Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/3feb15-6834-43e2-b6e7-04d74f368698/1/snlFadvdcM00ncJFWRG-pTa8eHA.roa
File:                     snlFadvdcM00ncJFWRG-pTa8eHA.roa (raw, json)
Hash identifier:          9LDuoi+waDnjJ5h6Bt5yAaxEDStiyfH1brajFG+wFiQ=
Subject key identifier:   B2:79:45:69:DB:DD:70:CD:34:9D:C2:45:59:11:BE:A5:36:BC:78:70
Certificate issuer:       /CN=91c10bfde5813ab47c38c5c1904ec26b32c2a095
Certificate serial:       019E63B525FF0B0EA69BBD086EBA9786FD05
Authority key identifier: 91:C1:0B:FD:E5:81:3A:B4:7C:38:C5:C1:90:4E:C2:6B:32:C2:A0:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kcEL_eWBOrR8OMXBkE7CazLCoJU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/3feb15-6834-43e2-b6e7-04d74f368698/1/snlFadvdcM00ncJFWRG-pTa8eHA.roa
Signing time:             Tue 26 May 2026 09:54:36 +0000
ROA not before:           Tue 26 May 2026 09:54:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        2a00:18b0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/3feb15-6834-43e2-b6e7-04d74f368698/1/kcEL_eWBOrR8OMXBkE7CazLCoJU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/3feb15-6834-43e2-b6e7-04d74f368698/1/kcEL_eWBOrR8OMXBkE7CazLCoJU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kcEL_eWBOrR8OMXBkE7CazLCoJU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 06:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:63:b5:25:ff:0b:0e:a6:9b:bd:08:6e:ba:97:86:fd:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91c10bfde5813ab47c38c5c1904ec26b32c2a095
        Validity
            Not Before: May 26 09:54:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b2794569dbdd70cd349dc2455911bea536bc7870
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:ee:ff:21:98:98:08:69:77:df:82:79:11:23:
                    e6:ba:39:02:49:99:4c:7f:a4:39:0e:fd:2b:5a:8e:
                    f9:e7:20:f8:7e:b0:a8:f2:9a:13:f8:5f:7f:3a:00:
                    7c:0f:79:8e:75:00:da:a1:38:00:5b:e5:2f:ba:f4:
                    44:ab:9b:ad:a0:d9:ef:ab:61:94:cb:e4:93:12:d8:
                    02:95:ae:de:28:53:81:59:d5:0f:7b:92:7d:fa:16:
                    a8:ca:21:d2:63:e7:35:e2:73:ff:7a:bc:8c:d7:5d:
                    84:ba:e4:ee:73:cd:1d:ab:89:3f:2f:89:b3:aa:f3:
                    39:0d:c7:4d:68:24:66:b4:6b:5c:63:2d:64:a8:c4:
                    9f:58:41:d9:d2:ba:0c:20:ce:74:1e:46:5a:48:d5:
                    99:dd:a7:85:4a:77:8f:f7:17:38:54:a7:96:5c:9e:
                    b1:dc:2e:31:a4:eb:78:77:fb:8f:20:27:b2:ed:ca:
                    8a:40:8a:7e:fa:65:89:1c:01:95:a4:b3:d5:ab:3d:
                    60:9e:ef:5a:44:bf:de:cf:ce:b1:75:f1:33:23:0a:
                    c3:e0:4a:5e:f9:fc:46:61:6d:0a:ec:34:0b:73:57:
                    15:fd:25:b4:f7:64:30:e6:18:3a:60:af:ed:3b:e8:
                    1c:7c:6a:ca:8e:74:3b:6a:36:13:b3:db:db:1b:47:
                    4a:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:79:45:69:DB:DD:70:CD:34:9D:C2:45:59:11:BE:A5:36:BC:78:70
            X509v3 Authority Key Identifier:
                keyid:91:C1:0B:FD:E5:81:3A:B4:7C:38:C5:C1:90:4E:C2:6B:32:C2:A0:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kcEL_eWBOrR8OMXBkE7CazLCoJU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/3feb15-6834-43e2-b6e7-04d74f368698/1/snlFadvdcM00ncJFWRG-pTa8eHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/3feb15-6834-43e2-b6e7-04d74f368698/1/kcEL_eWBOrR8OMXBkE7CazLCoJU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:18b0::/29

    Signature Algorithm: sha256WithRSAEncryption
         25:4e:db:86:55:7c:5a:a1:af:d2:bb:06:bd:28:8b:a9:49:b8:
         50:f0:88:90:07:83:65:41:af:92:8a:a2:6b:37:b6:ab:47:7b:
         a3:ae:0f:67:f9:fa:74:21:41:59:09:08:32:d9:d9:28:c9:61:
         1e:bf:92:96:9a:61:aa:d2:fe:da:27:e2:65:31:a3:cf:6d:9e:
         e0:cd:77:a4:66:b5:1b:aa:79:72:5b:dd:32:60:d7:94:72:92:
         ec:ac:56:ca:03:83:02:0b:c7:09:34:c2:27:f4:13:92:df:83:
         a1:a7:66:74:e4:ff:de:46:fa:b0:af:77:28:86:d0:89:31:89:
         33:32:6c:22:a8:54:03:8b:70:ec:f4:d1:ff:af:8c:bb:1a:78:
         11:e3:e5:9f:91:73:30:3c:6d:94:a9:aa:10:6f:20:a5:8e:6d:
         00:62:ed:5a:ec:46:9b:a6:85:eb:9c:4c:34:f4:1a:0d:19:d8:
         47:8a:51:df:3c:9f:a0:f3:83:dc:67:21:06:c7:31:eb:69:a4:
         a0:f8:c9:e4:e0:52:89:a3:68:d2:43:a5:53:a1:71:3c:a6:20:
         16:96:02:b9:c1:d2:ce:c8:69:ee:38:97:0d:00:14:1f:d7:66:
         9c:ec:29:f0:51:97:6e:45:60:92:89:fe:83:70:1a:31:5e:fb:
         fd:cb:6c:df
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ5jtSX/Cw6mm70IbrqXhv0FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxYzEwYmZkZTU4MTNhYjQ3YzM4YzVjMTkwNGVjMjZiMzJj
MmEwOTUwHhcNMjYwNTI2MDk1NDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjc5NDU2OWRiZGQ3MGNkMzQ5ZGMyNDU1OTExYmVhNTM2YmM3ODcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+e7/IZiYCGl334J5ESPmujkCSZlM
f6Q5Dv0rWo755yD4frCo8poT+F9/OgB8D3mOdQDaoTgAW+UvuvREq5utoNnvq2GU
y+STEtgCla7eKFOBWdUPe5J9+haoyiHSY+c14nP/eryM112EuuTuc80dq4k/L4mz
qvM5DcdNaCRmtGtcYy1kqMSfWEHZ0roMIM50HkZaSNWZ3aeFSneP9xc4VKeWXJ6x
3C4xpOt4d/uPICey7cqKQIp++mWJHAGVpLPVqz1gnu9aRL/ez86xdfEzIwrD4Epe
+fxGYW0K7DQLc1cV/SW092Qw5hg6YK/tO+gcfGrKjnQ7ajYTs9vbG0dKtQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLJ5RWnb3XDNNJ3CRVkRvqU2vHhwMB8GA1UdIwQY
MBaAFJHBC/3lgTq0fDjFwZBOwmsywqCVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2NFTF9lV0JPclI4T01YQmtFN0NhekxDb0pVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zZmViMTUtNjgzNC00M2UyLWI2ZTct
MDRkNzRmMzY4Njk4LzEvc25sRmFkdmRjTTAwbmNKRldSRy1wVGE4ZUhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zZmViMTUtNjgzNC00M2UyLWI2ZTctMDRkNzRmMzY4Njk4
LzEva2NFTF9lV0JPclI4T01YQmtFN0NhekxDb0pVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgAYsDAN
BgkqhkiG9w0BAQsFAAOCAQEAJU7bhlV8WqGv0rsGvSiLqUm4UPCIkAeDZUGvkoqi
aze2q0d7o64PZ/n6dCFBWQkIMtnZKMlhHr+SlpphqtL+2ifiZTGjz22e4M13pGa1
G6p5clvdMmDXlHKS7KxWygODAgvHCTTCJ/QTkt+DoadmdOT/3kb6sK93KIbQiTGJ
MzJsIqhUA4tw7PTR/6+Muxp4EePln5FzMDxtlKmqEG8gpY5tAGLtWuxGm6aF65xM
NPQaDRnYR4pR3zyfoPOD3GchBscx62mkoPjJ5OBSiaNo0kOlU6FxPKYgFpYCucHS
zshp7jiXDQAUH9dmnOwp8FGXbkVgkon+g3AaMV77/cts3w==
-----END CERTIFICATE-----