Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/3150ee-70a3-4569-a732-53be7358e252/1/IaPceu7VrN0Ci4QLf1Y22DXK38c.roa
File:                     IaPceu7VrN0Ci4QLf1Y22DXK38c.roa (raw, json)
Hash identifier:          DDTyYVit6V7bbPxJ+s9WJ7GGlOrY5GhIJkW0KajJFr4=
Subject key identifier:   21:A3:DC:7A:EE:D5:AC:DD:02:8B:84:0B:7F:56:36:D8:35:CA:DF:C7
Certificate issuer:       /CN=d0425d254dfff3e12a9672930843fc0e9abc9062
Certificate serial:       019E02E6BD39938E6031D4E09A057E5DC76E
Authority key identifier: D0:42:5D:25:4D:FF:F3:E1:2A:96:72:93:08:43:FC:0E:9A:BC:90:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0EJdJU3_8-EqlnKTCEP8Dpq8kGI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/3150ee-70a3-4569-a732-53be7358e252/1/IaPceu7VrN0Ci4QLf1Y22DXK38c.roa
Signing time:             Thu 07 May 2026 14:45:36 +0000
ROA not before:           Thu 07 May 2026 14:45:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197754
IP address blocks:        2001:678:1278::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/3150ee-70a3-4569-a732-53be7358e252/1/0EJdJU3_8-EqlnKTCEP8Dpq8kGI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/3150ee-70a3-4569-a732-53be7358e252/1/0EJdJU3_8-EqlnKTCEP8Dpq8kGI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0EJdJU3_8-EqlnKTCEP8Dpq8kGI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:02:e6:bd:39:93:8e:60:31:d4:e0:9a:05:7e:5d:c7:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0425d254dfff3e12a9672930843fc0e9abc9062
        Validity
            Not Before: May  7 14:45:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=21a3dc7aeed5acdd028b840b7f5636d835cadfc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:74:d8:df:8c:a4:fb:ee:e3:46:99:3a:2c:51:
                    0f:d0:41:75:c5:db:2a:b1:1e:23:90:c4:71:69:fa:
                    bf:1a:19:8e:06:b8:16:7b:39:4d:cd:1a:bf:8b:70:
                    4b:1c:d6:a5:db:7c:42:e3:5b:13:36:19:0e:df:dd:
                    a0:fd:e8:2e:4a:23:b2:eb:f3:2c:da:7d:1d:97:91:
                    2a:61:08:46:87:a8:52:1f:cd:98:81:8e:53:6e:48:
                    5a:11:3b:b9:54:ea:2c:02:a9:71:93:80:95:23:e1:
                    c0:4b:af:be:d0:58:65:41:16:b0:6e:f5:98:60:cd:
                    8d:9d:6a:51:c9:f0:a7:9a:fd:e1:d3:ce:0d:96:85:
                    32:1c:b5:45:51:7d:cb:8d:e4:77:3f:a7:fd:18:0e:
                    5c:cb:fe:14:e3:cc:df:1d:3e:b0:05:65:45:43:0b:
                    a2:56:47:b0:af:a0:f1:46:24:e3:67:8e:a9:89:77:
                    cd:63:a1:26:e4:30:a1:21:3c:9e:c4:f7:d7:e6:0e:
                    cb:6a:1e:86:73:c2:05:83:28:e3:c2:9b:6a:dc:15:
                    cf:60:99:93:a8:e0:07:70:fb:72:c9:ad:59:02:57:
                    bf:d5:31:e8:d2:16:57:5b:0c:1c:3b:01:b2:d7:b6:
                    fe:8b:ea:61:f2:df:a2:d0:4c:a9:ef:bd:f0:cf:9b:
                    a5:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:A3:DC:7A:EE:D5:AC:DD:02:8B:84:0B:7F:56:36:D8:35:CA:DF:C7
            X509v3 Authority Key Identifier:
                keyid:D0:42:5D:25:4D:FF:F3:E1:2A:96:72:93:08:43:FC:0E:9A:BC:90:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0EJdJU3_8-EqlnKTCEP8Dpq8kGI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/3150ee-70a3-4569-a732-53be7358e252/1/IaPceu7VrN0Ci4QLf1Y22DXK38c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/3150ee-70a3-4569-a732-53be7358e252/1/0EJdJU3_8-EqlnKTCEP8Dpq8kGI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:1278::/48

    Signature Algorithm: sha256WithRSAEncryption
         a1:e1:e0:e4:41:b4:76:3e:89:1f:eb:eb:7e:a7:46:fe:53:c8:
         64:4e:05:93:66:7f:35:bf:9f:92:f0:a5:c7:21:11:4a:07:3a:
         43:7b:85:91:35:ee:79:9d:75:57:c5:33:48:58:0e:4b:dd:24:
         5b:81:26:8a:7c:65:3a:04:d9:2f:d9:b5:50:36:cb:12:96:8f:
         66:ba:96:3a:ed:92:38:87:46:fb:6c:89:2a:ad:8e:5b:7d:a2:
         bd:60:c9:24:dc:99:70:ce:5a:1d:e5:8e:5e:c7:46:d4:b4:08:
         a3:f6:2e:5a:ee:88:49:f5:85:ca:0d:8d:51:46:91:7d:74:11:
         a4:dc:ed:34:42:a6:20:e6:1c:e9:84:56:1b:7c:74:22:49:7e:
         99:b0:df:e8:0e:0d:d5:70:14:d1:87:51:12:22:93:86:cd:77:
         23:1a:7b:8e:0b:4b:97:c2:dc:d4:f9:b8:83:71:a2:aa:ca:bb:
         71:7a:44:5a:e6:aa:ed:1b:09:b9:71:d7:ac:f1:82:53:73:dd:
         44:f8:42:20:ce:31:0c:78:15:62:a2:a0:51:4b:f0:bd:ac:35:
         3a:b1:c9:73:6b:c8:e5:a5:9d:21:46:6c:0a:56:46:5f:d6:3c:
         52:85:ba:f0:ad:7e:84:f3:58:5b:b5:7a:ee:0b:04:07:9f:4d:
         2c:cd:e4:32
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ4C5r05k45gMdTgmgV+XcduMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwNDI1ZDI1NGRmZmYzZTEyYTk2NzI5MzA4NDNmYzBlOWFi
YzkwNjIwHhcNMjYwNTA3MTQ0NTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWEzZGM3YWVlZDVhY2RkMDI4Yjg0MGI3ZjU2MzZkODM1Y2FkZmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAinTY34yk++7jRpk6LFEP0EF1xdsq
sR4jkMRxafq/GhmOBrgWezlNzRq/i3BLHNal23xC41sTNhkO392g/eguSiOy6/Ms
2n0dl5EqYQhGh6hSH82YgY5TbkhaETu5VOosAqlxk4CVI+HAS6++0FhlQRawbvWY
YM2NnWpRyfCnmv3h084NloUyHLVFUX3LjeR3P6f9GA5cy/4U48zfHT6wBWVFQwui
Vkewr6DxRiTjZ46piXfNY6Em5DChITyexPfX5g7Lah6Gc8IFgyjjwptq3BXPYJmT
qOAHcPtyya1ZAle/1THo0hZXWwwcOwGy17b+i+ph8t+i0Eyp773wz5ulqQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCGj3Hru1azdAouEC39WNtg1yt/HMB8GA1UdIwQY
MBaAFNBCXSVN//PhKpZykwhD/A6avJBiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEVKZEpVM184LUVxbG5LVENFUDhEcHE4a0dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8zMTUwZWUtNzBhMy00NTY5LWE3MzIt
NTNiZTczNThlMjUyLzEvSWFQY2V1N1ZyTjBDaTRRTGYxWTIyRFhLMzhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8zMTUwZWUtNzBhMy00NTY5LWE3MzItNTNiZTczNThlMjUy
LzEvMEVKZEpVM184LUVxbG5LVENFUDhEcHE4a0dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBJ4
MA0GCSqGSIb3DQEBCwUAA4IBAQCh4eDkQbR2Pokf6+t+p0b+U8hkTgWTZn81v5+S
8KXHIRFKBzpDe4WRNe55nXVXxTNIWA5L3SRbgSaKfGU6BNkv2bVQNssSlo9mupY6
7ZI4h0b7bIkqrY5bfaK9YMkk3Jlwzlod5Y5ex0bUtAij9i5a7ohJ9YXKDY1RRpF9
dBGk3O00QqYg5hzphFYbfHQiSX6ZsN/oDg3VcBTRh1ESIpOGzXcjGnuOC0uXwtzU
+biDcaKqyrtxekRa5qrtGwm5cdes8YJTc91E+EIgzjEMeBVioqBRS/C9rDU6sclz
a8jlpZ0hRmwKVkZf1jxShbrwrX6E81hbtXruCwQHn00szeQy
-----END CERTIFICATE-----