Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/8506a1-91dd-4cfc-8c04-6cdf0de52746/1/oFrBB64mrX649uaK4rvI8kR7aZU.roa
File:                     oFrBB64mrX649uaK4rvI8kR7aZU.roa (raw, json)
Hash identifier:          ejz8Vak46ngAPvLcHTFm+CiYIQMattJnW9akrGm27X0=
Subject key identifier:   A0:5A:C1:07:AE:26:AD:7E:B8:F6:E6:8A:E2:BB:C8:F2:44:7B:69:95
Certificate issuer:       /CN=b6c2a31d60ed25611997e7b7de4a9b6f2606ed34
Certificate serial:       019B76EAB68BCC82CF32B220D745C465E91E
Authority key identifier: B6:C2:A3:1D:60:ED:25:61:19:97:E7:B7:DE:4A:9B:6F:26:06:ED:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tsKjHWDtJWEZl-e33kqbbyYG7TQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/8506a1-91dd-4cfc-8c04-6cdf0de52746/1/oFrBB64mrX649uaK4rvI8kR7aZU.roa
Signing time:             Thu 01 Jan 2026 00:17:32 +0000
ROA not before:           Thu 01 Jan 2026 00:17:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57506
IP address blocks:        2a00:c540::/36 maxlen: 36
                          2a00:c540:2000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/8506a1-91dd-4cfc-8c04-6cdf0de52746/1/tsKjHWDtJWEZl-e33kqbbyYG7TQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/8506a1-91dd-4cfc-8c04-6cdf0de52746/1/tsKjHWDtJWEZl-e33kqbbyYG7TQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tsKjHWDtJWEZl-e33kqbbyYG7TQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:b6:8b:cc:82:cf:32:b2:20:d7:45:c4:65:e9:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b6c2a31d60ed25611997e7b7de4a9b6f2606ed34
        Validity
            Not Before: Jan  1 00:17:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a05ac107ae26ad7eb8f6e68ae2bbc8f2447b6995
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:c9:65:1a:cf:72:4c:e8:14:09:8b:2b:c1:f9:
                    7a:f0:73:6b:b0:b7:31:37:32:7a:b3:6a:d8:38:b0:
                    fd:7a:df:3d:a4:a2:62:72:dd:dd:87:f4:c3:a7:ae:
                    19:f5:0a:97:28:d1:d7:d7:da:0c:f3:b6:5a:d6:af:
                    d6:91:da:00:da:c9:4a:f8:4c:db:ff:51:4b:2a:01:
                    2c:81:1f:67:1c:7e:e2:2e:59:56:d9:ea:65:5c:61:
                    a2:b0:6e:65:6f:0d:6c:4f:51:c8:bf:ea:56:36:26:
                    c3:c5:e4:8a:32:56:fa:a3:03:44:6c:96:97:c1:b2:
                    27:d5:47:77:b9:98:4f:a7:ad:d1:85:99:8c:bc:2d:
                    0e:7a:41:f0:f0:f0:83:05:ce:ec:7d:64:34:66:1e:
                    d8:2e:d7:48:81:e5:c3:3a:e1:c2:f2:22:c6:1c:4a:
                    83:c8:7b:5b:e7:f6:09:9a:e6:c7:dd:1f:2f:be:29:
                    42:97:05:82:ea:33:eb:78:fd:23:40:d8:d5:aa:c0:
                    ea:b6:7d:7d:77:97:a9:2a:ad:89:36:2a:ba:ee:45:
                    cc:cf:f3:39:d0:64:c7:8a:82:26:e7:7f:7f:86:54:
                    3f:3b:a7:e4:3e:67:06:0d:ed:03:d4:09:b2:be:3b:
                    d8:66:27:ad:55:ce:bd:44:d1:37:27:72:82:f0:0d:
                    c9:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:5A:C1:07:AE:26:AD:7E:B8:F6:E6:8A:E2:BB:C8:F2:44:7B:69:95
            X509v3 Authority Key Identifier:
                keyid:B6:C2:A3:1D:60:ED:25:61:19:97:E7:B7:DE:4A:9B:6F:26:06:ED:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tsKjHWDtJWEZl-e33kqbbyYG7TQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/8506a1-91dd-4cfc-8c04-6cdf0de52746/1/oFrBB64mrX649uaK4rvI8kR7aZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/8506a1-91dd-4cfc-8c04-6cdf0de52746/1/tsKjHWDtJWEZl-e33kqbbyYG7TQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:c540::/36
                  2a00:c540:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         8c:86:ff:f2:29:8e:53:74:f0:4b:3a:74:35:cd:00:22:19:79:
         01:f4:a5:59:b4:7e:bf:61:7c:af:d9:78:a2:32:2f:c2:05:61:
         7d:e9:c3:9a:d0:ba:f2:90:5c:0e:01:ba:8f:fd:c8:df:0a:02:
         01:89:a8:60:09:5f:43:c8:c0:74:19:8c:ae:fe:4d:ca:c7:29:
         ab:ca:e8:bf:a4:1c:f9:23:0c:65:5d:74:c1:e6:5a:d5:b1:f8:
         a9:e1:d7:df:92:ff:d6:8a:a1:9d:5a:ff:09:c3:8e:1a:75:40:
         23:ab:9a:51:d9:00:47:a0:fe:ad:08:d0:fe:05:ac:fe:f7:52:
         66:c0:a5:91:9f:a3:2a:fa:12:fe:16:c5:51:7f:75:82:89:00:
         fe:c7:2b:cf:21:b6:1e:00:15:8e:bc:7b:b2:be:31:15:3b:f4:
         e5:6a:7a:fd:77:34:04:83:de:e7:71:4c:31:3e:e8:68:d3:34:
         4c:09:c9:b5:2c:79:b7:80:9b:07:63:13:c0:c7:80:cc:b4:87:
         07:5c:7e:1f:dc:3e:0d:73:05:c3:85:0b:94:82:e9:aa:e7:d9:
         f6:b7:18:39:68:81:04:71:a2:79:a9:8d:f5:67:37:55:8e:77:
         77:c2:3e:05:d8:80:75:31:da:32:0e:79:d2:d9:79:a3:a3:fe:
         81:bd:bc:e7
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZt26raLzILPMrIg10XEZekeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2YzJhMzFkNjBlZDI1NjExOTk3ZTdiN2RlNGE5YjZmMjYw
NmVkMzQwHhcNMjYwMTAxMDAxNzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDVhYzEwN2FlMjZhZDdlYjhmNmU2OGFlMmJiYzhmMjQ0N2I2OTk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlMllGs9yTOgUCYsrwfl68HNrsLcx
NzJ6s2rYOLD9et89pKJict3dh/TDp64Z9QqXKNHX19oM87Za1q/WkdoA2slK+Ezb
/1FLKgEsgR9nHH7iLllW2eplXGGisG5lbw1sT1HIv+pWNibDxeSKMlb6owNEbJaX
wbIn1Ud3uZhPp63RhZmMvC0OekHw8PCDBc7sfWQ0Zh7YLtdIgeXDOuHC8iLGHEqD
yHtb5/YJmubH3R8vvilClwWC6jPreP0jQNjVqsDqtn19d5epKq2JNiq67kXMz/M5
0GTHioIm539/hlQ/O6fkPmcGDe0D1AmyvjvYZietVc69RNE3J3KC8A3J8wIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFKBawQeuJq1+uPbmiuK7yPJEe2mVMB8GA1UdIwQY
MBaAFLbCox1g7SVhGZfnt95Km28mBu00MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHNLakhXRHRKV0VabC1lMzNrcWJieVlHN1RRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi84NTA2YTEtOTFkZC00Y2ZjLThjMDQt
NmNkZjBkZTUyNzQ2LzEvb0ZyQkI2NG1yWDY0OXVhSzRydkk4a1I3YVpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi84NTA2YTEtOTFkZC00Y2ZjLThjMDQtNmNkZjBkZTUyNzQ2
LzEvdHNLakhXRHRKV0VabC1lMzNrcWJieVlHN1RRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYEKgDFQAAD
BgQqAMVAIDANBgkqhkiG9w0BAQsFAAOCAQEAjIb/8imOU3TwSzp0Nc0AIhl5AfSl
WbR+v2F8r9l4ojIvwgVhfenDmtC68pBcDgG6j/3I3woCAYmoYAlfQ8jAdBmMrv5N
yscpq8rov6Qc+SMMZV10weZa1bH4qeHX35L/1oqhnVr/CcOOGnVAI6uaUdkAR6D+
rQjQ/gWs/vdSZsClkZ+jKvoS/hbFUX91gokA/scrzyG2HgAVjrx7sr4xFTv05Wp6
/Xc0BIPe53FMMT7oaNM0TAnJtSx5t4CbB2MTwMeAzLSHB1x+H9w+DXMFw4ULlILp
qufZ9rcYOWiBBHGieamN9Wc3VY53d8I+BdiAdTHaMg550tl5o6P+gb285w==
-----END CERTIFICATE-----