Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/t2mhnvuwx5-K-_bpa98aJwcKye0.roa
File:                     t2mhnvuwx5-K-_bpa98aJwcKye0.roa (raw, json)
Hash identifier:          d96WB+iB3jaPNFhGJaRDrsl5y/SFIzPBjsPOgBRfiDs=
Subject key identifier:   B7:69:A1:9E:FB:B0:C7:9F:8A:FB:F6:E9:6B:DF:1A:27:07:0A:C9:ED
Certificate issuer:       /CN=eae2653179cafe5ff6651c6058b67ad2d2c8485e
Certificate serial:       019D1F77CF6CAC7CE5AEC92292981CB9617D
Authority key identifier: EA:E2:65:31:79:CA:FE:5F:F6:65:1C:60:58:B6:7A:D2:D2:C8:48:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6uJlMXnK_l_2ZRxgWLZ60tLISF4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/t2mhnvuwx5-K-_bpa98aJwcKye0.roa
Signing time:             Tue 24 Mar 2026 10:50:38 +0000
ROA not before:           Tue 24 Mar 2026 10:50:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214415
IP address blocks:        2a13:5940:120::/44 maxlen: 48
                          2a13:5947:134::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/6uJlMXnK_l_2ZRxgWLZ60tLISF4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/6uJlMXnK_l_2ZRxgWLZ60tLISF4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6uJlMXnK_l_2ZRxgWLZ60tLISF4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1f:77:cf:6c:ac:7c:e5:ae:c9:22:92:98:1c:b9:61:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eae2653179cafe5ff6651c6058b67ad2d2c8485e
        Validity
            Not Before: Mar 24 10:50:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b769a19efbb0c79f8afbf6e96bdf1a27070ac9ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:85:61:df:5e:e8:a7:df:ca:01:d6:7b:8c:95:
                    15:be:00:bf:8d:75:ad:b0:92:54:5c:5a:26:ac:d2:
                    2c:e2:98:4c:42:79:35:0b:62:fd:39:f5:ee:04:ff:
                    17:39:ad:5a:5f:e0:c8:99:3e:ed:8c:bf:58:32:8b:
                    68:79:7b:d1:67:8c:73:a8:66:6a:82:85:10:1e:34:
                    25:56:51:7b:d3:34:6a:09:38:4a:af:7b:9d:03:cd:
                    f2:db:30:ab:25:ef:8e:1f:72:06:ce:99:49:95:03:
                    0b:f2:f4:d5:99:ae:08:ac:1f:0b:c8:38:37:f6:a1:
                    14:33:f4:78:80:27:f7:7c:94:94:5d:13:63:5d:d1:
                    38:f7:73:45:28:7a:dd:48:35:f4:d6:35:9e:55:92:
                    38:c0:8e:39:1e:57:23:2f:4b:64:51:d1:35:84:97:
                    20:6a:5c:1f:76:c4:38:e1:63:12:c5:d8:de:a9:29:
                    2f:50:8d:17:88:3b:52:4e:11:9d:92:d6:6c:54:53:
                    6e:7c:be:01:ea:50:f3:42:9a:dd:f0:c7:0b:35:c8:
                    23:a1:4a:d5:90:52:3e:22:0e:5d:a3:c5:09:29:2e:
                    23:3e:9a:0a:98:88:af:02:87:a0:d2:08:f8:b1:d2:
                    f8:91:f8:c4:07:b5:ed:1f:5b:1a:90:b4:ca:c1:2c:
                    5c:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:69:A1:9E:FB:B0:C7:9F:8A:FB:F6:E9:6B:DF:1A:27:07:0A:C9:ED
            X509v3 Authority Key Identifier:
                keyid:EA:E2:65:31:79:CA:FE:5F:F6:65:1C:60:58:B6:7A:D2:D2:C8:48:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6uJlMXnK_l_2ZRxgWLZ60tLISF4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/t2mhnvuwx5-K-_bpa98aJwcKye0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/19e9c5-82e2-438b-a0e9-992d797f4bbb/1/6uJlMXnK_l_2ZRxgWLZ60tLISF4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:5940:120::/44
                  2a13:5947:134::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:35:30:78:8c:2e:61:5e:2e:11:22:f7:22:dd:d5:34:15:6f:
         05:3b:4a:3b:f4:dc:6e:40:d4:f7:f6:fa:6b:f6:e7:0b:39:ed:
         14:e8:22:8a:45:46:23:ba:52:95:37:ff:19:6e:df:1a:50:fe:
         c4:3b:5e:a2:30:5c:d1:b3:99:a2:e6:66:6f:0b:51:0b:d3:fc:
         49:40:4b:88:cf:e1:a8:7a:6f:48:98:f9:16:ba:7b:32:b2:4d:
         f0:b0:91:f5:fa:57:62:bd:36:69:5b:04:fb:3f:a0:57:06:81:
         d2:bf:f1:3f:4b:d9:2b:7d:c7:f8:0c:d7:1f:c1:56:8d:de:89:
         a8:fa:71:bc:5e:6d:26:59:63:3e:6f:60:c9:0c:9c:25:21:8e:
         85:fc:00:82:27:f2:8e:6d:7e:86:b5:7e:6b:43:35:28:be:3b:
         c8:37:21:17:44:ef:9b:88:dd:92:17:9b:e5:17:34:1a:f8:31:
         74:2a:40:d1:05:26:3b:75:d2:88:72:ef:35:3d:4a:1e:fd:7d:
         ab:ec:0e:07:bb:37:42:54:ff:f0:d0:42:ba:da:05:a4:01:fd:
         a0:0b:76:41:b3:ae:ce:39:31:9d:63:34:58:71:bb:55:a1:3c:
         3d:10:d3:cf:7e:65:5e:4d:e3:b0:ad:ea:ba:69:7c:e2:db:22:
         e9:3d:98:42
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ0fd89srHzlrskikpgcuWF9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhZTI2NTMxNzljYWZlNWZmNjY1MWM2MDU4YjY3YWQyZDJj
ODQ4NWUwHhcNMjYwMzI0MTA1MDM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzY5YTE5ZWZiYjBjNzlmOGFmYmY2ZTk2YmRmMWEyNzA3MGFjOWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk4Vh317op9/KAdZ7jJUVvgC/jXWt
sJJUXFomrNIs4phMQnk1C2L9OfXuBP8XOa1aX+DImT7tjL9YMotoeXvRZ4xzqGZq
goUQHjQlVlF70zRqCThKr3udA83y2zCrJe+OH3IGzplJlQML8vTVma4IrB8LyDg3
9qEUM/R4gCf3fJSUXRNjXdE493NFKHrdSDX01jWeVZI4wI45HlcjL0tkUdE1hJcg
alwfdsQ44WMSxdjeqSkvUI0XiDtSThGdktZsVFNufL4B6lDzQprd8McLNcgjoUrV
kFI+Ig5do8UJKS4jPpoKmIivAoeg0gj4sdL4kfjEB7XtH1sakLTKwSxcdwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFLdpoZ77sMefivv26WvfGicHCsntMB8GA1UdIwQY
MBaAFOriZTF5yv5f9mUcYFi2etLSyEheMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnVKbE1YbktfbF8yWlJ4Z1dMWjYwdExJU0Y0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC8xOWU5YzUtODJlMi00MzhiLWEwZTkt
OTkyZDc5N2Y0YmJiLzEvdDJtaG52dXd4NS1LLV9icGE5OGFKd2NLeWUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC8xOWU5YzUtODJlMi00MzhiLWEwZTktOTkyZDc5N2Y0YmJi
LzEvNnVKbE1YbktfbF8yWlJ4Z1dMWjYwdExJU0Y0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKhNZQAEg
AwcAKhNZRwE0MA0GCSqGSIb3DQEBCwUAA4IBAQBKNTB4jC5hXi4RIvci3dU0FW8F
O0o79NxuQNT39vpr9ucLOe0U6CKKRUYjulKVN/8Zbt8aUP7EO16iMFzRs5mi5mZv
C1EL0/xJQEuIz+Goem9ImPkWunsysk3wsJH1+ldivTZpWwT7P6BXBoHSv/E/S9kr
fcf4DNcfwVaN3omo+nG8Xm0mWWM+b2DJDJwlIY6F/ACCJ/KObX6GtX5rQzUovjvI
NyEXRO+biN2SF5vlFzQa+DF0KkDRBSY7ddKIcu81PUoe/X2r7A4HuzdCVP/w0EK6
2gWkAf2gC3ZBs67OOTGdYzRYcbtVoTw9ENPPfmVeTeOwreq6aXzi2yLpPZhC
-----END CERTIFICATE-----