F9:E4:C3:26:57:1C:AE:3F:56:22:93:B1
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       019DD45D2E8E519251530208374A1814485D
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/aA43AKXBpPD55MMmVxyuP1Yik7E.roa
Signing time:             Tue 28 Apr 2026 13:52:49 +0000
ROA not before:           Tue 28 Apr 2026 13:52:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213729
IP address blocks:        2a0e:aa07:e260::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d4:5d:2e:8e:51:92:51:53:02:08:37:4a:18:14:48:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Apr 28 13:52:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=680e3700a5c1a4f0f9e4c326571cae3f562293b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:f6:82:4e:63:8f:94:a5:99:4d:ec:c5:c0:ff:
                    7d:28:76:30:bf:43:49:c7:7f:37:57:1d:5f:77:07:
                    b6:9d:c3:74:89:42:54:44:cc:1e:8f:8b:63:53:0b:
                    b8:f2:a9:1f:98:bf:e8:4f:5a:25:ac:6e:15:fe:36:
                    a5:50:eb:b7:b3:1c:e9:af:e0:9f:51:21:60:ea:c2:
                    f8:5d:34:ec:a9:f3:8f:1f:e0:29:bf:bb:97:5c:bd:
                    d3:f1:c0:00:3d:bb:5c:be:e9:65:ca:09:31:27:54:
                    01:e0:31:6e:d4:2c:a6:00:7c:07:97:a6:c3:22:e9:
                    4a:fa:49:9f:b1:e4:7b:5d:ab:ae:94:a3:97:e1:c7:
                    6e:23:06:ad:8b:80:5b:4c:cc:78:7c:23:0f:a8:02:
                    f8:f5:cf:0f:6e:69:7a:02:d0:10:99:1c:d2:43:c3:
                    d9:b8:96:03:bc:1e:e1:2c:61:ee:96:00:79:ce:95:
                    22:58:a0:27:fa:10:69:f0:54:b1:db:5b:f9:24:4f:
                    22:9a:34:76:09:83:dc:de:6d:44:91:81:93:fb:97:
                    14:56:0c:a6:b6:fb:3a:a3:9d:12:b1:02:27:ce:48:
                    15:81:f5:53:8a:e9:c8:dd:76:1c:a0:90:36:ba:d3:
                    d5:db:01:71:d7:1b:ce:1f:9d:36:33:47:ad:79:5f:
                    ca:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:0E:37:00:A5:C1:A4:F0:F9:E4:C3:26:57:1C:AE:3F:56:22:93:B1
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/aA43AKXBpPD55MMmVxyuP1Yik7E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e260::/44

    Signature Algorithm: sha256WithRSAEncryption
         c0:f3:56:2e:3d:3a:5a:0a:bb:b1:0b:39:7f:67:30:05:b2:08:
         3e:9d:3e:af:35:28:5e:9e:81:90:bd:ad:03:96:35:95:e5:0e:
         84:3a:93:35:1b:8b:b5:c2:a8:8b:13:86:bc:b2:f6:b2:77:93:
         13:cb:3d:2e:7e:e5:4e:47:19:f9:ba:50:f6:09:a4:10:0e:6f:
         ba:fd:ef:8c:54:32:3a:0a:a5:e4:40:04:b7:20:0f:e4:a5:18:
         eb:ac:d6:8a:a3:d3:82:b8:25:c6:88:94:00:b5:b0:aa:55:13:
         35:e4:1d:b9:df:2c:9c:bd:50:0d:d6:af:e5:e6:e2:98:10:ba:
         e6:d4:74:86:39:49:7d:9b:91:23:59:8d:04:a2:b9:1d:b9:b6:
         07:97:61:c7:4a:1e:6b:6c:d2:96:26:ec:55:c6:b8:c1:a4:4d:
         3d:54:eb:a8:77:54:4e:99:a7:a8:ed:f3:e7:fd:3a:84:b3:39:
         70:6d:ed:5c:8b:51:82:a1:ce:89:14:5f:6a:f9:e1:15:99:a6:
         d9:18:40:55:4e:c2:ab:12:d3:e6:5c:1f:f9:1d:1b:37:1d:e9:
         a8:0b:5c:fa:82:b1:d0:8c:ab:5b:1f:6a:30:5a:0d:99:87:01:
         5c:e8:59:d4:eb:6a:60:05:3f:30:5a:7d:42:ed:3a:54:b1:39:
         07:ad:03:75
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ3UXS6OUZJRUwIIN0oYFEhdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjYwNDI4MTM1MjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODBlMzcwMGE1YzFhNGYwZjllNGMzMjY1NzFjYWUzZjU2MjI5M2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1vaCTmOPlKWZTezFwP99KHYwv0NJ
x383Vx1fdwe2ncN0iUJURMwej4tjUwu48qkfmL/oT1olrG4V/jalUOu3sxzpr+Cf
USFg6sL4XTTsqfOPH+Apv7uXXL3T8cAAPbtcvullygkxJ1QB4DFu1CymAHwHl6bD
IulK+kmfseR7XauulKOX4cduIwati4BbTMx4fCMPqAL49c8Pbml6AtAQmRzSQ8PZ
uJYDvB7hLGHulgB5zpUiWKAn+hBp8FSx21v5JE8imjR2CYPc3m1EkYGT+5cUVgym
tvs6o50SsQInzkgVgfVTiunI3XYcoJA2utPV2wFx1xvOH502M0eteV/KmQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGgONwClwaTw+eTDJlccrj9WIpOxMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvYUE0M0FLWEJwUEQ1NU1NbVZ4eXVQMVlpazdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB+Jg
MA0GCSqGSIb3DQEBCwUAA4IBAQDA81YuPTpaCruxCzl/ZzAFsgg+nT6vNShenoGQ
va0DljWV5Q6EOpM1G4u1wqiLE4a8svayd5MTyz0ufuVORxn5ulD2CaQQDm+6/e+M
VDI6CqXkQAS3IA/kpRjrrNaKo9OCuCXGiJQAtbCqVRM15B253yycvVAN1q/l5uKY
ELrm1HSGOUl9m5EjWY0EorkdubYHl2HHSh5rbNKWJuxVxrjBpE09VOuod1ROmaeo
7fPn/TqEszlwbe1ci1GCoc6JFF9q+eEVmabZGEBVTsKrEtPmXB/5HRs3HemoC1z6
grHQjKtbH2owWg2ZhwFc6FnU62pgBT8wWn1C7TpUsTkHrQN1
-----END CERTIFICATE-----