Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/O9sJ-_TKMq6bS7__E1UX2XB1imA.roa
File:                     O9sJ-_TKMq6bS7__E1UX2XB1imA.roa (raw, json)
Hash identifier:          +Z6Yn/3PglFToHJ9MMw/pkkVUwEYwsRd5WZO7o88I9I=
Subject key identifier:   3B:DB:09:FB:F4:CA:32:AE:9B:4B:BF:FF:13:55:17:D9:70:75:8A:60
Certificate issuer:       /CN=f00bdcc444173f5994de34a3bf63f3ad9764c6d1
Certificate serial:       019E3C7BA545BD98362B7FF715ED11E7F117
Authority key identifier: F0:0B:DC:C4:44:17:3F:59:94:DE:34:A3:BF:63:F3:AD:97:64:C6:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8AvcxEQXP1mU3jSjv2PzrZdkxtE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/O9sJ-_TKMq6bS7__E1UX2XB1imA.roa
Signing time:             Mon 18 May 2026 19:06:36 +0000
ROA not before:           Mon 18 May 2026 19:06:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200954
IP address blocks:        2a10:ab80:3e9::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/8AvcxEQXP1mU3jSjv2PzrZdkxtE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/8AvcxEQXP1mU3jSjv2PzrZdkxtE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8AvcxEQXP1mU3jSjv2PzrZdkxtE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 May 2026 08:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:3c:7b:a5:45:bd:98:36:2b:7f:f7:15:ed:11:e7:f1:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f00bdcc444173f5994de34a3bf63f3ad9764c6d1
        Validity
            Not Before: May 18 19:06:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3bdb09fbf4ca32ae9b4bbfff135517d970758a60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:0d:af:9f:0c:df:23:33:ae:93:0e:44:41:e2:
                    c7:32:6c:23:cb:e2:dc:c2:3f:8f:8e:48:35:26:20:
                    dc:ab:e9:f5:50:b7:e4:a3:25:d6:42:be:fb:22:e4:
                    5d:75:05:23:ed:24:af:7b:63:cf:74:c0:40:ad:a6:
                    82:ee:22:ab:e1:64:da:e8:40:39:61:26:95:8a:20:
                    23:1e:2f:f7:62:23:1f:66:f2:36:ee:68:76:85:ff:
                    ff:86:35:e8:07:9e:78:95:9c:74:c4:20:2e:19:14:
                    de:52:0e:f1:fc:13:2b:33:a4:61:c6:59:94:f3:9a:
                    1d:03:5e:25:d4:42:3d:bb:ad:c2:f4:5d:db:c5:fa:
                    c0:2f:4c:2a:32:16:c4:cc:26:8c:5c:4f:7e:47:67:
                    d2:49:f0:60:12:0a:91:93:3b:7c:a7:f9:5c:78:40:
                    af:2f:32:00:5d:b4:ba:fe:36:fb:99:15:c8:60:27:
                    b7:86:9c:2e:8f:7a:1e:ee:9a:9c:25:38:a2:e4:14:
                    d8:ac:77:d9:35:b4:42:67:2f:dd:be:7b:cc:c9:76:
                    28:7b:f5:36:e4:23:da:13:6d:42:fd:9c:42:15:a3:
                    cf:38:5f:5f:44:62:f3:1b:a3:6c:23:74:32:04:fe:
                    4d:45:41:7c:18:e2:83:18:4a:ad:46:0e:68:b8:15:
                    4a:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:DB:09:FB:F4:CA:32:AE:9B:4B:BF:FF:13:55:17:D9:70:75:8A:60
            X509v3 Authority Key Identifier:
                keyid:F0:0B:DC:C4:44:17:3F:59:94:DE:34:A3:BF:63:F3:AD:97:64:C6:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8AvcxEQXP1mU3jSjv2PzrZdkxtE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/O9sJ-_TKMq6bS7__E1UX2XB1imA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/d62de1-1173-488d-af16-cfa5a4b8986b/1/8AvcxEQXP1mU3jSjv2PzrZdkxtE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ab80:3e9::/48

    Signature Algorithm: sha256WithRSAEncryption
         27:36:4d:40:e9:e2:0f:d6:91:6b:f3:3c:00:86:fe:2d:66:a7:
         98:3f:18:88:ac:2d:b5:a8:29:dc:73:2a:6e:be:95:c3:8d:06:
         01:a9:ff:73:3e:ff:a4:ad:4c:e3:b5:b4:16:ab:00:b9:e2:9c:
         cb:8e:84:20:b9:42:bf:12:16:3e:df:64:10:02:eb:f4:7d:fc:
         f0:0a:88:0b:91:fb:3b:44:60:66:0d:c3:b0:36:21:eb:e0:43:
         01:72:d7:74:2e:4b:b0:34:44:37:28:61:02:f4:80:bb:8b:4a:
         5b:75:fa:0c:03:7b:e4:03:50:5b:77:95:dc:b9:ab:93:d5:31:
         76:25:f8:0d:4a:3f:a2:a1:b2:5b:67:65:87:fd:db:ac:96:66:
         ac:d9:70:fd:f9:b1:a9:19:8c:a2:ae:9e:08:32:25:f9:ee:18:
         02:61:b5:ce:6a:06:0f:16:6a:be:2d:41:55:ed:1a:8d:04:0b:
         13:9a:72:d3:90:57:1a:7f:01:2a:c6:fa:ca:a0:34:9b:e8:90:
         cd:7e:11:50:5a:a6:a0:9a:4f:5e:f4:32:6c:19:9b:dc:d3:8f:
         a8:b1:84:fd:57:f1:2c:f5:0d:d6:00:8a:fe:cd:6b:8f:42:aa:
         e3:2a:a5:eb:c6:b9:27:a9:75:b1:4d:30:17:a7:64:a3:62:65:
         2a:f1:5c:2e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ48e6VFvZg2K3/3Fe0R5/EXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwMGJkY2M0NDQxNzNmNTk5NGRlMzRhM2JmNjNmM2FkOTc2
NGM2ZDEwHhcNMjYwNTE4MTkwNjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmRiMDlmYmY0Y2EzMmFlOWI0YmJmZmYxMzU1MTdkOTcwNzU4YTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAww2vnwzfIzOukw5EQeLHMmwjy+Lc
wj+Pjkg1JiDcq+n1ULfkoyXWQr77IuRddQUj7SSve2PPdMBAraaC7iKr4WTa6EA5
YSaViiAjHi/3YiMfZvI27mh2hf//hjXoB554lZx0xCAuGRTeUg7x/BMrM6RhxlmU
85odA14l1EI9u63C9F3bxfrAL0wqMhbEzCaMXE9+R2fSSfBgEgqRkzt8p/lceECv
LzIAXbS6/jb7mRXIYCe3hpwuj3oe7pqcJTii5BTYrHfZNbRCZy/dvnvMyXYoe/U2
5CPaE21C/ZxCFaPPOF9fRGLzG6NsI3QyBP5NRUF8GOKDGEqtRg5ouBVKAwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDvbCfv0yjKum0u//xNVF9lwdYpgMB8GA1UdIwQY
MBaAFPAL3MREFz9ZlN40o79j862XZMbRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEF2Y3hFUVhQMW1VM2pTanYyUHpyWmRreHRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9kNjJkZTEtMTE3My00ODhkLWFmMTYt
Y2ZhNWE0Yjg5ODZiLzEvTzlzSi1fVEtNcTZiUzdfX0UxVVgyWEIxaW1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9kNjJkZTEtMTE3My00ODhkLWFmMTYtY2ZhNWE0Yjg5ODZi
LzEvOEF2Y3hFUVhQMW1VM2pTanYyUHpyWmRreHRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhCrgAPp
MA0GCSqGSIb3DQEBCwUAA4IBAQAnNk1A6eIP1pFr8zwAhv4tZqeYPxiIrC21qCnc
cypuvpXDjQYBqf9zPv+krUzjtbQWqwC54pzLjoQguUK/EhY+32QQAuv0ffzwCogL
kfs7RGBmDcOwNiHr4EMBctd0LkuwNEQ3KGEC9IC7i0pbdfoMA3vkA1Bbd5XcuauT
1TF2JfgNSj+iobJbZ2WH/duslmas2XD9+bGpGYyirp4IMiX57hgCYbXOagYPFmq+
LUFV7RqNBAsTmnLTkFcafwEqxvrKoDSb6JDNfhFQWqagmk9e9DJsGZvc04+osYT9
V/Es9Q3WAIr+zWuPQqrjKqXrxrknqXWxTTAXp2SjYmUq8Vwu
-----END CERTIFICATE-----