Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/ae5Fkd1n_hzUjgaPcxQEByDNHLs.roa
File:                     ae5Fkd1n_hzUjgaPcxQEByDNHLs.roa (raw, json)
Hash identifier:          9FWEoeNTSGSOIXU+w351GukfcbZWbcB9QRn27IK7Eqs=
Subject key identifier:   69:EE:45:91:DD:67:FE:1C:D4:8E:06:8F:73:14:04:07:20:CD:1C:BB
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019DD87E9D75601A63F6E25DAD4BE3620BA4
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/ae5Fkd1n_hzUjgaPcxQEByDNHLs.roa
Signing time:             Wed 29 Apr 2026 09:07:49 +0000
ROA not before:           Wed 29 Apr 2026 09:07:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215152
IP address blocks:        2a09:340::/29 maxlen: 29
                          2a10:dfc0::/29 maxlen: 29
                          2a11:2a80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 03 May 2026 02:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d8:7e:9d:75:60:1a:63:f6:e2:5d:ad:4b:e3:62:0b:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Apr 29 09:07:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=69ee4591dd67fe1cd48e068f7314040720cd1cbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:5b:0a:7d:7f:11:0c:ed:44:68:a2:8e:a7:89:
                    9e:40:c0:91:f5:52:25:c8:9c:b5:a3:bf:6e:1d:ba:
                    59:1b:fa:60:db:5e:8b:ef:3d:99:be:57:6a:54:1b:
                    28:aa:ce:ff:65:d8:17:04:7d:06:7e:83:24:6f:74:
                    94:bb:2a:41:f0:81:05:bd:5a:9d:80:f2:00:03:96:
                    6a:e6:b3:c8:d3:22:05:00:86:64:14:2f:9a:4c:7f:
                    e5:de:f5:cf:f8:64:e1:d1:78:a3:b2:1f:3c:e9:80:
                    0d:76:ff:a0:fe:26:5d:5d:44:88:aa:6f:c3:56:6c:
                    55:ab:8d:5e:69:e8:db:be:87:b1:d0:0d:5b:92:1c:
                    31:4e:fb:95:14:c0:34:7b:44:06:80:8e:b9:ae:a6:
                    cb:f9:04:9d:90:6d:4a:ef:53:76:42:a4:24:c4:5c:
                    d8:a9:b1:86:5b:27:ef:e5:c1:9c:58:87:82:a8:94:
                    1d:d0:e0:dd:02:6c:a1:10:da:62:cd:27:b5:44:53:
                    23:1e:4e:71:a4:87:f5:77:c6:ce:27:5e:10:93:76:
                    73:fc:6b:ca:51:56:93:05:f1:a5:54:24:c9:64:17:
                    49:0b:39:44:ce:55:3d:3f:13:cc:d7:39:3a:5a:d7:
                    fd:7b:d1:7f:54:f0:2a:30:52:df:9a:b7:10:30:37:
                    8d:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:EE:45:91:DD:67:FE:1C:D4:8E:06:8F:73:14:04:07:20:CD:1C:BB
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/ae5Fkd1n_hzUjgaPcxQEByDNHLs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:340::/29
                  2a10:dfc0::/29
                  2a11:2a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         bb:15:87:16:9e:57:2f:b3:19:c4:f3:dc:f9:aa:50:5f:17:0d:
         01:d1:85:2f:20:8b:5c:da:11:0d:1e:a5:36:5b:b9:f1:73:4d:
         89:1a:e2:2e:47:d2:e1:3b:10:a4:a9:3f:f5:5d:1e:90:04:16:
         e4:4a:b2:ab:3e:df:e7:7b:c7:22:c1:49:a6:7e:6a:8a:f0:05:
         5a:b8:79:4f:55:2e:06:94:f5:8c:2d:11:73:00:aa:cc:e9:64:
         48:5b:93:ef:6c:62:f0:cd:6f:79:ea:48:45:39:7c:05:6a:f7:
         2a:a9:27:a6:cc:e5:fa:b4:87:ac:e7:b3:7d:9e:40:17:81:e9:
         fc:52:8f:a9:59:5d:2b:85:fc:17:d0:86:b5:cf:91:3f:8d:74:
         e2:19:c2:c7:60:16:dc:46:c7:40:bb:1c:58:30:96:42:80:7f:
         85:7a:b7:24:03:29:75:6b:3b:b2:1c:45:50:e1:fa:b4:ab:22:
         18:6f:29:6f:01:13:da:4b:b4:60:8c:6d:67:cc:7f:ea:2d:af:
         62:97:b3:de:de:98:bc:4f:a8:64:65:74:b1:a7:4d:22:e5:14:
         41:ed:28:58:1c:0a:3c:d1:8d:9a:24:a2:da:9c:39:f7:04:8a:
         0a:d5:2a:6e:0b:4e:c8:11:da:05:c2:85:05:b2:d6:3e:be:7f:
         7c:8f:7e:c1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ3Yfp11YBpj9uJdrUvjYgukMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjYwNDI5MDkwNzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWVlNDU5MWRkNjdmZTFjZDQ4ZTA2OGY3MzE0MDQwNzIwY2QxY2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn1sKfX8RDO1EaKKOp4meQMCR9VIl
yJy1o79uHbpZG/pg216L7z2ZvldqVBsoqs7/ZdgXBH0GfoMkb3SUuypB8IEFvVqd
gPIAA5Zq5rPI0yIFAIZkFC+aTH/l3vXP+GTh0Xijsh886YANdv+g/iZdXUSIqm/D
VmxVq41eaejbvoex0A1bkhwxTvuVFMA0e0QGgI65rqbL+QSdkG1K71N2QqQkxFzY
qbGGWyfv5cGcWIeCqJQd0ODdAmyhENpizSe1RFMjHk5xpIf1d8bOJ14Qk3Zz/GvK
UVaTBfGlVCTJZBdJCzlEzlU9PxPM1zk6Wtf9e9F/VPAqMFLfmrcQMDeNdQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGnuRZHdZ/4c1I4Gj3MUBAcgzRy7MB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvYWU1RmtkMW5faHpVamdhUGN4UUVCeUROSExzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKgkDQAMF
AyoQ38ADBQMqESqAMA0GCSqGSIb3DQEBCwUAA4IBAQC7FYcWnlcvsxnE89z5qlBf
Fw0B0YUvIItc2hENHqU2W7nxc02JGuIuR9LhOxCkqT/1XR6QBBbkSrKrPt/ne8ci
wUmmfmqK8AVauHlPVS4GlPWMLRFzAKrM6WRIW5PvbGLwzW956khFOXwFavcqqSem
zOX6tIes57N9nkAXgen8Uo+pWV0rhfwX0Ia1z5E/jXTiGcLHYBbcRsdAuxxYMJZC
gH+FerckAyl1azuyHEVQ4fq0qyIYbylvARPaS7RgjG1nzH/qLa9il7Pe3pi8T6hk
ZXSxp00i5RRB7ShYHAo80Y2aJKLanDn3BIoK1SpuC07IEdoFwoUFstY+vn98j37B
-----END CERTIFICATE-----