Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/a7b21d-2b8c-4270-ae51-a716814c07e3/1/3Jp1ZlxM7NGFfcmolASK_U70lQo.roa
File:                     3Jp1ZlxM7NGFfcmolASK_U70lQo.roa (raw, json)
Hash identifier:          COOQVOp9Xy0zKPe4U1sXfNXEbj1xzq6Cd4q+49S+0wU=
Subject key identifier:   DC:9A:75:66:5C:4C:EC:D1:85:7D:C9:A8:94:04:8A:FD:4E:F4:95:0A
Certificate issuer:       /CN=79eea81b6f33f69b60b9b01db99ad46d90d3d73b
Certificate serial:       019E4B3B4822446465B318BD3CDAE041E126
Authority key identifier: 79:EE:A8:1B:6F:33:F6:9B:60:B9:B0:1D:B9:9A:D4:6D:90:D3:D7:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ee6oG28z9ptgubAduZrUbZDT1zs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/a7b21d-2b8c-4270-ae51-a716814c07e3/1/3Jp1ZlxM7NGFfcmolASK_U70lQo.roa
Signing time:             Thu 21 May 2026 15:50:36 +0000
ROA not before:           Thu 21 May 2026 15:50:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39238
IP address blocks:        2a05:1640::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/a7b21d-2b8c-4270-ae51-a716814c07e3/1/ee6oG28z9ptgubAduZrUbZDT1zs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/a7b21d-2b8c-4270-ae51-a716814c07e3/1/ee6oG28z9ptgubAduZrUbZDT1zs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ee6oG28z9ptgubAduZrUbZDT1zs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4b:3b:48:22:44:64:65:b3:18:bd:3c:da:e0:41:e1:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79eea81b6f33f69b60b9b01db99ad46d90d3d73b
        Validity
            Not Before: May 21 15:50:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dc9a75665c4cecd1857dc9a894048afd4ef4950a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:97:e8:d5:46:de:17:a3:ba:a9:f5:ba:d7:bb:
                    0c:ea:ca:f3:9f:00:51:07:14:ac:56:0f:23:28:c5:
                    7a:b6:a2:38:b7:42:ce:be:f9:b1:86:92:d1:75:5d:
                    91:9b:93:52:d9:00:78:6c:66:41:0c:3c:37:ac:e3:
                    b7:c6:2d:2b:06:f3:11:e9:b5:38:05:03:ad:5b:ac:
                    66:f4:6f:17:45:4d:90:8f:b5:9c:3c:52:c7:62:38:
                    49:f2:34:da:88:b8:2c:f2:93:1e:69:55:3a:16:7a:
                    f1:37:74:82:35:e3:6d:c2:0c:d5:e3:28:6a:43:30:
                    ee:a7:bc:cb:92:3a:a2:79:97:79:b9:f7:eb:cd:21:
                    30:82:b0:02:e6:87:9c:27:48:2b:50:7f:0b:d4:8e:
                    b8:f0:15:a3:bd:3a:c4:07:d8:88:37:19:3b:69:6a:
                    c2:28:7e:5e:24:7e:01:8b:e9:e7:9c:23:e3:6b:e1:
                    c9:27:27:04:e5:62:4c:4e:9c:e0:07:48:cb:23:65:
                    cb:42:ce:46:2b:6d:b8:16:e1:0b:2e:bf:98:28:53:
                    61:95:41:95:d4:15:40:7b:aa:fa:5c:4e:5d:4d:e2:
                    22:79:92:df:ee:bb:df:49:ba:34:93:f1:76:d4:50:
                    4b:91:2d:14:52:2a:d0:42:6f:d0:24:ed:1d:95:22:
                    63:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:9A:75:66:5C:4C:EC:D1:85:7D:C9:A8:94:04:8A:FD:4E:F4:95:0A
            X509v3 Authority Key Identifier:
                keyid:79:EE:A8:1B:6F:33:F6:9B:60:B9:B0:1D:B9:9A:D4:6D:90:D3:D7:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee6oG28z9ptgubAduZrUbZDT1zs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/a7b21d-2b8c-4270-ae51-a716814c07e3/1/3Jp1ZlxM7NGFfcmolASK_U70lQo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/a7b21d-2b8c-4270-ae51-a716814c07e3/1/ee6oG28z9ptgubAduZrUbZDT1zs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:1640::/29

    Signature Algorithm: sha256WithRSAEncryption
         38:d7:35:6c:17:0e:00:bf:ce:5b:cf:c1:cd:dc:77:c0:a3:40:
         45:44:67:13:3f:39:4d:03:b7:53:c8:25:d3:0b:1a:15:68:71:
         47:33:ee:3c:34:af:d4:4e:6f:97:f4:f5:20:02:f1:f7:b2:6e:
         83:c9:39:8b:70:10:3e:05:2a:87:7d:19:df:a3:a5:42:f9:93:
         0e:e1:a3:16:9e:a8:17:d2:20:4d:ac:71:64:dc:7c:d9:11:39:
         44:ca:c1:4d:5f:28:ad:cf:9c:78:79:dc:f7:11:42:c1:32:4c:
         c4:a9:30:c1:b2:c5:ad:dd:fc:0c:4a:63:2f:7a:6b:a0:56:b5:
         d0:76:a1:a4:57:24:bc:99:ab:d4:d2:1c:4f:4f:ed:b3:03:f3:
         9c:68:eb:29:86:7c:14:31:b5:1d:7b:50:8c:6b:40:84:8b:3f:
         e7:08:88:d9:01:6d:3b:a0:6e:9d:5c:c2:45:b6:c4:89:cc:ff:
         c8:bb:27:cc:34:0b:6f:e5:da:b5:27:f1:0c:f2:86:e0:15:70:
         64:10:ca:72:cf:50:cd:d9:42:17:bb:e9:3b:67:65:95:0c:09:
         10:90:78:85:43:0d:1c:02:41:95:c0:df:50:18:9c:0c:0b:5e:
         d1:c2:5f:82:0a:9f:56:e5:1d:6b:c0:7b:20:2a:20:17:46:d3:
         62:a1:d6:98
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ5LO0giRGRlsxi9PNrgQeEmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5ZWVhODFiNmYzM2Y2OWI2MGI5YjAxZGI5OWFkNDZkOTBk
M2Q3M2IwHhcNMjYwNTIxMTU1MDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzlhNzU2NjVjNGNlY2QxODU3ZGM5YTg5NDA0OGFmZDRlZjQ5NTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA15fo1UbeF6O6qfW617sM6srznwBR
BxSsVg8jKMV6tqI4t0LOvvmxhpLRdV2Rm5NS2QB4bGZBDDw3rOO3xi0rBvMR6bU4
BQOtW6xm9G8XRU2Qj7WcPFLHYjhJ8jTaiLgs8pMeaVU6FnrxN3SCNeNtwgzV4yhq
QzDup7zLkjqieZd5uffrzSEwgrAC5oecJ0grUH8L1I648BWjvTrEB9iINxk7aWrC
KH5eJH4Bi+nnnCPja+HJJycE5WJMTpzgB0jLI2XLQs5GK224FuELLr+YKFNhlUGV
1BVAe6r6XE5dTeIieZLf7rvfSbo0k/F21FBLkS0UUirQQm/QJO0dlSJjFQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNyadWZcTOzRhX3JqJQEiv1O9JUKMB8GA1UdIwQY
MBaAFHnuqBtvM/abYLmwHbma1G2Q09c7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWU2b0cyOHo5cHRndWJBZHVaclViWkRUMXpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9hN2IyMWQtMmI4Yy00MjcwLWFlNTEt
YTcxNjgxNGMwN2UzLzEvM0pwMVpseE03TkdGZmNtb2xBU0tfVTcwbFFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9hN2IyMWQtMmI4Yy00MjcwLWFlNTEtYTcxNjgxNGMwN2Uz
LzEvZWU2b0cyOHo5cHRndWJBZHVaclViWkRUMXpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgUWQDAN
BgkqhkiG9w0BAQsFAAOCAQEAONc1bBcOAL/OW8/Bzdx3wKNARURnEz85TQO3U8gl
0wsaFWhxRzPuPDSv1E5vl/T1IALx97Jug8k5i3AQPgUqh30Z36OlQvmTDuGjFp6o
F9IgTaxxZNx82RE5RMrBTV8orc+ceHnc9xFCwTJMxKkwwbLFrd38DEpjL3proFa1
0HahpFckvJmr1NIcT0/tswPznGjrKYZ8FDG1HXtQjGtAhIs/5wiI2QFtO6BunVzC
RbbEicz/yLsnzDQLb+XatSfxDPKG4BVwZBDKcs9QzdlCF7vpO2dllQwJEJB4hUMN
HAJBlcDfUBicDAte0cJfggqfVuUda8B7ICogF0bTYqHWmA==
-----END CERTIFICATE-----