Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/9K8ZM2pPiDLvwb6JSVsaWdDGe_A.roa
File:                     9K8ZM2pPiDLvwb6JSVsaWdDGe_A.roa (raw, json)
Hash identifier:          Tuft3mxOJGI6mlJINjULDZN09LoPd1LMbF0uTKtMgQU=
Subject key identifier:   F4:AF:19:33:6A:4F:88:32:EF:C1:BE:89:49:5B:1A:59:D0:C6:7B:F0
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019DD87E9C6E2C77EA110683F350DCB732A5
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/9K8ZM2pPiDLvwb6JSVsaWdDGe_A.roa
Signing time:             Wed 29 Apr 2026 09:07:49 +0000
ROA not before:           Wed 29 Apr 2026 09:07:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213618
IP address blocks:        2a0c:5d40::/29 maxlen: 29
                          2a11:580::/29 maxlen: 29
                          2a11:d680::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 03 May 2026 02:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d8:7e:9c:6e:2c:77:ea:11:06:83:f3:50:dc:b7:32:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Apr 29 09:07:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f4af19336a4f8832efc1be89495b1a59d0c67bf0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:98:b7:cd:aa:6c:00:2e:35:93:ca:9f:6e:93:
                    ad:f5:b9:f5:ba:34:81:03:0b:05:c2:1d:5d:b6:21:
                    22:1d:9d:c9:ee:e2:36:66:08:08:24:37:85:12:ed:
                    36:20:79:73:3b:64:39:91:2e:4a:22:db:4d:0c:4f:
                    41:f0:5b:64:60:e2:f7:e3:c8:ff:0b:8a:c6:5f:a8:
                    37:6d:d4:32:88:20:b5:40:57:b2:b5:89:c6:89:12:
                    82:71:1b:88:68:db:8a:f7:de:ea:07:03:e3:7c:60:
                    a9:e9:e7:f5:1e:46:6c:96:ec:4a:8b:04:18:32:37:
                    0d:1b:1c:4f:58:8f:34:0a:60:e6:23:23:97:f1:57:
                    5f:ab:36:af:98:c5:69:52:c2:ff:61:67:5d:9d:8d:
                    11:cd:e8:6e:46:22:96:85:7e:b2:e6:ce:0f:ce:20:
                    16:0a:a9:ad:2a:c3:e3:e1:65:2a:d0:5a:5c:4d:df:
                    1a:10:92:69:ef:08:1f:c1:f8:e9:37:b2:95:0a:34:
                    6b:74:3d:32:df:f9:d3:bb:29:e3:1a:c5:3a:b4:a2:
                    32:d4:e2:ca:f6:94:e3:ed:dc:31:db:a5:a4:84:b0:
                    0c:5e:d8:63:8c:44:31:dc:54:e7:a3:bf:a2:d5:d8:
                    64:3b:df:1c:4b:1c:d1:87:6b:c5:8d:8b:0c:4a:ce:
                    02:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:AF:19:33:6A:4F:88:32:EF:C1:BE:89:49:5B:1A:59:D0:C6:7B:F0
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/9K8ZM2pPiDLvwb6JSVsaWdDGe_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:5d40::/29
                  2a11:580::/29
                  2a11:d680::/29

    Signature Algorithm: sha256WithRSAEncryption
         81:1e:30:e4:51:a4:40:46:5f:2b:32:36:a4:f0:03:ee:66:68:
         ff:07:e3:28:45:1e:57:eb:5d:e6:b9:9b:4b:b4:4b:f9:96:2a:
         ea:33:e0:29:86:20:f9:59:d9:82:72:4b:0e:74:bc:45:c7:ea:
         98:01:76:de:02:90:e4:be:f7:a2:e0:ff:2c:00:93:53:71:58:
         fc:87:3d:e1:9e:14:4c:26:15:52:9f:a4:f0:43:c4:59:01:3d:
         ac:21:7a:7c:24:56:4f:33:55:fa:e4:8b:64:dd:70:25:91:56:
         33:d8:1e:0a:5d:ef:3a:ee:4e:64:b4:4e:65:2d:dd:be:ad:da:
         46:09:a5:5a:15:49:3f:7f:50:da:5d:77:14:1c:5c:87:dc:cd:
         da:44:1d:93:ab:02:cd:7a:ff:0a:7e:f0:d2:08:7d:22:5d:3b:
         c5:db:7e:83:26:05:04:67:01:e1:66:44:96:5d:86:23:6d:6d:
         a1:94:f3:4e:6a:dc:d1:50:7d:02:da:12:98:fb:95:a8:33:0d:
         a5:7d:95:5e:11:ac:92:4d:e3:e9:61:9c:23:58:e8:ab:ed:7a:
         a2:28:d3:e1:ce:31:fa:6d:c4:01:4c:69:a3:5f:4f:89:3d:e3:
         51:7e:95:fe:cb:1c:cb:22:db:98:9b:69:5a:9e:4d:33:cb:b3:
         ba:27:9e:53
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ3YfpxuLHfqEQaD81DctzKlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjYwNDI5MDkwNzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGFmMTkzMzZhNGY4ODMyZWZjMWJlODk0OTViMWE1OWQwYzY3YmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAopi3zapsAC41k8qfbpOt9bn1ujSB
AwsFwh1dtiEiHZ3J7uI2ZggIJDeFEu02IHlzO2Q5kS5KIttNDE9B8FtkYOL348j/
C4rGX6g3bdQyiCC1QFeytYnGiRKCcRuIaNuK997qBwPjfGCp6ef1HkZsluxKiwQY
MjcNGxxPWI80CmDmIyOX8VdfqzavmMVpUsL/YWddnY0RzehuRiKWhX6y5s4PziAW
CqmtKsPj4WUq0FpcTd8aEJJp7wgfwfjpN7KVCjRrdD0y3/nTuynjGsU6tKIy1OLK
9pTj7dwx26WkhLAMXthjjEQx3FTno7+i1dhkO98cSxzRh2vFjYsMSs4CswIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPSvGTNqT4gy78G+iUlbGlnQxnvwMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvOUs4Wk0ycFBpREx2d2I2SlNWc2FXZERHZV9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKgxdQAMF
AyoRBYADBQMqEdaAMA0GCSqGSIb3DQEBCwUAA4IBAQCBHjDkUaRARl8rMjak8APu
Zmj/B+MoRR5X613muZtLtEv5lirqM+AphiD5WdmCcksOdLxFx+qYAXbeApDkvvei
4P8sAJNTcVj8hz3hnhRMJhVSn6TwQ8RZAT2sIXp8JFZPM1X65Itk3XAlkVYz2B4K
Xe867k5ktE5lLd2+rdpGCaVaFUk/f1DaXXcUHFyH3M3aRB2TqwLNev8KfvDSCH0i
XTvF236DJgUEZwHhZkSWXYYjbW2hlPNOatzRUH0C2hKY+5WoMw2lfZVeEaySTePp
YZwjWOir7XqiKNPhzjH6bcQBTGmjX0+JPeNRfpX+yxzLItuYm2lank0zy7O6J55T
-----END CERTIFICATE-----