Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/f3x8cwUA6qZZsuNDme4NorrMI9s.roa
File:                     f3x8cwUA6qZZsuNDme4NorrMI9s.roa (raw, json)
Hash identifier:          f/39frKKvsFzHWc3V3OfNCv2ymi+sdOriJKNEJVdaPc=
Subject key identifier:   7F:7C:7C:73:05:00:EA:A6:59:B2:E3:43:99:EE:0D:A2:BA:CC:23:DB
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       019D00909BBD2F2D18A670F2C7BE637788EA
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/f3x8cwUA6qZZsuNDme4NorrMI9s.roa
Signing time:             Wed 18 Mar 2026 10:49:30 +0000
ROA not before:           Wed 18 Mar 2026 10:49:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200029
IP address blocks:        2a0c:9a40:88b0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:00:90:9b:bd:2f:2d:18:a6:70:f2:c7:be:63:77:88:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Mar 18 10:49:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7f7c7c730500eaa659b2e34399ee0da2bacc23db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:88:53:04:cc:4c:2c:f2:2c:e2:e6:7f:a3:3c:
                    c6:3a:0b:4d:50:dd:3d:b5:a5:a4:1b:10:58:26:93:
                    13:95:bb:3d:0f:71:db:3f:c0:4a:3e:52:6c:76:c7:
                    a3:98:0c:da:82:f3:22:24:55:b4:aa:70:cf:d1:f5:
                    aa:7f:b5:18:0d:da:84:0e:26:91:14:93:2f:68:26:
                    d5:90:f2:50:ee:0e:04:a2:54:85:d6:0f:86:f4:8b:
                    09:bc:61:50:4f:e1:45:6f:b4:a8:73:f4:d1:81:3f:
                    25:48:00:75:a8:f0:63:a7:7a:04:43:ba:1b:d4:d2:
                    0b:c4:17:24:b7:0b:da:00:ac:15:f6:c3:ce:61:17:
                    1c:08:d5:30:fe:1e:c3:8c:ce:fb:d0:a2:a3:f3:a4:
                    4f:56:37:8f:fe:0b:e2:50:97:20:d1:59:02:6c:db:
                    a3:80:d3:5a:df:69:c4:d1:8f:2d:a6:8a:e9:19:c4:
                    88:a0:69:60:93:a8:c9:e5:ff:62:25:a3:b7:45:55:
                    a1:ab:dd:46:09:ae:ae:f0:2a:17:96:9b:57:ff:b7:
                    a4:7f:87:0d:06:d9:e4:ea:09:8c:e3:1a:9e:21:64:
                    68:66:ef:60:06:c8:a6:8b:92:b5:73:bd:ea:d1:9c:
                    fe:de:cb:40:d0:1e:f8:76:41:69:8f:5e:5f:b2:37:
                    89:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:7C:7C:73:05:00:EA:A6:59:B2:E3:43:99:EE:0D:A2:BA:CC:23:DB
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/f3x8cwUA6qZZsuNDme4NorrMI9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:88b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         98:18:8e:60:57:a7:30:34:16:36:3b:81:11:bf:47:d9:8b:68:
         b6:3c:ca:73:80:37:15:2a:22:9e:77:72:44:78:06:03:bb:18:
         a8:12:c0:15:24:de:a8:67:1c:23:df:3c:22:dd:5c:3b:72:82:
         32:ea:2a:86:e7:ab:43:d4:12:af:79:ab:41:0c:62:ed:a4:da:
         1a:36:70:de:73:68:0f:8c:c1:98:e8:34:67:5c:e7:5f:b5:9c:
         f7:dc:83:26:a8:79:f3:35:ba:56:f4:fb:97:28:cb:25:b5:75:
         83:fe:71:3a:d5:a6:cc:c9:5b:cb:62:09:f4:5c:c4:ec:f6:3d:
         41:61:6a:d6:44:0b:ab:9b:e2:32:ca:58:00:b6:7b:fe:7d:8b:
         64:33:10:11:18:6f:38:e5:e9:69:14:f4:cf:65:2f:54:4e:2f:
         a0:82:6a:42:e7:f5:8e:d2:3d:b1:dc:1e:a0:3f:86:3f:96:99:
         7f:d5:f5:ee:f8:4d:b1:f7:7f:8a:09:bf:01:c3:c7:12:b4:e3:
         c4:72:d3:40:07:80:14:1d:30:eb:89:52:93:f2:88:5a:a5:ad:
         ff:7f:89:b6:de:08:43:4b:c2:04:61:dd:65:88:42:82:fe:a3:
         7e:ca:f2:24:42:ca:10:85:47:13:99:9b:4d:08:de:68:60:37:
         94:2e:72:ba
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ0AkJu9Ly0YpnDyx75jd4jqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjYwMzE4MTA0OTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjdjN2M3MzA1MDBlYWE2NTliMmUzNDM5OWVlMGRhMmJhY2MyM2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxohTBMxMLPIs4uZ/ozzGOgtNUN09
taWkGxBYJpMTlbs9D3HbP8BKPlJsdsejmAzagvMiJFW0qnDP0fWqf7UYDdqEDiaR
FJMvaCbVkPJQ7g4EolSF1g+G9IsJvGFQT+FFb7Soc/TRgT8lSAB1qPBjp3oEQ7ob
1NILxBcktwvaAKwV9sPOYRccCNUw/h7DjM770KKj86RPVjeP/gviUJcg0VkCbNuj
gNNa32nE0Y8tporpGcSIoGlgk6jJ5f9iJaO3RVWhq91GCa6u8CoXlptX/7ekf4cN
Btnk6gmM4xqeIWRoZu9gBsimi5K1c73q0Zz+3stA0B74dkFpj15fsjeJVwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFH98fHMFAOqmWbLjQ5nuDaK6zCPbMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvZjN4OGN3VUE2cVpac3VORG1lNE5vcnJNSTlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgyaQIiw
MA0GCSqGSIb3DQEBCwUAA4IBAQCYGI5gV6cwNBY2O4ERv0fZi2i2PMpzgDcVKiKe
d3JEeAYDuxioEsAVJN6oZxwj3zwi3Vw7coIy6iqG56tD1BKveatBDGLtpNoaNnDe
c2gPjMGY6DRnXOdftZz33IMmqHnzNbpW9PuXKMsltXWD/nE61abMyVvLYgn0XMTs
9j1BYWrWRAurm+IyylgAtnv+fYtkMxARGG845elpFPTPZS9UTi+ggmpC5/WO0j2x
3B6gP4Y/lpl/1fXu+E2x93+KCb8Bw8cStOPEctNAB4AUHTDriVKT8ohapa3/f4m2
3ghDS8IEYd1liEKC/qN+yvIkQsoQhUcTmZtNCN5oYDeULnK6
-----END CERTIFICATE-----