Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/6d157e-267f-43a4-ae0a-5a2e9d6695fc/1/tY2WtQaeJpuUmJI8VN0JtvLm7nM.roa
File:                     tY2WtQaeJpuUmJI8VN0JtvLm7nM.roa (raw, json)
Hash identifier:          KjixT4XxmdU3bVJwP3k9mRsSDgi6HnBSPdfTCDjkwQo=
Subject key identifier:   B5:8D:96:B5:06:9E:26:9B:94:98:92:3C:54:DD:09:B6:F2:E6:EE:73
Certificate issuer:       /CN=66d3f1f63c1009c42a68919863a9b8ba85786730
Certificate serial:       019DFE930AE7D1550859C55EBC7F799078D2
Authority key identifier: 66:D3:F1:F6:3C:10:09:C4:2A:68:91:98:63:A9:B8:BA:85:78:67:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZtPx9jwQCcQqaJGYY6m4uoV4ZzA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/6d157e-267f-43a4-ae0a-5a2e9d6695fc/1/tY2WtQaeJpuUmJI8VN0JtvLm7nM.roa
Signing time:             Wed 06 May 2026 18:35:42 +0000
ROA not before:           Wed 06 May 2026 18:35:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     36231
IP address blocks:        2a03:e680::/48 maxlen: 48
                          2a03:e680:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/6d157e-267f-43a4-ae0a-5a2e9d6695fc/1/ZtPx9jwQCcQqaJGYY6m4uoV4ZzA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/6d157e-267f-43a4-ae0a-5a2e9d6695fc/1/ZtPx9jwQCcQqaJGYY6m4uoV4ZzA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZtPx9jwQCcQqaJGYY6m4uoV4ZzA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fe:93:0a:e7:d1:55:08:59:c5:5e:bc:7f:79:90:78:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66d3f1f63c1009c42a68919863a9b8ba85786730
        Validity
            Not Before: May  6 18:35:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b58d96b5069e269b9498923c54dd09b6f2e6ee73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:41:78:de:e2:2c:17:fe:c2:5a:fe:41:03:cb:
                    9c:e5:92:c0:0a:ad:ea:83:30:68:dd:23:fa:0f:e1:
                    74:c8:42:00:cf:29:e7:16:af:68:b9:ca:38:03:3c:
                    28:5a:93:05:b8:45:73:77:6e:9b:5b:ac:8d:5b:ef:
                    ca:85:fe:4c:89:5b:fe:67:31:a8:43:dd:f7:90:26:
                    11:6a:96:06:d1:fb:43:44:e8:c0:ce:a4:29:c4:39:
                    6c:53:ae:c0:89:9b:e2:d9:f9:e9:1a:4f:40:d7:8d:
                    32:f0:fa:e2:2e:db:31:14:ed:e5:95:d6:61:e4:4d:
                    24:d8:ad:07:32:fe:75:ab:45:a7:63:32:dd:20:f7:
                    bd:2c:b8:85:dc:23:0d:c5:60:6a:d4:6a:a7:30:72:
                    af:87:a6:e1:1c:5a:d2:a0:47:be:fb:ac:84:ea:0a:
                    06:2c:b7:24:10:b6:f9:9c:6c:f4:e0:d9:93:70:38:
                    91:2c:29:a1:7d:d9:c8:b1:9b:94:e1:fc:27:51:35:
                    94:93:c3:61:14:88:52:c9:3e:96:66:5b:3b:6e:03:
                    7b:90:c7:c8:ba:91:e7:4a:1e:54:16:d4:dd:a7:d0:
                    e6:c8:be:9e:8c:87:c6:29:70:7e:fe:42:de:96:e2:
                    bd:1f:d2:47:2d:05:94:3d:d3:46:f5:7e:5a:a3:99:
                    3e:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:8D:96:B5:06:9E:26:9B:94:98:92:3C:54:DD:09:B6:F2:E6:EE:73
            X509v3 Authority Key Identifier:
                keyid:66:D3:F1:F6:3C:10:09:C4:2A:68:91:98:63:A9:B8:BA:85:78:67:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZtPx9jwQCcQqaJGYY6m4uoV4ZzA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/6d157e-267f-43a4-ae0a-5a2e9d6695fc/1/tY2WtQaeJpuUmJI8VN0JtvLm7nM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/6d157e-267f-43a4-ae0a-5a2e9d6695fc/1/ZtPx9jwQCcQqaJGYY6m4uoV4ZzA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:e680::/47

    Signature Algorithm: sha256WithRSAEncryption
         09:4a:db:bb:99:f2:e0:ac:4a:2d:8e:16:fc:bd:5e:5d:93:27:
         0c:a7:94:cb:51:3e:d4:c8:a6:b2:05:08:6c:d5:6e:34:75:4e:
         8d:b4:f6:8b:23:1c:05:63:5f:39:58:59:65:c9:1e:d5:ed:9a:
         c7:aa:95:9c:5f:a0:6b:fe:16:60:a5:f9:01:6e:ef:0b:9b:74:
         17:88:41:29:47:f2:31:83:9f:fc:14:d9:9b:6f:18:6b:36:bd:
         90:38:60:06:0d:d3:23:5b:23:1a:20:ee:d3:2d:5a:bf:97:df:
         08:40:32:5e:10:bf:24:cb:88:50:a7:7e:c7:7c:f9:4e:26:f4:
         e0:ec:69:80:52:44:10:37:76:e0:a9:1b:29:22:79:8b:28:40:
         1e:86:3a:c6:e8:a9:14:f1:89:8a:2f:0e:10:79:c3:d2:8f:65:
         1d:11:44:71:50:c5:8e:e6:ef:0f:71:30:d2:38:81:b4:f9:7c:
         e9:1b:c7:d7:87:65:8d:50:af:46:05:5e:c8:7b:6d:44:e0:5f:
         82:58:32:b4:76:5a:0f:d3:68:d7:83:64:22:b3:47:a7:34:d1:
         ca:fc:28:79:4b:1b:e7:73:06:8d:68:b0:b2:47:2f:74:87:d8:
         80:51:2d:f5:c1:70:76:f3:d2:8e:99:17:56:1b:49:06:14:43:
         08:3e:01:58
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ3+kwrn0VUIWcVevH95kHjSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZDNmMWY2M2MxMDA5YzQyYTY4OTE5ODYzYTliOGJhODU3
ODY3MzAwHhcNMjYwNTA2MTgzNTQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNThkOTZiNTA2OWUyNjliOTQ5ODkyM2M1NGRkMDliNmYyZTZlZTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnkF43uIsF/7CWv5BA8uc5ZLACq3q
gzBo3SP6D+F0yEIAzynnFq9ouco4AzwoWpMFuEVzd26bW6yNW+/Khf5MiVv+ZzGo
Q933kCYRapYG0ftDROjAzqQpxDlsU67AiZvi2fnpGk9A140y8PriLtsxFO3lldZh
5E0k2K0HMv51q0WnYzLdIPe9LLiF3CMNxWBq1GqnMHKvh6bhHFrSoEe++6yE6goG
LLckELb5nGz04NmTcDiRLCmhfdnIsZuU4fwnUTWUk8NhFIhSyT6WZls7bgN7kMfI
upHnSh5UFtTdp9DmyL6ejIfGKXB+/kLeluK9H9JHLQWUPdNG9X5ao5k+9QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLWNlrUGniablJiSPFTdCbby5u5zMB8GA1UdIwQY
MBaAFGbT8fY8EAnEKmiRmGOpuLqFeGcwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnRQeDlqd1FDY1FxYUpHWVk2bTR1b1Y0WnpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS82ZDE1N2UtMjY3Zi00M2E0LWFlMGEt
NWEyZTlkNjY5NWZjLzEvdFkyV3RRYWVKcHVVbUpJOFZOMEp0dkxtN25NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS82ZDE1N2UtMjY3Zi00M2E0LWFlMGEtNWEyZTlkNjY5NWZj
LzEvWnRQeDlqd1FDY1FxYUpHWVk2bTR1b1Y0WnpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKgPmgAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAJStu7mfLgrEotjhb8vV5dkycMp5TLUT7UyKay
BQhs1W40dU6NtPaLIxwFY185WFllyR7V7ZrHqpWcX6Br/hZgpfkBbu8Lm3QXiEEp
R/Ixg5/8FNmbbxhrNr2QOGAGDdMjWyMaIO7TLVq/l98IQDJeEL8ky4hQp37HfPlO
JvTg7GmAUkQQN3bgqRspInmLKEAehjrG6KkU8YmKLw4QecPSj2UdEURxUMWO5u8P
cTDSOIG0+XzpG8fXh2WNUK9GBV7Ie21E4F+CWDK0dloP02jXg2Qis0enNNHK/Ch5
SxvncwaNaLCyRy90h9iAUS31wXB289KOmRdWG0kGFEMIPgFY
-----END CERTIFICATE-----