Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/suovzHsoDlN0Hb2AdeewhUysXlk.roa
File:                     suovzHsoDlN0Hb2AdeewhUysXlk.roa (raw, json)
Hash identifier:          DecZNdwPz60RPQKYYm+RGNe+i+BUh+N2BaGtnkWEt/U=
Subject key identifier:   B2:EA:2F:CC:7B:28:0E:53:74:1D:BD:80:75:E7:B0:85:4C:AC:5E:59
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       019D0165EB0508252B7AC7ABAE8A7BAE8CDC
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/suovzHsoDlN0Hb2AdeewhUysXlk.roa
Signing time:             Wed 18 Mar 2026 14:42:29 +0000
ROA not before:           Wed 18 Mar 2026 14:42:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199972
IP address blocks:        2a13:a440:6::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:01:65:eb:05:08:25:2b:7a:c7:ab:ae:8a:7b:ae:8c:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: Mar 18 14:42:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b2ea2fcc7b280e53741dbd8075e7b0854cac5e59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:04:e1:fe:a4:89:78:78:47:6f:ef:5e:0a:de:
                    56:e4:5e:f6:f7:9d:f9:cf:00:ac:ab:cf:e1:24:53:
                    a9:86:97:02:7e:82:0c:37:a2:5d:7d:f3:11:bf:0d:
                    86:68:e5:2f:83:5c:09:42:4a:06:18:c1:5e:03:3a:
                    6f:cc:e8:e2:62:38:1c:4d:26:53:13:8f:7c:8d:e6:
                    eb:62:9a:c7:da:9d:97:ce:96:b8:ac:0d:b9:59:6c:
                    cc:13:e1:33:33:f2:d8:4f:67:cb:90:1c:c4:24:13:
                    52:2c:79:78:19:f9:6c:2b:42:6b:7a:43:d2:e0:da:
                    56:1a:37:f1:ad:f1:f1:22:3c:d7:bf:00:4b:91:2c:
                    02:c5:6c:ad:20:a2:78:63:25:cd:9a:8d:06:7b:2c:
                    aa:10:2d:7e:c9:62:7d:41:f5:11:4b:b1:c2:17:ed:
                    a5:38:4b:93:af:11:1a:d9:11:fe:e6:01:8b:d8:e4:
                    08:5c:82:88:f1:4a:ac:c8:9c:69:16:46:67:b7:ef:
                    81:a0:28:0c:a4:aa:61:cd:d3:72:8e:35:a5:55:79:
                    ff:31:0e:54:a1:3e:fb:f4:c6:66:03:90:23:69:74:
                    7a:2f:a3:c6:48:10:9f:6c:07:82:1d:47:54:fd:3e:
                    f5:80:75:a3:86:d2:71:9a:d8:66:aa:50:51:7f:b0:
                    36:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:EA:2F:CC:7B:28:0E:53:74:1D:BD:80:75:E7:B0:85:4C:AC:5E:59
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/suovzHsoDlN0Hb2AdeewhUysXlk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a440:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         17:d0:5a:9e:f9:96:64:5a:c3:6d:bf:62:66:80:d9:5c:37:a4:
         0d:e9:25:21:a2:a9:9c:e5:7d:63:46:7a:26:09:80:e2:2a:e9:
         e5:fc:95:f9:ce:7a:71:0c:e5:0e:e9:56:8d:af:a1:d7:28:78:
         72:70:32:c9:bc:08:86:64:e7:39:5e:37:19:b5:4f:2f:a0:01:
         36:68:73:e1:cc:56:91:22:0e:09:be:dc:42:fc:d5:80:6c:74:
         42:38:89:23:ef:85:a3:05:fe:e6:e0:13:a8:93:59:37:5e:ac:
         38:09:2f:47:c1:2d:f0:15:51:c8:66:5b:1e:e2:cd:0e:28:6e:
         33:ef:9e:6a:c7:67:f9:2d:94:48:16:4c:60:74:16:9e:1f:36:
         82:91:d9:4e:6e:c1:e8:ad:6f:a6:7c:30:e6:f3:7f:e2:cb:07:
         44:7e:bb:3b:a1:1e:5a:13:45:59:2d:75:4e:ff:a6:14:49:e7:
         52:b3:9b:50:ac:ff:36:87:ca:3e:49:ee:7c:8b:49:39:81:91:
         ab:93:0a:ad:11:57:bb:1d:e2:40:c5:56:33:a2:14:92:c9:a4:
         80:3f:a8:47:4f:f0:e9:c6:88:cb:8b:b6:8c:81:cd:26:28:da:
         f8:67:e4:ee:4b:ee:49:a0:cc:13:a8:32:ac:16:99:77:4a:b0:
         09:7d:c7:28
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ0BZesFCCUreserrop7rozcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjYwMzE4MTQ0MjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmVhMmZjYzdiMjgwZTUzNzQxZGJkODA3NWU3YjA4NTRjYWM1ZTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkATh/qSJeHhHb+9eCt5W5F729535
zwCsq8/hJFOphpcCfoIMN6JdffMRvw2GaOUvg1wJQkoGGMFeAzpvzOjiYjgcTSZT
E498jebrYprH2p2Xzpa4rA25WWzME+EzM/LYT2fLkBzEJBNSLHl4GflsK0JrekPS
4NpWGjfxrfHxIjzXvwBLkSwCxWytIKJ4YyXNmo0GeyyqEC1+yWJ9QfURS7HCF+2l
OEuTrxEa2RH+5gGL2OQIXIKI8UqsyJxpFkZnt++BoCgMpKphzdNyjjWlVXn/MQ5U
oT779MZmA5AjaXR6L6PGSBCfbAeCHUdU/T71gHWjhtJxmthmqlBRf7A2cQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLLqL8x7KA5TdB29gHXnsIVMrF5ZMB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvc3VvdnpIc29EbE4wSGIyQWRlZXdoVXlzWGxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOkQAAG
MA0GCSqGSIb3DQEBCwUAA4IBAQAX0Fqe+ZZkWsNtv2JmgNlcN6QN6SUhoqmc5X1j
RnomCYDiKunl/JX5znpxDOUO6VaNr6HXKHhycDLJvAiGZOc5XjcZtU8voAE2aHPh
zFaRIg4JvtxC/NWAbHRCOIkj74WjBf7m4BOok1k3Xqw4CS9HwS3wFVHIZlse4s0O
KG4z755qx2f5LZRIFkxgdBaeHzaCkdlObsHorW+mfDDm83/iywdEfrs7oR5aE0VZ
LXVO/6YUSedSs5tQrP82h8o+Se58i0k5gZGrkwqtEVe7HeJAxVYzohSSyaSAP6hH
T/DpxojLi7aMgc0mKNr4Z+TuS+5JoMwTqDKsFpl3SrAJfcco
-----END CERTIFICATE-----