Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/mNj5xv9nGXpe1PGynvCZZnjrBHA.roa
File:                     mNj5xv9nGXpe1PGynvCZZnjrBHA.roa (raw, json)
Hash identifier:          TkkqknjW6haSUV3elF7SSi1mf8BrofgKNJO9r7Ncf54=
Subject key identifier:   98:D8:F9:C6:FF:67:19:7A:5E:D4:F1:B2:9E:F0:99:66:78:EB:04:70
Certificate issuer:       /CN=fad7100e77ed9119d66e2321bb6711d7e760982b
Certificate serial:       0199CD6D04D1578DD7DFC106B12211BD78B9
Authority key identifier: FA:D7:10:0E:77:ED:91:19:D6:6E:23:21:BB:67:11:D7:E7:60:98:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-tcQDnftkRnWbiMhu2cR1-dgmCs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/mNj5xv9nGXpe1PGynvCZZnjrBHA.roa
Signing time:             Fri 10 Oct 2025 09:21:37 +0000
ROA not before:           Fri 10 Oct 2025 09:21:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396982
IP address blocks:        2003:5:200::/40 maxlen: 40
                          2003:8:4400::/48 maxlen: 48
                          2003:8:6400::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/1-tcQDnftkRnWbiMhu2cR1-dgmCs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/1-tcQDnftkRnWbiMhu2cR1-dgmCs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-tcQDnftkRnWbiMhu2cR1-dgmCs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:cd:6d:04:d1:57:8d:d7:df:c1:06:b1:22:11:bd:78:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fad7100e77ed9119d66e2321bb6711d7e760982b
        Validity
            Not Before: Oct 10 09:21:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=98d8f9c6ff67197a5ed4f1b29ef0996678eb0470
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:fb:8a:d3:4c:79:e8:72:26:2e:4c:4b:23:68:
                    fa:ef:1b:86:2c:11:02:df:74:de:35:65:09:db:e6:
                    05:14:c7:66:49:a7:56:3b:0d:f0:bc:2e:19:66:e2:
                    6d:bc:e0:da:9d:a3:38:32:98:da:7e:16:ed:ae:c3:
                    d3:ff:10:f6:1a:ec:01:13:da:2f:6a:bd:d6:4b:92:
                    16:0f:f9:5e:43:e0:b8:8f:5f:e3:b4:d1:f5:ab:5b:
                    ac:b4:82:f7:fb:cf:32:74:80:9b:ee:07:9a:61:b1:
                    c2:f2:54:1b:ba:bb:07:1a:e1:2e:42:8b:ab:76:49:
                    66:b0:87:25:97:41:ed:df:3e:cb:7f:42:23:10:a2:
                    4c:ac:93:02:88:c0:e9:0c:38:2d:5a:cf:11:bd:1b:
                    8e:03:48:1f:a3:46:9a:ea:3e:05:d3:42:b1:a9:84:
                    c9:22:9e:0e:d2:63:88:b8:98:cb:69:98:12:19:ad:
                    73:8f:b0:98:fb:96:2e:ec:ce:1b:47:11:47:07:22:
                    73:c1:1d:9a:b5:3a:f4:e0:91:0a:61:7e:44:fb:ce:
                    4a:c5:11:1a:e2:b4:29:6c:4e:d0:1f:62:3d:66:2a:
                    93:56:8b:22:b8:5d:6e:05:7c:27:35:17:f6:e3:da:
                    f8:b2:68:43:32:52:55:f8:33:69:31:38:1f:82:f3:
                    4b:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:D8:F9:C6:FF:67:19:7A:5E:D4:F1:B2:9E:F0:99:66:78:EB:04:70
            X509v3 Authority Key Identifier:
                keyid:FA:D7:10:0E:77:ED:91:19:D6:6E:23:21:BB:67:11:D7:E7:60:98:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-tcQDnftkRnWbiMhu2cR1-dgmCs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/mNj5xv9nGXpe1PGynvCZZnjrBHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/01d411-d915-4277-8fe2-76b0dda2bf3e/1/1-tcQDnftkRnWbiMhu2cR1-dgmCs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2003:5:200::/40
                  2003:8:4400::/48
                  2003:8:6400::/48

    Signature Algorithm: sha256WithRSAEncryption
         72:8b:9b:c2:4c:07:3e:2a:2a:d7:1d:b8:ff:cc:fe:2b:90:fd:
         42:0a:52:a8:34:ee:d8:9f:c6:29:ba:93:5a:c0:d6:f3:e7:2f:
         41:43:ba:bf:87:a3:fa:96:ba:94:71:9f:ef:6c:ee:4d:c4:92:
         f8:d1:51:4a:95:80:65:bd:82:8f:93:6f:c8:f3:b7:91:fc:cf:
         a6:ec:0d:44:ff:6e:4d:f7:ea:a3:1f:14:e4:5f:b2:b5:1a:6e:
         80:97:bd:c7:cc:68:3f:4a:a0:05:45:94:18:56:5f:0e:b3:ba:
         93:6c:c1:c1:36:46:20:b2:09:6c:f6:ae:5b:72:e6:c9:9a:3c:
         d8:dd:82:d4:40:d3:c7:6f:75:78:01:71:9b:2c:6b:1d:a1:43:
         de:d3:78:5c:51:13:31:c2:98:b9:fd:e2:6d:a8:38:bb:e7:96:
         22:3d:0a:1b:5f:d4:88:5d:ec:02:ad:c3:e9:5c:bc:69:bd:81:
         39:4c:96:81:be:f2:c6:68:b5:31:ac:20:c5:a9:bf:e2:0f:4b:
         a3:10:a2:d9:a7:ee:e8:80:8e:e3:12:d1:49:aa:50:5e:cb:6d:
         9f:50:ed:fd:44:98:40:b7:c1:cd:e6:f2:1f:2f:9f:af:a3:e5:
         46:d8:e5:46:c7:bb:de:68:f1:a8:8b:22:c9:25:b5:e8:13:ff:
         51:2b:0f:0e
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZnNbQTRV43X38EGsSIRvXi5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhZDcxMDBlNzdlZDkxMTlkNjZlMjMyMWJiNjcxMWQ3ZTc2
MDk4MmIwHhcNMjUxMDEwMDkyMTM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGQ4ZjljNmZmNjcxOTdhNWVkNGYxYjI5ZWYwOTk2Njc4ZWIwNDcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPuK00x56HImLkxLI2j67xuGLBEC
33TeNWUJ2+YFFMdmSadWOw3wvC4ZZuJtvODanaM4MpjafhbtrsPT/xD2GuwBE9ov
ar3WS5IWD/leQ+C4j1/jtNH1q1ustIL3+88ydICb7geaYbHC8lQbursHGuEuQour
dklmsIcll0Ht3z7Lf0IjEKJMrJMCiMDpDDgtWs8RvRuOA0gfo0aa6j4F00KxqYTJ
Ip4O0mOIuJjLaZgSGa1zj7CY+5Yu7M4bRxFHByJzwR2atTr04JEKYX5E+85KxREa
4rQpbE7QH2I9ZiqTVosiuF1uBXwnNRf249r4smhDMlJV+DNpMTgfgvNLXwIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFJjY+cb/Zxl6XtTxsp7wmWZ46wRwMB8GA1UdIwQY
MBaAFPrXEA537ZEZ1m4jIbtnEdfnYJgrMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS10Y1FEbmZ0a1JuV2JpTWh1MmNSMS1kZ21Dcy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvM2UvMDFkNDExLWQ5MTUtNDI3Ny04ZmUy
LTc2YjBkZGEyYmYzZS8xL21OajV4djluR1hwZTFQR3ludkNaWm5qckJIQS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvM2UvMDFkNDExLWQ5MTUtNDI3Ny04ZmUyLTc2YjBkZGEyYmYz
ZS8xLzEtdGNRRG5mdGtSbldiaU1odTJjUjEtZGdtQ3MuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMwYIKwYBBQUHAQcBAf8EJDAiMCAEAgACMBoDBgAgAwAF
AgMHACADAAhEAAMHACADAAhkADANBgkqhkiG9w0BAQsFAAOCAQEAcoubwkwHPioq
1x24/8z+K5D9QgpSqDTu2J/GKbqTWsDW8+cvQUO6v4ej+pa6lHGf72zuTcSS+NFR
SpWAZb2Cj5NvyPO3kfzPpuwNRP9uTffqox8U5F+ytRpugJe9x8xoP0qgBUWUGFZf
DrO6k2zBwTZGILIJbPauW3LmyZo82N2C1EDTx291eAFxmyxrHaFD3tN4XFETMcKY
uf3ibag4u+eWIj0KG1/UiF3sAq3D6Vy8ab2BOUyWgb7yxmi1Mawgxam/4g9LoxCi
2afu6ICO4xLRSapQXsttn1Dt/USYQLfBzebyHy+fr6PlRtjlRse73mjxqIsiySW1
6BP/USsPDg==
-----END CERTIFICATE-----
Generated at Sun Oct 19 23:24:51 2025 by rpki-client