Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/0sIEUkqEuEuah5snwOEtEaxPaYE.roa
File:                     0sIEUkqEuEuah5snwOEtEaxPaYE.roa (raw, json)
Hash identifier:          /mxXa9/sDwHidvSWMCNn+Onl2+SHGU2kNlwneM+xeYY=
Subject key identifier:   D2:C2:04:52:4A:84:B8:4B:9A:87:9B:27:C0:E1:2D:11:AC:4F:69:81
Certificate issuer:       /CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
Certificate serial:       019D248AF247DE8E15F0BB3F93604AE62569
Authority key identifier: 75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/0sIEUkqEuEuah5snwOEtEaxPaYE.roa
Signing time:             Wed 25 Mar 2026 10:29:38 +0000
ROA not before:           Wed 25 Mar 2026 10:29:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44020
IP address blocks:        2a13:93c7::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:24:8a:f2:47:de:8e:15:f0:bb:3f:93:60:4a:e6:25:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7508475ff0d8ec960336016e0e04221a98e5ecf2
        Validity
            Not Before: Mar 25 10:29:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d2c204524a84b84b9a879b27c0e12d11ac4f6981
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:39:6d:6f:06:13:ce:50:cc:a9:73:7a:4c:ae:
                    3c:18:a7:ca:a8:5b:87:fe:57:33:bf:f4:7d:48:84:
                    cc:ee:26:83:05:fb:48:a9:1c:53:41:bf:21:d5:ca:
                    90:ee:c6:2d:9d:74:85:68:12:c1:fb:3e:87:03:54:
                    e4:a7:f7:b5:cd:fb:28:be:4f:b6:b0:b1:f5:54:48:
                    92:06:e5:d5:15:74:19:de:c3:4d:61:3d:e4:0b:b1:
                    b0:45:b4:76:85:80:d2:e4:99:90:2f:e1:51:ad:eb:
                    9c:a3:7f:1d:0f:7c:0d:a3:ab:ee:b8:a8:b3:a9:df:
                    48:45:8f:b2:2b:5d:09:88:25:39:1b:1a:e2:3d:f1:
                    6d:38:f3:c3:9b:dd:05:58:ae:88:6f:05:2b:b7:72:
                    08:0c:52:15:10:cb:8e:c2:71:57:de:22:4e:28:7b:
                    4d:c0:7d:15:6d:18:36:a7:24:1f:29:f5:4a:e1:02:
                    d9:f2:04:97:94:7a:98:89:8d:9b:31:08:aa:37:2b:
                    54:8a:d3:0f:d4:c2:37:d6:e0:88:3b:d7:d1:bb:ee:
                    d6:a3:02:b8:46:79:33:db:ee:ce:c7:da:64:c6:ea:
                    88:e9:8d:ec:ec:78:3b:c2:76:2c:dd:4a:27:12:4b:
                    77:93:71:92:e6:85:48:60:52:7d:d9:3c:39:ba:67:
                    ef:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:C2:04:52:4A:84:B8:4B:9A:87:9B:27:C0:E1:2D:11:AC:4F:69:81
            X509v3 Authority Key Identifier:
                keyid:75:08:47:5F:F0:D8:EC:96:03:36:01:6E:0E:04:22:1A:98:E5:EC:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dQhHX_DY7JYDNgFuDgQiGpjl7PI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/0sIEUkqEuEuah5snwOEtEaxPaYE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/1fa6a3-8dc5-4c35-a49b-171c367be782/1/dQhHX_DY7JYDNgFuDgQiGpjl7PI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:93c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         52:af:2e:a8:28:63:48:0f:2d:b5:53:17:62:9d:e1:19:8c:e7:
         e7:eb:89:60:96:62:08:43:26:b2:18:18:e2:c3:16:9b:17:b7:
         2f:44:9a:b0:90:05:86:24:3c:ae:de:7a:3b:18:f7:a4:be:de:
         a6:64:e6:45:31:58:ab:df:e9:50:e2:71:d1:19:2c:b4:50:35:
         c4:c5:b4:91:8f:23:5f:1a:71:9d:a8:c8:71:82:ae:d2:ff:a9:
         c2:b1:fd:47:4b:df:61:67:88:38:2c:a0:cc:54:8f:62:3f:7e:
         a1:69:af:b4:da:99:10:28:1d:1d:23:0c:b7:eb:8d:f1:fa:24:
         b7:bd:be:14:1f:42:a1:40:c4:1b:b5:73:1b:b9:c2:fa:af:c0:
         dc:f0:cf:da:54:ea:39:bb:47:44:8c:8d:a0:f3:ba:5d:2c:8e:
         79:b6:86:10:4e:9d:df:ad:cb:80:b7:a0:7a:7c:96:aa:72:99:
         99:96:d2:3c:c4:56:16:07:54:b3:41:e6:ba:0a:ab:7a:dd:d2:
         99:c7:66:ce:8a:51:16:56:8b:d5:c1:6a:ad:98:64:af:e2:09:
         d4:5e:a1:d2:ae:f3:3c:db:23:52:49:80:33:6f:70:0f:15:6d:
         3e:0b:15:01:35:e0:8c:5c:4c:46:cd:89:21:0b:6c:94:8f:a3:
         4c:4e:7b:00
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ0kivJH3o4V8Ls/k2BK5iVpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1MDg0NzVmZjBkOGVjOTYwMzM2MDE2ZTBlMDQyMjFhOThl
NWVjZjIwHhcNMjYwMzI1MTAyOTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmMyMDQ1MjRhODRiODRiOWE4NzliMjdjMGUxMmQxMWFjNGY2OTgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwjltbwYTzlDMqXN6TK48GKfKqFuH
/lczv/R9SITM7iaDBftIqRxTQb8h1cqQ7sYtnXSFaBLB+z6HA1Tkp/e1zfsovk+2
sLH1VEiSBuXVFXQZ3sNNYT3kC7GwRbR2hYDS5JmQL+FRreuco38dD3wNo6vuuKiz
qd9IRY+yK10JiCU5GxriPfFtOPPDm90FWK6IbwUrt3IIDFIVEMuOwnFX3iJOKHtN
wH0VbRg2pyQfKfVK4QLZ8gSXlHqYiY2bMQiqNytUitMP1MI31uCIO9fRu+7WowK4
Rnkz2+7Ox9pkxuqI6Y3s7Hg7wnYs3UonEkt3k3GS5oVIYFJ92Tw5umfv9wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNLCBFJKhLhLmoebJ8DhLRGsT2mBMB8GA1UdIwQY
MBaAFHUIR1/w2OyWAzYBbg4EIhqY5ezyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWIt
MTcxYzM2N2JlNzgyLzEvMHNJRVVrcUV1RXVhaDVzbndPRXRFYXhQYVlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS8xZmE2YTMtOGRjNS00YzM1LWE0OWItMTcxYzM2N2JlNzgy
LzEvZFFoSFhfRFk3SllETmdGdURnUWlHcGpsN1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhOTxzAN
BgkqhkiG9w0BAQsFAAOCAQEAUq8uqChjSA8ttVMXYp3hGYzn5+uJYJZiCEMmshgY
4sMWmxe3L0SasJAFhiQ8rt56Oxj3pL7epmTmRTFYq9/pUOJx0RkstFA1xMW0kY8j
XxpxnajIcYKu0v+pwrH9R0vfYWeIOCygzFSPYj9+oWmvtNqZECgdHSMMt+uN8fok
t72+FB9CoUDEG7VzG7nC+q/A3PDP2lTqObtHRIyNoPO6XSyOebaGEE6d363LgLeg
enyWqnKZmZbSPMRWFgdUs0Hmugqret3SmcdmzopRFlaL1cFqrZhkr+IJ1F6h0q7z
PNsjUkmAM29wDxVtPgsVATXgjFxMRs2JIQtslI+jTE57AA==
-----END CERTIFICATE-----