Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/MN3mR_xx_vFlYwGFpzj-OJKCLLs.roa
File:                     MN3mR_xx_vFlYwGFpzj-OJKCLLs.roa (raw, json)
Hash identifier:          gRHXSWziuBBk9W68SfVPNGGqOjCPuWTe8NwIEkUBFAg=
Subject key identifier:   30:DD:E6:47:FC:71:FE:F1:65:63:01:85:A7:38:FE:38:92:82:2C:BB
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019DCF827768AF3835474C0A54474C76A44D
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/MN3mR_xx_vFlYwGFpzj-OJKCLLs.roa
Signing time:             Mon 27 Apr 2026 15:15:27 +0000
ROA not before:           Mon 27 Apr 2026 15:15:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215426
IP address blocks:        2a0d:6f80:6000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 Apr 2026 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:cf:82:77:68:af:38:35:47:4c:0a:54:47:4c:76:a4:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Apr 27 15:15:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=30dde647fc71fef165630185a738fe3892822cbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c3:11:48:cb:b4:50:83:6c:d2:17:ce:14:32:
                    0b:72:db:6a:0b:c0:1d:5d:98:2f:64:c3:79:84:04:
                    d4:cf:34:79:aa:53:7f:ac:1e:f8:b3:8a:73:d3:50:
                    ea:2e:1f:16:c9:6b:6d:d5:2b:7a:ae:be:a2:11:a2:
                    c9:84:03:81:44:30:0e:d2:ea:a4:02:17:c5:15:47:
                    19:78:da:8f:22:f7:81:65:ea:05:ec:c1:88:65:66:
                    66:ee:bf:20:aa:30:95:b5:ac:74:5c:3e:cc:f1:be:
                    3e:81:82:a1:71:86:04:a2:99:1b:ff:5e:0b:64:99:
                    6d:ed:a4:af:ea:e7:5d:23:31:60:a8:7e:27:74:58:
                    c9:c7:97:50:a6:87:19:ad:88:b7:d8:78:e7:20:4b:
                    f6:57:68:0c:7d:56:bb:b4:2b:6d:81:84:71:3c:43:
                    da:33:48:de:e2:0e:bc:1b:c4:f6:38:6b:51:ec:a1:
                    b2:c9:4e:f1:a1:5c:8d:cc:9a:ee:ee:8f:28:0e:67:
                    39:90:1c:c5:13:a1:24:de:e7:cd:12:da:ea:33:5f:
                    12:7c:15:8a:1a:c5:88:2f:35:4b:9c:2d:fa:05:aa:
                    db:1c:84:9f:b1:50:79:be:6f:25:5f:d4:56:f2:f8:
                    fa:d8:b7:09:45:2f:6f:b1:d3:af:ce:05:8f:c9:01:
                    2a:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:DD:E6:47:FC:71:FE:F1:65:63:01:85:A7:38:FE:38:92:82:2C:BB
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/MN3mR_xx_vFlYwGFpzj-OJKCLLs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:6f80:6000::/40

    Signature Algorithm: sha256WithRSAEncryption
         78:50:7f:91:a4:86:82:d1:9e:a0:92:35:79:3b:ea:10:33:96:
         ab:57:eb:ed:5b:7c:4d:76:6d:02:f1:0f:70:dd:1b:ba:30:61:
         62:e2:29:22:38:2b:74:5b:c9:db:ea:30:f2:23:56:cc:0b:20:
         6f:3c:32:c3:5b:29:81:f9:21:a4:26:75:46:9c:60:78:c5:64:
         23:3a:92:b4:e7:27:31:a8:c5:71:e6:f4:09:e1:aa:0a:31:15:
         53:9e:f4:d7:b8:a2:6f:90:7c:54:1e:ab:4b:4e:8e:44:b4:8d:
         d4:4e:ce:ca:4a:6d:5c:f7:59:46:ba:2d:ea:b0:8a:a0:bc:dd:
         0a:e9:e2:9d:65:b8:3d:e6:8d:81:39:91:94:e4:15:af:71:26:
         33:f9:dd:b3:6f:66:10:26:27:d2:24:ae:6b:70:ca:38:27:4f:
         7e:f4:f9:60:4a:a5:85:c8:d3:8b:e7:35:42:dc:15:5c:9c:8e:
         de:4c:cc:ad:eb:19:a2:08:3e:f8:f1:41:79:fa:49:b6:e7:d0:
         ed:10:7d:ed:ac:04:61:8b:df:9c:4b:70:66:33:62:9f:9e:8d:
         af:81:b3:84:cb:fb:4f:dd:49:a9:8e:18:db:9d:4e:8a:fe:11:
         a6:21:15:55:32:54:3e:70:64:5f:6f:a5:8f:73:23:c6:3a:7b:
         d2:ae:bb:53
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZ3Pgndorzg1R0wKVEdMdqRNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjYwNDI3MTUxNTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGRkZTY0N2ZjNzFmZWYxNjU2MzAxODVhNzM4ZmUzODkyODIyY2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8MRSMu0UINs0hfOFDILcttqC8Ad
XZgvZMN5hATUzzR5qlN/rB74s4pz01DqLh8WyWtt1St6rr6iEaLJhAOBRDAO0uqk
AhfFFUcZeNqPIveBZeoF7MGIZWZm7r8gqjCVtax0XD7M8b4+gYKhcYYEopkb/14L
ZJlt7aSv6uddIzFgqH4ndFjJx5dQpocZrYi32HjnIEv2V2gMfVa7tCttgYRxPEPa
M0je4g68G8T2OGtR7KGyyU7xoVyNzJru7o8oDmc5kBzFE6Ek3ufNEtrqM18SfBWK
GsWILzVLnC36BarbHISfsVB5vm8lX9RW8vj62LcJRS9vsdOvzgWPyQEqXwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDDd5kf8cf7xZWMBhac4/jiSgiy7MB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvTU4zbVJfeHhfdkZsWXdHRnB6ai1PSktDTExzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg1vgGAw
DQYJKoZIhvcNAQELBQADggEBAHhQf5GkhoLRnqCSNXk76hAzlqtX6+1bfE12bQLx
D3DdG7owYWLiKSI4K3RbydvqMPIjVswLIG88MsNbKYH5IaQmdUacYHjFZCM6krTn
JzGoxXHm9AnhqgoxFVOe9Ne4om+QfFQeq0tOjkS0jdROzspKbVz3WUa6LeqwiqC8
3Qrp4p1luD3mjYE5kZTkFa9xJjP53bNvZhAmJ9IkrmtwyjgnT370+WBKpYXI04vn
NULcFVycjt5MzK3rGaIIPvjxQXn6Sbbn0O0Qfe2sBGGL35xLcGYzYp+eja+Bs4TL
+0/dSamOGNudTor+EaYhFVUyVD5wZF9vpY9zI8Y6e9Kuu1M=
-----END CERTIFICATE-----