Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/ib3EDOwZul2hZKnAjZ6NKNBbPjs.roa
File:                     ib3EDOwZul2hZKnAjZ6NKNBbPjs.roa (raw, json)
Hash identifier:          vfAGnX21CXVZkAMt/UkL7kaOIrn7XYDqDUBzX7katIQ=
Subject key identifier:   89:BD:C4:0C:EC:19:BA:5D:A1:64:A9:C0:8D:9E:8D:28:D0:5B:3E:3B
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       019CE7B969607886B7624B784C1B99FB6187
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/ib3EDOwZul2hZKnAjZ6NKNBbPjs.roa
Signing time:             Fri 13 Mar 2026 15:03:33 +0000
ROA not before:           Fri 13 Mar 2026 15:03:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200074
IP address blocks:        2a03:5840:13f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 08:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e7:b9:69:60:78:86:b7:62:4b:78:4c:1b:99:fb:61:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Mar 13 15:03:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=89bdc40cec19ba5da164a9c08d9e8d28d05b3e3b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:09:11:a2:9f:6a:2c:44:29:f2:6a:49:63:b5:
                    c1:0a:27:b5:e7:29:66:99:1e:cd:e5:a3:d8:6d:1a:
                    25:4b:1a:e6:6e:06:fb:e8:2b:8c:43:d2:f4:e3:02:
                    65:70:34:b9:f5:d7:e9:19:96:6e:b0:0d:d3:24:6f:
                    bc:1c:ce:11:f0:75:7b:11:a9:7f:ab:89:96:25:52:
                    0b:41:f4:e5:ad:77:09:24:c8:51:e7:1a:5a:6d:42:
                    e9:0b:39:b5:b2:33:7a:f7:5f:14:fd:75:e1:de:c7:
                    c3:32:7e:e4:f3:2f:c4:41:7d:35:ec:cf:f6:4e:51:
                    2d:c4:be:61:48:de:f2:2d:6c:40:66:e9:5c:ae:62:
                    7c:ec:54:24:07:a4:ed:52:b8:90:c4:60:57:56:7a:
                    d9:5b:71:ce:68:0f:75:dc:bf:ef:7f:6f:87:8e:3a:
                    10:15:83:95:ef:55:d8:1d:5f:db:45:1d:41:64:c8:
                    f1:aa:e4:80:1a:28:fc:75:65:42:29:4e:61:f0:8f:
                    96:75:60:bd:43:b9:58:ef:a1:65:82:7b:f4:64:1f:
                    01:c3:ce:b7:de:71:eb:dc:8b:82:b7:97:34:82:c5:
                    ca:99:d5:56:b1:81:95:c0:06:22:2a:1b:cd:47:aa:
                    69:1b:d5:6a:23:4b:66:cc:4e:27:24:a9:8f:7b:f5:
                    3e:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:BD:C4:0C:EC:19:BA:5D:A1:64:A9:C0:8D:9E:8D:28:D0:5B:3E:3B
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/ib3EDOwZul2hZKnAjZ6NKNBbPjs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:13f::/48

    Signature Algorithm: sha256WithRSAEncryption
         ad:b8:44:e4:b0:c3:76:1f:98:16:85:7f:0f:47:4b:f0:e5:79:
         bd:4f:d6:20:56:55:54:dd:b8:77:c4:7a:2c:33:f3:00:0f:d0:
         a0:14:50:90:ef:82:91:43:40:5c:b6:35:e2:3c:3f:2f:61:04:
         2f:65:0a:ee:68:8c:52:4d:56:31:55:79:14:d9:1a:07:c4:bd:
         a7:b7:51:78:99:44:4b:31:53:dc:ba:2e:0e:f6:94:6c:8d:32:
         2e:d1:7e:2f:da:8c:31:89:a3:29:08:f9:6a:1a:6a:66:14:fa:
         ec:2d:28:7f:a4:28:b6:91:15:7a:9d:67:37:ed:31:55:da:9c:
         fd:60:6b:57:16:3c:65:c9:4c:cf:69:62:46:07:6f:13:8a:ff:
         9b:25:f9:77:37:5b:fb:ee:34:22:f4:82:01:e5:47:9d:7c:79:
         31:c8:d0:f7:e1:70:f9:ba:5b:5b:03:b7:af:38:ce:49:bc:16:
         9e:17:a1:73:bc:b6:ca:06:bd:fb:ea:0c:6d:89:d6:2b:e7:56:
         2c:29:d1:65:3d:ac:dd:8a:e7:d7:1f:6f:6c:8e:c5:8d:33:ca:
         cd:fc:76:c8:dc:d1:82:f0:db:e5:8c:ad:aa:00:f7:09:a2:b2:
         b3:8e:ac:f7:30:23:62:3a:61:c6:7e:32:bb:1c:67:ef:28:64:
         20:4c:5a:00
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZznuWlgeIa3Ykt4TBuZ+2GHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjYwMzEzMTUwMzMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWJkYzQwY2VjMTliYTVkYTE2NGE5YzA4ZDllOGQyOGQwNWIzZTNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAywkRop9qLEQp8mpJY7XBCie15ylm
mR7N5aPYbRolSxrmbgb76CuMQ9L04wJlcDS59dfpGZZusA3TJG+8HM4R8HV7Eal/
q4mWJVILQfTlrXcJJMhR5xpabULpCzm1sjN6918U/XXh3sfDMn7k8y/EQX017M/2
TlEtxL5hSN7yLWxAZulcrmJ87FQkB6TtUriQxGBXVnrZW3HOaA913L/vf2+HjjoQ
FYOV71XYHV/bRR1BZMjxquSAGij8dWVCKU5h8I+WdWC9Q7lY76Flgnv0ZB8Bw863
3nHr3IuCt5c0gsXKmdVWsYGVwAYiKhvNR6ppG9VqI0tmzE4nJKmPe/U+9wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIm9xAzsGbpdoWSpwI2ejSjQWz47MB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvaWIzRURPd1p1bDJoWktuQWpaNk5LTkJiUGpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAE/
MA0GCSqGSIb3DQEBCwUAA4IBAQCtuETksMN2H5gWhX8PR0vw5Xm9T9YgVlVU3bh3
xHosM/MAD9CgFFCQ74KRQ0BctjXiPD8vYQQvZQruaIxSTVYxVXkU2RoHxL2nt1F4
mURLMVPcui4O9pRsjTIu0X4v2owxiaMpCPlqGmpmFPrsLSh/pCi2kRV6nWc37TFV
2pz9YGtXFjxlyUzPaWJGB28Tiv+bJfl3N1v77jQi9IIB5UedfHkxyND34XD5ultb
A7evOM5JvBaeF6FzvLbKBr376gxtidYr51YsKdFlPazdiufXH29sjsWNM8rN/HbI
3NGC8NvljK2qAPcJorKzjqz3MCNiOmHGfjK7HGfvKGQgTFoA
-----END CERTIFICATE-----