Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/K9X7YvhT0dRGJQlJCyJci9GYnf4.roa
File:                     K9X7YvhT0dRGJQlJCyJci9GYnf4.roa (raw, json)
Hash identifier:          5cJq68tTzImKyszSV4nZ/PS3tI8ZSP0+QNO2XzbQrOM=
Subject key identifier:   2B:D5:FB:62:F8:53:D1:D4:46:25:09:49:0B:22:5C:8B:D1:98:9D:FE
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       019DF764C41B02C3C3F9628E2BF8D056594C
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/K9X7YvhT0dRGJQlJCyJci9GYnf4.roa
Signing time:             Tue 05 May 2026 09:07:49 +0000
ROA not before:           Tue 05 May 2026 09:07:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63023
IP address blocks:        2001:3080::/29 maxlen: 29
                          2a14:6bc0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f7:64:c4:1b:02:c3:c3:f9:62:8e:2b:f8:d0:56:59:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: May  5 09:07:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2bd5fb62f853d1d4462509490b225c8bd1989dfe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:dc:81:17:5b:92:41:26:1b:3b:f9:98:3f:0b:
                    a4:8e:54:b6:58:97:1d:d0:7b:eb:b2:d9:36:a4:10:
                    74:00:0a:fc:01:bf:5e:93:ab:1a:df:4e:de:ac:15:
                    da:20:06:d9:69:6a:63:26:a4:40:e8:37:38:38:fb:
                    8e:69:eb:0c:01:9d:cb:14:29:3c:ed:2d:ed:78:a8:
                    71:ec:75:f1:33:3f:cd:f4:66:9e:9b:93:ee:5c:cf:
                    8f:e1:63:5f:8a:6a:73:f8:d3:88:84:64:c8:2f:dd:
                    4c:5b:b7:22:23:1c:63:2a:fb:f1:0b:6c:c1:35:7c:
                    d3:0b:fa:a4:e8:1a:c6:4d:42:f1:70:b4:32:32:66:
                    b3:33:50:85:d2:06:6d:7b:79:41:b8:d4:31:0c:7e:
                    26:10:95:0c:db:fc:11:e6:61:b4:2e:1e:54:1d:29:
                    ab:df:6c:83:54:ae:7a:b3:30:10:e7:0d:d9:49:69:
                    ae:94:9a:bf:8e:81:73:bf:bf:4a:8b:2e:52:a3:bd:
                    d7:4f:4d:b7:a6:be:8c:65:22:d3:fe:ec:f2:a7:df:
                    8f:f0:17:04:6b:24:53:f9:4d:9f:e7:fe:f9:ff:6d:
                    b5:3a:55:7d:1c:c8:fc:c4:14:b6:9a:ea:ef:af:fc:
                    ef:37:19:8d:90:cd:ab:20:6e:26:26:12:13:7f:34:
                    5d:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:D5:FB:62:F8:53:D1:D4:46:25:09:49:0B:22:5C:8B:D1:98:9D:FE
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/K9X7YvhT0dRGJQlJCyJci9GYnf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3080::/29
                  2a14:6bc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         40:d7:ab:73:21:32:d5:3f:c2:a4:2a:b2:e7:80:9f:ca:8a:a9:
         9b:68:eb:d2:ce:d7:0c:21:c0:ac:43:49:2d:96:9a:ac:4a:7b:
         09:51:a5:69:95:45:0d:79:52:70:6c:cd:25:fb:b9:22:8f:81:
         3c:8b:99:29:6a:6f:86:37:ea:82:e6:06:7e:27:45:3d:cc:a1:
         a0:1e:67:0a:8e:94:6a:fa:f9:c7:c3:4f:b3:55:31:9e:ec:37:
         9d:67:48:61:eb:38:dc:44:a8:4c:53:b5:3e:b5:0b:58:24:8a:
         45:16:4c:91:c8:b2:5b:f8:9d:0e:9d:d1:01:76:fc:d5:d4:57:
         ec:3b:e8:fc:1a:d1:da:fb:d5:cb:2a:a8:6c:05:45:cf:81:84:
         e7:2f:7f:68:59:c6:8e:13:d7:45:da:33:9f:80:45:28:a9:49:
         da:d0:6b:d7:45:8e:1f:c2:49:e8:4b:4c:75:66:27:6f:a6:18:
         07:37:2c:65:8e:5e:75:92:8b:32:da:23:b2:b1:07:e3:1b:a6:
         fb:04:0e:bc:b7:03:ac:01:c5:a1:21:5e:33:70:95:19:97:26:
         ff:e5:b2:c7:88:0a:a7:f9:db:9c:8f:89:70:b9:13:db:44:8d:
         f2:95:ec:ca:d6:5f:fd:41:ad:bd:b3:ad:1c:f4:df:f0:09:3b:
         a0:6d:b4:3b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ33ZMQbAsPD+WKOK/jQVllMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjYwNTA1MDkwNzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmQ1ZmI2MmY4NTNkMWQ0NDYyNTA5NDkwYjIyNWM4YmQxOTg5ZGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNyBF1uSQSYbO/mYPwukjlS2WJcd
0Hvrstk2pBB0AAr8Ab9ek6sa307erBXaIAbZaWpjJqRA6Dc4OPuOaesMAZ3LFCk8
7S3teKhx7HXxMz/N9Gaem5PuXM+P4WNfimpz+NOIhGTIL91MW7ciIxxjKvvxC2zB
NXzTC/qk6BrGTULxcLQyMmazM1CF0gZte3lBuNQxDH4mEJUM2/wR5mG0Lh5UHSmr
32yDVK56szAQ5w3ZSWmulJq/joFzv79Kiy5So73XT023pr6MZSLT/uzyp9+P8BcE
ayRT+U2f5/75/221OlV9HMj8xBS2murvr/zvNxmNkM2rIG4mJhITfzRd8QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFCvV+2L4U9HURiUJSQsiXIvRmJ3+MB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvSzlYN1l2aFQwZFJHSlFsSkN5SmNpOUdZbmY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDIAEwgAMF
ACoUa8AwDQYJKoZIhvcNAQELBQADggEBAEDXq3MhMtU/wqQqsueAn8qKqZto69LO
1wwhwKxDSS2WmqxKewlRpWmVRQ15UnBszSX7uSKPgTyLmSlqb4Y36oLmBn4nRT3M
oaAeZwqOlGr6+cfDT7NVMZ7sN51nSGHrONxEqExTtT61C1gkikUWTJHIslv4nQ6d
0QF2/NXUV+w76Pwa0dr71csqqGwFRc+BhOcvf2hZxo4T10XaM5+ARSipSdrQa9dF
jh/CSehLTHVmJ2+mGAc3LGWOXnWSizLaI7KxB+MbpvsEDry3A6wBxaEhXjNwlRmX
Jv/lsseICqf525yPiXC5E9tEjfKV7MrWX/1Brb2zrRz03/AJO6BttDs=
-----END CERTIFICATE-----