Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/045f70-9ea5-42a3-8786-ee8cfdd2ed94/1/Mim9CmMQR3ozLGCE-Tgf11KxorA.roa
File:                     Mim9CmMQR3ozLGCE-Tgf11KxorA.roa (raw, json)
Hash identifier:          dOIzZQ99FYcO+06vOL0/z+/bioujv1F4xxKsnMDaHCA=
Subject key identifier:   32:29:BD:0A:63:10:47:7A:33:2C:60:84:F9:38:1F:D7:52:B1:A2:B0
Certificate issuer:       /CN=367160181739568e578e1b5f57976a60398062e6
Certificate serial:       019F0829AABEA57D879CD3443981C6196B91
Authority key identifier: 36:71:60:18:17:39:56:8E:57:8E:1B:5F:57:97:6A:60:39:80:62:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NnFgGBc5Vo5XjhtfV5dqYDmAYuY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/045f70-9ea5-42a3-8786-ee8cfdd2ed94/1/Mim9CmMQR3ozLGCE-Tgf11KxorA.roa
Signing time:             Sat 27 Jun 2026 08:19:36 +0000
ROA not before:           Sat 27 Jun 2026 08:19:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219348
IP address blocks:        2a09:3f00:100c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/045f70-9ea5-42a3-8786-ee8cfdd2ed94/1/NnFgGBc5Vo5XjhtfV5dqYDmAYuY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/045f70-9ea5-42a3-8786-ee8cfdd2ed94/1/NnFgGBc5Vo5XjhtfV5dqYDmAYuY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NnFgGBc5Vo5XjhtfV5dqYDmAYuY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 18:43:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:08:29:aa:be:a5:7d:87:9c:d3:44:39:81:c6:19:6b:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=367160181739568e578e1b5f57976a60398062e6
        Validity
            Not Before: Jun 27 08:19:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3229bd0a6310477a332c6084f9381fd752b1a2b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:55:b7:3f:4b:66:a8:98:fd:87:16:f5:f1:4d:
                    0f:47:be:3b:ea:23:aa:3b:5e:68:8b:45:22:19:68:
                    cc:c7:bd:22:db:42:18:59:66:79:34:67:06:d1:bb:
                    cf:f9:30:cc:cd:f3:a6:d6:17:13:d8:c4:f6:3e:56:
                    af:30:73:44:f8:5e:4c:56:b9:bc:aa:06:f9:a4:b2:
                    7d:bc:44:8b:24:50:50:c0:9b:1a:43:10:61:96:5d:
                    2c:5f:ff:48:bd:68:09:25:90:78:67:67:43:07:c7:
                    02:db:61:c3:84:f5:23:7b:76:d1:34:a9:35:9a:32:
                    c0:bc:37:5a:9d:ae:f6:50:c8:ee:18:75:c0:cb:56:
                    16:8d:66:84:ab:63:85:04:43:36:50:42:4c:b8:ca:
                    e3:c9:ae:dc:73:0b:8a:83:b9:e1:d1:95:76:b3:c5:
                    2c:07:a2:de:8a:f4:f2:56:e8:68:9e:ac:a4:81:75:
                    33:2f:85:7c:b4:f1:74:4f:00:21:08:a2:68:af:c9:
                    b7:fc:ea:bf:7d:fe:91:a1:c1:99:b8:af:01:bd:ff:
                    05:fe:c4:58:88:c7:f5:6d:f5:1f:49:9e:98:8a:24:
                    ff:06:d3:82:43:d9:9e:4e:17:19:2c:23:01:58:92:
                    d8:f9:e3:40:e1:c2:c1:5c:1f:ad:b1:3d:45:48:42:
                    71:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:29:BD:0A:63:10:47:7A:33:2C:60:84:F9:38:1F:D7:52:B1:A2:B0
            X509v3 Authority Key Identifier:
                keyid:36:71:60:18:17:39:56:8E:57:8E:1B:5F:57:97:6A:60:39:80:62:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NnFgGBc5Vo5XjhtfV5dqYDmAYuY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/045f70-9ea5-42a3-8786-ee8cfdd2ed94/1/Mim9CmMQR3ozLGCE-Tgf11KxorA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/045f70-9ea5-42a3-8786-ee8cfdd2ed94/1/NnFgGBc5Vo5XjhtfV5dqYDmAYuY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:3f00:100c::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:1c:f6:a5:cb:f8:2f:94:6c:68:63:87:4a:9a:74:cc:ca:43:
         b5:b4:69:01:55:e9:42:d1:d7:eb:e1:44:e2:55:68:4a:35:a8:
         88:91:be:9f:f8:45:5c:97:66:3f:33:49:9d:4f:33:57:f1:2b:
         03:57:b1:99:ed:f0:fa:e9:04:36:ef:93:64:6d:3f:50:1b:8d:
         7e:ac:f1:48:0e:1d:19:9d:f7:fe:90:79:b1:17:4e:a8:e8:eb:
         b5:92:a1:3b:bf:fc:87:1d:48:be:1f:5b:0c:7d:db:ed:6b:ff:
         c5:62:57:87:8d:5d:20:9b:5b:ff:f7:ab:c0:f4:eb:f2:ad:b0:
         68:45:dd:9a:84:22:e4:2f:24:43:ff:90:85:2d:e4:8c:e5:ae:
         6c:9b:05:9e:8a:b2:a3:a8:0c:6b:80:11:80:66:b8:85:35:86:
         a7:16:e1:ac:5e:c8:ce:71:64:f5:6f:5d:40:79:5f:38:73:44:
         05:aa:b8:a3:28:c3:db:d2:2c:95:b2:f7:cf:67:cf:bf:20:c8:
         3b:a4:13:3e:3b:e8:65:16:57:17:b0:89:72:cf:86:d4:a1:1a:
         a8:21:a8:98:78:10:72:3d:e6:c5:14:bd:54:92:77:52:56:20:
         3d:f5:10:da:c4:9c:3e:b2:95:96:df:95:94:b7:bf:49:08:d3:
         e7:aa:9a:a3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ8IKaq+pX2HnNNEOYHGGWuRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2NzE2MDE4MTczOTU2OGU1NzhlMWI1ZjU3OTc2YTYwMzk4
MDYyZTYwHhcNMjYwNjI3MDgxOTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjI5YmQwYTYzMTA0NzdhMzMyYzYwODRmOTM4MWZkNzUyYjFhMmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx1W3P0tmqJj9hxb18U0PR7476iOq
O15oi0UiGWjMx70i20IYWWZ5NGcG0bvP+TDMzfOm1hcT2MT2PlavMHNE+F5MVrm8
qgb5pLJ9vESLJFBQwJsaQxBhll0sX/9IvWgJJZB4Z2dDB8cC22HDhPUje3bRNKk1
mjLAvDdana72UMjuGHXAy1YWjWaEq2OFBEM2UEJMuMrjya7ccwuKg7nh0ZV2s8Us
B6LeivTyVuhonqykgXUzL4V8tPF0TwAhCKJor8m3/Oq/ff6RocGZuK8Bvf8F/sRY
iMf1bfUfSZ6YiiT/BtOCQ9meThcZLCMBWJLY+eNA4cLBXB+tsT1FSEJxiwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDIpvQpjEEd6MyxghPk4H9dSsaKwMB8GA1UdIwQY
MBaAFDZxYBgXOVaOV44bX1eXamA5gGLmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm5GZ0dCYzVWbzVYamh0ZlY1ZHFZRG1BWXVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS8wNDVmNzAtOWVhNS00MmEzLTg3ODYt
ZWU4Y2ZkZDJlZDk0LzEvTWltOUNtTVFSM296TEdDRS1UZ2YxMUt4b3JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS8wNDVmNzAtOWVhNS00MmEzLTg3ODYtZWU4Y2ZkZDJlZDk0
LzEvTm5GZ0dCYzVWbzVYamh0ZlY1ZHFZRG1BWXVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgk/ABAM
MA0GCSqGSIb3DQEBCwUAA4IBAQAgHPaly/gvlGxoY4dKmnTMykO1tGkBVelC0dfr
4UTiVWhKNaiIkb6f+EVcl2Y/M0mdTzNX8SsDV7GZ7fD66QQ275NkbT9QG41+rPFI
Dh0Znff+kHmxF06o6Ou1kqE7v/yHHUi+H1sMfdvta//FYleHjV0gm1v/96vA9Ovy
rbBoRd2ahCLkLyRD/5CFLeSM5a5smwWeirKjqAxrgBGAZriFNYanFuGsXsjOcWT1
b11AeV84c0QFqrijKMPb0iyVsvfPZ8+/IMg7pBM+O+hlFlcXsIlyz4bUoRqoIaiY
eBByPebFFL1UkndSViA99RDaxJw+spWW35WUt79JCNPnqpqj
-----END CERTIFICATE-----