Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/3e48c2-3db7-4269-9cda-8e5938ddad24/1/VYr2J8PU6qvoHNkXxdUk2poOpeg.roa
File:                     VYr2J8PU6qvoHNkXxdUk2poOpeg.roa (raw, json)
Hash identifier:          qyR8POc6dovbUK8HiGSmXu2L7YbxUwe4Rbtm4a/aTuI=
Subject key identifier:   55:8A:F6:27:C3:D4:EA:AB:E8:1C:D9:17:C5:D5:24:DA:9A:0E:A5:E8
Certificate issuer:       /CN=0a91aa40bb61da843d906cb56623950cb37f59b3
Certificate serial:       019D91189351BEEE756B1018835DA7CD1CFD
Authority key identifier: 0A:91:AA:40:BB:61:DA:84:3D:90:6C:B5:66:23:95:0C:B3:7F:59:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CpGqQLth2oQ9kGy1ZiOVDLN_WbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/3e48c2-3db7-4269-9cda-8e5938ddad24/1/VYr2J8PU6qvoHNkXxdUk2poOpeg.roa
Signing time:             Wed 15 Apr 2026 12:23:20 +0000
ROA not before:           Wed 15 Apr 2026 12:23:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198908
IP address blocks:        2a07:b500::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/3e48c2-3db7-4269-9cda-8e5938ddad24/1/CpGqQLth2oQ9kGy1ZiOVDLN_WbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/3e48c2-3db7-4269-9cda-8e5938ddad24/1/CpGqQLth2oQ9kGy1ZiOVDLN_WbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CpGqQLth2oQ9kGy1ZiOVDLN_WbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 21:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:91:18:93:51:be:ee:75:6b:10:18:83:5d:a7:cd:1c:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a91aa40bb61da843d906cb56623950cb37f59b3
        Validity
            Not Before: Apr 15 12:23:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=558af627c3d4eaabe81cd917c5d524da9a0ea5e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:30:fc:23:f1:29:27:e1:88:3a:16:89:69:ac:
                    4f:7a:03:47:c5:2c:e5:63:8b:17:43:6d:07:b7:ed:
                    16:1d:5d:09:cf:d0:83:db:c1:8b:95:ac:4e:45:ae:
                    b3:32:51:54:9d:05:3a:7a:9c:f3:7d:73:26:01:bd:
                    89:3f:2e:0e:0a:74:4e:9e:10:3f:c5:45:6a:91:c6:
                    b6:32:f4:01:5a:bb:73:a5:c4:f1:52:e1:56:8a:50:
                    70:78:50:d0:c1:4a:bd:38:cc:cf:11:0c:f2:64:12:
                    4e:78:3c:a7:fc:b4:c2:77:e3:34:ee:90:e4:f3:c8:
                    f7:c2:e2:d9:77:06:be:7a:9e:6c:a4:3e:5a:91:a7:
                    49:aa:d5:70:dc:25:e7:01:27:50:fc:92:8f:5d:30:
                    fb:33:78:5a:86:11:93:3e:4c:5a:c1:8f:76:70:79:
                    65:5a:ea:ed:ae:b0:6c:76:d1:b6:8d:b1:b3:5f:38:
                    5e:3e:3e:ac:0d:97:5c:e2:bf:92:10:dd:94:db:66:
                    3b:04:70:dd:9d:34:20:22:e3:53:9c:98:33:a5:e1:
                    45:94:00:7e:17:10:91:7b:cf:99:45:a4:5d:a6:57:
                    8c:a4:a7:c3:4e:00:ea:66:40:c7:fd:96:fc:77:e5:
                    8a:1a:2c:92:4e:6f:8d:8b:ef:40:6a:5e:33:92:5e:
                    a6:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:8A:F6:27:C3:D4:EA:AB:E8:1C:D9:17:C5:D5:24:DA:9A:0E:A5:E8
            X509v3 Authority Key Identifier:
                keyid:0A:91:AA:40:BB:61:DA:84:3D:90:6C:B5:66:23:95:0C:B3:7F:59:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CpGqQLth2oQ9kGy1ZiOVDLN_WbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/3e48c2-3db7-4269-9cda-8e5938ddad24/1/VYr2J8PU6qvoHNkXxdUk2poOpeg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/3e48c2-3db7-4269-9cda-8e5938ddad24/1/CpGqQLth2oQ9kGy1ZiOVDLN_WbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:b500::/32

    Signature Algorithm: sha256WithRSAEncryption
         1c:55:a9:a5:a7:93:9f:de:42:40:73:f9:1e:1b:8d:71:04:69:
         94:41:05:61:e4:bc:b2:56:ef:f0:87:64:40:bf:ea:87:e6:aa:
         97:f5:c6:bc:80:4f:c2:26:84:d1:07:ea:70:61:9f:7f:ce:60:
         7f:67:86:b2:4e:a2:0b:3c:f3:db:5f:58:e6:5b:52:06:06:75:
         fc:78:34:87:6a:5d:17:2b:e3:d4:71:dc:d5:5b:98:31:83:d0:
         f6:97:c2:e3:24:a3:b7:03:f5:1b:71:da:ab:f3:ff:40:45:60:
         c8:2e:5a:87:fc:b7:40:3d:c4:98:da:a2:1b:ab:87:25:19:e6:
         52:7e:72:10:4b:ab:8f:b8:18:3d:82:30:68:97:12:1d:41:99:
         59:88:70:bc:11:41:3a:45:6b:7a:11:ff:30:93:e3:29:45:9d:
         dd:60:56:e7:0b:9c:49:d8:62:02:08:86:7e:c5:d9:36:70:43:
         87:c3:b7:d3:47:f8:56:a1:50:0d:7a:37:05:f9:47:32:33:bf:
         f7:0c:5c:b3:96:5b:e7:40:88:98:73:d3:44:8d:bd:27:d8:ac:
         9b:68:5c:74:2b:66:72:17:ee:bf:81:52:8a:d4:92:4b:31:ab:
         3c:a8:2c:c6:c3:98:e7:6d:e7:a9:05:26:0f:b1:d6:a4:fb:04:
         34:d0:4c:4b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ2RGJNRvu51axAYg12nzRz9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhOTFhYTQwYmI2MWRhODQzZDkwNmNiNTY2MjM5NTBjYjM3
ZjU5YjMwHhcNMjYwNDE1MTIyMzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NThhZjYyN2MzZDRlYWFiZTgxY2Q5MTdjNWQ1MjRkYTlhMGVhNWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnTD8I/EpJ+GIOhaJaaxPegNHxSzl
Y4sXQ20Ht+0WHV0Jz9CD28GLlaxORa6zMlFUnQU6epzzfXMmAb2JPy4OCnROnhA/
xUVqkca2MvQBWrtzpcTxUuFWilBweFDQwUq9OMzPEQzyZBJOeDyn/LTCd+M07pDk
88j3wuLZdwa+ep5spD5akadJqtVw3CXnASdQ/JKPXTD7M3hahhGTPkxawY92cHll
WurtrrBsdtG2jbGzXzhePj6sDZdc4r+SEN2U22Y7BHDdnTQgIuNTnJgzpeFFlAB+
FxCRe8+ZRaRdpleMpKfDTgDqZkDH/Zb8d+WKGiySTm+Ni+9Aal4zkl6m/wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFWK9ifD1Oqr6BzZF8XVJNqaDqXoMB8GA1UdIwQY
MBaAFAqRqkC7YdqEPZBstWYjlQyzf1mzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ3BHcVFMdGgyb1E5a0d5MVppT1ZETE5fV2JNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8zZTQ4YzItM2RiNy00MjY5LTljZGEt
OGU1OTM4ZGRhZDI0LzEvVllyMko4UFU2cXZvSE5rWHhkVWsycG9PcGVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8zZTQ4YzItM2RiNy00MjY5LTljZGEtOGU1OTM4ZGRhZDI0
LzEvQ3BHcVFMdGgyb1E5a0d5MVppT1ZETE5fV2JNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKge1ADAN
BgkqhkiG9w0BAQsFAAOCAQEAHFWppaeTn95CQHP5HhuNcQRplEEFYeS8slbv8Idk
QL/qh+aql/XGvIBPwiaE0QfqcGGff85gf2eGsk6iCzzz219Y5ltSBgZ1/Hg0h2pd
Fyvj1HHc1VuYMYPQ9pfC4ySjtwP1G3Haq/P/QEVgyC5ah/y3QD3EmNqiG6uHJRnm
Un5yEEurj7gYPYIwaJcSHUGZWYhwvBFBOkVrehH/MJPjKUWd3WBW5wucSdhiAgiG
fsXZNnBDh8O300f4VqFQDXo3BflHMjO/9wxcs5Zb50CImHPTRI29J9ism2hcdCtm
chfuv4FSitSSSzGrPKgsxsOY523nqQUmD7HWpPsENNBMSw==
-----END CERTIFICATE-----