Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/iKMbSLMsYD3IPy4aFTgWFbR5-7Q.roa
File:                     iKMbSLMsYD3IPy4aFTgWFbR5-7Q.roa (raw, json)
Hash identifier:          FLy0rWO0Tm6EmloSEokoF4mkm9Xo/LOqQZJUxQFOv+k=
Subject key identifier:   88:A3:1B:48:B3:2C:60:3D:C8:3F:2E:1A:15:38:16:15:B4:79:FB:B4
Certificate issuer:       /CN=206f1c32bc0a9006081d552fede67d6842921ec3
Certificate serial:       019E0740F091C0C5031908D20FC07BDB4F42
Authority key identifier: 20:6F:1C:32:BC:0A:90:06:08:1D:55:2F:ED:E6:7D:68:42:92:1E:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/iKMbSLMsYD3IPy4aFTgWFbR5-7Q.roa
Signing time:             Fri 08 May 2026 11:02:36 +0000
ROA not before:           Fri 08 May 2026 11:02:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198174
IP address blocks:        2a07:245:201::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:07:40:f0:91:c0:c5:03:19:08:d2:0f:c0:7b:db:4f:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=206f1c32bc0a9006081d552fede67d6842921ec3
        Validity
            Not Before: May  8 11:02:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=88a31b48b32c603dc83f2e1a15381615b479fbb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:b0:7f:70:ba:c8:2a:75:16:4e:b6:b4:3e:cd:
                    8b:18:6a:13:23:60:4c:5a:c2:4f:f3:3c:c2:78:d3:
                    af:69:5a:29:4b:9d:35:4e:65:9e:4d:ad:a4:7e:94:
                    9f:92:e5:2d:a5:52:1c:cf:ab:60:16:be:7a:ef:13:
                    c6:92:c0:4b:24:77:38:8e:83:73:43:94:e7:ae:fe:
                    8b:01:2c:1c:6c:05:04:bf:03:59:7e:6c:79:80:56:
                    63:a4:98:16:35:ec:fd:d1:ea:a1:b2:11:32:1f:76:
                    0d:08:75:e2:15:86:d7:df:5f:89:ad:43:5a:63:2b:
                    40:60:2b:e7:12:a5:73:4a:8c:ea:1a:2b:23:13:b4:
                    0b:19:50:75:b3:59:ff:08:05:e7:af:a2:e8:18:de:
                    9f:c4:e0:ac:de:c7:25:3d:7c:6a:78:53:09:84:e0:
                    47:16:1d:49:34:9c:ad:98:b2:d6:38:06:8d:a3:77:
                    4d:f4:f6:06:2b:ea:e3:b3:f4:43:77:cd:9c:be:27:
                    05:52:18:2e:78:a3:a0:94:4c:ef:05:22:34:61:0c:
                    98:bc:1e:fb:48:a0:eb:21:ab:bb:14:99:4c:60:9f:
                    f3:e4:47:1f:6b:52:2c:c9:77:16:7e:7a:b6:56:fa:
                    a7:44:05:a2:db:4b:a0:f1:f6:c6:61:83:20:2e:78:
                    67:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:A3:1B:48:B3:2C:60:3D:C8:3F:2E:1A:15:38:16:15:B4:79:FB:B4
            X509v3 Authority Key Identifier:
                keyid:20:6F:1C:32:BC:0A:90:06:08:1D:55:2F:ED:E6:7D:68:42:92:1E:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/iKMbSLMsYD3IPy4aFTgWFbR5-7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:245:201::/48

    Signature Algorithm: sha256WithRSAEncryption
         c7:66:47:16:b3:b6:43:e1:ac:5b:70:f1:87:a1:8f:5c:3d:0c:
         eb:9c:c7:7a:7c:4a:cf:9b:dd:6d:e7:aa:15:40:6b:7e:82:d6:
         28:b6:23:75:fa:08:63:b5:d8:b1:e1:b7:e2:e0:eb:9d:5b:7c:
         46:57:27:d6:1e:0d:2f:24:24:af:e5:fc:ab:d5:ec:3d:c5:d6:
         f7:73:f1:a0:f5:94:a4:f9:8e:61:83:6a:34:a4:73:a3:29:f6:
         6b:fe:26:0f:88:c7:c5:87:88:c6:30:16:9d:45:b6:04:6a:67:
         b8:c0:2e:0e:94:94:1c:0a:2c:ba:f1:f0:1b:dd:30:c4:14:88:
         ae:4e:70:2f:a8:7a:0c:a1:d4:2b:61:fe:7f:e1:9f:d4:14:ac:
         eb:ba:23:67:4e:33:c8:c0:98:8d:07:32:e8:c9:17:ed:a7:82:
         00:8c:a6:26:7e:99:53:03:1d:fa:5a:ff:ad:f2:6f:d0:c1:be:
         60:74:fc:9e:d3:04:f4:af:75:20:d1:e2:cc:aa:e3:97:25:78:
         ea:92:e2:23:22:bf:82:56:64:7b:96:8e:d5:58:f7:1b:72:1f:
         76:1d:fa:b7:0a:68:f9:35:ca:4c:eb:64:e1:4d:a9:37:8a:d7:
         ef:58:73:60:9d:28:c9:ed:a4:b7:dd:e0:a3:41:1a:b5:bb:5a:
         12:a5:43:8c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ4HQPCRwMUDGQjSD8B7209CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwNmYxYzMyYmMwYTkwMDYwODFkNTUyZmVkZTY3ZDY4NDI5
MjFlYzMwHhcNMjYwNTA4MTEwMjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGEzMWI0OGIzMmM2MDNkYzgzZjJlMWExNTM4MTYxNWI0NzlmYmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1rB/cLrIKnUWTra0Ps2LGGoTI2BM
WsJP8zzCeNOvaVopS501TmWeTa2kfpSfkuUtpVIcz6tgFr567xPGksBLJHc4joNz
Q5Tnrv6LASwcbAUEvwNZfmx5gFZjpJgWNez90eqhshEyH3YNCHXiFYbX31+JrUNa
YytAYCvnEqVzSozqGisjE7QLGVB1s1n/CAXnr6LoGN6fxOCs3sclPXxqeFMJhOBH
Fh1JNJytmLLWOAaNo3dN9PYGK+rjs/RDd82cvicFUhgueKOglEzvBSI0YQyYvB77
SKDrIau7FJlMYJ/z5Ecfa1IsyXcWfnq2VvqnRAWi20ug8fbGYYMgLnhnYwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIijG0izLGA9yD8uGhU4FhW0efu0MB8GA1UdIwQY
MBaAFCBvHDK8CpAGCB1VL+3mfWhCkh7DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUc4Y01yd0trQVlJSFZVdjdlWjlhRUtTSHNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9hOTE4ODQtNmY1OC00ZGRkLTg5MzIt
YmJhODYwYjI2YzAyLzEvaUtNYlNMTXNZRDNJUHk0YUZUZ1dGYlI1LTdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9hOTE4ODQtNmY1OC00ZGRkLTg5MzItYmJhODYwYjI2YzAy
LzEvSUc4Y01yd0trQVlJSFZVdjdlWjlhRUtTSHNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgcCRQIB
MA0GCSqGSIb3DQEBCwUAA4IBAQDHZkcWs7ZD4axbcPGHoY9cPQzrnMd6fErPm91t
56oVQGt+gtYotiN1+ghjtdix4bfi4OudW3xGVyfWHg0vJCSv5fyr1ew9xdb3c/Gg
9ZSk+Y5hg2o0pHOjKfZr/iYPiMfFh4jGMBadRbYEame4wC4OlJQcCiy68fAb3TDE
FIiuTnAvqHoModQrYf5/4Z/UFKzruiNnTjPIwJiNBzLoyRftp4IAjKYmfplTAx36
Wv+t8m/Qwb5gdPye0wT0r3Ug0eLMquOXJXjqkuIjIr+CVmR7lo7VWPcbch92Hfq3
Cmj5NcpM62ThTak3itfvWHNgnSjJ7aS33eCjQRq1u1oSpUOM
-----END CERTIFICATE-----