Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/ab49f2-301d-4a36-86a3-3f8695d7e4df/1/nTRfa4CEfSEPj4ycmsgCW3AglMw.roa
File:                     nTRfa4CEfSEPj4ycmsgCW3AglMw.roa (raw, json)
Hash identifier:          pESFbqN8pdSMrVdxz/DWJSvAlDHXy+G546a5D6LdrE0=
Subject key identifier:   9D:34:5F:6B:80:84:7D:21:0F:8F:8C:9C:9A:C8:02:5B:70:20:94:CC
Certificate issuer:       /CN=d2f3f8686b617c5f91c9bdc1973ba29a1e4a0906
Certificate serial:       019DE702BBB11E2C7DA01846D591BED57ADF
Authority key identifier: D2:F3:F8:68:6B:61:7C:5F:91:C9:BD:C1:97:3B:A2:9A:1E:4A:09:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0vP4aGthfF-Ryb3Blzuimh5KCQY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/ab49f2-301d-4a36-86a3-3f8695d7e4df/1/nTRfa4CEfSEPj4ycmsgCW3AglMw.roa
Signing time:             Sat 02 May 2026 04:46:49 +0000
ROA not before:           Sat 02 May 2026 04:46:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     400177
IP address blocks:        2a12:7240::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/ab49f2-301d-4a36-86a3-3f8695d7e4df/1/0vP4aGthfF-Ryb3Blzuimh5KCQY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/ab49f2-301d-4a36-86a3-3f8695d7e4df/1/0vP4aGthfF-Ryb3Blzuimh5KCQY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0vP4aGthfF-Ryb3Blzuimh5KCQY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 11:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e7:02:bb:b1:1e:2c:7d:a0:18:46:d5:91:be:d5:7a:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2f3f8686b617c5f91c9bdc1973ba29a1e4a0906
        Validity
            Not Before: May  2 04:46:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9d345f6b80847d210f8f8c9c9ac8025b702094cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:0c:27:80:cd:e0:d2:4e:1c:0a:df:bd:78:b3:
                    d8:f5:63:fb:16:c6:93:9f:26:30:49:ba:d4:5e:75:
                    d6:d7:47:8e:3b:19:45:3b:85:30:58:12:ae:be:34:
                    a1:e1:38:ad:f5:ef:01:dc:a3:10:c3:c4:fd:6d:07:
                    95:05:66:39:35:88:67:69:ab:9c:e5:8a:e4:f9:64:
                    44:c4:c0:5e:5c:39:8f:bf:f9:00:10:4e:fa:44:69:
                    ee:bb:3f:33:fc:05:29:d6:d7:d4:67:a5:dd:32:e9:
                    83:ac:63:c7:88:e7:6d:59:c4:16:8a:38:b4:4d:e3:
                    bd:83:2e:74:fe:7b:86:20:6a:e3:25:b8:fa:b4:d5:
                    c6:70:3f:27:4f:a5:19:c7:28:08:fe:4f:6f:e7:70:
                    ac:57:93:ce:d3:8f:19:ae:6f:70:36:0c:7b:d5:80:
                    ed:9f:57:2d:82:98:ff:d5:39:b0:fe:60:23:64:1e:
                    c9:a9:e4:05:4c:65:6a:7c:f3:c4:0f:0f:01:57:a8:
                    cb:67:28:3e:4d:ff:c3:93:43:b1:df:ae:67:8e:e4:
                    4e:d2:7a:0c:76:58:e9:5b:07:b3:00:00:53:5d:02:
                    a7:b8:fc:46:74:60:5e:e6:4f:c1:a5:6c:6a:b1:6a:
                    0a:8d:87:a9:d1:9d:6b:0b:60:ac:4b:63:2c:18:83:
                    f0:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:34:5F:6B:80:84:7D:21:0F:8F:8C:9C:9A:C8:02:5B:70:20:94:CC
            X509v3 Authority Key Identifier:
                keyid:D2:F3:F8:68:6B:61:7C:5F:91:C9:BD:C1:97:3B:A2:9A:1E:4A:09:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0vP4aGthfF-Ryb3Blzuimh5KCQY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ab49f2-301d-4a36-86a3-3f8695d7e4df/1/nTRfa4CEfSEPj4ycmsgCW3AglMw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ab49f2-301d-4a36-86a3-3f8695d7e4df/1/0vP4aGthfF-Ryb3Blzuimh5KCQY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:7240::/32

    Signature Algorithm: sha256WithRSAEncryption
         3c:23:76:ae:00:16:a8:4f:6d:e3:b0:6e:9f:8c:ca:72:93:b2:
         05:cf:a5:3f:ac:79:a7:77:18:6b:dd:26:a7:a3:ef:bd:27:0d:
         20:4e:cf:e7:6e:99:42:09:ab:f0:56:87:6f:7d:6f:54:01:a1:
         0c:6e:f2:6a:55:b1:3d:74:07:7c:ba:76:a2:66:92:bb:d9:a3:
         a5:e2:4a:93:6d:d5:36:51:15:a1:81:18:dc:5e:c7:b8:f5:87:
         36:2e:b7:c9:f8:0b:b6:11:96:b3:62:b3:80:cf:41:d5:58:bb:
         e4:44:28:d5:be:a7:df:c3:7c:c5:66:db:c3:21:40:04:64:91:
         52:e4:05:3e:93:8a:dc:fd:01:85:e5:f8:8c:88:e9:1d:88:2f:
         a1:01:11:1b:e8:ab:08:12:b0:c5:83:0d:b5:c6:65:5d:29:1a:
         4e:51:88:bd:91:4a:78:ba:e4:36:e3:b4:c7:da:b8:a2:db:61:
         c1:78:c3:cc:cc:a6:42:a3:53:0c:f6:56:dd:29:9f:14:5f:e5:
         6a:ea:7f:cf:58:25:c2:f3:7e:8f:f0:6f:53:ab:91:20:31:87:
         da:5c:50:91:4e:6f:48:2d:d0:c5:ce:18:82:16:f1:16:1d:2d:
         a4:29:ea:79:52:30:c0:54:0a:9d:ec:9d:89:d1:0f:07:96:94:
         e0:4e:62:43
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ3nAruxHix9oBhG1ZG+1XrfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyZjNmODY4NmI2MTdjNWY5MWM5YmRjMTk3M2JhMjlhMWU0
YTA5MDYwHhcNMjYwNTAyMDQ0NjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDM0NWY2YjgwODQ3ZDIxMGY4ZjhjOWM5YWM4MDI1YjcwMjA5NGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8QwngM3g0k4cCt+9eLPY9WP7FsaT
nyYwSbrUXnXW10eOOxlFO4UwWBKuvjSh4Tit9e8B3KMQw8T9bQeVBWY5NYhnaauc
5Yrk+WRExMBeXDmPv/kAEE76RGnuuz8z/AUp1tfUZ6XdMumDrGPHiOdtWcQWiji0
TeO9gy50/nuGIGrjJbj6tNXGcD8nT6UZxygI/k9v53CsV5PO048Zrm9wNgx71YDt
n1ctgpj/1Tmw/mAjZB7JqeQFTGVqfPPEDw8BV6jLZyg+Tf/Dk0Ox365njuRO0noM
dljpWwezAABTXQKnuPxGdGBe5k/BpWxqsWoKjYep0Z1rC2CsS2MsGIPwbwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJ00X2uAhH0hD4+MnJrIAltwIJTMMB8GA1UdIwQY
MBaAFNLz+GhrYXxfkcm9wZc7opoeSgkGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHZQNGFHdGhmRi1SeWIzQmx6dWltaDVLQ1FZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hYjQ5ZjItMzAxZC00YTM2LTg2YTMt
M2Y4Njk1ZDdlNGRmLzEvblRSZmE0Q0VmU0VQajR5Y21zZ0NXM0FnbE13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hYjQ5ZjItMzAxZC00YTM2LTg2YTMtM2Y4Njk1ZDdlNGRm
LzEvMHZQNGFHdGhmRi1SeWIzQmx6dWltaDVLQ1FZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhJyQDAN
BgkqhkiG9w0BAQsFAAOCAQEAPCN2rgAWqE9t47Bun4zKcpOyBc+lP6x5p3cYa90m
p6PvvScNIE7P526ZQgmr8FaHb31vVAGhDG7yalWxPXQHfLp2omaSu9mjpeJKk23V
NlEVoYEY3F7HuPWHNi63yfgLthGWs2KzgM9B1Vi75EQo1b6n38N8xWbbwyFABGSR
UuQFPpOK3P0BheX4jIjpHYgvoQERG+irCBKwxYMNtcZlXSkaTlGIvZFKeLrkNuO0
x9q4otthwXjDzMymQqNTDPZW3SmfFF/laup/z1glwvN+j/BvU6uRIDGH2lxQkU5v
SC3Qxc4YghbxFh0tpCnqeVIwwFQKneydidEPB5aU4E5iQw==
-----END CERTIFICATE-----