Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/045f70-9ea5-42a3-8786-ee8cfdd2ed94/1/jRdAeFmN0KBRFg-nGD-IJy-4ZJg.roa
File:                     jRdAeFmN0KBRFg-nGD-IJy-4ZJg.roa (raw, json)
Hash identifier:          nQMC3hCRmQ4D1KBdRyKzmttIb877jjd5D7xgwAT2WdI=
Subject key identifier:   8D:17:40:78:59:8D:D0:A0:51:16:0F:A7:18:3F:88:27:2F:B8:64:98
Certificate issuer:       /CN=367160181739568e578e1b5f57976a60398062e6
Certificate serial:       019EDC0F90BC32EEF3BBAADFBBF5221FF722
Authority key identifier: 36:71:60:18:17:39:56:8E:57:8E:1B:5F:57:97:6A:60:39:80:62:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NnFgGBc5Vo5XjhtfV5dqYDmAYuY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/045f70-9ea5-42a3-8786-ee8cfdd2ed94/1/jRdAeFmN0KBRFg-nGD-IJy-4ZJg.roa
Signing time:             Thu 18 Jun 2026 18:47:48 +0000
ROA not before:           Thu 18 Jun 2026 18:47:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199180
IP address blocks:        2a09:3f00:3300::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/045f70-9ea5-42a3-8786-ee8cfdd2ed94/1/NnFgGBc5Vo5XjhtfV5dqYDmAYuY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/045f70-9ea5-42a3-8786-ee8cfdd2ed94/1/NnFgGBc5Vo5XjhtfV5dqYDmAYuY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NnFgGBc5Vo5XjhtfV5dqYDmAYuY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 18:43:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:dc:0f:90:bc:32:ee:f3:bb:aa:df:bb:f5:22:1f:f7:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=367160181739568e578e1b5f57976a60398062e6
        Validity
            Not Before: Jun 18 18:47:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8d174078598dd0a051160fa7183f88272fb86498
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:5e:45:4b:02:f3:34:b6:b0:0f:b3:d5:7d:c8:
                    cd:c9:16:90:a1:89:91:b9:ca:02:cb:4a:a6:22:43:
                    4f:ae:a5:0a:3d:b3:f4:49:22:d9:d9:9e:2b:d8:82:
                    54:0f:58:ef:26:cd:22:24:eb:a7:69:a3:ca:3c:4e:
                    57:ad:d9:33:96:a6:3f:9f:5f:08:09:72:98:e5:c6:
                    0a:f4:ba:c8:fd:e7:35:ab:a9:6a:54:60:3a:cf:10:
                    89:95:59:7c:5d:c8:0c:cf:83:03:c7:36:c8:df:24:
                    3e:0a:6a:4e:bc:76:20:5c:d7:be:e3:89:31:9f:b8:
                    87:95:c5:22:99:e6:e8:45:02:a3:b3:3b:09:81:ea:
                    ac:46:2a:16:75:e2:85:a7:cf:18:e2:3a:fd:26:00:
                    28:5b:85:60:ae:db:b1:17:83:04:ee:81:32:55:a8:
                    e0:9e:94:7f:d8:5a:de:f8:b6:42:93:18:fd:60:74:
                    1a:29:e2:00:f3:38:42:be:e3:67:6c:72:e7:76:36:
                    9a:a2:ac:54:e0:c6:4b:ee:19:bd:f1:c8:f1:99:c6:
                    c9:ab:3e:e9:13:16:a7:97:90:74:0c:38:75:96:3d:
                    b5:7f:6f:6d:d8:81:bf:ce:e6:e4:4d:0b:d6:72:16:
                    2c:e4:19:47:71:48:19:73:d0:bd:dd:04:e9:39:75:
                    d1:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:17:40:78:59:8D:D0:A0:51:16:0F:A7:18:3F:88:27:2F:B8:64:98
            X509v3 Authority Key Identifier:
                keyid:36:71:60:18:17:39:56:8E:57:8E:1B:5F:57:97:6A:60:39:80:62:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NnFgGBc5Vo5XjhtfV5dqYDmAYuY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/045f70-9ea5-42a3-8786-ee8cfdd2ed94/1/jRdAeFmN0KBRFg-nGD-IJy-4ZJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/045f70-9ea5-42a3-8786-ee8cfdd2ed94/1/NnFgGBc5Vo5XjhtfV5dqYDmAYuY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:3f00:3300::/40

    Signature Algorithm: sha256WithRSAEncryption
         53:c0:84:cc:58:18:f1:41:7a:bd:a6:b0:1a:31:6a:01:65:7a:
         89:25:f7:ca:56:99:b0:c1:84:a4:4a:59:71:ea:3b:f5:70:c7:
         49:4b:fb:8c:0d:0d:ef:c7:ec:05:7a:fb:3f:9d:7e:37:01:f2:
         5b:0d:66:d2:04:a3:55:ec:df:ab:53:81:05:4a:22:15:7c:66:
         26:3c:6c:46:e2:43:27:9e:38:0a:cf:e5:61:aa:91:2e:bb:a5:
         85:04:59:6a:6f:03:f4:4e:5e:cc:b9:92:87:ee:c4:17:0f:42:
         36:3a:23:2c:e8:36:16:89:af:4f:70:6d:90:83:3b:4b:6b:a4:
         fc:eb:d1:63:91:53:ad:19:ed:40:fc:0d:46:18:73:ff:06:ee:
         41:6c:00:8c:df:63:32:ed:0f:81:d3:ac:2c:42:e2:a4:98:24:
         41:5e:50:dd:6a:df:43:f9:b1:1e:81:ee:0b:07:e4:4b:38:17:
         7f:19:68:e3:c5:9d:df:56:ef:44:c1:4d:68:69:60:8f:f2:ca:
         79:64:fd:8a:86:4f:14:00:2c:b4:51:e3:e9:a5:17:7b:cd:ce:
         28:79:0f:82:44:d0:60:69:1e:00:7f:39:0b:46:df:26:a1:e0:
         25:2f:5c:c9:16:76:e4:f1:a9:ab:e5:17:46:d7:75:82:14:3f:
         77:9c:91:49
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZ7cD5C8Mu7zu6rfu/UiH/ciMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2NzE2MDE4MTczOTU2OGU1NzhlMWI1ZjU3OTc2YTYwMzk4
MDYyZTYwHhcNMjYwNjE4MTg0NzQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDE3NDA3ODU5OGRkMGEwNTExNjBmYTcxODNmODgyNzJmYjg2NDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0l5FSwLzNLawD7PVfcjNyRaQoYmR
ucoCy0qmIkNPrqUKPbP0SSLZ2Z4r2IJUD1jvJs0iJOunaaPKPE5XrdkzlqY/n18I
CXKY5cYK9LrI/ec1q6lqVGA6zxCJlVl8XcgMz4MDxzbI3yQ+CmpOvHYgXNe+44kx
n7iHlcUimeboRQKjszsJgeqsRioWdeKFp88Y4jr9JgAoW4VgrtuxF4ME7oEyVajg
npR/2Fre+LZCkxj9YHQaKeIA8zhCvuNnbHLndjaaoqxU4MZL7hm98cjxmcbJqz7p
Exanl5B0DDh1lj21f29t2IG/zubkTQvWchYs5BlHcUgZc9C93QTpOXXRiQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFI0XQHhZjdCgURYPpxg/iCcvuGSYMB8GA1UdIwQY
MBaAFDZxYBgXOVaOV44bX1eXamA5gGLmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm5GZ0dCYzVWbzVYamh0ZlY1ZHFZRG1BWXVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS8wNDVmNzAtOWVhNS00MmEzLTg3ODYt
ZWU4Y2ZkZDJlZDk0LzEvalJkQWVGbU4wS0JSRmctbkdELUlKeS00WkpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS8wNDVmNzAtOWVhNS00MmEzLTg3ODYtZWU4Y2ZkZDJlZDk0
LzEvTm5GZ0dCYzVWbzVYamh0ZlY1ZHFZRG1BWXVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKgk/ADMw
DQYJKoZIhvcNAQELBQADggEBAFPAhMxYGPFBer2msBoxagFleokl98pWmbDBhKRK
WXHqO/Vwx0lL+4wNDe/H7AV6+z+dfjcB8lsNZtIEo1Xs36tTgQVKIhV8ZiY8bEbi
QyeeOArP5WGqkS67pYUEWWpvA/ROXsy5kofuxBcPQjY6IyzoNhaJr09wbZCDO0tr
pPzr0WORU60Z7UD8DUYYc/8G7kFsAIzfYzLtD4HTrCxC4qSYJEFeUN1q30P5sR6B
7gsH5Es4F38ZaOPFnd9W70TBTWhpYI/yynlk/YqGTxQALLRR4+mlF3vNzih5D4JE
0GBpHgB/OQtG3yah4CUvXMkWduTxqavlF0bXdYIUP3eckUk=
-----END CERTIFICATE-----