Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/7c32f6-6de7-4831-bfd2-2d3d1333bdab/1/JyTESIdOgph3y-dNo69n06dnxiQ.roa
File:                     JyTESIdOgph3y-dNo69n06dnxiQ.roa (raw, json)
Hash identifier:          z0vBFIiJp2zryNwoycSWHJwZXhD/448hyrliXoW+Ax8=
Subject key identifier:   27:24:C4:48:87:4E:82:98:77:CB:E7:4D:A3:AF:67:D3:A7:67:C6:24
Certificate issuer:       /CN=9b19a33e6ec1bf77ed574700ae468dcc23530161
Certificate serial:       019CD728051FA475843ACDDABDB0F40EAC66
Authority key identifier: 9B:19:A3:3E:6E:C1:BF:77:ED:57:47:00:AE:46:8D:CC:23:53:01:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mxmjPm7Bv3ftV0cArkaNzCNTAWE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/7c32f6-6de7-4831-bfd2-2d3d1333bdab/1/JyTESIdOgph3y-dNo69n06dnxiQ.roa
Signing time:             Tue 10 Mar 2026 09:50:50 +0000
ROA not before:           Tue 10 Mar 2026 09:50:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3301
IP address blocks:        2001:67c:2910::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/7c32f6-6de7-4831-bfd2-2d3d1333bdab/1/mxmjPm7Bv3ftV0cArkaNzCNTAWE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/7c32f6-6de7-4831-bfd2-2d3d1333bdab/1/mxmjPm7Bv3ftV0cArkaNzCNTAWE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mxmjPm7Bv3ftV0cArkaNzCNTAWE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d7:28:05:1f:a4:75:84:3a:cd:da:bd:b0:f4:0e:ac:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9b19a33e6ec1bf77ed574700ae468dcc23530161
        Validity
            Not Before: Mar 10 09:50:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2724c448874e829877cbe74da3af67d3a767c624
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:76:2f:3b:03:16:bf:80:40:f1:3e:e6:c9:e5:
                    d6:52:4d:a5:1a:4d:54:11:da:8a:3a:27:0e:a2:f8:
                    5e:65:b4:3f:4d:df:81:da:38:b4:2f:c9:68:cf:fd:
                    d4:ae:7a:e6:b7:90:70:03:d1:d0:52:87:c1:9f:f1:
                    d9:1f:dc:bb:ea:8f:c4:88:75:7f:5e:c1:96:dd:9c:
                    2c:35:61:e0:a2:02:c3:a4:6e:62:1d:98:6e:a8:3c:
                    db:87:2e:d7:48:83:62:b1:33:db:ee:87:5e:16:c2:
                    67:e3:0f:d3:3c:a7:1d:ac:b6:76:ac:a3:29:72:5d:
                    52:4f:f3:1d:4a:bf:2e:96:a5:a1:c3:d2:c8:70:ee:
                    53:e7:ca:8f:6d:09:ef:a4:c1:ff:87:2a:89:b9:6c:
                    c1:68:87:f2:5e:8d:9c:8d:4f:3d:d8:eb:6b:38:50:
                    00:e0:ac:c1:8b:56:fb:c2:fe:7f:53:2d:3a:4d:63:
                    ef:58:34:26:9d:63:13:29:58:9d:32:d5:1c:0d:b2:
                    88:32:9a:8b:69:5b:9e:9f:40:93:30:40:5d:5b:42:
                    77:84:75:96:76:d5:32:a6:99:c2:b5:46:23:73:cd:
                    ac:8d:25:11:31:e4:aa:9d:73:da:d0:87:97:2e:c8:
                    d3:55:3b:14:da:8e:95:bb:3f:cb:a7:71:72:0f:79:
                    2c:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:24:C4:48:87:4E:82:98:77:CB:E7:4D:A3:AF:67:D3:A7:67:C6:24
            X509v3 Authority Key Identifier:
                keyid:9B:19:A3:3E:6E:C1:BF:77:ED:57:47:00:AE:46:8D:CC:23:53:01:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mxmjPm7Bv3ftV0cArkaNzCNTAWE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/7c32f6-6de7-4831-bfd2-2d3d1333bdab/1/JyTESIdOgph3y-dNo69n06dnxiQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/7c32f6-6de7-4831-bfd2-2d3d1333bdab/1/mxmjPm7Bv3ftV0cArkaNzCNTAWE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2910::/48

    Signature Algorithm: sha256WithRSAEncryption
         b6:42:6a:5f:a5:4a:1a:6c:ff:f3:1d:bc:e4:b8:ff:48:ae:0c:
         de:b9:45:7e:61:3c:a7:9c:b8:f4:74:04:8a:1f:d4:be:e5:ee:
         aa:36:c8:53:43:aa:4a:fd:60:71:33:0d:da:16:21:f9:66:4d:
         9d:db:7b:ab:11:ad:a5:ae:ac:97:95:6a:66:3a:23:77:45:07:
         24:6a:c0:29:6c:55:08:da:29:e6:8e:10:47:6b:37:0b:21:7f:
         43:6c:b0:bc:8f:bf:b1:c1:fe:cb:da:a3:45:67:fb:f5:76:54:
         aa:41:a7:c9:2e:24:29:48:e8:c5:32:0e:ea:29:fa:6b:a7:a9:
         87:a2:d1:de:94:b0:2d:30:6d:0a:0e:55:1b:0d:09:3d:3f:54:
         01:d5:0e:fc:52:19:eb:96:83:3d:53:cc:f9:b6:6a:e4:08:39:
         f4:f6:bc:24:1f:4c:e5:f0:99:e8:45:9e:59:42:85:08:b3:9f:
         6f:c5:7d:ac:d0:d0:d8:e4:3a:66:8e:ee:78:f6:48:95:2e:6e:
         75:8e:b6:87:c7:24:91:df:65:9e:1c:9b:41:d7:c6:21:bb:46:
         4c:66:81:30:83:d0:24:ba:6e:41:f9:68:7b:07:87:50:19:aa:
         6c:a2:99:e4:b9:ce:fb:f3:67:e2:ee:1f:d5:23:91:0c:d9:e7:
         88:f6:7b:e8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZzXKAUfpHWEOs3avbD0DqxmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliMTlhMzNlNmVjMWJmNzdlZDU3NDcwMGFlNDY4ZGNjMjM1
MzAxNjEwHhcNMjYwMzEwMDk1MDUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzI0YzQ0ODg3NGU4Mjk4NzdjYmU3NGRhM2FmNjdkM2E3NjdjNjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXYvOwMWv4BA8T7myeXWUk2lGk1U
EdqKOicOovheZbQ/Td+B2ji0L8loz/3Urnrmt5BwA9HQUofBn/HZH9y76o/EiHV/
XsGW3ZwsNWHgogLDpG5iHZhuqDzbhy7XSINisTPb7odeFsJn4w/TPKcdrLZ2rKMp
cl1ST/MdSr8ulqWhw9LIcO5T58qPbQnvpMH/hyqJuWzBaIfyXo2cjU892OtrOFAA
4KzBi1b7wv5/Uy06TWPvWDQmnWMTKVidMtUcDbKIMpqLaVuen0CTMEBdW0J3hHWW
dtUyppnCtUYjc82sjSURMeSqnXPa0IeXLsjTVTsU2o6Vuz/Lp3FyD3ksJwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCckxEiHToKYd8vnTaOvZ9OnZ8YkMB8GA1UdIwQY
MBaAFJsZoz5uwb937VdHAK5GjcwjUwFhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXhtalBtN0J2M2Z0VjBjQXJrYU56Q05UQVdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS83YzMyZjYtNmRlNy00ODMxLWJmZDIt
MmQzZDEzMzNiZGFiLzEvSnlURVNJZE9ncGgzeS1kTm82OW4wNmRueGlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS83YzMyZjYtNmRlNy00ODMxLWJmZDItMmQzZDEzMzNiZGFi
LzEvbXhtalBtN0J2M2Z0VjBjQXJrYU56Q05UQVdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfCkQ
MA0GCSqGSIb3DQEBCwUAA4IBAQC2QmpfpUoabP/zHbzkuP9IrgzeuUV+YTynnLj0
dASKH9S+5e6qNshTQ6pK/WBxMw3aFiH5Zk2d23urEa2lrqyXlWpmOiN3RQckasAp
bFUI2inmjhBHazcLIX9DbLC8j7+xwf7L2qNFZ/v1dlSqQafJLiQpSOjFMg7qKfpr
p6mHotHelLAtMG0KDlUbDQk9P1QB1Q78UhnrloM9U8z5tmrkCDn09rwkH0zl8Jno
RZ5ZQoUIs59vxX2s0NDY5Dpmju549kiVLm51jraHxySR32WeHJtB18Yhu0ZMZoEw
g9Akum5B+Wh7B4dQGapsopnkuc7782fi7h/VI5EM2eeI9nvo
-----END CERTIFICATE-----