Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/6bafe9-878b-46fd-a305-7ba25d5595fa/1/nUE0Oddv4YkeQI7iXvreM5ZLtJg.roa
File:                     nUE0Oddv4YkeQI7iXvreM5ZLtJg.roa (raw, json)
Hash identifier:          e35k/hWFhNoP6OXE0gOQ2vpFvd0hf+wf6J6udXQDs0w=
Subject key identifier:   9D:41:34:39:D7:6F:E1:89:1E:40:8E:E2:5E:FA:DE:33:96:4B:B4:98
Certificate issuer:       /CN=9f3ec21e10f3646e4dc0e23f5f7ec44501560de3
Certificate serial:       019DBBC77F436B7A6C0AFB59761D6EFF140E
Authority key identifier: 9F:3E:C2:1E:10:F3:64:6E:4D:C0:E2:3F:5F:7E:C4:45:01:56:0D:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nz7CHhDzZG5NwOI_X37ERQFWDeM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/6bafe9-878b-46fd-a305-7ba25d5595fa/1/nUE0Oddv4YkeQI7iXvreM5ZLtJg.roa
Signing time:             Thu 23 Apr 2026 19:18:26 +0000
ROA not before:           Thu 23 Apr 2026 19:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40662
IP address blocks:        2a01:efc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/6bafe9-878b-46fd-a305-7ba25d5595fa/1/nz7CHhDzZG5NwOI_X37ERQFWDeM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/6bafe9-878b-46fd-a305-7ba25d5595fa/1/nz7CHhDzZG5NwOI_X37ERQFWDeM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nz7CHhDzZG5NwOI_X37ERQFWDeM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 22:01:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:bb:c7:7f:43:6b:7a:6c:0a:fb:59:76:1d:6e:ff:14:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f3ec21e10f3646e4dc0e23f5f7ec44501560de3
        Validity
            Not Before: Apr 23 19:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9d413439d76fe1891e408ee25efade33964bb498
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:a0:7f:3e:2c:04:e2:84:54:99:03:09:ff:6b:
                    30:ac:3f:c2:15:3e:69:31:e1:6c:63:05:c9:40:22:
                    a8:4b:53:50:53:df:43:08:a1:f5:94:76:cc:4f:23:
                    4a:56:c4:e2:03:ec:49:36:44:1f:93:ef:67:8b:99:
                    d1:84:f8:69:d6:56:5f:4d:46:7a:5c:de:ba:40:8b:
                    a3:d4:86:5f:b0:5c:8f:89:df:4d:14:51:4d:bb:78:
                    1b:84:9e:37:a4:1c:42:ff:06:47:8f:69:49:6c:a8:
                    93:33:6d:79:1e:0f:27:d8:99:f9:04:bd:af:53:c0:
                    a0:c1:dc:f0:f9:01:f2:3e:3a:0b:8f:1b:5c:41:ec:
                    1e:26:0a:c8:de:c6:d7:3a:b2:cf:01:a8:d7:df:54:
                    b6:ea:61:ce:1b:9b:ab:5b:bc:d0:bb:9e:f9:5f:35:
                    ff:54:d3:01:fc:51:76:eb:4f:85:e6:f1:dd:e8:b6:
                    49:a2:99:dc:2f:bd:9c:03:63:ee:a1:e8:2b:6b:48:
                    b3:bc:1f:60:a5:c6:df:4d:7c:88:f8:3b:c8:91:04:
                    09:ce:e7:41:da:b1:7a:d2:e9:c3:3a:a6:f5:17:f1:
                    79:a4:60:dd:db:5e:90:ed:00:64:71:d8:f0:9e:f1:
                    30:68:44:7e:3d:3b:4f:47:d3:4b:d0:4b:02:3e:4d:
                    77:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:41:34:39:D7:6F:E1:89:1E:40:8E:E2:5E:FA:DE:33:96:4B:B4:98
            X509v3 Authority Key Identifier:
                keyid:9F:3E:C2:1E:10:F3:64:6E:4D:C0:E2:3F:5F:7E:C4:45:01:56:0D:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nz7CHhDzZG5NwOI_X37ERQFWDeM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/6bafe9-878b-46fd-a305-7ba25d5595fa/1/nUE0Oddv4YkeQI7iXvreM5ZLtJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/6bafe9-878b-46fd-a305-7ba25d5595fa/1/nz7CHhDzZG5NwOI_X37ERQFWDeM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:efc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         2a:7e:0d:2a:e6:5f:6d:7e:cb:3e:3b:23:34:e5:77:4c:9b:2e:
         3d:c8:ed:b8:65:a0:17:79:26:23:1c:8e:c0:c4:e6:df:97:96:
         b0:4b:73:45:8b:74:8c:2a:f6:d9:e0:31:d1:95:1e:56:34:b2:
         e1:76:a8:90:22:6d:15:64:5a:3d:a0:0d:8f:d2:7a:05:17:19:
         5a:6a:3e:25:70:67:bf:ff:a1:07:da:4c:f2:10:42:36:44:30:
         00:57:f2:a6:97:9e:6a:01:65:9c:e8:d6:65:e8:fa:9a:09:9b:
         1f:52:78:a8:be:41:b6:92:e5:6d:ff:3f:c4:39:55:3b:61:57:
         20:99:84:23:63:0e:ba:dd:d5:29:45:8d:a4:3c:88:23:f4:d7:
         62:f6:e7:80:5f:66:7e:39:bf:b6:f9:fe:11:7b:4e:80:a8:f0:
         10:18:36:3f:15:1d:c2:79:d9:eb:c1:7f:63:cd:07:b0:40:12:
         45:f4:22:af:3d:a6:d9:06:a9:44:e9:8c:6f:54:7c:c4:28:28:
         27:45:9b:9f:44:1b:2e:2a:70:20:ba:95:7a:70:7f:2f:2f:2f:
         03:de:11:d8:7c:4c:47:27:26:d0:5f:0b:f8:1f:91:ff:88:dc:
         2c:0e:ac:96:3b:8c:d3:8d:a5:0e:91:36:05:1d:a4:3b:7b:a6:
         69:d6:ce:80
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ27x39Da3psCvtZdh1u/xQOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmM2VjMjFlMTBmMzY0NmU0ZGMwZTIzZjVmN2VjNDQ1MDE1
NjBkZTMwHhcNMjYwNDIzMTkxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDQxMzQzOWQ3NmZlMTg5MWU0MDhlZTI1ZWZhZGUzMzk2NGJiNDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw6B/PiwE4oRUmQMJ/2swrD/CFT5p
MeFsYwXJQCKoS1NQU99DCKH1lHbMTyNKVsTiA+xJNkQfk+9ni5nRhPhp1lZfTUZ6
XN66QIuj1IZfsFyPid9NFFFNu3gbhJ43pBxC/wZHj2lJbKiTM215Hg8n2Jn5BL2v
U8Cgwdzw+QHyPjoLjxtcQeweJgrI3sbXOrLPAajX31S26mHOG5urW7zQu575XzX/
VNMB/FF260+F5vHd6LZJopncL72cA2Puoegra0izvB9gpcbfTXyI+DvIkQQJzudB
2rF60unDOqb1F/F5pGDd216Q7QBkcdjwnvEwaER+PTtPR9NL0EsCPk131wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJ1BNDnXb+GJHkCO4l763jOWS7SYMB8GA1UdIwQY
MBaAFJ8+wh4Q82RuTcDiP19+xEUBVg3jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbno3Q0hoRHpaRzVOd09JX1gzN0VSUUZXRGVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS82YmFmZTktODc4Yi00NmZkLWEzMDUt
N2JhMjVkNTU5NWZhLzEvblVFME9kZHY0WWtlUUk3aVh2cmVNNVpMdEpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS82YmFmZTktODc4Yi00NmZkLWEzMDUtN2JhMjVkNTU5NWZh
LzEvbno3Q0hoRHpaRzVOd09JX1gzN0VSUUZXRGVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgHvwDAN
BgkqhkiG9w0BAQsFAAOCAQEAKn4NKuZfbX7LPjsjNOV3TJsuPcjtuGWgF3kmIxyO
wMTm35eWsEtzRYt0jCr22eAx0ZUeVjSy4XaokCJtFWRaPaANj9J6BRcZWmo+JXBn
v/+hB9pM8hBCNkQwAFfyppeeagFlnOjWZej6mgmbH1J4qL5BtpLlbf8/xDlVO2FX
IJmEI2MOut3VKUWNpDyII/TXYvbngF9mfjm/tvn+EXtOgKjwEBg2PxUdwnnZ68F/
Y80HsEASRfQirz2m2QapROmMb1R8xCgoJ0Wbn0QbLipwILqVenB/Ly8vA94R2HxM
Rycm0F8L+B+R/4jcLA6sljuM042lDpE2BR2kO3umadbOgA==
-----END CERTIFICATE-----