Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/c9db0e-903e-485e-b67f-2c7a2a746279/1/XfYkU787j3WhMTZPnJmIUryBUv8.roa
File:                     XfYkU787j3WhMTZPnJmIUryBUv8.roa (raw, json)
Hash identifier:          h2gKkudjUVGsEuk5RZekt+DQ3CWf3ljc/O91aN85ogU=
Subject key identifier:   5D:F6:24:53:BF:3B:8F:75:A1:31:36:4F:9C:99:88:52:BC:81:52:FF
Certificate issuer:       /CN=5376467ef0921c51190e2ea60f2abb3bd6e9c19f
Certificate serial:       019DAFEC86CCBA6887419B78066B50605DDA
Authority key identifier: 53:76:46:7E:F0:92:1C:51:19:0E:2E:A6:0F:2A:BB:3B:D6:E9:C1:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U3ZGfvCSHFEZDi6mDyq7O9bpwZ8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/c9db0e-903e-485e-b67f-2c7a2a746279/1/XfYkU787j3WhMTZPnJmIUryBUv8.roa
Signing time:             Tue 21 Apr 2026 12:03:26 +0000
ROA not before:           Tue 21 Apr 2026 12:03:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29632
IP address blocks:        2a0b:480::/47 maxlen: 47
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/c9db0e-903e-485e-b67f-2c7a2a746279/1/U3ZGfvCSHFEZDi6mDyq7O9bpwZ8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/c9db0e-903e-485e-b67f-2c7a2a746279/1/U3ZGfvCSHFEZDi6mDyq7O9bpwZ8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U3ZGfvCSHFEZDi6mDyq7O9bpwZ8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:af:ec:86:cc:ba:68:87:41:9b:78:06:6b:50:60:5d:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5376467ef0921c51190e2ea60f2abb3bd6e9c19f
        Validity
            Not Before: Apr 21 12:03:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5df62453bf3b8f75a131364f9c998852bc8152ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:63:6e:dd:6b:fa:d6:27:8b:9a:f8:6b:7a:c6:
                    49:b1:0b:76:2f:ee:4f:d1:e2:7b:fb:6f:28:75:4b:
                    df:d9:ed:88:66:3b:e9:5d:a6:74:53:17:f4:80:f6:
                    6a:93:c7:fa:34:f9:87:c0:8e:ac:10:d5:b9:c2:c3:
                    b1:53:9b:97:55:1c:d3:b2:8e:6b:da:c1:d7:2e:77:
                    f4:1f:98:88:cd:75:6d:d5:ed:ae:37:bf:59:48:85:
                    bf:a7:b1:4d:a5:e3:a2:9c:af:8e:45:4e:83:e9:b5:
                    19:24:1e:39:81:8c:d8:3e:b9:40:a4:47:90:72:ad:
                    69:6b:bf:35:06:f1:33:12:d7:58:3b:11:6f:16:87:
                    54:8e:42:83:a6:9d:89:6a:60:f3:75:23:1e:da:d3:
                    18:4e:08:c1:0d:d5:29:af:01:25:7a:6a:fb:d7:14:
                    e2:b1:b0:e2:0d:e7:3f:51:bf:2c:01:32:93:61:bc:
                    d3:3b:24:f5:f6:4d:5a:f1:87:ca:28:82:75:9a:ee:
                    cb:d6:cf:76:96:91:93:61:db:d4:15:01:26:6e:49:
                    83:5d:85:69:73:64:e3:24:d3:a1:63:53:fe:aa:30:
                    eb:e9:6b:ef:a8:e6:9b:8b:ad:01:92:3a:97:62:33:
                    6a:a8:c2:34:f9:4f:c8:7e:5e:02:8f:6a:7c:7f:18:
                    45:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:F6:24:53:BF:3B:8F:75:A1:31:36:4F:9C:99:88:52:BC:81:52:FF
            X509v3 Authority Key Identifier:
                keyid:53:76:46:7E:F0:92:1C:51:19:0E:2E:A6:0F:2A:BB:3B:D6:E9:C1:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U3ZGfvCSHFEZDi6mDyq7O9bpwZ8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/c9db0e-903e-485e-b67f-2c7a2a746279/1/XfYkU787j3WhMTZPnJmIUryBUv8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/c9db0e-903e-485e-b67f-2c7a2a746279/1/U3ZGfvCSHFEZDi6mDyq7O9bpwZ8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:480::/47

    Signature Algorithm: sha256WithRSAEncryption
         65:2a:af:71:86:b6:73:e9:c6:19:00:e7:29:8b:d8:5a:6d:04:
         97:b8:9c:47:8b:85:1b:03:e3:18:30:af:ec:5d:3e:14:1f:87:
         1f:7e:31:fa:f2:79:a6:f6:ef:8d:e7:1e:c3:a0:ac:97:0e:5c:
         34:7a:d6:1c:89:80:db:04:e1:4c:7b:20:03:58:fe:0c:14:f6:
         03:8d:55:37:2e:50:c1:2f:fa:6b:41:e7:ab:eb:81:54:a9:c8:
         81:7c:10:61:92:fd:40:db:ae:be:49:fb:bd:65:d3:6d:a2:a0:
         a8:4b:89:a0:dd:65:47:fc:fe:47:b6:c3:01:72:ca:4e:c1:39:
         fb:3c:a2:86:b4:db:06:dd:f6:cf:4f:a8:60:92:93:20:63:36:
         fb:bb:11:ea:71:53:7f:63:cf:d3:29:bc:69:7f:59:4f:fe:52:
         e1:a1:18:b5:6d:ca:b0:c7:ea:37:1d:33:fb:95:cd:d4:92:8a:
         14:7a:9e:c6:b3:bb:0a:82:ad:87:b2:cf:6c:e8:b8:fb:a5:b4:
         3e:22:a7:f5:06:20:fe:5e:6d:bf:8b:d4:ff:0b:ec:43:0f:7b:
         c0:fe:d0:2f:34:f3:6e:87:92:02:dd:da:31:84:3f:50:1b:6f:
         55:0f:df:09:ae:0e:b6:b4:54:e2:15:23:07:34:41:a5:85:0b:
         b6:d0:3b:b0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ2v7IbMumiHQZt4BmtQYF3aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzNzY0NjdlZjA5MjFjNTExOTBlMmVhNjBmMmFiYjNiZDZl
OWMxOWYwHhcNMjYwNDIxMTIwMzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGY2MjQ1M2JmM2I4Zjc1YTEzMTM2NGY5Yzk5ODg1MmJjODE1MmZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmNu3Wv61ieLmvhresZJsQt2L+5P
0eJ7+28odUvf2e2IZjvpXaZ0Uxf0gPZqk8f6NPmHwI6sENW5wsOxU5uXVRzTso5r
2sHXLnf0H5iIzXVt1e2uN79ZSIW/p7FNpeOinK+ORU6D6bUZJB45gYzYPrlApEeQ
cq1pa781BvEzEtdYOxFvFodUjkKDpp2JamDzdSMe2tMYTgjBDdUprwElemr71xTi
sbDiDec/Ub8sATKTYbzTOyT19k1a8YfKKIJ1mu7L1s92lpGTYdvUFQEmbkmDXYVp
c2TjJNOhY1P+qjDr6WvvqOabi60BkjqXYjNqqMI0+U/Ifl4Cj2p8fxhF8QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF32JFO/O491oTE2T5yZiFK8gVL/MB8GA1UdIwQY
MBaAFFN2Rn7wkhxRGQ4upg8quzvW6cGfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTNaR2Z2Q1NIRkVaRGk2bUR5cTdPOWJwd1o4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC9jOWRiMGUtOTAzZS00ODVlLWI2N2Yt
MmM3YTJhNzQ2Mjc5LzEvWGZZa1U3ODdqM1doTVRaUG5KbUlVcnlCVXY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC9jOWRiMGUtOTAzZS00ODVlLWI2N2YtMmM3YTJhNzQ2Mjc5
LzEvVTNaR2Z2Q1NIRkVaRGk2bUR5cTdPOWJwd1o4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKgsEgAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQBlKq9xhrZz6cYZAOcpi9habQSXuJxHi4UbA+MY
MK/sXT4UH4cffjH68nmm9u+N5x7DoKyXDlw0etYciYDbBOFMeyADWP4MFPYDjVU3
LlDBL/prQeer64FUqciBfBBhkv1A266+Sfu9ZdNtoqCoS4mg3WVH/P5HtsMBcspO
wTn7PKKGtNsG3fbPT6hgkpMgYzb7uxHqcVN/Y8/TKbxpf1lP/lLhoRi1bcqwx+o3
HTP7lc3UkooUep7Gs7sKgq2Hss9s6Lj7pbQ+Iqf1BiD+Xm2/i9T/C+xDD3vA/tAv
NPNuh5IC3doxhD9QG29VD98Jrg62tFTiFSMHNEGlhQu20Duw
-----END CERTIFICATE-----