Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/b67173-f418-4414-b646-eff480de292c/1/d3d-8DfBXkXh-CsoFFvbcgSBMGc.roa
File:                     d3d-8DfBXkXh-CsoFFvbcgSBMGc.roa (raw, json)
Hash identifier:          8bWopo4EeW+xYrINja/gBls8HNZwloLWf9YEWg3g1+U=
Subject key identifier:   77:77:7E:F0:37:C1:5E:45:E1:F8:2B:28:14:5B:DB:72:04:81:30:67
Certificate issuer:       /CN=99ae3e44fbd3e41e5519fed8cf1453e613afc58d
Certificate serial:       019CC0C02E39A2AC9AD499932C50354083D8
Authority key identifier: 99:AE:3E:44:FB:D3:E4:1E:55:19:FE:D8:CF:14:53:E6:13:AF:C5:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ma4-RPvT5B5VGf7YzxRT5hOvxY0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/b67173-f418-4414-b646-eff480de292c/1/d3d-8DfBXkXh-CsoFFvbcgSBMGc.roa
Signing time:             Fri 06 Mar 2026 01:25:46 +0000
ROA not before:           Fri 06 Mar 2026 01:25:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204535
IP address blocks:        2001:678:114c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/b67173-f418-4414-b646-eff480de292c/1/ma4-RPvT5B5VGf7YzxRT5hOvxY0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/b67173-f418-4414-b646-eff480de292c/1/ma4-RPvT5B5VGf7YzxRT5hOvxY0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ma4-RPvT5B5VGf7YzxRT5hOvxY0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 22:02:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c0:c0:2e:39:a2:ac:9a:d4:99:93:2c:50:35:40:83:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99ae3e44fbd3e41e5519fed8cf1453e613afc58d
        Validity
            Not Before: Mar  6 01:25:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=77777ef037c15e45e1f82b28145bdb7204813067
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:d1:1e:39:b6:f0:b7:a7:ee:24:06:11:0b:c8:
                    66:e9:7f:ae:96:8f:c1:b0:a9:d0:1c:a1:af:a2:29:
                    4d:2b:12:79:95:af:67:a8:81:04:a7:3c:fb:6e:49:
                    05:b1:90:bb:3c:a7:8f:5b:f7:ce:3f:ee:a4:4c:63:
                    b2:f9:78:17:d3:e4:fc:53:cc:67:52:ab:97:fa:08:
                    c8:d8:e0:43:90:65:f0:68:ad:de:37:b9:7e:0c:4c:
                    94:3f:d0:08:1e:57:c6:e4:07:13:a5:8d:19:23:f6:
                    c5:25:16:fa:7e:29:84:91:45:2d:66:77:b6:a4:68:
                    cb:2c:75:71:84:66:74:08:16:82:9f:80:98:c8:0d:
                    ed:ff:98:0d:6d:fb:61:34:ab:03:5b:7c:ad:ee:48:
                    0d:01:c9:f7:84:1e:41:0e:19:f6:c7:6a:80:da:64:
                    18:c0:73:b8:e8:87:f8:60:34:59:d5:77:d7:ff:35:
                    0d:4f:b8:8f:9e:65:09:26:21:4a:a4:45:16:35:6e:
                    5c:3a:59:bc:a3:06:ba:e6:b6:e2:b4:79:e1:52:bb:
                    df:36:bc:13:c3:4f:e9:f1:ad:bb:6e:a0:1e:ae:31:
                    e6:1c:c3:bf:60:60:0a:fd:8f:89:0e:dc:36:7c:29:
                    ba:34:e0:7a:7f:e4:9b:ff:5e:80:c3:50:9e:40:82:
                    20:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:77:7E:F0:37:C1:5E:45:E1:F8:2B:28:14:5B:DB:72:04:81:30:67
            X509v3 Authority Key Identifier:
                keyid:99:AE:3E:44:FB:D3:E4:1E:55:19:FE:D8:CF:14:53:E6:13:AF:C5:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ma4-RPvT5B5VGf7YzxRT5hOvxY0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/b67173-f418-4414-b646-eff480de292c/1/d3d-8DfBXkXh-CsoFFvbcgSBMGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/b67173-f418-4414-b646-eff480de292c/1/ma4-RPvT5B5VGf7YzxRT5hOvxY0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:114c::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:d4:eb:c1:86:4e:30:c4:96:16:2a:7c:9d:ec:f4:ad:66:dd:
         50:4a:1f:f0:ee:ca:e3:60:88:4c:3b:42:21:92:11:a5:ea:8e:
         2d:d1:0d:c7:54:bc:03:75:30:c6:60:43:b8:5b:38:e2:ec:90:
         24:29:3a:87:35:5d:45:a1:62:bd:a6:9a:62:1c:f1:c8:9c:b2:
         75:12:96:2f:24:b8:95:80:e0:c6:f9:ed:35:d5:a1:38:1d:0d:
         24:11:25:3c:6c:a9:a8:a1:89:35:b2:6b:da:e3:0d:5e:e4:ef:
         f0:02:31:b2:97:e5:ae:47:87:8f:53:bd:42:10:bc:8c:67:2e:
         de:a1:9a:6d:d9:36:a5:f9:af:ff:8e:a8:dc:1a:b7:d4:8b:6a:
         fa:a0:72:7d:5c:2a:ba:32:4f:77:d9:e5:2b:b5:0d:b5:a0:eb:
         ba:21:29:ce:1a:e8:07:5a:75:ff:e3:8f:08:b1:e8:94:ae:6a:
         4c:3a:f3:eb:5d:cb:ac:0c:45:ee:0f:37:e5:f4:2a:bf:1a:c5:
         b5:2f:48:83:5c:19:8c:37:25:21:35:c8:1c:21:89:e4:a4:ab:
         53:d5:4c:23:a3:b9:35:c2:aa:1e:9f:1a:91:85:92:19:27:0d:
         8e:08:20:c5:13:da:0b:8b:3e:f7:b7:3c:2a:d7:30:b0:d3:3b:
         a4:ab:49:93
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZzAwC45oqya1JmTLFA1QIPYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5YWUzZTQ0ZmJkM2U0MWU1NTE5ZmVkOGNmMTQ1M2U2MTNh
ZmM1OGQwHhcNMjYwMzA2MDEyNTQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Nzc3N2VmMDM3YzE1ZTQ1ZTFmODJiMjgxNDViZGI3MjA0ODEzMDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdEeObbwt6fuJAYRC8hm6X+ulo/B
sKnQHKGvoilNKxJ5la9nqIEEpzz7bkkFsZC7PKePW/fOP+6kTGOy+XgX0+T8U8xn
UquX+gjI2OBDkGXwaK3eN7l+DEyUP9AIHlfG5AcTpY0ZI/bFJRb6fimEkUUtZne2
pGjLLHVxhGZ0CBaCn4CYyA3t/5gNbfthNKsDW3yt7kgNAcn3hB5BDhn2x2qA2mQY
wHO46If4YDRZ1XfX/zUNT7iPnmUJJiFKpEUWNW5cOlm8owa65rbitHnhUrvfNrwT
w0/p8a27bqAerjHmHMO/YGAK/Y+JDtw2fCm6NOB6f+Sb/16Aw1CeQIIgeQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHd3fvA3wV5F4fgrKBRb23IEgTBnMB8GA1UdIwQY
MBaAFJmuPkT70+QeVRn+2M8UU+YTr8WNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWE0LVJQdlQ1QjVWR2Y3WXp4UlQ1aE92eFkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC9iNjcxNzMtZjQxOC00NDE0LWI2NDYt
ZWZmNDgwZGUyOTJjLzEvZDNkLThEZkJYa1hoLUNzb0ZGdmJjZ1NCTUdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC9iNjcxNzMtZjQxOC00NDE0LWI2NDYtZWZmNDgwZGUyOTJj
LzEvbWE0LVJQdlQ1QjVWR2Y3WXp4UlQ1aE92eFkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeBFM
MA0GCSqGSIb3DQEBCwUAA4IBAQAt1OvBhk4wxJYWKnyd7PStZt1QSh/w7srjYIhM
O0IhkhGl6o4t0Q3HVLwDdTDGYEO4Wzji7JAkKTqHNV1FoWK9pppiHPHInLJ1EpYv
JLiVgODG+e011aE4HQ0kESU8bKmooYk1smva4w1e5O/wAjGyl+WuR4ePU71CELyM
Zy7eoZpt2Tal+a//jqjcGrfUi2r6oHJ9XCq6Mk932eUrtQ21oOu6ISnOGugHWnX/
448IseiUrmpMOvPrXcusDEXuDzfl9Cq/GsW1L0iDXBmMNyUhNcgcIYnkpKtT1Uwj
o7k1wqoenxqRhZIZJw2OCCDFE9oLiz73tzwq1zCw0zukq0mT
-----END CERTIFICATE-----