Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/1e8d4d-53bf-4acb-bc0c-52cad6675fc6/1/4SOYImJHyJqTwCMAGjKjr0oBLY8.roa
File:                     4SOYImJHyJqTwCMAGjKjr0oBLY8.roa (raw, json)
Hash identifier:          QqjpUxrKkhwY2QSOOSplb9rBwA2D3pk3AGplsT4xaRc=
Subject key identifier:   E1:23:98:22:62:47:C8:9A:93:C0:23:00:1A:32:A3:AF:4A:01:2D:8F
Certificate issuer:       /CN=9d9a0c84b30720f4d4ce4bdba01dd0544d028ecd
Certificate serial:       019ED9A102CA697992AC1F214D1C64C8C5D2
Authority key identifier: 9D:9A:0C:84:B3:07:20:F4:D4:CE:4B:DB:A0:1D:D0:54:4D:02:8E:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nZoMhLMHIPTUzkvboB3QVE0Cjs0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/1e8d4d-53bf-4acb-bc0c-52cad6675fc6/1/4SOYImJHyJqTwCMAGjKjr0oBLY8.roa
Signing time:             Thu 18 Jun 2026 07:27:48 +0000
ROA not before:           Thu 18 Jun 2026 07:27:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213586
IP address blocks:        2a0b:1d40:1000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/1e8d4d-53bf-4acb-bc0c-52cad6675fc6/1/nZoMhLMHIPTUzkvboB3QVE0Cjs0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/1e8d4d-53bf-4acb-bc0c-52cad6675fc6/1/nZoMhLMHIPTUzkvboB3QVE0Cjs0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nZoMhLMHIPTUzkvboB3QVE0Cjs0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 29 Jun 2026 08:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:d9:a1:02:ca:69:79:92:ac:1f:21:4d:1c:64:c8:c5:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d9a0c84b30720f4d4ce4bdba01dd0544d028ecd
        Validity
            Not Before: Jun 18 07:27:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e12398226247c89a93c023001a32a3af4a012d8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:e7:03:e9:61:60:5d:0f:c3:72:1c:5c:ce:a1:
                    d5:d8:35:b4:8b:c9:6f:e4:b2:22:5c:c8:ed:ef:49:
                    52:d5:29:d9:89:94:b8:03:9b:4a:b7:34:80:bd:2d:
                    81:c1:c9:a0:83:d6:4a:ae:81:cc:52:a3:24:c7:ff:
                    78:f6:3d:2c:0c:84:97:f1:0a:ef:db:fb:10:9f:1e:
                    19:14:bc:b8:e4:93:93:fc:b3:ad:fd:50:38:ef:99:
                    e1:c7:82:37:a2:d3:82:52:44:9a:90:3c:08:80:1e:
                    ae:59:62:63:a5:17:86:4d:00:47:5b:43:30:89:c5:
                    b2:00:9a:18:4a:08:3e:41:3f:05:07:31:49:c8:7e:
                    63:8c:40:e2:7c:de:88:21:aa:48:8e:74:34:35:5d:
                    db:27:e7:27:4b:56:ea:18:cf:8e:99:bb:a1:99:12:
                    e2:9f:a2:1a:0d:a8:a2:4b:8c:26:a6:01:53:10:32:
                    42:87:99:19:82:bb:1b:8e:80:19:0d:8d:88:83:ce:
                    e4:70:62:66:5c:05:f2:4d:ef:3e:ed:56:60:95:2b:
                    29:da:c2:77:ca:85:4e:3e:db:9e:4a:3d:a2:84:cf:
                    ad:8a:38:9a:47:55:ee:d5:08:88:12:28:f4:74:32:
                    2f:f5:51:57:62:aa:4e:e8:ab:6a:5f:e3:39:5b:86:
                    74:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:23:98:22:62:47:C8:9A:93:C0:23:00:1A:32:A3:AF:4A:01:2D:8F
            X509v3 Authority Key Identifier:
                keyid:9D:9A:0C:84:B3:07:20:F4:D4:CE:4B:DB:A0:1D:D0:54:4D:02:8E:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nZoMhLMHIPTUzkvboB3QVE0Cjs0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/1e8d4d-53bf-4acb-bc0c-52cad6675fc6/1/4SOYImJHyJqTwCMAGjKjr0oBLY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/1e8d4d-53bf-4acb-bc0c-52cad6675fc6/1/nZoMhLMHIPTUzkvboB3QVE0Cjs0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:1d40:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         1e:f0:c8:4c:c7:c7:a3:85:ce:49:5a:89:2c:4c:6c:aa:01:aa:
         c3:12:0a:24:02:09:ac:82:ec:5a:49:bb:b8:39:91:8b:ec:48:
         d9:f4:7a:b7:35:a6:0f:e5:ad:1c:c2:61:14:3c:27:ee:47:27:
         19:52:2b:ed:a0:84:13:83:e9:71:5e:58:db:30:9b:11:f7:6d:
         10:a1:0c:4e:71:f4:03:92:67:5d:da:e8:7a:e9:df:da:7e:4d:
         88:db:f5:e1:cc:fc:37:9c:34:e7:cb:24:7b:7c:d4:22:83:75:
         b5:b2:4b:75:ad:4f:5c:df:55:31:cf:0c:23:c4:a3:8d:44:e8:
         f4:bc:e3:f6:06:c6:ee:d1:8f:4f:40:01:2d:49:65:ea:75:f2:
         79:92:91:f4:5d:cc:3f:53:d9:b1:62:81:35:0b:77:c4:a4:dc:
         29:b4:7b:93:d4:56:7e:71:ae:ef:13:7e:fc:39:37:20:08:7a:
         2c:cf:e7:3a:ff:6f:48:24:ba:8e:6e:d8:a8:6a:ff:34:20:f4:
         2d:8a:72:3a:c1:20:35:b5:c8:09:5f:ac:a5:ab:45:a0:0c:22:
         51:e2:b5:fa:88:13:11:51:9a:6e:e9:0b:a2:ee:29:63:3c:cb:
         7f:ca:33:5b:06:92:09:68:4c:76:08:0b:f1:98:29:71:69:01:
         af:d5:97:a9
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZ7ZoQLKaXmSrB8hTRxkyMXSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkOWEwYzg0YjMwNzIwZjRkNGNlNGJkYmEwMWRkMDU0NGQw
MjhlY2QwHhcNMjYwNjE4MDcyNzQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTIzOTgyMjYyNDdjODlhOTNjMDIzMDAxYTMyYTNhZjRhMDEyZDhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjecD6WFgXQ/DchxczqHV2DW0i8lv
5LIiXMjt70lS1SnZiZS4A5tKtzSAvS2Bwcmgg9ZKroHMUqMkx/949j0sDISX8Qrv
2/sQnx4ZFLy45JOT/LOt/VA475nhx4I3otOCUkSakDwIgB6uWWJjpReGTQBHW0Mw
icWyAJoYSgg+QT8FBzFJyH5jjEDifN6IIapIjnQ0NV3bJ+cnS1bqGM+OmbuhmRLi
n6IaDaiiS4wmpgFTEDJCh5kZgrsbjoAZDY2Ig87kcGJmXAXyTe8+7VZglSsp2sJ3
yoVOPtueSj2ihM+tijiaR1Xu1QiIEij0dDIv9VFXYqpO6KtqX+M5W4Z0qwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFOEjmCJiR8iak8AjABoyo69KAS2PMB8GA1UdIwQY
MBaAFJ2aDISzByD01M5L26Ad0FRNAo7NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblpvTWhMTUhJUFRVemt2Ym9CM1FWRTBDanMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8xZThkNGQtNTNiZi00YWNiLWJjMGMt
NTJjYWQ2Njc1ZmM2LzEvNFNPWUltSkh5SnFUd0NNQUdqS2pyMG9CTFk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8xZThkNGQtNTNiZi00YWNiLWJjMGMtNTJjYWQ2Njc1ZmM2
LzEvblpvTWhMTUhJUFRVemt2Ym9CM1FWRTBDanMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKgsdQBAw
DQYJKoZIhvcNAQELBQADggEBAB7wyEzHx6OFzklaiSxMbKoBqsMSCiQCCayC7FpJ
u7g5kYvsSNn0erc1pg/lrRzCYRQ8J+5HJxlSK+2ghBOD6XFeWNswmxH3bRChDE5x
9AOSZ13a6Hrp39p+TYjb9eHM/DecNOfLJHt81CKDdbWyS3WtT1zfVTHPDCPEo41E
6PS84/YGxu7Rj09AAS1JZep18nmSkfRdzD9T2bFigTULd8Sk3Cm0e5PUVn5xru8T
fvw5NyAIeizP5zr/b0gkuo5u2Khq/zQg9C2KcjrBIDW1yAlfrKWrRaAMIlHitfqI
ExFRmm7pC6LuKWM8y3/KM1sGkgloTHYIC/GYKXFpAa/Vl6k=
-----END CERTIFICATE-----