Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/fd91a6-1ee8-4cca-8bc2-6a6f9fe64052/1/P-NUTyH2nVmRcyECHCRmEz-xvik.roa
File:                     P-NUTyH2nVmRcyECHCRmEz-xvik.roa (raw, json)
Hash identifier:          qicAikWH5uUaAqp5U7Os+UidSM1o4zOBz4zwJdo3kRY=
Subject key identifier:   3F:E3:54:4F:21:F6:9D:59:91:73:21:02:1C:24:66:13:3F:B1:BE:29
Certificate issuer:       /CN=3abe16eae6642d33bbc0fb90cde234fd02134709
Certificate serial:       019E8A23C1F695756B73158D3BDF0A6A89DA
Authority key identifier: 3A:BE:16:EA:E6:64:2D:33:BB:C0:FB:90:CD:E2:34:FD:02:13:47:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Or4W6uZkLTO7wPuQzeI0_QITRwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/fd91a6-1ee8-4cca-8bc2-6a6f9fe64052/1/P-NUTyH2nVmRcyECHCRmEz-xvik.roa
Signing time:             Tue 02 Jun 2026 21:00:59 +0000
ROA not before:           Tue 02 Jun 2026 21:00:59 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35810
IP address blocks:        2a05:c600::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/fd91a6-1ee8-4cca-8bc2-6a6f9fe64052/1/Or4W6uZkLTO7wPuQzeI0_QITRwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/fd91a6-1ee8-4cca-8bc2-6a6f9fe64052/1/Or4W6uZkLTO7wPuQzeI0_QITRwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Or4W6uZkLTO7wPuQzeI0_QITRwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 07:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8a:23:c1:f6:95:75:6b:73:15:8d:3b:df:0a:6a:89:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3abe16eae6642d33bbc0fb90cde234fd02134709
        Validity
            Not Before: Jun  2 21:00:59 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3fe3544f21f69d59917321021c2466133fb1be29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:e9:e9:01:aa:90:31:4c:59:c5:b3:b8:ba:3b:
                    56:a5:67:13:aa:b6:2d:64:5e:1c:4a:6b:5b:42:1a:
                    3b:a4:6d:9f:c7:9f:67:2d:a5:e8:8a:e8:12:f6:06:
                    0f:c6:69:ec:50:bf:d0:65:a4:cc:71:2b:30:91:4e:
                    f9:f2:40:26:f1:c5:16:6a:46:ae:64:94:ae:b4:8e:
                    12:0a:3b:00:a0:0b:04:43:54:82:d3:91:50:b1:64:
                    e8:df:20:07:53:e9:1f:65:bf:e3:c6:7d:70:af:b4:
                    0c:51:7c:26:7c:e4:a9:a3:47:1d:e2:dd:17:42:00:
                    ea:80:f3:67:bc:db:c9:ce:86:37:32:ab:8d:38:8a:
                    41:a9:e0:5b:93:1b:d5:31:aa:63:69:77:70:e7:e3:
                    ab:97:b7:ee:42:2b:eb:e6:ae:fb:3b:d2:a1:01:a1:
                    72:e8:ab:6f:ec:b0:72:e4:5e:d8:43:01:3a:22:a7:
                    78:21:dc:79:f0:52:f9:95:40:01:be:55:10:61:11:
                    42:92:be:62:a1:cb:af:9a:8f:eb:08:50:de:9a:97:
                    d4:d9:08:b2:3f:14:47:5d:a5:52:db:0d:e8:ca:e6:
                    ea:47:e2:7b:1d:d4:40:f1:f9:36:f1:ce:4b:c0:03:
                    e8:78:ca:37:38:86:4a:27:4a:ef:41:a4:d3:82:63:
                    44:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:E3:54:4F:21:F6:9D:59:91:73:21:02:1C:24:66:13:3F:B1:BE:29
            X509v3 Authority Key Identifier:
                keyid:3A:BE:16:EA:E6:64:2D:33:BB:C0:FB:90:CD:E2:34:FD:02:13:47:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Or4W6uZkLTO7wPuQzeI0_QITRwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/fd91a6-1ee8-4cca-8bc2-6a6f9fe64052/1/P-NUTyH2nVmRcyECHCRmEz-xvik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/fd91a6-1ee8-4cca-8bc2-6a6f9fe64052/1/Or4W6uZkLTO7wPuQzeI0_QITRwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:c600::/29

    Signature Algorithm: sha256WithRSAEncryption
         4a:53:1c:b2:b4:36:44:47:d6:3f:02:6e:6b:1c:0b:f1:4f:2f:
         f7:a7:88:8a:0a:01:13:42:8a:9e:04:26:de:59:fc:ea:9f:a7:
         50:cc:2c:5b:15:66:57:7f:47:2d:e8:82:b8:bf:1c:f1:6b:9f:
         73:36:3f:11:79:5e:ad:2f:ae:62:81:ef:0b:6c:58:b2:77:08:
         9a:f8:10:f2:48:1a:4a:20:a1:ee:d3:5f:3c:f7:56:26:ae:fa:
         60:c3:60:ac:60:5a:ab:fe:3d:95:c9:24:9b:eb:2a:e4:ff:5b:
         c8:93:15:00:a7:30:c7:d0:ec:35:31:20:68:e1:8b:7e:6e:99:
         f8:63:0b:92:de:21:43:d1:e2:1f:a1:12:f4:93:3e:12:50:6d:
         cb:2b:9a:57:4b:a6:99:27:39:ee:49:52:15:38:bf:e9:97:de:
         2d:f3:b6:35:60:b5:ff:10:e9:ab:2d:ef:49:3b:25:28:f3:76:
         52:43:9c:e2:10:3e:ac:13:3e:dc:93:fc:7b:f3:77:03:09:3f:
         e9:81:84:38:92:54:11:79:44:83:0d:5c:c9:64:b2:8d:6b:d6:
         7b:2f:79:f2:d9:f8:76:21:86:d9:8a:84:6c:6d:98:ff:44:4d:
         00:82:d0:ca:88:5e:aa:80:e5:d0:95:7b:41:1d:56:f0:9c:5b:
         35:34:10:44
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ6KI8H2lXVrcxWNO98KaonaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYmUxNmVhZTY2NDJkMzNiYmMwZmI5MGNkZTIzNGZkMDIx
MzQ3MDkwHhcNMjYwNjAyMjEwMDU5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmUzNTQ0ZjIxZjY5ZDU5OTE3MzIxMDIxYzI0NjYxMzNmYjFiZTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6unpAaqQMUxZxbO4ujtWpWcTqrYt
ZF4cSmtbQho7pG2fx59nLaXoiugS9gYPxmnsUL/QZaTMcSswkU758kAm8cUWakau
ZJSutI4SCjsAoAsEQ1SC05FQsWTo3yAHU+kfZb/jxn1wr7QMUXwmfOSpo0cd4t0X
QgDqgPNnvNvJzoY3MquNOIpBqeBbkxvVMapjaXdw5+Orl7fuQivr5q77O9KhAaFy
6Ktv7LBy5F7YQwE6Iqd4Idx58FL5lUABvlUQYRFCkr5iocuvmo/rCFDempfU2Qiy
PxRHXaVS2w3oyubqR+J7HdRA8fk28c5LwAPoeMo3OIZKJ0rvQaTTgmNE+wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFD/jVE8h9p1ZkXMhAhwkZhM/sb4pMB8GA1UdIwQY
MBaAFDq+FurmZC0zu8D7kM3iNP0CE0cJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3I0VzZ1WmtMVE83d1B1UXplSTBfUUlUUndrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9mZDkxYTYtMWVlOC00Y2NhLThiYzIt
NmE2ZjlmZTY0MDUyLzEvUC1OVVR5SDJuVm1SY3lFQ0hDUm1Fei14dmlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9mZDkxYTYtMWVlOC00Y2NhLThiYzItNmE2ZjlmZTY0MDUy
LzEvT3I0VzZ1WmtMVE83d1B1UXplSTBfUUlUUndrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgXGADAN
BgkqhkiG9w0BAQsFAAOCAQEASlMcsrQ2REfWPwJuaxwL8U8v96eIigoBE0KKngQm
3ln86p+nUMwsWxVmV39HLeiCuL8c8WufczY/EXlerS+uYoHvC2xYsncImvgQ8kga
SiCh7tNfPPdWJq76YMNgrGBaq/49lckkm+sq5P9byJMVAKcwx9DsNTEgaOGLfm6Z
+GMLkt4hQ9HiH6ES9JM+ElBtyyuaV0ummSc57klSFTi/6ZfeLfO2NWC1/xDpqy3v
STslKPN2UkOc4hA+rBM+3JP8e/N3Awk/6YGEOJJUEXlEgw1cyWSyjWvWey958tn4
diGG2YqEbG2Y/0RNAILQyoheqoDl0JV7QR1W8JxbNTQQRA==
-----END CERTIFICATE-----