Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/3iQHoJNtQEOj78bIwlHn3-unP_g.roa
File:                     3iQHoJNtQEOj78bIwlHn3-unP_g.roa (raw, json)
Hash identifier:          fSFnb3Rnjeqv6RQS18mQHmgw32rOQT6El+EWHTLDDi4=
Subject key identifier:   DE:24:07:A0:93:6D:40:43:A3:EF:C6:C8:C2:51:E7:DF:EB:A7:3F:F8
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019D2BDE8B06627E6A72A5FB5288A815EB7E
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/3iQHoJNtQEOj78bIwlHn3-unP_g.roa
Signing time:             Thu 26 Mar 2026 20:38:17 +0000
ROA not before:           Thu 26 Mar 2026 20:38:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402270
IP address blocks:        2a06:9801:250::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Mar 2026 20:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2b:de:8b:06:62:7e:6a:72:a5:fb:52:88:a8:15:eb:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Mar 26 20:38:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=de2407a0936d4043a3efc6c8c251e7dfeba73ff8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:bc:73:f9:bb:d3:f9:16:83:69:11:cb:eb:63:
                    5a:5d:39:48:5f:53:59:03:1c:0e:30:64:31:d4:47:
                    1a:d4:6a:f9:4c:2a:aa:bb:82:c5:a7:9c:8b:f0:79:
                    2c:18:b2:26:f0:22:b4:70:f0:49:05:60:ca:eb:c1:
                    30:9d:7d:54:35:7c:cd:0b:8e:fb:8b:ec:5e:f9:1c:
                    95:44:02:a7:2e:fc:e2:d1:bd:39:d1:c1:9e:3a:14:
                    a3:3f:87:02:53:cd:c0:57:84:7e:4a:f9:4d:00:0d:
                    70:5b:4f:6f:9d:23:8f:c8:c5:03:b1:83:13:3d:56:
                    b4:12:bb:90:29:c2:a4:11:07:67:2a:1c:a2:21:11:
                    f8:0c:eb:cd:97:54:65:b9:1a:3d:e3:49:c7:2f:67:
                    4a:e5:10:22:52:73:83:8a:03:6c:a9:7d:b1:08:c7:
                    c8:64:a7:e1:5c:d2:86:49:f8:c8:83:37:3d:7e:4b:
                    92:73:07:32:f2:fa:38:d7:47:9d:a4:6e:2e:af:cf:
                    45:24:d3:2e:e5:4e:0c:62:a1:ae:ed:a0:85:8e:f9:
                    04:21:c8:77:65:c6:68:8e:43:33:01:2e:7d:22:29:
                    f6:26:6e:70:a3:59:ed:67:0c:eb:96:01:bf:13:dd:
                    3d:60:78:3b:43:ad:29:4e:84:c5:c9:d6:b9:62:fd:
                    4a:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:24:07:A0:93:6D:40:43:A3:EF:C6:C8:C2:51:E7:DF:EB:A7:3F:F8
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/3iQHoJNtQEOj78bIwlHn3-unP_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:250::/44

    Signature Algorithm: sha256WithRSAEncryption
         c0:77:43:4e:dc:cd:73:ce:eb:43:8f:65:9b:2b:dc:0c:ca:09:
         22:33:aa:99:e8:63:e7:12:17:69:e7:94:e4:bc:e7:f3:8f:89:
         52:aa:4c:14:52:80:6d:66:31:2d:0a:51:93:8e:22:61:c9:57:
         dd:a9:83:f1:e6:d2:52:32:88:ac:9d:21:cd:2a:66:f0:6a:86:
         6b:c3:a3:24:b7:35:cb:4c:48:62:9d:1b:71:a0:d9:ca:97:47:
         8e:47:e3:d5:45:45:b4:3c:e8:c5:d2:5e:76:1c:34:b6:2b:9e:
         09:79:93:85:86:14:b2:4c:d1:5c:43:54:3b:fb:09:05:ba:07:
         1b:53:04:ee:9f:0b:2b:53:e1:4c:72:06:56:96:ce:e2:d7:86:
         d7:1b:5c:cd:98:e8:e9:15:80:80:22:8e:b9:11:44:e6:11:ef:
         37:5f:89:8a:a2:76:d7:90:1f:fc:65:22:c2:e3:6b:9f:ab:a2:
         a3:96:87:d7:e2:82:3a:7a:c0:bd:df:c0:71:72:d2:ed:77:7b:
         2b:81:97:39:04:c7:50:ea:d8:27:2b:76:97:10:bd:7f:0f:27:
         18:41:db:f2:e6:78:de:25:99:71:a1:05:db:c5:11:74:3d:91:
         d0:9b:b2:57:dd:42:9f:ae:fa:e4:18:fd:af:8f:80:6f:b0:14:
         8e:61:e8:78
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ0r3osGYn5qcqX7UoioFet+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwMzI2MjAzODE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTI0MDdhMDkzNmQ0MDQzYTNlZmM2YzhjMjUxZTdkZmViYTczZmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Lxz+bvT+RaDaRHL62NaXTlIX1NZ
AxwOMGQx1Eca1Gr5TCqqu4LFp5yL8HksGLIm8CK0cPBJBWDK68EwnX1UNXzNC477
i+xe+RyVRAKnLvzi0b050cGeOhSjP4cCU83AV4R+SvlNAA1wW09vnSOPyMUDsYMT
PVa0EruQKcKkEQdnKhyiIRH4DOvNl1RluRo940nHL2dK5RAiUnODigNsqX2xCMfI
ZKfhXNKGSfjIgzc9fkuScwcy8vo410edpG4ur89FJNMu5U4MYqGu7aCFjvkEIch3
ZcZojkMzAS59Iin2Jm5wo1ntZwzrlgG/E909YHg7Q60pToTFyda5Yv1K4wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFN4kB6CTbUBDo+/GyMJR59/rpz/4MB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvM2lRSG9KTnRRRU9qNzhiSXdsSG4zLXVuUF9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgaYAQJQ
MA0GCSqGSIb3DQEBCwUAA4IBAQDAd0NO3M1zzutDj2WbK9wMygkiM6qZ6GPnEhdp
55TkvOfzj4lSqkwUUoBtZjEtClGTjiJhyVfdqYPx5tJSMoisnSHNKmbwaoZrw6Mk
tzXLTEhinRtxoNnKl0eOR+PVRUW0POjF0l52HDS2K54JeZOFhhSyTNFcQ1Q7+wkF
ugcbUwTunwsrU+FMcgZWls7i14bXG1zNmOjpFYCAIo65EUTmEe83X4mKonbXkB/8
ZSLC42ufq6KjlofX4oI6esC938BxctLtd3srgZc5BMdQ6tgnK3aXEL1/DycYQdvy
5njeJZlxoQXbxRF0PZHQm7JX3UKfrvrkGP2vj4BvsBSOYeh4
-----END CERTIFICATE-----