Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/N34-g76KUhTdWwWSLHfwbTaSsBk.roa
File:                     N34-g76KUhTdWwWSLHfwbTaSsBk.roa (raw, json)
Hash identifier:          +8Y68T7SxCWrExC5aY8HbPiArRVdSNLWKLaScCdYK+4=
Subject key identifier:   37:7E:3E:83:BE:8A:52:14:DD:5B:05:92:2C:77:F0:6D:36:92:B0:19
Certificate issuer:       /CN=a7fd3f89335dcf828666b28fad8ae993bd448878
Certificate serial:       019E96C263702909ECE652612F450DBBCAA6
Authority key identifier: A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/N34-g76KUhTdWwWSLHfwbTaSsBk.roa
Signing time:             Fri 05 Jun 2026 07:49:42 +0000
ROA not before:           Fri 05 Jun 2026 07:49:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214503
IP address blocks:        2a0a:3507:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 07:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:96:c2:63:70:29:09:ec:e6:52:61:2f:45:0d:bb:ca:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7fd3f89335dcf828666b28fad8ae993bd448878
        Validity
            Not Before: Jun  5 07:49:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=377e3e83be8a5214dd5b05922c77f06d3692b019
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:87:ef:09:b6:3a:dc:81:48:f9:22:f4:bb:7a:
                    16:c8:3a:60:67:07:61:6e:09:08:ce:19:d1:7e:68:
                    64:2e:cd:62:6f:4a:7f:8f:af:70:97:dd:ba:03:64:
                    db:09:d5:41:5e:d3:a1:9c:7f:7e:78:3c:dd:17:92:
                    d7:42:3c:97:4f:43:2d:fb:59:99:f2:3a:d7:1d:d7:
                    c8:ab:ea:2f:24:90:a5:fe:aa:3f:d5:dc:81:0f:03:
                    74:3e:de:c2:3b:f2:5f:13:4f:1b:9f:d1:b2:b2:a2:
                    3d:f2:1d:ee:a6:32:6b:3c:41:a9:46:d6:70:7f:6d:
                    85:d6:9b:a9:91:7b:e1:ec:ec:a5:e5:04:72:81:fe:
                    a5:54:81:12:e4:79:8b:cd:3d:c1:b7:4a:f2:35:6b:
                    32:09:15:0f:19:95:18:d7:74:4d:21:91:9d:78:c6:
                    5a:53:fe:b6:00:59:7c:d2:74:85:5d:60:b5:7b:cb:
                    ef:d7:08:1e:36:4c:31:3b:b9:54:06:fd:ec:66:77:
                    64:66:70:8f:df:71:42:57:0b:bb:95:19:3f:14:af:
                    be:0e:bb:c9:de:73:d5:05:e0:ec:44:b4:76:a0:7f:
                    bf:fa:51:f6:fc:91:63:5f:d9:85:f0:5c:59:a0:14:
                    54:79:b5:21:d2:09:f2:82:24:cd:5a:ca:cc:19:e2:
                    4c:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:7E:3E:83:BE:8A:52:14:DD:5B:05:92:2C:77:F0:6D:36:92:B0:19
            X509v3 Authority Key Identifier:
                keyid:A7:FD:3F:89:33:5D:CF:82:86:66:B2:8F:AD:8A:E9:93:BD:44:88:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p_0_iTNdz4KGZrKPrYrpk71EiHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/N34-g76KUhTdWwWSLHfwbTaSsBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/388fd8-c81f-4e71-af52-c0b1ad435b95/1/p_0_iTNdz4KGZrKPrYrpk71EiHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:3507:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         25:8f:77:35:fc:51:eb:0e:3a:4f:90:4a:23:df:68:6a:49:3d:
         73:9d:21:50:72:78:02:83:e8:27:e2:f7:36:75:67:d0:dd:45:
         33:e8:0b:3f:52:90:ac:05:07:22:2b:6e:4b:c0:f0:36:17:a9:
         e8:35:88:45:01:2d:9e:71:92:e9:e5:de:3e:30:33:a6:4a:62:
         92:8a:ac:99:21:ce:0d:7c:04:6d:cd:ca:48:0f:ac:a3:85:ca:
         a9:0a:8d:a1:77:47:25:87:4a:15:2b:58:21:c8:e1:43:e2:e6:
         9f:41:d9:64:38:e0:67:fb:af:a5:b4:00:b9:6d:ce:12:6e:d2:
         aa:26:80:0e:98:85:fd:dc:07:20:83:b2:ca:80:df:9b:16:c9:
         10:71:39:97:3e:de:98:a8:93:01:2b:47:e0:37:29:62:b2:41:
         c1:a1:50:31:3c:33:d9:90:03:59:e6:25:7f:c5:4c:04:b0:08:
         8a:bb:93:e6:84:2e:d9:a3:dd:21:b2:10:e1:0a:b1:7a:27:28:
         7a:a6:af:1d:1e:d4:e8:44:92:22:05:9a:03:6e:8f:8a:93:0e:
         d1:84:46:88:eb:b3:ad:7e:ff:3b:47:fe:d7:fa:22:bd:1a:69:
         e7:e8:d7:f2:0b:d2:01:27:13:8e:11:07:4c:ea:ff:bb:45:ed:
         85:95:77:a5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ6WwmNwKQns5lJhL0UNu8qmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZmQzZjg5MzM1ZGNmODI4NjY2YjI4ZmFkOGFlOTkzYmQ0
NDg4NzgwHhcNMjYwNjA1MDc0OTQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzdlM2U4M2JlOGE1MjE0ZGQ1YjA1OTIyYzc3ZjA2ZDM2OTJiMDE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYfvCbY63IFI+SL0u3oWyDpgZwdh
bgkIzhnRfmhkLs1ib0p/j69wl926A2TbCdVBXtOhnH9+eDzdF5LXQjyXT0Mt+1mZ
8jrXHdfIq+ovJJCl/qo/1dyBDwN0Pt7CO/JfE08bn9GysqI98h3upjJrPEGpRtZw
f22F1pupkXvh7Oyl5QRygf6lVIES5HmLzT3Bt0ryNWsyCRUPGZUY13RNIZGdeMZa
U/62AFl80nSFXWC1e8vv1wgeNkwxO7lUBv3sZndkZnCP33FCVwu7lRk/FK++DrvJ
3nPVBeDsRLR2oH+/+lH2/JFjX9mF8FxZoBRUebUh0gnygiTNWsrMGeJMpwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDd+PoO+ilIU3VsFkix38G02krAZMB8GA1UdIwQY
MBaAFKf9P4kzXc+Chmayj62K6ZO9RIh4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTIt
YzBiMWFkNDM1Yjk1LzEvTjM0LWc3NktVaFRkV3dXU0xIZndiVGFTc0JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC8zODhmZDgtYzgxZi00ZTcxLWFmNTItYzBiMWFkNDM1Yjk1
LzEvcF8wX2lUTmR6NEtHWnJLUHJZcnBrNzFFaUhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgo1BwAB
MA0GCSqGSIb3DQEBCwUAA4IBAQAlj3c1/FHrDjpPkEoj32hqST1znSFQcngCg+gn
4vc2dWfQ3UUz6As/UpCsBQciK25LwPA2F6noNYhFAS2ecZLp5d4+MDOmSmKSiqyZ
Ic4NfARtzcpID6yjhcqpCo2hd0clh0oVK1ghyOFD4uafQdlkOOBn+6+ltAC5bc4S
btKqJoAOmIX93Acgg7LKgN+bFskQcTmXPt6YqJMBK0fgNyliskHBoVAxPDPZkANZ
5iV/xUwEsAiKu5PmhC7Zo90hshDhCrF6Jyh6pq8dHtToRJIiBZoDbo+Kkw7RhEaI
67Otfv87R/7X+iK9Gmnn6NfyC9IBJxOOEQdM6v+7Re2FlXel
-----END CERTIFICATE-----