Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/60n7OcQD1rVkRE8LPW3kEfdX9gw.roa
File:                     60n7OcQD1rVkRE8LPW3kEfdX9gw.roa (raw, json)
Hash identifier:          N0mQsLvGMMdhDPTL/se4j6fwbJ89Tgbu/0d6LhVYRLs=
Subject key identifier:   EB:49:FB:39:C4:03:D6:B5:64:44:4F:0B:3D:6D:E4:11:F7:57:F6:0C
Certificate issuer:       /CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
Certificate serial:       019CEB6105EC0EE44CDB0E7ACD379F9C0BE9
Authority key identifier: 44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/60n7OcQD1rVkRE8LPW3kEfdX9gw.roa
Signing time:             Sat 14 Mar 2026 08:05:29 +0000
ROA not before:           Sat 14 Mar 2026 08:05:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29226
IP address blocks:        2a09:3b04::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 05:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:eb:61:05:ec:0e:e4:4c:db:0e:7a:cd:37:9f:9c:0b:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4459ec2a5fd53909c5239f4cc8d6d329a2779bb1
        Validity
            Not Before: Mar 14 08:05:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=eb49fb39c403d6b564444f0b3d6de411f757f60c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:37:9b:a8:a4:ca:18:d9:36:58:75:32:9b:65:
                    c3:94:a2:dc:d4:1a:bf:f2:fe:6c:75:3c:d9:d2:c8:
                    94:91:33:81:bc:01:a3:72:cd:20:b1:6a:29:e4:1b:
                    8d:2f:ea:96:f0:f1:27:19:62:b6:9d:06:fe:11:d4:
                    8e:39:9a:f2:dc:6c:88:c1:35:78:5a:93:36:16:70:
                    be:2d:fd:40:ec:10:b3:1f:ad:84:f1:5b:06:c0:4c:
                    1d:5a:3d:4d:fc:e7:55:bd:10:c0:54:23:24:b0:8f:
                    39:f7:e6:b5:68:72:3f:49:19:1e:a6:7a:44:a2:ca:
                    09:ae:87:70:57:95:22:17:e9:aa:35:b4:e4:0d:0b:
                    6b:f3:2a:e4:3f:e0:5a:b6:95:43:b0:a3:52:b7:da:
                    ba:14:07:6c:79:b2:3c:ef:0a:3a:69:90:45:6a:71:
                    7f:d3:92:85:48:d5:52:c5:ae:37:a3:00:2e:a3:77:
                    ab:ef:8e:84:1a:14:c4:3b:61:7d:6d:a6:dd:84:7a:
                    ba:06:53:62:f8:48:2a:50:7f:ff:a6:c8:63:09:9d:
                    a2:22:95:60:63:a6:70:6c:62:08:f7:14:2e:94:1e:
                    cd:43:11:74:a1:9f:69:f9:76:69:97:28:ea:7f:ea:
                    f5:8c:95:10:aa:ce:16:b8:64:6d:76:bb:28:ea:1b:
                    71:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:49:FB:39:C4:03:D6:B5:64:44:4F:0B:3D:6D:E4:11:F7:57:F6:0C
            X509v3 Authority Key Identifier:
                keyid:44:59:EC:2A:5F:D5:39:09:C5:23:9F:4C:C8:D6:D3:29:A2:77:9B:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RFnsKl_VOQnFI59MyNbTKaJ3m7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/60n7OcQD1rVkRE8LPW3kEfdX9gw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/f0ae62-c107-43ce-a8a9-6b4372602096/1/RFnsKl_VOQnFI59MyNbTKaJ3m7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:3b04::/32

    Signature Algorithm: sha256WithRSAEncryption
         51:81:e7:a5:7a:0e:b4:d2:60:7a:2c:e3:a0:ff:ed:42:0e:f5:
         bd:d6:7d:18:1f:c4:ab:9d:eb:27:d7:17:d3:be:43:b9:7f:36:
         74:43:62:43:a1:e1:e6:b2:d7:39:65:bf:c0:29:2f:03:1b:f6:
         02:ed:50:f5:1b:10:55:e9:4f:d2:14:a2:58:ff:11:35:9a:85:
         c6:5b:9a:20:eb:de:59:26:90:54:5e:ad:35:7a:4b:d5:c9:7b:
         b9:24:ce:89:4b:4d:ce:31:8f:aa:1b:67:2d:53:80:e9:d5:91:
         0b:92:f0:6f:19:3d:4c:ba:fb:d9:39:4d:fb:20:ef:39:70:5e:
         76:33:bf:70:de:d5:a9:d0:b0:38:e5:a2:f5:46:21:d0:37:f6:
         1a:7f:0e:25:27:81:a3:9f:7f:8c:fc:b9:7a:24:ca:33:40:d2:
         52:83:ab:75:50:d3:cb:d4:5f:42:64:53:85:1d:1a:fb:4f:81:
         4a:2a:f6:e5:7b:61:be:1b:1d:9c:c5:91:90:c6:aa:b3:95:2e:
         77:0c:d6:6a:5c:9d:99:a0:29:8d:ef:18:68:15:d9:e7:cf:53:
         d1:87:80:7b:66:75:0e:09:70:ef:b6:cf:75:51:2f:8a:c8:64:
         8c:8c:5d:e9:d7:b9:1a:51:5d:0a:a7:12:d7:43:6d:10:b7:40:
         82:c7:93:a3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZzrYQXsDuRM2w56zTefnAvpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0NTllYzJhNWZkNTM5MDljNTIzOWY0Y2M4ZDZkMzI5YTI3
NzliYjEwHhcNMjYwMzE0MDgwNTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjQ5ZmIzOWM0MDNkNmI1NjQ0NDRmMGIzZDZkZTQxMWY3NTdmNjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1DebqKTKGNk2WHUym2XDlKLc1Bq/
8v5sdTzZ0siUkTOBvAGjcs0gsWop5BuNL+qW8PEnGWK2nQb+EdSOOZry3GyIwTV4
WpM2FnC+Lf1A7BCzH62E8VsGwEwdWj1N/OdVvRDAVCMksI859+a1aHI/SRkepnpE
osoJrodwV5UiF+mqNbTkDQtr8yrkP+BatpVDsKNSt9q6FAdsebI87wo6aZBFanF/
05KFSNVSxa43owAuo3er746EGhTEO2F9babdhHq6BlNi+EgqUH//pshjCZ2iIpVg
Y6ZwbGII9xQulB7NQxF0oZ9p+XZplyjqf+r1jJUQqs4WuGRtdrso6htxowIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOtJ+znEA9a1ZERPCz1t5BH3V/YMMB8GA1UdIwQY
MBaAFERZ7Cpf1TkJxSOfTMjW0ymid5uxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTkt
NmI0MzcyNjAyMDk2LzEvNjBuN09jUUQxclZrUkU4TFBXM2tFZmRYOWd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mMGFlNjItYzEwNy00M2NlLWE4YTktNmI0MzcyNjAyMDk2
LzEvUkZuc0tsX1ZPUW5GSTU5TXlOYlRLYUozbTdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgk7BDAN
BgkqhkiG9w0BAQsFAAOCAQEAUYHnpXoOtNJgeizjoP/tQg71vdZ9GB/Eq53rJ9cX
075DuX82dENiQ6Hh5rLXOWW/wCkvAxv2Au1Q9RsQVelP0hSiWP8RNZqFxluaIOve
WSaQVF6tNXpL1cl7uSTOiUtNzjGPqhtnLVOA6dWRC5Lwbxk9TLr72TlN+yDvOXBe
djO/cN7VqdCwOOWi9UYh0Df2Gn8OJSeBo59/jPy5eiTKM0DSUoOrdVDTy9RfQmRT
hR0a+0+BSir25XthvhsdnMWRkMaqs5UudwzWalydmaApje8YaBXZ589T0YeAe2Z1
Dglw77bPdVEvishkjIxd6de5GlFdCqcS10NtELdAgseTow==
-----END CERTIFICATE-----