Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/1vK1T7KdFH0hBpOuHuKe8W_luZE.roa
File:                     1vK1T7KdFH0hBpOuHuKe8W_luZE.roa (raw, json)
Hash identifier:          qhZOYXpVTc+RHC0IfCFs2RzEIVYZAgoD6YvTFLHwFmE=
Subject key identifier:   D6:F2:B5:4F:B2:9D:14:7D:21:06:93:AE:1E:E2:9E:F1:6F:E5:B9:91
Certificate issuer:       /CN=f00bdcc444173f5994de34a3bf63f3ad9764c6d1
Certificate serial:       019DFD798E52C694228A19E14A76DD7DAD66
Authority key identifier: F0:0B:DC:C4:44:17:3F:59:94:DE:34:A3:BF:63:F3:AD:97:64:C6:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8AvcxEQXP1mU3jSjv2PzrZdkxtE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/1vK1T7KdFH0hBpOuHuKe8W_luZE.roa
Signing time:             Wed 06 May 2026 13:28:15 +0000
ROA not before:           Wed 06 May 2026 13:28:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214745
IP address blocks:        2a10:ab80:3e5::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/8AvcxEQXP1mU3jSjv2PzrZdkxtE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/8AvcxEQXP1mU3jSjv2PzrZdkxtE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8AvcxEQXP1mU3jSjv2PzrZdkxtE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fd:79:8e:52:c6:94:22:8a:19:e1:4a:76:dd:7d:ad:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f00bdcc444173f5994de34a3bf63f3ad9764c6d1
        Validity
            Not Before: May  6 13:28:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d6f2b54fb29d147d210693ae1ee29ef16fe5b991
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:54:ee:ff:5c:f2:66:83:58:9f:4a:41:ce:0a:
                    57:18:58:f0:e8:9c:33:ba:b6:aa:af:8e:35:c3:8c:
                    31:43:ae:0f:3d:ec:c7:e5:b8:29:fc:e5:a0:7f:73:
                    73:12:71:84:91:95:22:40:de:cc:7c:f7:48:a2:c7:
                    95:5b:89:05:c2:75:f3:11:41:6c:d6:ef:2f:68:d4:
                    35:ce:71:c4:a3:18:b8:1d:7c:2c:fc:55:ad:b9:3a:
                    c9:37:3f:f2:91:45:05:08:03:7a:32:79:86:a1:17:
                    e8:65:10:a7:d7:9f:9c:21:39:ca:d6:66:e8:9c:d2:
                    53:78:d5:39:aa:69:20:42:89:76:05:78:47:f0:69:
                    c1:80:8b:9e:51:34:32:c8:7e:1c:2b:4c:3f:86:70:
                    15:59:49:b9:69:05:fa:f9:dd:6f:bc:71:c3:58:d5:
                    0b:b4:58:90:95:86:c8:df:c6:44:8b:b0:8f:36:3d:
                    3b:ef:43:94:2b:9e:34:e3:78:27:9f:1c:8a:ca:89:
                    55:a8:27:fc:8b:28:f7:b6:94:d0:e8:98:41:ff:37:
                    d8:c4:6c:ae:b1:49:2f:76:b9:96:35:5d:d4:79:c3:
                    75:90:db:d2:e6:5f:a9:4d:ff:5f:03:4e:1c:4f:96:
                    6e:7f:40:1f:d3:ae:e8:fb:09:f2:73:61:53:cb:96:
                    53:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:F2:B5:4F:B2:9D:14:7D:21:06:93:AE:1E:E2:9E:F1:6F:E5:B9:91
            X509v3 Authority Key Identifier:
                keyid:F0:0B:DC:C4:44:17:3F:59:94:DE:34:A3:BF:63:F3:AD:97:64:C6:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8AvcxEQXP1mU3jSjv2PzrZdkxtE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/1vK1T7KdFH0hBpOuHuKe8W_luZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/8AvcxEQXP1mU3jSjv2PzrZdkxtE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ab80:3e5::/48

    Signature Algorithm: sha256WithRSAEncryption
         68:d5:d3:67:c3:cf:f0:4d:ad:d6:08:81:11:bd:b0:6c:06:c5:
         2a:78:57:6c:4f:20:23:c0:9a:e9:09:9d:3e:7d:cb:fc:95:91:
         8b:2e:9d:82:5d:71:c4:ef:81:b0:d7:1e:c8:12:bc:ec:a5:fe:
         18:6b:07:95:8c:0b:c0:ee:44:15:9f:5e:48:69:30:6b:66:43:
         a7:9f:77:f4:ed:a3:75:a7:86:d4:b8:1b:5d:0a:17:27:cc:c5:
         f3:40:19:35:e8:7b:1b:e1:a4:3c:0a:f1:dd:ed:d5:ed:03:73:
         da:78:3a:6e:b4:89:78:b4:88:9e:28:a9:cb:fe:98:67:e4:0f:
         8a:f2:08:80:24:e7:2d:2d:d3:44:24:95:d3:03:9e:2e:d6:ef:
         c5:0c:97:be:22:12:49:8e:75:68:44:18:0e:5f:3e:18:21:67:
         d3:63:14:fb:ce:5c:a7:e0:f3:92:05:62:0a:66:1e:7b:36:83:
         ae:7d:87:c4:6d:c5:27:8b:ef:60:ee:fb:43:06:ef:8d:8b:fe:
         e8:78:c6:9a:b9:d8:ee:91:ec:48:64:13:a8:96:c1:c1:eb:86:
         90:de:aa:5e:0f:a9:fc:da:5b:2b:70:70:12:ec:85:66:eb:99:
         56:b9:78:4c:0c:6f:5b:7c:c3:69:72:55:55:e2:22:d5:2d:0e:
         ac:94:9a:dd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ39eY5SxpQiihnhSnbdfa1mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMGJkY2M0NDQxNzNmNTk5NGRlMzRhM2JmNjNmM2FkOTc2
NGM2ZDEwHhcNMjYwNTA2MTMyODE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmYyYjU0ZmIyOWQxNDdkMjEwNjkzYWUxZWUyOWVmMTZmZTViOTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA11Tu/1zyZoNYn0pBzgpXGFjw6Jwz
uraqr441w4wxQ64PPezH5bgp/OWgf3NzEnGEkZUiQN7MfPdIoseVW4kFwnXzEUFs
1u8vaNQ1znHEoxi4HXws/FWtuTrJNz/ykUUFCAN6MnmGoRfoZRCn15+cITnK1mbo
nNJTeNU5qmkgQol2BXhH8GnBgIueUTQyyH4cK0w/hnAVWUm5aQX6+d1vvHHDWNUL
tFiQlYbI38ZEi7CPNj0770OUK54043gnnxyKyolVqCf8iyj3tpTQ6JhB/zfYxGyu
sUkvdrmWNV3UecN1kNvS5l+pTf9fA04cT5Zuf0Af067o+wnyc2FTy5ZT3QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNbytU+ynRR9IQaTrh7invFv5bmRMB8GA1UdIwQY
MBaAFPAL3MREFz9ZlN40o79j862XZMbRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEF2Y3hFUVhQMW1VM2pTanYyUHpyWmRreHRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9kNjJkZTEtMTE3My00ODhkLWFmMTYt
Y2ZhNWE0Yjg5ODZiLzEvMXZLMVQ3S2RGSDBoQnBPdUh1S2U4V19sdVpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9kNjJkZTEtMTE3My00ODhkLWFmMTYtY2ZhNWE0Yjg5ODZi
LzEvOEF2Y3hFUVhQMW1VM2pTanYyUHpyWmRreHRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhCrgAPl
MA0GCSqGSIb3DQEBCwUAA4IBAQBo1dNnw8/wTa3WCIERvbBsBsUqeFdsTyAjwJrp
CZ0+fcv8lZGLLp2CXXHE74Gw1x7IErzspf4YaweVjAvA7kQVn15IaTBrZkOnn3f0
7aN1p4bUuBtdChcnzMXzQBk16Hsb4aQ8CvHd7dXtA3PaeDputIl4tIieKKnL/phn
5A+K8giAJOctLdNEJJXTA54u1u/FDJe+IhJJjnVoRBgOXz4YIWfTYxT7zlyn4POS
BWIKZh57NoOufYfEbcUni+9g7vtDBu+Ni/7oeMaaudjukexIZBOolsHB64aQ3qpe
D6n82lsrcHAS7IVm65lWuXhMDG9bfMNpclVV4iLVLQ6slJrd
-----END CERTIFICATE-----