Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/3GvWibLTJrESddRKnw3eVmdD5zI.roa
File:                     3GvWibLTJrESddRKnw3eVmdD5zI.roa (raw, json)
Hash identifier:          bWBXYUXDq+nVr/Ou2VfDQ+8EY+QX6L6LlWVededbWHM=
Subject key identifier:   DC:6B:D6:89:B2:D3:26:B1:12:75:D4:4A:9F:0D:DE:56:67:43:E7:32
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019DF592C4098C07B854DA947FB620862780
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/3GvWibLTJrESddRKnw3eVmdD5zI.roa
Signing time:             Tue 05 May 2026 00:38:49 +0000
ROA not before:           Tue 05 May 2026 00:38:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216155
IP address blocks:        2a06:9801:700::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 13:34:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f5:92:c4:09:8c:07:b8:54:da:94:7f:b6:20:86:27:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: May  5 00:38:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dc6bd689b2d326b11275d44a9f0dde566743e732
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:3f:0f:d3:39:01:30:33:c3:f1:6d:bd:3d:18:
                    be:ac:f6:4f:f4:6f:20:a0:6f:d0:01:2e:df:2a:2e:
                    af:18:62:2d:30:77:04:34:5e:be:6f:c7:aa:e3:57:
                    f6:3b:b7:d4:6a:d7:fd:aa:b5:6e:4b:90:af:64:54:
                    20:e5:86:8a:22:71:11:bc:e4:a4:6c:15:a5:ef:fe:
                    9e:10:7f:8d:b4:12:88:0f:2a:56:63:03:89:3e:78:
                    2f:16:cd:4a:5b:6c:04:c2:6e:88:66:66:9a:66:14:
                    66:22:96:85:a7:5c:c9:c0:49:e6:f2:87:31:4f:d7:
                    29:8b:f6:56:e2:27:98:6f:b8:27:61:5c:2e:b6:ef:
                    08:c6:69:c3:8f:96:e7:14:ab:57:55:d5:92:f5:01:
                    7f:1a:9e:a2:8c:7f:94:14:25:c1:2e:a9:1a:f1:b2:
                    98:2d:c1:7b:70:0c:ff:22:8b:62:8a:3c:a5:a3:8c:
                    72:46:11:33:e2:45:aa:70:ef:16:46:94:96:73:85:
                    b7:7d:d5:a4:fa:64:99:5d:ea:8e:74:56:a8:32:39:
                    65:61:66:04:7b:02:2d:a1:d6:66:51:80:81:97:82:
                    ce:41:c9:e8:ab:4a:dc:1f:aa:74:5d:fc:7a:71:aa:
                    7f:7f:fc:72:0b:37:2d:87:1d:fc:3f:59:0d:80:8c:
                    91:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:6B:D6:89:B2:D3:26:B1:12:75:D4:4A:9F:0D:DE:56:67:43:E7:32
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/3GvWibLTJrESddRKnw3eVmdD5zI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:700::/44

    Signature Algorithm: sha256WithRSAEncryption
         09:a3:37:f4:bc:aa:72:68:90:8b:58:dc:a6:fd:07:d7:f8:71:
         07:ed:de:01:c1:3a:29:78:07:63:ea:df:7e:20:7c:2c:bb:a8:
         ed:e0:96:65:73:c2:22:96:b3:a0:c3:ba:aa:69:0c:94:a0:1b:
         2c:8d:84:c0:de:19:dc:15:e0:f0:23:05:28:4a:a5:b9:87:08:
         dd:f9:ca:8f:54:d0:18:4c:99:f9:95:18:2c:52:17:27:ae:2c:
         25:34:41:15:ff:52:eb:9a:8c:11:81:ae:32:8d:5a:57:43:84:
         52:f3:be:49:1d:27:17:86:ee:92:84:74:1d:8f:13:64:a9:ed:
         4a:60:9e:81:b2:ef:16:55:4d:87:18:6f:99:67:1e:6e:38:44:
         2e:a9:5a:dd:e6:a2:c0:b3:5f:5b:d4:d8:d2:46:78:40:86:1f:
         11:51:16:6e:84:86:bd:11:de:91:7a:85:36:34:0a:6c:83:59:
         ac:36:3a:a4:c6:39:9f:cb:13:a0:58:d1:ed:d5:16:09:a5:9f:
         9c:fe:a7:78:14:85:12:70:2a:dc:cd:fb:c5:76:c6:ec:f3:ff:
         18:1a:cd:4a:a8:c7:b4:1d:ad:82:b9:54:af:e5:e9:81:a7:93:
         22:25:ae:49:f7:c1:92:82:0c:ce:bf:c6:f1:4f:a1:21:12:28:
         8d:a4:43:4c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ31ksQJjAe4VNqUf7YghieAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNTA1MDAzODQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzZiZDY4OWIyZDMyNmIxMTI3NWQ0NGE5ZjBkZGU1NjY3NDNlNzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlj8P0zkBMDPD8W29PRi+rPZP9G8g
oG/QAS7fKi6vGGItMHcENF6+b8eq41f2O7fUatf9qrVuS5CvZFQg5YaKInERvOSk
bBWl7/6eEH+NtBKIDypWYwOJPngvFs1KW2wEwm6IZmaaZhRmIpaFp1zJwEnm8ocx
T9cpi/ZW4ieYb7gnYVwutu8IxmnDj5bnFKtXVdWS9QF/Gp6ijH+UFCXBLqka8bKY
LcF7cAz/Iotiijylo4xyRhEz4kWqcO8WRpSWc4W3fdWk+mSZXeqOdFaoMjllYWYE
ewItodZmUYCBl4LOQcnoq0rcH6p0Xfx6cap/f/xyCzcthx38P1kNgIyRhwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNxr1omy0yaxEnXUSp8N3lZnQ+cyMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvM0d2V2liTFRKckVTZGRSS253M2VWbWRENXpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgaYAQcA
MA0GCSqGSIb3DQEBCwUAA4IBAQAJozf0vKpyaJCLWNym/QfX+HEH7d4BwTopeAdj
6t9+IHwsu6jt4JZlc8IilrOgw7qqaQyUoBssjYTA3hncFeDwIwUoSqW5hwjd+cqP
VNAYTJn5lRgsUhcnriwlNEEV/1LrmowRga4yjVpXQ4RS875JHScXhu6ShHQdjxNk
qe1KYJ6Bsu8WVU2HGG+ZZx5uOEQuqVrd5qLAs19b1NjSRnhAhh8RURZuhIa9Ed6R
eoU2NApsg1msNjqkxjmfyxOgWNHt1RYJpZ+c/qd4FIUScCrczfvFdsbs8/8YGs1K
qMe0Ha2CuVSv5emBp5MiJa5J98GSggzOv8bxT6EhEiiNpENM
-----END CERTIFICATE-----