Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/icd-nuc9UFxQO3FVUXgmHF6fnC8.roa
File:                     icd-nuc9UFxQO3FVUXgmHF6fnC8.roa (raw, json)
Hash identifier:          NfaBcu0L04hGta18iK8UeVVY2pW+rZvubXo5nNx4860=
Subject key identifier:   89:C7:7E:9E:E7:3D:50:5C:50:3B:71:55:51:78:26:1C:5E:9F:9C:2F
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019DF58D45CF3698F4BC78ACB1A231BAC472
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/icd-nuc9UFxQO3FVUXgmHF6fnC8.roa
Signing time:             Tue 05 May 2026 00:32:49 +0000
ROA not before:           Tue 05 May 2026 00:32:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198038
IP address blocks:        2a06:9801:2b7::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 13:34:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f5:8d:45:cf:36:98:f4:bc:78:ac:b1:a2:31:ba:c4:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: May  5 00:32:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=89c77e9ee73d505c503b71555178261c5e9f9c2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:c7:c7:e3:01:d0:de:83:a0:da:d8:74:90:8d:
                    b0:60:1a:73:6a:d5:7b:07:fc:cd:a7:21:86:e6:f8:
                    75:79:df:a2:33:64:64:3f:60:c8:52:db:f8:7e:c5:
                    57:0b:54:3e:2b:b0:17:84:1b:0f:71:bb:ba:dc:fc:
                    1d:9c:a0:b7:e1:f2:56:c5:b1:bf:35:72:a7:41:22:
                    06:29:25:a9:7b:01:2d:bb:22:83:29:80:16:81:4f:
                    5d:3e:4e:a7:7c:e9:93:a1:c6:b1:e8:43:81:e5:7a:
                    54:a5:04:75:4d:e3:d3:cc:b8:f5:54:e1:46:ce:4e:
                    41:41:8a:d6:59:04:7b:6a:29:33:1f:69:e0:9c:18:
                    65:90:2a:1d:8e:e2:82:4e:72:aa:0a:f3:45:36:22:
                    26:11:a4:d3:96:4d:e0:52:aa:32:78:b8:3a:c8:11:
                    26:54:ba:55:94:ae:e0:69:cc:4d:ca:ba:76:e1:4c:
                    8d:55:a4:ab:1f:2a:a7:03:19:4e:69:2e:df:04:5b:
                    0e:92:84:06:ad:82:eb:e8:b6:4a:ee:da:28:af:d2:
                    f7:b2:17:b8:65:4d:cb:6c:f9:3f:36:89:c7:73:ac:
                    8b:cb:35:a7:c4:df:9f:76:9d:f7:b7:64:e1:43:97:
                    e9:c2:57:f1:2a:9e:99:45:fb:40:a3:53:27:3f:f1:
                    6e:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:C7:7E:9E:E7:3D:50:5C:50:3B:71:55:51:78:26:1C:5E:9F:9C:2F
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/icd-nuc9UFxQO3FVUXgmHF6fnC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:2b7::/48

    Signature Algorithm: sha256WithRSAEncryption
         8c:93:37:40:a0:17:a7:c5:00:2f:33:ec:31:4f:42:5c:dc:cc:
         37:e5:0b:bf:44:3d:32:48:05:61:09:53:19:c5:79:26:7c:bb:
         cf:2b:d3:79:0d:28:02:f8:00:7e:a7:42:69:0f:b6:78:3b:d9:
         30:0b:44:c8:f0:d3:27:fe:07:e0:9e:1b:50:ce:d2:08:f2:b5:
         27:db:6c:39:22:7b:0a:d4:39:b8:41:fd:76:55:70:e4:c9:e2:
         1e:3e:29:85:fe:05:82:1a:49:e6:49:f4:78:1b:f2:96:95:49:
         95:de:57:a4:06:bf:d6:c1:25:b9:e8:5c:63:28:da:45:87:f2:
         bd:f2:36:1b:71:58:4b:bd:a3:8e:43:42:17:93:35:be:72:11:
         3c:e6:bc:90:2f:60:54:fe:2f:e1:d4:aa:53:26:f9:55:37:81:
         d3:dd:1c:d1:ac:3b:8c:eb:49:a5:b3:16:88:51:80:88:01:e5:
         82:60:e4:e4:71:bb:1f:79:4d:2b:5d:64:41:4d:d1:e4:21:52:
         44:f8:cb:00:dc:5d:0b:92:ca:19:31:eb:4d:a1:df:43:e0:6e:
         c4:8d:1a:88:1e:e3:15:f6:49:43:1f:e2:fd:34:95:0d:45:96:
         6b:57:0b:1b:cc:34:fa:91:5b:f0:53:64:72:38:96:e0:37:5d:
         3e:1b:59:3c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ31jUXPNpj0vHissaIxusRyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNTA1MDAzMjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWM3N2U5ZWU3M2Q1MDVjNTAzYjcxNTU1MTc4MjYxYzVlOWY5YzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlcfH4wHQ3oOg2th0kI2wYBpzatV7
B/zNpyGG5vh1ed+iM2RkP2DIUtv4fsVXC1Q+K7AXhBsPcbu63PwdnKC34fJWxbG/
NXKnQSIGKSWpewEtuyKDKYAWgU9dPk6nfOmTocax6EOB5XpUpQR1TePTzLj1VOFG
zk5BQYrWWQR7aikzH2ngnBhlkCodjuKCTnKqCvNFNiImEaTTlk3gUqoyeLg6yBEm
VLpVlK7gacxNyrp24UyNVaSrHyqnAxlOaS7fBFsOkoQGrYLr6LZK7toor9L3she4
ZU3LbPk/NonHc6yLyzWnxN+fdp33t2ThQ5fpwlfxKp6ZRftAo1MnP/FuIwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFInHfp7nPVBcUDtxVVF4Jhxen5wvMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvaWNkLW51YzlVRnhRTzNGVlVYZ21IRjZmbkM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQK3
MA0GCSqGSIb3DQEBCwUAA4IBAQCMkzdAoBenxQAvM+wxT0Jc3Mw35Qu/RD0ySAVh
CVMZxXkmfLvPK9N5DSgC+AB+p0JpD7Z4O9kwC0TI8NMn/gfgnhtQztII8rUn22w5
InsK1Dm4Qf12VXDkyeIePimF/gWCGknmSfR4G/KWlUmV3lekBr/WwSW56FxjKNpF
h/K98jYbcVhLvaOOQ0IXkzW+chE85ryQL2BU/i/h1KpTJvlVN4HT3RzRrDuM60ml
sxaIUYCIAeWCYOTkcbsfeU0rXWRBTdHkIVJE+MsA3F0LksoZMetNod9D4G7EjRqI
HuMV9klDH+L9NJUNRZZrVwsbzDT6kVvwU2RyOJbgN10+G1k8
-----END CERTIFICATE-----