Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/873a70-7504-4308-9314-bf133af1edcc/1/3A95eT0-F8FWn0aRvaXeJYEs4vU.roa
File:                     3A95eT0-F8FWn0aRvaXeJYEs4vU.roa (raw, json)
Hash identifier:          LYh5oBJnNPibPoXaGK/ua+lzHz0SVEi30h9T4GjLlU0=
Subject key identifier:   DC:0F:79:79:3D:3E:17:C1:56:9F:46:91:BD:A5:DE:25:81:2C:E2:F5
Certificate issuer:       /CN=d086aa1da02f6701180b2c0341d60307f14a2cbe
Certificate serial:       019CF0B52732987A73C8F4B74A4AFA1E55F5
Authority key identifier: D0:86:AA:1D:A0:2F:67:01:18:0B:2C:03:41:D6:03:07:F1:4A:2C:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0IaqHaAvZwEYCywDQdYDB_FKLL4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/873a70-7504-4308-9314-bf133af1edcc/1/3A95eT0-F8FWn0aRvaXeJYEs4vU.roa
Signing time:             Sun 15 Mar 2026 08:55:29 +0000
ROA not before:           Sun 15 Mar 2026 08:55:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200097
IP address blocks:        2a13:3280::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/873a70-7504-4308-9314-bf133af1edcc/1/0IaqHaAvZwEYCywDQdYDB_FKLL4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/873a70-7504-4308-9314-bf133af1edcc/1/0IaqHaAvZwEYCywDQdYDB_FKLL4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0IaqHaAvZwEYCywDQdYDB_FKLL4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f0:b5:27:32:98:7a:73:c8:f4:b7:4a:4a:fa:1e:55:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d086aa1da02f6701180b2c0341d60307f14a2cbe
        Validity
            Not Before: Mar 15 08:55:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dc0f79793d3e17c1569f4691bda5de25812ce2f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:0d:7d:bc:76:d4:85:62:cb:d3:dc:01:21:12:
                    1d:05:47:fc:be:11:f9:27:e0:be:e2:d9:fc:68:9c:
                    75:50:ac:9b:98:c3:c5:7a:5d:60:7e:32:06:c5:57:
                    da:a6:e5:44:3a:00:e6:ef:bd:11:5c:1b:92:4c:ee:
                    d4:23:d3:a2:15:bc:33:1c:0a:47:13:e3:a4:5b:22:
                    07:b2:cf:a8:fc:18:6e:37:d5:f1:1b:50:fb:de:fc:
                    3c:36:59:97:46:d4:cd:6d:f7:1e:03:d6:d7:fa:0b:
                    82:c3:da:8e:37:1e:11:d8:df:47:65:74:79:14:2e:
                    9c:46:65:b6:b7:b7:22:19:20:e8:58:5d:41:64:b0:
                    be:e1:44:83:c5:3e:27:34:8a:69:e7:3a:51:b1:4a:
                    5b:82:95:b5:ef:3e:07:55:5c:a3:7c:30:52:3e:88:
                    a5:66:c9:77:c6:ad:c8:e3:6c:2e:24:cb:37:2c:1d:
                    a9:a9:51:90:8f:b3:b6:34:2e:29:b9:b0:73:ea:fe:
                    06:7c:9e:f1:63:e1:77:bd:0d:e4:63:4a:88:7c:4e:
                    1a:c3:44:ea:3c:a0:79:21:10:4b:8c:33:41:9a:fe:
                    54:46:4c:18:7d:b0:c4:01:6a:f6:63:29:53:6c:12:
                    75:49:c6:f6:90:21:9a:66:a7:3d:34:d5:17:a9:23:
                    5e:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:0F:79:79:3D:3E:17:C1:56:9F:46:91:BD:A5:DE:25:81:2C:E2:F5
            X509v3 Authority Key Identifier:
                keyid:D0:86:AA:1D:A0:2F:67:01:18:0B:2C:03:41:D6:03:07:F1:4A:2C:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0IaqHaAvZwEYCywDQdYDB_FKLL4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/873a70-7504-4308-9314-bf133af1edcc/1/3A95eT0-F8FWn0aRvaXeJYEs4vU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/873a70-7504-4308-9314-bf133af1edcc/1/0IaqHaAvZwEYCywDQdYDB_FKLL4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:3280::/29

    Signature Algorithm: sha256WithRSAEncryption
         4c:4b:58:c8:eb:2b:aa:33:2e:9c:ae:81:93:d5:1d:17:90:f2:
         89:be:cc:a2:62:86:6b:25:cd:32:24:cc:8c:53:b8:01:d3:85:
         cb:32:fc:f3:e1:b8:82:86:fd:67:51:1a:2c:a3:d9:79:af:f9:
         1e:f3:9e:ba:e4:bc:76:fc:a1:64:a5:78:10:0b:04:3b:b6:dd:
         89:49:74:66:b1:66:ac:3f:3a:42:ab:40:b2:c7:b8:40:d7:2a:
         ea:2d:38:6e:cb:3f:5d:41:b5:6d:42:74:6a:5d:d9:60:d7:34:
         b2:39:81:db:08:38:77:fc:63:42:ed:9c:2e:e5:d2:6f:0b:a7:
         a9:fa:4e:18:f2:eb:76:07:da:a0:79:ca:35:45:25:06:f3:80:
         f5:5b:bf:0f:3e:ed:06:83:af:f1:b0:9f:10:8f:05:9f:5d:07:
         01:7d:f5:c7:bb:a1:30:89:92:5e:79:5a:65:ec:4e:b2:3a:c7:
         47:f4:3b:2d:e6:cf:88:dd:ed:ea:4c:00:69:da:7e:1a:12:7d:
         57:5e:de:d5:61:45:bd:2d:5a:7c:85:37:96:22:6d:88:36:fc:
         bb:2b:30:7e:84:2d:49:01:9e:02:9a:c2:75:9e:8d:f6:b2:bf:
         69:98:72:f4:53:35:5d:27:ac:f8:f0:ea:00:f6:f1:51:1e:44:
         85:a4:26:57
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZzwtScymHpzyPS3Skr6HlX1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwODZhYTFkYTAyZjY3MDExODBiMmMwMzQxZDYwMzA3ZjE0
YTJjYmUwHhcNMjYwMzE1MDg1NTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzBmNzk3OTNkM2UxN2MxNTY5ZjQ2OTFiZGE1ZGUyNTgxMmNlMmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvg19vHbUhWLL09wBIRIdBUf8vhH5
J+C+4tn8aJx1UKybmMPFel1gfjIGxVfapuVEOgDm770RXBuSTO7UI9OiFbwzHApH
E+OkWyIHss+o/BhuN9XxG1D73vw8NlmXRtTNbfceA9bX+guCw9qONx4R2N9HZXR5
FC6cRmW2t7ciGSDoWF1BZLC+4USDxT4nNIpp5zpRsUpbgpW17z4HVVyjfDBSPoil
Zsl3xq3I42wuJMs3LB2pqVGQj7O2NC4pubBz6v4GfJ7xY+F3vQ3kY0qIfE4aw0Tq
PKB5IRBLjDNBmv5URkwYfbDEAWr2YylTbBJ1Scb2kCGaZqc9NNUXqSNetQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNwPeXk9PhfBVp9Gkb2l3iWBLOL1MB8GA1UdIwQY
MBaAFNCGqh2gL2cBGAssA0HWAwfxSiy+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMElhcUhhQXZad0VZQ3l3RFFkWURCX0ZLTEw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My84NzNhNzAtNzUwNC00MzA4LTkzMTQt
YmYxMzNhZjFlZGNjLzEvM0E5NWVUMC1GOEZXbjBhUnZhWGVKWUVzNHZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My84NzNhNzAtNzUwNC00MzA4LTkzMTQtYmYxMzNhZjFlZGNj
LzEvMElhcUhhQXZad0VZQ3l3RFFkWURCX0ZLTEw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhMygDAN
BgkqhkiG9w0BAQsFAAOCAQEATEtYyOsrqjMunK6Bk9UdF5Dyib7MomKGayXNMiTM
jFO4AdOFyzL88+G4gob9Z1EaLKPZea/5HvOeuuS8dvyhZKV4EAsEO7bdiUl0ZrFm
rD86QqtAsse4QNcq6i04bss/XUG1bUJ0al3ZYNc0sjmB2wg4d/xjQu2cLuXSbwun
qfpOGPLrdgfaoHnKNUUlBvOA9Vu/Dz7tBoOv8bCfEI8Fn10HAX31x7uhMImSXnla
ZexOsjrHR/Q7LebPiN3t6kwAadp+GhJ9V17e1WFFvS1afIU3liJtiDb8uyswfoQt
SQGeAprCdZ6N9rK/aZhy9FM1XSes+PDqAPbxUR5EhaQmVw==
-----END CERTIFICATE-----