Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/741872-a425-4367-9ac2-dcd937fd07a7/1/V3K9KWekNpWdzBCyOPh9WJ-1dOA.roa
File:                     V3K9KWekNpWdzBCyOPh9WJ-1dOA.roa (raw, json)
Hash identifier:          RfmxQYOLMhqB3WkiPFFlvfTDE7h8LswiSenU1NHDqIc=
Subject key identifier:   57:72:BD:29:67:A4:36:95:9D:CC:10:B2:38:F8:7D:58:9F:B5:74:E0
Certificate issuer:       /CN=9d4f9bf87aff00fd5db21585781b46f36f9e3626
Certificate serial:       019EB869F2315D52C04A954519316B4F7460
Authority key identifier: 9D:4F:9B:F8:7A:FF:00:FD:5D:B2:15:85:78:1B:46:F3:6F:9E:36:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nU-b-Hr_AP1dshWFeBtG82-eNiY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/741872-a425-4367-9ac2-dcd937fd07a7/1/V3K9KWekNpWdzBCyOPh9WJ-1dOA.roa
Signing time:             Thu 11 Jun 2026 20:40:11 +0000
ROA not before:           Thu 11 Jun 2026 20:40:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44094
IP address blocks:        2a13:7e40:1::/48 maxlen: 48
                          2a13:7e40:2::/48 maxlen: 48
                          2a13:7e40:4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/741872-a425-4367-9ac2-dcd937fd07a7/1/nU-b-Hr_AP1dshWFeBtG82-eNiY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/741872-a425-4367-9ac2-dcd937fd07a7/1/nU-b-Hr_AP1dshWFeBtG82-eNiY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nU-b-Hr_AP1dshWFeBtG82-eNiY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b8:69:f2:31:5d:52:c0:4a:95:45:19:31:6b:4f:74:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d4f9bf87aff00fd5db21585781b46f36f9e3626
        Validity
            Not Before: Jun 11 20:40:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5772bd2967a436959dcc10b238f87d589fb574e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:06:4f:01:42:88:10:fb:52:5d:f5:29:ee:13:
                    a6:8a:6b:8f:75:93:a6:af:31:2c:6e:ef:ea:f2:98:
                    c9:57:e3:44:76:87:a0:96:c7:73:b5:ec:d7:39:8e:
                    95:96:18:79:3b:36:bd:a9:36:e5:3f:82:46:d9:8f:
                    5b:05:d8:8e:f6:3e:31:88:94:9c:44:81:78:c4:2f:
                    9b:13:f8:36:a1:27:6c:f1:f6:06:f4:31:a7:d6:6f:
                    1f:2e:00:7c:9d:57:86:2d:cd:d1:00:bf:60:8e:af:
                    a9:d3:36:ab:d5:71:8c:5b:79:25:41:f0:f2:66:db:
                    65:8c:ec:43:31:c5:49:d5:27:93:bf:f5:52:e1:a2:
                    3b:8d:3e:21:e5:c3:13:4c:18:ef:b5:b4:60:12:91:
                    7f:e2:9b:31:e8:2f:ab:22:d2:fc:09:d0:6b:7c:85:
                    cf:83:7d:bd:44:1c:2f:6a:fe:d6:6b:95:12:1d:46:
                    29:ce:e8:2a:3d:98:43:cc:8c:39:dd:17:60:fa:ec:
                    e0:7c:92:fc:b6:8e:a5:72:90:3f:bd:40:af:97:b8:
                    f2:fe:51:52:9b:f9:08:8e:3b:8d:86:b5:fa:74:d6:
                    a7:a4:9d:e9:3b:f0:c9:bf:c7:ec:ae:7d:1a:af:a1:
                    a1:2e:bd:99:7c:6a:11:8e:8f:d1:27:93:b3:db:30:
                    3f:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:72:BD:29:67:A4:36:95:9D:CC:10:B2:38:F8:7D:58:9F:B5:74:E0
            X509v3 Authority Key Identifier:
                keyid:9D:4F:9B:F8:7A:FF:00:FD:5D:B2:15:85:78:1B:46:F3:6F:9E:36:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nU-b-Hr_AP1dshWFeBtG82-eNiY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/741872-a425-4367-9ac2-dcd937fd07a7/1/V3K9KWekNpWdzBCyOPh9WJ-1dOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/741872-a425-4367-9ac2-dcd937fd07a7/1/nU-b-Hr_AP1dshWFeBtG82-eNiY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:7e40:1::-2a13:7e40:2:ffff:ffff:ffff:ffff:ffff
                  2a13:7e40:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         92:37:c5:46:60:c2:da:88:08:3d:09:1b:1b:42:23:86:af:4a:
         fe:ac:de:78:b9:d5:cc:f0:0a:1b:3f:56:60:17:09:ae:47:b2:
         d1:32:72:9c:c9:b2:91:d6:7d:d7:da:15:8e:50:6c:04:38:54:
         8a:72:f1:a6:05:8f:60:ba:b4:4e:a4:a3:e9:16:89:b5:24:46:
         fb:72:b4:5d:5f:f3:da:5e:2a:b4:97:58:9e:7f:21:9e:ab:e9:
         f4:57:c8:15:a3:61:1e:0d:56:34:51:4d:e9:bc:70:1d:04:d2:
         ca:7a:4b:38:cb:fd:42:8e:69:0c:3d:d6:7f:d7:15:b7:0a:04:
         8f:ca:b2:a8:fa:12:aa:79:43:37:5d:56:fe:fa:35:5b:cb:4f:
         b2:62:e6:df:59:db:f4:d7:10:8c:ea:a7:27:9b:08:ad:9f:42:
         bc:e5:4e:72:66:ac:6f:58:96:fe:47:4c:48:22:ce:49:5c:5a:
         fb:72:f9:26:a7:29:84:d8:a0:e9:bb:cc:9d:e1:d4:df:f8:f8:
         55:86:97:5c:f3:84:57:3c:a2:97:8e:be:13:58:d6:36:f5:9b:
         ed:25:eb:0e:b3:96:05:7e:4a:7c:4d:9c:46:2d:27:dc:4c:42:
         3b:28:4f:71:09:5c:c1:9e:59:e1:eb:0b:e7:79:66:19:d5:c9:
         ce:02:1a:e5
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZ64afIxXVLASpVFGTFrT3RgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkNGY5YmY4N2FmZjAwZmQ1ZGIyMTU4NTc4MWI0NmYzNmY5
ZTM2MjYwHhcNMjYwNjExMjA0MDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzcyYmQyOTY3YTQzNjk1OWRjYzEwYjIzOGY4N2Q1ODlmYjU3NGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQZPAUKIEPtSXfUp7hOmimuPdZOm
rzEsbu/q8pjJV+NEdoeglsdztezXOY6Vlhh5Oza9qTblP4JG2Y9bBdiO9j4xiJSc
RIF4xC+bE/g2oSds8fYG9DGn1m8fLgB8nVeGLc3RAL9gjq+p0zar1XGMW3klQfDy
ZttljOxDMcVJ1SeTv/VS4aI7jT4h5cMTTBjvtbRgEpF/4psx6C+rItL8CdBrfIXP
g329RBwvav7Wa5USHUYpzugqPZhDzIw53Rdg+uzgfJL8to6lcpA/vUCvl7jy/lFS
m/kIjjuNhrX6dNanpJ3pO/DJv8fsrn0ar6GhLr2ZfGoRjo/RJ5Oz2zA/oQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFFdyvSlnpDaVncwQsjj4fViftXTgMB8GA1UdIwQY
MBaAFJ1Pm/h6/wD9XbIVhXgbRvNvnjYmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblUtYi1Icl9BUDFkc2hXRmVCdEc4Mi1lTmlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS83NDE4NzItYTQyNS00MzY3LTlhYzIt
ZGNkOTM3ZmQwN2E3LzEvVjNLOUtXZWtOcFdkekJDeU9QaDlXSi0xZE9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS83NDE4NzItYTQyNS00MzY3LTlhYzItZGNkOTM3ZmQwN2E3
LzEvblUtYi1Icl9BUDFkc2hXRmVCdEc4Mi1lTmlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAjBAIAAjAdMBIDBwAqE35A
AAEDBwAqE35AAAIDBwAqE35AAAQwDQYJKoZIhvcNAQELBQADggEBAJI3xUZgwtqI
CD0JGxtCI4avSv6s3ni51czwChs/VmAXCa5HstEycpzJspHWfdfaFY5QbAQ4VIpy
8aYFj2C6tE6ko+kWibUkRvtytF1f89peKrSXWJ5/IZ6r6fRXyBWjYR4NVjRRTem8
cB0E0sp6SzjL/UKOaQw91n/XFbcKBI/Ksqj6Eqp5QzddVv76NVvLT7Ji5t9Z2/TX
EIzqpyebCK2fQrzlTnJmrG9Ylv5HTEgizklcWvty+SanKYTYoOm7zJ3h1N/4+FWG
l1zzhFc8opeOvhNY1jb1m+0l6w6zlgV+SnxNnEYtJ9xMQjsoT3EJXMGeWeHrC+d5
ZhnVyc4CGuU=
-----END CERTIFICATE-----