Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/86ecf1-8aaf-46c6-951d-ad66722d349e/1/PsU7x_frD08SU2YYN4xYvGI8q1E.roa
File:                     PsU7x_frD08SU2YYN4xYvGI8q1E.roa (raw, json)
Hash identifier:          k6MudYJE0V8N7WpGxi22h24h9nGg9VIaakZ/jcGCILw=
Subject key identifier:   3E:C5:3B:C7:F7:EB:0F:4F:12:53:66:18:37:8C:58:BC:62:3C:AB:51
Certificate issuer:       /CN=53dc5d4e9c90573c6ddf7d00cbe8b2eda413fc86
Certificate serial:       019CDC894AC56B7370D3C124498DE611C9A2
Authority key identifier: 53:DC:5D:4E:9C:90:57:3C:6D:DF:7D:00:CB:E8:B2:ED:A4:13:FC:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U9xdTpyQVzxt330Ay-iy7aQT_IY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/86ecf1-8aaf-46c6-951d-ad66722d349e/1/PsU7x_frD08SU2YYN4xYvGI8q1E.roa
Signing time:             Wed 11 Mar 2026 10:55:10 +0000
ROA not before:           Wed 11 Mar 2026 10:55:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215745
IP address blocks:        2a12:8a80:140::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/86ecf1-8aaf-46c6-951d-ad66722d349e/1/U9xdTpyQVzxt330Ay-iy7aQT_IY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/86ecf1-8aaf-46c6-951d-ad66722d349e/1/U9xdTpyQVzxt330Ay-iy7aQT_IY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U9xdTpyQVzxt330Ay-iy7aQT_IY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:dc:89:4a:c5:6b:73:70:d3:c1:24:49:8d:e6:11:c9:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53dc5d4e9c90573c6ddf7d00cbe8b2eda413fc86
        Validity
            Not Before: Mar 11 10:55:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3ec53bc7f7eb0f4f12536618378c58bc623cab51
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:52:c5:d8:bb:ff:0e:a1:e0:21:73:6c:dc:1d:
                    b8:fc:35:07:f8:f2:e6:46:a9:a4:8f:41:46:73:8f:
                    c2:be:5d:83:12:a4:94:73:f3:46:d9:e5:dd:e5:99:
                    6d:d6:1d:f8:58:53:5a:21:6a:b3:99:71:1d:1e:a7:
                    89:fe:6c:3a:da:22:f2:5b:fe:bf:3d:7b:6e:6b:36:
                    5d:cf:8c:e4:08:6d:d8:8b:9d:5c:ce:da:03:93:15:
                    6a:62:c1:ad:ea:ec:d5:13:d4:f1:7b:54:e8:00:4b:
                    2a:61:f9:58:9f:d9:3b:b0:cd:bd:4e:98:ab:a3:99:
                    a2:0f:96:e1:83:cc:66:1f:60:f1:d9:84:c4:e4:16:
                    43:86:88:9d:c4:c7:bc:ef:a7:3e:2c:4b:a7:b9:d5:
                    dd:dd:e3:64:ef:99:26:f3:4b:52:c2:ff:e7:82:23:
                    00:b9:5a:e0:d1:5c:d5:64:f5:19:81:65:35:b4:15:
                    37:75:d5:45:cb:0c:a2:c3:a9:af:1a:0b:10:33:2b:
                    4d:6d:ee:54:91:92:c3:83:c7:ae:d0:99:09:4d:06:
                    d5:c6:61:02:a9:bc:ff:0c:c2:7c:f0:94:b8:81:3b:
                    83:30:21:cf:d2:31:85:a9:fc:12:c2:5f:0c:8c:49:
                    56:6d:80:58:1a:0f:11:e7:af:42:ff:e2:68:ea:e6:
                    16:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:C5:3B:C7:F7:EB:0F:4F:12:53:66:18:37:8C:58:BC:62:3C:AB:51
            X509v3 Authority Key Identifier:
                keyid:53:DC:5D:4E:9C:90:57:3C:6D:DF:7D:00:CB:E8:B2:ED:A4:13:FC:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U9xdTpyQVzxt330Ay-iy7aQT_IY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/86ecf1-8aaf-46c6-951d-ad66722d349e/1/PsU7x_frD08SU2YYN4xYvGI8q1E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/86ecf1-8aaf-46c6-951d-ad66722d349e/1/U9xdTpyQVzxt330Ay-iy7aQT_IY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:8a80:140::/44

    Signature Algorithm: sha256WithRSAEncryption
         2d:4c:7d:7b:f9:17:4d:43:81:94:29:fa:16:ad:fc:cf:ad:e9:
         94:30:32:43:aa:54:4e:3b:c0:eb:d1:6b:7d:58:93:ce:7e:60:
         b4:cb:47:61:f5:38:f9:d7:75:f6:db:ab:5f:09:02:ec:0f:2c:
         bf:e5:ff:8f:47:aa:81:ee:3d:8a:e5:af:f6:7f:11:c8:0d:9e:
         1f:22:74:39:7a:48:3d:dc:2e:22:f1:38:9d:56:fb:5d:63:cd:
         eb:f4:7c:3f:77:b0:7c:a8:ff:ea:cd:95:a8:76:ab:56:0f:5e:
         18:a7:ae:65:ec:e6:f3:40:15:b2:fb:82:e0:ec:71:8d:55:89:
         23:7f:12:8a:23:db:13:c3:66:9c:13:91:b1:e8:ff:b3:5a:9b:
         d7:5a:66:16:f6:41:0a:13:21:63:f0:25:ba:df:5e:e1:a0:ce:
         2e:5a:df:71:9d:a1:2d:bb:69:83:be:bd:ef:2a:d8:03:f1:1f:
         03:0e:81:a2:53:ed:37:57:4d:47:04:19:77:ae:ce:7a:60:d3:
         75:6f:eb:d4:2e:4b:ea:f8:f0:ed:d6:c7:53:d5:d2:7f:2f:82:
         c1:a7:49:28:2c:88:6e:70:45:78:85:1c:a7:15:a2:a7:57:4c:
         88:15:86:7b:ec:8d:5d:38:e0:03:a1:b7:eb:d0:24:d5:d2:ad:
         13:f9:51:fa
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZzciUrFa3Nw08EkSY3mEcmiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzZGM1ZDRlOWM5MDU3M2M2ZGRmN2QwMGNiZThiMmVkYTQx
M2ZjODYwHhcNMjYwMzExMTA1NTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWM1M2JjN2Y3ZWIwZjRmMTI1MzY2MTgzNzhjNThiYzYyM2NhYjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAulLF2Lv/DqHgIXNs3B24/DUH+PLm
Rqmkj0FGc4/Cvl2DEqSUc/NG2eXd5Zlt1h34WFNaIWqzmXEdHqeJ/mw62iLyW/6/
PXtuazZdz4zkCG3Yi51cztoDkxVqYsGt6uzVE9Txe1ToAEsqYflYn9k7sM29Tpir
o5miD5bhg8xmH2Dx2YTE5BZDhoidxMe876c+LEunudXd3eNk75km80tSwv/ngiMA
uVrg0VzVZPUZgWU1tBU3ddVFywyiw6mvGgsQMytNbe5UkZLDg8eu0JkJTQbVxmEC
qbz/DMJ88JS4gTuDMCHP0jGFqfwSwl8MjElWbYBYGg8R569C/+Jo6uYWYQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD7FO8f36w9PElNmGDeMWLxiPKtRMB8GA1UdIwQY
MBaAFFPcXU6ckFc8bd99AMvosu2kE/yGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTl4ZFRweVFWenh0MzMwQXktaXk3YVFUX0lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC84NmVjZjEtOGFhZi00NmM2LTk1MWQt
YWQ2NjcyMmQzNDllLzEvUHNVN3hfZnJEMDhTVTJZWU40eFl2R0k4cTFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC84NmVjZjEtOGFhZi00NmM2LTk1MWQtYWQ2NjcyMmQzNDll
LzEvVTl4ZFRweVFWenh0MzMwQXktaXk3YVFUX0lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhKKgAFA
MA0GCSqGSIb3DQEBCwUAA4IBAQAtTH17+RdNQ4GUKfoWrfzPremUMDJDqlROO8Dr
0Wt9WJPOfmC0y0dh9Tj513X226tfCQLsDyy/5f+PR6qB7j2K5a/2fxHIDZ4fInQ5
ekg93C4i8TidVvtdY83r9Hw/d7B8qP/qzZWodqtWD14Yp65l7ObzQBWy+4Lg7HGN
VYkjfxKKI9sTw2acE5Gx6P+zWpvXWmYW9kEKEyFj8CW6317hoM4uWt9xnaEtu2mD
vr3vKtgD8R8DDoGiU+03V01HBBl3rs56YNN1b+vULkvq+PDt1sdT1dJ/L4LBp0ko
LIhucEV4hRynFaKnV0yIFYZ77I1dOOADobfr0CTV0q0T+VH6
-----END CERTIFICATE-----