Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/8ad2e0-e3f0-4abe-bcb6-2f5c74c69ae1/1/m0K11fTdVXce9KPspHjCdpXBjm0.roa
File:                     m0K11fTdVXce9KPspHjCdpXBjm0.roa (raw, json)
Hash identifier:          mxYYTtrgsKvZfI5f2+lgt0ESaqCmMI3WxRhAYR+gUtU=
Subject key identifier:   9B:42:B5:D5:F4:DD:55:77:1E:F4:A3:EC:A4:78:C2:76:95:C1:8E:6D
Certificate issuer:       /CN=abd87bbef5943546b2a83d31ec2b99ad883d51d7
Certificate serial:       019E15E6FC3A131A1265E302FAB48AF2044E
Authority key identifier: AB:D8:7B:BE:F5:94:35:46:B2:A8:3D:31:EC:2B:99:AD:88:3D:51:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q9h7vvWUNUayqD0x7CuZrYg9Udc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/8ad2e0-e3f0-4abe-bcb6-2f5c74c69ae1/1/m0K11fTdVXce9KPspHjCdpXBjm0.roa
Signing time:             Mon 11 May 2026 07:18:39 +0000
ROA not before:           Mon 11 May 2026 07:18:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215837
IP address blocks:        2a13:5682:400::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/8ad2e0-e3f0-4abe-bcb6-2f5c74c69ae1/1/q9h7vvWUNUayqD0x7CuZrYg9Udc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/8ad2e0-e3f0-4abe-bcb6-2f5c74c69ae1/1/q9h7vvWUNUayqD0x7CuZrYg9Udc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q9h7vvWUNUayqD0x7CuZrYg9Udc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:15:e6:fc:3a:13:1a:12:65:e3:02:fa:b4:8a:f2:04:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abd87bbef5943546b2a83d31ec2b99ad883d51d7
        Validity
            Not Before: May 11 07:18:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9b42b5d5f4dd55771ef4a3eca478c27695c18e6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:b6:11:b1:88:24:3a:b1:a1:55:34:2d:c8:aa:
                    25:db:0f:c2:cc:db:d9:c6:a4:3a:23:c6:87:4e:c4:
                    64:81:3a:d2:86:7f:ae:d7:cd:cc:ee:1e:df:2c:08:
                    81:d9:8d:ad:3e:aa:5c:53:5e:ab:8d:c2:44:39:ac:
                    07:05:e1:50:3d:17:58:cd:65:3a:03:03:47:13:29:
                    bc:95:2e:c8:9e:ea:b3:61:d7:37:1f:93:35:b5:81:
                    06:ad:06:9a:56:34:07:27:d7:f2:10:b9:d3:3b:bf:
                    10:14:3c:69:4d:bd:eb:70:c5:af:a0:8e:bd:91:35:
                    3d:cb:31:ed:a0:f9:68:ec:7c:11:ee:69:db:da:e9:
                    c8:06:86:fa:73:5d:15:7c:b0:eb:d8:05:15:0b:34:
                    67:b2:d5:70:76:dd:a6:20:09:ca:11:db:f6:e4:6c:
                    10:33:31:c4:0e:45:4a:cc:85:40:34:4b:d0:2c:c7:
                    a4:16:12:bb:71:63:7a:0c:55:e6:a7:07:aa:05:87:
                    02:c7:29:75:90:16:a6:2e:84:9e:de:f4:45:a8:2e:
                    b4:9a:cf:a5:74:02:cc:90:5b:ab:6b:09:cd:f1:5d:
                    d4:09:b5:c2:1d:d0:55:3a:df:05:54:41:d1:f3:d8:
                    a5:11:40:a3:f4:e9:1a:9d:76:6c:3d:bd:e6:c2:bc:
                    b2:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:42:B5:D5:F4:DD:55:77:1E:F4:A3:EC:A4:78:C2:76:95:C1:8E:6D
            X509v3 Authority Key Identifier:
                keyid:AB:D8:7B:BE:F5:94:35:46:B2:A8:3D:31:EC:2B:99:AD:88:3D:51:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q9h7vvWUNUayqD0x7CuZrYg9Udc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/8ad2e0-e3f0-4abe-bcb6-2f5c74c69ae1/1/m0K11fTdVXce9KPspHjCdpXBjm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/8ad2e0-e3f0-4abe-bcb6-2f5c74c69ae1/1/q9h7vvWUNUayqD0x7CuZrYg9Udc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:5682:400::/44

    Signature Algorithm: sha256WithRSAEncryption
         7b:ff:57:dc:fe:aa:6d:14:39:0e:64:39:5a:35:1f:64:e8:ee:
         85:30:d4:de:18:5a:f6:78:04:15:e5:65:67:5d:d0:a6:2d:81:
         40:05:ce:81:a5:f4:e7:58:f9:b9:19:57:f9:d6:94:bb:f9:ed:
         69:a7:f2:52:e3:24:3a:99:bc:94:6f:46:14:1e:23:0a:11:37:
         2f:98:2c:d3:ae:02:df:86:46:82:1e:3a:8a:cc:ed:08:87:38:
         46:4e:61:9f:55:d2:dc:b4:03:48:d6:e2:21:2a:ea:ee:7c:ca:
         c6:5b:29:72:b2:1d:4e:c1:a8:9f:84:0b:82:82:a8:7b:40:bf:
         bf:c3:69:8c:ba:cd:79:c2:d2:b1:71:de:28:4f:30:00:2b:b3:
         0b:32:e7:3b:66:28:2f:b1:e5:b5:de:43:29:ee:45:c7:5e:70:
         1e:88:17:9f:36:07:11:da:01:a0:e5:34:95:02:a3:59:ac:4c:
         f2:94:75:5f:73:f2:dc:0d:09:02:32:e4:6e:c4:41:40:c0:22:
         80:9d:78:fe:0c:40:30:e7:ce:6d:48:6e:a3:7d:5e:ea:02:83:
         1b:a0:a0:01:df:21:27:e0:cc:88:8f:d2:19:42:1e:9d:5d:a7:
         9f:4f:21:0c:37:1a:da:b7:52:a6:00:dd:e0:9e:56:7a:fb:f5:
         6b:6f:35:1f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ4V5vw6ExoSZeMC+rSK8gROMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiZDg3YmJlZjU5NDM1NDZiMmE4M2QzMWVjMmI5OWFkODgz
ZDUxZDcwHhcNMjYwNTExMDcxODM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjQyYjVkNWY0ZGQ1NTc3MWVmNGEzZWNhNDc4YzI3Njk1YzE4ZTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1rYRsYgkOrGhVTQtyKol2w/CzNvZ
xqQ6I8aHTsRkgTrShn+u183M7h7fLAiB2Y2tPqpcU16rjcJEOawHBeFQPRdYzWU6
AwNHEym8lS7InuqzYdc3H5M1tYEGrQaaVjQHJ9fyELnTO78QFDxpTb3rcMWvoI69
kTU9yzHtoPlo7HwR7mnb2unIBob6c10VfLDr2AUVCzRnstVwdt2mIAnKEdv25GwQ
MzHEDkVKzIVANEvQLMekFhK7cWN6DFXmpweqBYcCxyl1kBamLoSe3vRFqC60ms+l
dALMkFurawnN8V3UCbXCHdBVOt8FVEHR89ilEUCj9OkanXZsPb3mwryykQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJtCtdX03VV3HvSj7KR4wnaVwY5tMB8GA1UdIwQY
MBaAFKvYe771lDVGsqg9Mewrma2IPVHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTloN3Z2V1VOVWF5cUQweDdDdVpyWWc5VWRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC84YWQyZTAtZTNmMC00YWJlLWJjYjYt
MmY1Yzc0YzY5YWUxLzEvbTBLMTFmVGRWWGNlOUtQc3BIakNkcFhCam0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC84YWQyZTAtZTNmMC00YWJlLWJjYjYtMmY1Yzc0YzY5YWUx
LzEvcTloN3Z2V1VOVWF5cUQweDdDdVpyWWc5VWRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhNWggQA
MA0GCSqGSIb3DQEBCwUAA4IBAQB7/1fc/qptFDkOZDlaNR9k6O6FMNTeGFr2eAQV
5WVnXdCmLYFABc6BpfTnWPm5GVf51pS7+e1pp/JS4yQ6mbyUb0YUHiMKETcvmCzT
rgLfhkaCHjqKzO0IhzhGTmGfVdLctANI1uIhKurufMrGWylysh1OwaifhAuCgqh7
QL+/w2mMus15wtKxcd4oTzAAK7MLMuc7ZigvseW13kMp7kXHXnAeiBefNgcR2gGg
5TSVAqNZrEzylHVfc/LcDQkCMuRuxEFAwCKAnXj+DEAw585tSG6jfV7qAoMboKAB
3yEn4MyIj9IZQh6dXaefTyEMNxrat1KmAN3gnlZ6+/VrbzUf
-----END CERTIFICATE-----