Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/kev6swYL_1sSCrLvGGpcnPKL-Wo.roa
File:                     kev6swYL_1sSCrLvGGpcnPKL-Wo.roa (raw, json)
Hash identifier:          2bziuGP46h0VJFLNp+CwpaKxwiZAv+HrTOuv5kinatc=
Subject key identifier:   91:EB:FA:B3:06:0B:FF:5B:12:0A:B2:EF:18:6A:5C:9C:F2:8B:F9:6A
Certificate issuer:       /CN=137e5707444a16c68e1a1c52ac4909d0bdca62ae
Certificate serial:       019DFC1FBEE10E074A1BA59F113C15B2104E
Authority key identifier: 13:7E:57:07:44:4A:16:C6:8E:1A:1C:52:AC:49:09:D0:BD:CA:62:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/kev6swYL_1sSCrLvGGpcnPKL-Wo.roa
Signing time:             Wed 06 May 2026 07:10:32 +0000
ROA not before:           Wed 06 May 2026 07:10:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209557
IP address blocks:        2a12:cb40::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fc:1f:be:e1:0e:07:4a:1b:a5:9f:11:3c:15:b2:10:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=137e5707444a16c68e1a1c52ac4909d0bdca62ae
        Validity
            Not Before: May  6 07:10:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=91ebfab3060bff5b120ab2ef186a5c9cf28bf96a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:16:65:b4:32:41:4d:4c:d5:c9:f4:a7:b6:69:
                    4c:6f:06:6a:f7:1e:d0:0e:5f:b8:60:ec:5f:5f:3b:
                    f2:de:66:ac:a0:6e:6b:9c:80:0c:0e:3c:29:5d:5b:
                    27:65:ec:a9:fb:6b:de:ed:15:f2:4d:67:66:9f:11:
                    c2:00:9e:53:f1:73:73:fe:dd:ba:fe:c6:9c:3e:c8:
                    85:72:ca:b7:d1:79:cf:fb:99:f6:36:fc:35:49:ba:
                    5b:db:a9:22:56:29:93:a5:6b:4b:b5:8c:35:6c:b6:
                    48:12:89:74:9d:6d:35:5f:39:c8:01:c1:fc:ef:97:
                    7c:b6:9a:1c:16:41:37:d5:6f:08:bf:53:cd:62:89:
                    55:f3:b1:34:35:ba:9f:cf:2a:5f:53:91:98:28:cc:
                    5f:6a:0e:ac:04:88:bf:5a:1c:a3:11:84:6d:0c:11:
                    08:02:c7:ee:e6:98:b8:78:93:4c:69:92:f3:33:9f:
                    7b:98:1f:e4:c5:ac:d1:b0:7e:fe:a5:56:9b:2b:c6:
                    e3:50:72:24:91:c2:48:e3:85:63:2f:54:77:c1:12:
                    af:53:55:bf:94:60:f5:3b:4f:8e:cc:00:03:a1:86:
                    a2:fb:35:f7:bf:14:9d:55:03:f4:c3:c5:96:19:04:
                    7c:c6:4c:c1:c1:87:57:a4:27:12:b0:90:88:a3:7c:
                    d8:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:EB:FA:B3:06:0B:FF:5B:12:0A:B2:EF:18:6A:5C:9C:F2:8B:F9:6A
            X509v3 Authority Key Identifier:
                keyid:13:7E:57:07:44:4A:16:C6:8E:1A:1C:52:AC:49:09:D0:BD:CA:62:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E35XB0RKFsaOGhxSrEkJ0L3KYq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/kev6swYL_1sSCrLvGGpcnPKL-Wo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/6eaeae-f45c-4355-932f-c0d207c02d27/1/E35XB0RKFsaOGhxSrEkJ0L3KYq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:cb40::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:06:58:d4:cc:c1:a5:25:99:ad:04:00:d0:e5:2b:ab:78:8f:
         8a:e3:2a:b2:e3:3a:f4:af:1c:17:e5:39:31:e4:93:62:92:09:
         3d:ad:d9:18:cd:a1:95:69:1d:16:73:e0:b7:1c:0a:99:57:80:
         73:dd:c9:7e:7a:3c:6a:74:e0:42:2b:db:90:ee:82:e0:c7:3b:
         ca:ee:65:19:42:47:aa:d7:8d:fc:ab:5e:90:22:7a:e0:b6:06:
         84:9d:97:3c:d5:74:39:8d:9d:8a:23:25:42:d9:17:77:d6:6f:
         62:9f:26:6f:24:60:a3:84:bf:9e:33:45:4d:bf:3a:11:5f:6d:
         e3:c2:84:a2:eb:f3:4f:63:77:ee:43:f0:ce:a4:63:9a:c3:f2:
         ba:d6:2e:de:11:c6:53:fd:0c:6f:66:95:54:0c:8b:5a:e5:63:
         06:37:d8:10:22:f4:c6:00:77:e4:14:0e:3c:37:86:64:8a:f1:
         ca:6e:a9:0b:b1:30:f5:b5:1b:e1:fd:85:1d:27:0b:20:92:a9:
         62:72:b4:bb:38:ac:d1:02:da:c4:3a:ef:50:6a:81:44:00:08:
         23:26:c3:fe:be:04:ab:35:7e:1a:05:9d:47:00:9c:06:4e:f8:
         f2:cd:db:95:f2:3c:ba:26:81:4f:f1:2c:3b:41:51:e3:f9:96:
         9a:5a:69:27
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ38H77hDgdKG6WfETwVshBOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzN2U1NzA3NDQ0YTE2YzY4ZTFhMWM1MmFjNDkwOWQwYmRj
YTYyYWUwHhcNMjYwNTA2MDcxMDMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWViZmFiMzA2MGJmZjViMTIwYWIyZWYxODZhNWM5Y2YyOGJmOTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBZltDJBTUzVyfSntmlMbwZq9x7Q
Dl+4YOxfXzvy3masoG5rnIAMDjwpXVsnZeyp+2ve7RXyTWdmnxHCAJ5T8XNz/t26
/sacPsiFcsq30XnP+5n2Nvw1Sbpb26kiVimTpWtLtYw1bLZIEol0nW01XznIAcH8
75d8tpocFkE31W8Iv1PNYolV87E0NbqfzypfU5GYKMxfag6sBIi/WhyjEYRtDBEI
Asfu5pi4eJNMaZLzM597mB/kxazRsH7+pVabK8bjUHIkkcJI44VjL1R3wRKvU1W/
lGD1O0+OzAADoYai+zX3vxSdVQP0w8WWGQR8xkzBwYdXpCcSsJCIo3zYbQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJHr+rMGC/9bEgqy7xhqXJzyi/lqMB8GA1UdIwQY
MBaAFBN+VwdEShbGjhocUqxJCdC9ymKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTM1WEIwUktGc2FPR2h4U3JFa0owTDNLWXE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi82ZWFlYWUtZjQ1Yy00MzU1LTkzMmYt
YzBkMjA3YzAyZDI3LzEva2V2NnN3WUxfMXNTQ3JMdkdHcGNuUEtMLVdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi82ZWFlYWUtZjQ1Yy00MzU1LTkzMmYtYzBkMjA3YzAyZDI3
LzEvRTM1WEIwUktGc2FPR2h4U3JFa0owTDNLWXE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhLLQAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQCRBljUzMGlJZmtBADQ5SureI+K4yqy4zr0rxwX
5Tkx5JNikgk9rdkYzaGVaR0Wc+C3HAqZV4Bz3cl+ejxqdOBCK9uQ7oLgxzvK7mUZ
Qkeq1438q16QInrgtgaEnZc81XQ5jZ2KIyVC2Rd31m9inyZvJGCjhL+eM0VNvzoR
X23jwoSi6/NPY3fuQ/DOpGOaw/K61i7eEcZT/QxvZpVUDIta5WMGN9gQIvTGAHfk
FA48N4ZkivHKbqkLsTD1tRvh/YUdJwsgkqlicrS7OKzRAtrEOu9QaoFEAAgjJsP+
vgSrNX4aBZ1HAJwGTvjyzduV8jy6JoFP8Sw7QVHj+ZaaWmkn
-----END CERTIFICATE-----