Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/213a95-aacf-40a9-9753-94c0b0b76029/1/1j-cndh73up45TjcJHDMi8wQ8Xc.roa
File:                     1j-cndh73up45TjcJHDMi8wQ8Xc.roa (raw, json)
Hash identifier:          KpN3w6f7/yCpGmCh1vdlXsD6GVlxoKm9AQfV9ZcUMXk=
Subject key identifier:   D6:3F:9C:9D:D8:7B:DE:EA:78:E5:38:DC:24:70:CC:8B:CC:10:F1:77
Certificate issuer:       /CN=4b632a758b59309e861089d6553aee067a6b353f
Certificate serial:       019CFBF9FA1DF583CA648EE44F319BE4D202
Authority key identifier: 4B:63:2A:75:8B:59:30:9E:86:10:89:D6:55:3A:EE:06:7A:6B:35:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S2MqdYtZMJ6GEInWVTruBnprNT8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/213a95-aacf-40a9-9753-94c0b0b76029/1/1j-cndh73up45TjcJHDMi8wQ8Xc.roa
Signing time:             Tue 17 Mar 2026 13:26:29 +0000
ROA not before:           Tue 17 Mar 2026 13:26:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204312
IP address blocks:        2001:4019::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/213a95-aacf-40a9-9753-94c0b0b76029/1/S2MqdYtZMJ6GEInWVTruBnprNT8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/213a95-aacf-40a9-9753-94c0b0b76029/1/S2MqdYtZMJ6GEInWVTruBnprNT8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S2MqdYtZMJ6GEInWVTruBnprNT8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 19:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:fb:f9:fa:1d:f5:83:ca:64:8e:e4:4f:31:9b:e4:d2:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b632a758b59309e861089d6553aee067a6b353f
        Validity
            Not Before: Mar 17 13:26:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d63f9c9dd87bdeea78e538dc2470cc8bcc10f177
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:76:7d:29:ad:e0:dc:ad:11:a9:42:a3:8c:36:
                    29:8d:60:99:ce:b0:fa:9a:fb:2c:9e:55:eb:a2:62:
                    dd:22:6d:96:79:f1:9c:52:50:d2:b3:bf:c7:ef:e2:
                    58:15:53:14:17:50:81:8e:ff:90:9a:0e:67:1d:b8:
                    f9:f3:86:8d:31:ee:57:e5:0e:de:c8:bb:bb:bc:69:
                    2c:39:13:00:f8:fd:17:9b:87:ae:57:02:4a:b1:24:
                    b4:b2:b1:42:12:d4:f4:03:51:5f:0f:d7:d2:28:2a:
                    fe:cf:1a:8f:5f:5c:e0:7f:28:df:92:c2:e6:81:b6:
                    f6:76:17:56:30:a6:66:00:43:7e:d6:45:84:87:90:
                    44:a9:9d:2d:49:0b:00:34:33:bb:4e:d6:e8:35:5d:
                    dd:5f:c6:14:09:fc:f7:9a:74:98:9f:68:27:3c:d9:
                    e2:ec:37:ce:cc:52:ec:fb:65:9c:8c:ae:72:f6:9a:
                    14:92:53:c3:73:a9:42:9b:84:ec:c1:8e:42:73:01:
                    d1:16:18:e1:24:03:77:83:a2:16:71:f9:d7:9a:a8:
                    af:16:9a:2a:cf:7b:43:a2:30:9d:bc:1e:ac:72:07:
                    57:72:88:7f:01:d0:81:dd:04:ad:85:75:f7:1b:09:
                    91:42:95:ec:b8:23:65:57:b0:82:93:8c:9b:95:4d:
                    36:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:3F:9C:9D:D8:7B:DE:EA:78:E5:38:DC:24:70:CC:8B:CC:10:F1:77
            X509v3 Authority Key Identifier:
                keyid:4B:63:2A:75:8B:59:30:9E:86:10:89:D6:55:3A:EE:06:7A:6B:35:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S2MqdYtZMJ6GEInWVTruBnprNT8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/213a95-aacf-40a9-9753-94c0b0b76029/1/1j-cndh73up45TjcJHDMi8wQ8Xc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/213a95-aacf-40a9-9753-94c0b0b76029/1/S2MqdYtZMJ6GEInWVTruBnprNT8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:4019::/32

    Signature Algorithm: sha256WithRSAEncryption
         50:15:8b:73:ee:3c:96:7b:67:22:6e:ff:e6:5f:50:50:22:a3:
         12:07:31:f6:8f:80:5b:06:2c:8f:a8:56:ce:6b:03:ca:5f:07:
         9d:8b:21:c3:d1:e0:60:73:83:e1:a4:8a:ad:7b:8e:6f:04:1c:
         fd:a1:d4:3e:97:f6:09:9d:f2:4b:10:69:59:44:e8:75:42:61:
         1c:c8:4c:ec:02:95:0e:42:94:70:33:b8:8d:09:06:92:c8:b0:
         a0:9e:26:53:a9:2d:c8:3b:73:61:a7:55:68:9b:e4:2d:35:8f:
         0a:e4:0b:33:28:14:db:2d:24:94:6e:dd:29:8c:1d:cd:29:bf:
         b8:d4:9f:9a:99:29:87:05:07:be:07:61:b3:e3:3c:23:76:a3:
         29:b3:73:ce:2b:0b:78:14:9f:db:7d:d6:9e:33:d5:d7:28:e8:
         11:7b:c6:b2:7d:97:ec:6b:a4:fa:37:71:30:7e:5c:c8:72:93:
         b7:1e:1e:ba:85:b0:46:dd:6d:94:b8:01:ba:04:e1:34:2f:b8:
         af:52:73:55:9a:99:5b:25:f4:3a:da:92:98:e5:8b:1e:4a:4b:
         e8:04:08:47:80:62:73:3b:6b:b7:0d:fa:05:05:e3:e7:2b:a0:
         9a:18:89:7b:7d:27:11:2b:96:04:88:89:27:63:23:af:2e:1d:
         14:79:0b:d0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZz7+fod9YPKZI7kTzGb5NICMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNjMyYTc1OGI1OTMwOWU4NjEwODlkNjU1M2FlZTA2N2E2
YjM1M2YwHhcNMjYwMzE3MTMyNjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjNmOWM5ZGQ4N2JkZWVhNzhlNTM4ZGMyNDcwY2M4YmNjMTBmMTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHZ9Ka3g3K0RqUKjjDYpjWCZzrD6
mvssnlXromLdIm2WefGcUlDSs7/H7+JYFVMUF1CBjv+Qmg5nHbj584aNMe5X5Q7e
yLu7vGksORMA+P0Xm4euVwJKsSS0srFCEtT0A1FfD9fSKCr+zxqPX1zgfyjfksLm
gbb2dhdWMKZmAEN+1kWEh5BEqZ0tSQsANDO7TtboNV3dX8YUCfz3mnSYn2gnPNni
7DfOzFLs+2WcjK5y9poUklPDc6lCm4TswY5CcwHRFhjhJAN3g6IWcfnXmqivFpoq
z3tDojCdvB6scgdXcoh/AdCB3QSthXX3GwmRQpXsuCNlV7CCk4yblU02dQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNY/nJ3Ye97qeOU43CRwzIvMEPF3MB8GA1UdIwQY
MBaAFEtjKnWLWTCehhCJ1lU67gZ6azU/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzJNcWRZdFpNSjZHRUluV1ZUcnVCbnByTlQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS8yMTNhOTUtYWFjZi00MGE5LTk3NTMt
OTRjMGIwYjc2MDI5LzEvMWotY25kaDczdXA0NVRqY0pIRE1pOHdROFhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS8yMTNhOTUtYWFjZi00MGE5LTk3NTMtOTRjMGIwYjc2MDI5
LzEvUzJNcWRZdFpNSjZHRUluV1ZUcnVCbnByTlQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAIAFAGTAN
BgkqhkiG9w0BAQsFAAOCAQEAUBWLc+48lntnIm7/5l9QUCKjEgcx9o+AWwYsj6hW
zmsDyl8HnYshw9HgYHOD4aSKrXuObwQc/aHUPpf2CZ3ySxBpWUTodUJhHMhM7AKV
DkKUcDO4jQkGksiwoJ4mU6ktyDtzYadVaJvkLTWPCuQLMygU2y0klG7dKYwdzSm/
uNSfmpkphwUHvgdhs+M8I3ajKbNzzisLeBSf233WnjPV1yjoEXvGsn2X7Guk+jdx
MH5cyHKTtx4euoWwRt1tlLgBugThNC+4r1JzVZqZWyX0OtqSmOWLHkpL6AQIR4Bi
cztrtw36BQXj5yugmhiJe30nESuWBIiJJ2Mjry4dFHkL0A==
-----END CERTIFICATE-----