Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/OFaA77SszVV-d2NGX7JVspMxIXM.roa
File:                     OFaA77SszVV-d2NGX7JVspMxIXM.roa (raw, json)
Hash identifier:          vL71zbB0A0POMJvqwWZhEted5FvylizhjYnntMevbp4=
Subject key identifier:   38:56:80:EF:B4:AC:CD:55:7E:77:63:46:5F:B2:55:B2:93:31:21:73
Certificate issuer:       /CN=f00bdcc444173f5994de34a3bf63f3ad9764c6d1
Certificate serial:       019DFDC4238E8B0D3574E5D02B4DC637757A
Authority key identifier: F0:0B:DC:C4:44:17:3F:59:94:DE:34:A3:BF:63:F3:AD:97:64:C6:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8AvcxEQXP1mU3jSjv2PzrZdkxtE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/OFaA77SszVV-d2NGX7JVspMxIXM.roa
Signing time:             Wed 06 May 2026 14:49:42 +0000
ROA not before:           Wed 06 May 2026 14:49:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212112
IP address blocks:        2a10:ab80:3e3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/8AvcxEQXP1mU3jSjv2PzrZdkxtE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/8AvcxEQXP1mU3jSjv2PzrZdkxtE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8AvcxEQXP1mU3jSjv2PzrZdkxtE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fd:c4:23:8e:8b:0d:35:74:e5:d0:2b:4d:c6:37:75:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f00bdcc444173f5994de34a3bf63f3ad9764c6d1
        Validity
            Not Before: May  6 14:49:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=385680efb4accd557e7763465fb255b293312173
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:8b:5c:e5:bc:23:5e:7f:7a:05:8c:b5:97:2d:
                    f3:7e:ed:31:d2:95:f0:29:ba:9b:26:36:d2:13:dc:
                    cc:71:3b:fc:27:e6:7b:94:de:7b:8e:0b:dd:5c:7e:
                    03:6c:dd:1b:41:07:c1:69:35:49:f6:27:55:6b:86:
                    99:b4:2d:be:3a:50:1c:13:c1:fa:be:2c:cd:fa:3b:
                    39:b5:5e:1d:76:89:1a:c4:40:01:37:a6:9b:d6:77:
                    f1:18:38:71:32:ee:f6:e6:99:46:50:4f:d0:d4:5e:
                    7a:41:d0:b4:b1:46:b0:49:0c:0a:da:e4:54:78:ee:
                    2d:f2:18:3e:5d:82:89:4b:61:fc:e0:97:39:6e:fb:
                    93:4a:a3:c9:c8:f3:b8:ce:76:12:b5:48:62:c5:d1:
                    e4:c1:3f:96:50:51:f9:59:2c:81:0d:49:57:13:74:
                    03:ea:6d:fc:ad:3a:34:78:54:09:0c:a7:10:84:b8:
                    97:6f:78:a0:80:ed:82:31:3c:79:1d:66:6b:ec:05:
                    95:0a:e8:0e:87:d1:e2:1c:00:d0:9c:3e:29:75:ad:
                    1b:0e:7e:85:f1:aa:61:cb:38:16:97:df:91:19:b9:
                    55:93:17:2e:cd:1b:1c:9e:33:fc:ae:52:3c:5a:b8:
                    c4:92:fa:16:6f:3d:6c:ec:47:66:f9:11:78:59:d1:
                    0c:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:56:80:EF:B4:AC:CD:55:7E:77:63:46:5F:B2:55:B2:93:31:21:73
            X509v3 Authority Key Identifier:
                keyid:F0:0B:DC:C4:44:17:3F:59:94:DE:34:A3:BF:63:F3:AD:97:64:C6:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8AvcxEQXP1mU3jSjv2PzrZdkxtE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/OFaA77SszVV-d2NGX7JVspMxIXM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/8AvcxEQXP1mU3jSjv2PzrZdkxtE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ab80:3e3::/48

    Signature Algorithm: sha256WithRSAEncryption
         16:b6:49:91:34:1d:f0:cc:59:cd:1f:7a:25:36:a6:31:1c:54:
         cf:0b:91:e0:0a:3d:81:d2:91:f9:d5:3a:01:14:3b:a9:12:c9:
         0b:36:bc:b2:ae:ed:89:1e:55:51:07:5a:19:78:29:d9:ee:99:
         cc:fd:53:b2:06:cb:db:c2:bb:67:4d:8b:10:82:cf:ec:c5:7e:
         64:22:01:80:8f:f7:f1:ce:3e:b6:8c:1c:93:83:1e:5e:68:a0:
         01:01:6e:9d:68:9d:63:5d:d5:e3:8b:c5:9d:a1:a8:9e:b9:b6:
         a2:1c:f8:8b:fc:76:ec:db:d4:c1:61:0a:51:a8:f2:c9:fd:6e:
         08:b5:75:69:80:8b:33:6c:7a:74:f3:6d:22:d0:9d:06:20:d1:
         f8:95:6d:a6:5b:8c:d9:7a:d1:ac:36:0c:7b:a0:2d:39:aa:c1:
         95:f0:82:a3:16:16:b0:05:00:ea:ec:36:b0:87:7d:5b:7d:55:
         87:fc:b4:22:27:5e:0a:dc:5e:8d:7b:ed:8f:c5:5a:23:7e:97:
         6f:d7:13:50:d4:62:89:5b:1b:7e:5d:b4:0c:7b:65:a1:ae:f3:
         19:12:ec:be:e3:93:1a:b0:a1:3d:a5:aa:dd:68:ae:a6:5c:bd:
         81:46:44:2a:53:4a:6a:81:68:83:44:7d:d4:85:42:e5:62:81:
         91:a3:2f:fb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ39xCOOiw01dOXQK03GN3V6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMGJkY2M0NDQxNzNmNTk5NGRlMzRhM2JmNjNmM2FkOTc2
NGM2ZDEwHhcNMjYwNTA2MTQ0OTQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODU2ODBlZmI0YWNjZDU1N2U3NzYzNDY1ZmIyNTViMjkzMzEyMTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuotc5bwjXn96BYy1ly3zfu0x0pXw
KbqbJjbSE9zMcTv8J+Z7lN57jgvdXH4DbN0bQQfBaTVJ9idVa4aZtC2+OlAcE8H6
vizN+js5tV4ddokaxEABN6ab1nfxGDhxMu725plGUE/Q1F56QdC0sUawSQwK2uRU
eO4t8hg+XYKJS2H84Jc5bvuTSqPJyPO4znYStUhixdHkwT+WUFH5WSyBDUlXE3QD
6m38rTo0eFQJDKcQhLiXb3iggO2CMTx5HWZr7AWVCugOh9HiHADQnD4pda0bDn6F
8aphyzgWl9+RGblVkxcuzRscnjP8rlI8WrjEkvoWbz1s7Edm+RF4WdEMhwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDhWgO+0rM1VfndjRl+yVbKTMSFzMB8GA1UdIwQY
MBaAFPAL3MREFz9ZlN40o79j862XZMbRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEF2Y3hFUVhQMW1VM2pTanYyUHpyWmRreHRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9kNjJkZTEtMTE3My00ODhkLWFmMTYt
Y2ZhNWE0Yjg5ODZiLzEvT0ZhQTc3U3N6VlYtZDJOR1g3SlZzcE14SVhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9kNjJkZTEtMTE3My00ODhkLWFmMTYtY2ZhNWE0Yjg5ODZi
LzEvOEF2Y3hFUVhQMW1VM2pTanYyUHpyWmRreHRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhCrgAPj
MA0GCSqGSIb3DQEBCwUAA4IBAQAWtkmRNB3wzFnNH3olNqYxHFTPC5HgCj2B0pH5
1ToBFDupEskLNryyru2JHlVRB1oZeCnZ7pnM/VOyBsvbwrtnTYsQgs/sxX5kIgGA
j/fxzj62jByTgx5eaKABAW6daJ1jXdXji8WdoaieubaiHPiL/Hbs29TBYQpRqPLJ
/W4ItXVpgIszbHp0820i0J0GINH4lW2mW4zZetGsNgx7oC05qsGV8IKjFhawBQDq
7Dawh31bfVWH/LQiJ14K3F6Ne+2PxVojfpdv1xNQ1GKJWxt+XbQMe2WhrvMZEuy+
45MasKE9pardaK6mXL2BRkQqU0pqgWiDRH3UhULlYoGRoy/7
-----END CERTIFICATE-----