Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/htP1ZWEFBmJPzgxlVDOelaHJ9oU.roa
File:                     htP1ZWEFBmJPzgxlVDOelaHJ9oU.roa (raw, json)
Hash identifier:          XyHj0m5tQZ1o8D573x2XtoWoHWbvUz4aVcV0EoNIjhs=
Subject key identifier:   86:D3:F5:65:61:05:06:62:4F:CE:0C:65:54:33:9E:95:A1:C9:F6:85
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019DD87E9CBB2D06C040573FC18B9D2356B1
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/htP1ZWEFBmJPzgxlVDOelaHJ9oU.roa
Signing time:             Wed 29 Apr 2026 09:07:49 +0000
ROA not before:           Wed 29 Apr 2026 09:07:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213734
IP address blocks:        2a09:c440::/29 maxlen: 29
                          2a10:fac0::/29 maxlen: 29
                          2a11:3900::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 02 May 2026 09:01:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d8:7e:9c:bb:2d:06:c0:40:57:3f:c1:8b:9d:23:56:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Apr 29 09:07:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=86d3f565610506624fce0c6554339e95a1c9f685
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:ce:64:33:ce:82:ed:0e:73:46:9a:3e:fe:7c:
                    80:bb:50:e1:77:46:ee:62:cb:1c:b3:89:20:2e:6b:
                    92:4e:39:4c:28:21:84:83:01:e2:42:45:e0:ac:f2:
                    6e:a2:5a:34:5d:5f:7a:27:81:e1:0f:37:89:81:d2:
                    14:12:b3:be:3b:65:55:bc:62:aa:3b:14:f4:22:2d:
                    dc:a1:a7:92:a9:38:09:c3:23:f2:91:13:ee:8b:ec:
                    1e:15:29:da:ed:0a:06:65:9e:55:8a:b0:ab:68:1a:
                    5b:00:c0:ae:36:5f:e3:16:12:87:f1:65:85:64:19:
                    b6:fc:73:fc:a5:df:3f:ec:c0:db:6a:92:b2:18:e1:
                    86:04:24:d7:26:19:dd:79:73:57:d0:28:8f:7f:cb:
                    b2:09:6b:b1:67:cd:34:ba:e0:31:8b:4c:b6:fb:bd:
                    4b:aa:b1:c5:2d:c6:0b:a7:e9:61:84:d5:c1:1b:28:
                    01:03:db:3c:b2:d4:e8:8a:95:78:c8:b0:6e:21:1d:
                    7d:0f:da:84:8e:5d:a9:e4:d7:e3:b6:93:b2:1b:04:
                    64:22:e2:d5:5b:f3:f1:3d:10:cc:12:ad:cc:b3:20:
                    ac:dc:26:4b:24:e0:46:73:32:8d:7a:01:9a:63:12:
                    dd:94:f5:37:db:04:2f:14:05:39:7b:60:f8:50:67:
                    ed:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:D3:F5:65:61:05:06:62:4F:CE:0C:65:54:33:9E:95:A1:C9:F6:85
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/htP1ZWEFBmJPzgxlVDOelaHJ9oU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:c440::/29
                  2a10:fac0::/29
                  2a11:3900::/29

    Signature Algorithm: sha256WithRSAEncryption
         72:4f:3d:d2:cd:f4:57:a8:c0:a1:f4:47:e9:47:3f:34:ad:74:
         8c:12:91:54:f7:69:8d:ff:ad:ec:ad:e9:81:f0:bf:a3:68:9f:
         ff:a0:5a:92:a4:77:a9:ae:f3:40:c8:68:fa:e6:9e:ae:a2:bc:
         34:42:f2:a5:ab:60:39:cb:d9:a1:42:99:e3:67:3d:a2:74:33:
         c8:f5:b9:2a:2b:53:13:3a:79:d5:e6:05:14:2c:ac:8f:d9:4f:
         33:79:a5:a5:6d:48:88:0d:c2:ac:a3:35:30:db:bb:a3:aa:a2:
         e0:c7:df:44:db:6f:71:ac:0d:db:63:71:7f:19:01:4d:17:de:
         f6:ef:b0:36:e2:62:21:bd:dd:76:85:30:c0:24:de:2f:a2:98:
         a1:e5:02:ed:55:24:05:f8:f5:96:b1:20:5c:43:4e:90:ad:50:
         71:a3:6e:a7:c1:0f:3f:ca:e9:d5:8d:55:20:70:b0:39:51:08:
         20:e8:c2:b9:93:d9:36:8b:28:32:4d:4b:77:8e:be:6b:c2:27:
         73:3b:2a:fb:6a:6c:05:b4:b7:7f:d0:70:2a:fe:26:37:45:81:
         3d:37:de:bd:dc:e4:48:30:cc:05:ed:e5:d3:00:4e:27:e8:6d:
         63:23:05:b9:98:1b:f6:3e:ef:7f:ff:42:9d:98:97:aa:05:38:
         a4:06:93:c0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ3Yfpy7LQbAQFc/wYudI1axMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjYwNDI5MDkwNzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmQzZjU2NTYxMDUwNjYyNGZjZTBjNjU1NDMzOWU5NWExYzlmNjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1c5kM86C7Q5zRpo+/nyAu1Dhd0bu
Ysscs4kgLmuSTjlMKCGEgwHiQkXgrPJuolo0XV96J4HhDzeJgdIUErO+O2VVvGKq
OxT0Ii3coaeSqTgJwyPykRPui+weFSna7QoGZZ5VirCraBpbAMCuNl/jFhKH8WWF
ZBm2/HP8pd8/7MDbapKyGOGGBCTXJhndeXNX0CiPf8uyCWuxZ800uuAxi0y2+71L
qrHFLcYLp+lhhNXBGygBA9s8stToipV4yLBuIR19D9qEjl2p5NfjtpOyGwRkIuLV
W/PxPRDMEq3MsyCs3CZLJOBGczKNegGaYxLdlPU32wQvFAU5e2D4UGft2wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIbT9WVhBQZiT84MZVQznpWhyfaFMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvaHRQMVpXRUZCbUpQemd4bFZET2VsYUhKOW9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKgnEQAMF
AyoQ+sADBQMqETkAMA0GCSqGSIb3DQEBCwUAA4IBAQByTz3SzfRXqMCh9EfpRz80
rXSMEpFU92mN/63sremB8L+jaJ//oFqSpHeprvNAyGj65p6uorw0QvKlq2A5y9mh
QpnjZz2idDPI9bkqK1MTOnnV5gUULKyP2U8zeaWlbUiIDcKsozUw27ujqqLgx99E
229xrA3bY3F/GQFNF97277A24mIhvd12hTDAJN4vopih5QLtVSQF+PWWsSBcQ06Q
rVBxo26nwQ8/yunVjVUgcLA5UQgg6MK5k9k2iygyTUt3jr5rwidzOyr7amwFtLd/
0HAq/iY3RYE9N9693ORIMMwF7eXTAE4n6G1jIwW5mBv2Pu9//0KdmJeqBTikBpPA
-----END CERTIFICATE-----