Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/6d157e-267f-43a4-ae0a-5a2e9d6695fc/1/NmfGAB9g6IwfbTf5IGeRlUzzLK8.roa
File:                     NmfGAB9g6IwfbTf5IGeRlUzzLK8.roa (raw, json)
Hash identifier:          nTmZ/2NC+LsTf/mvJ/ayjnPfWSnwWzWFoHlvAvwIR94=
Subject key identifier:   36:67:C6:00:1F:60:E8:8C:1F:6D:37:F9:20:67:91:95:4C:F3:2C:AF
Certificate issuer:       /CN=66d3f1f63c1009c42a68919863a9b8ba85786730
Certificate serial:       019DFE93F538D1E024CE875360878B36A1C8
Authority key identifier: 66:D3:F1:F6:3C:10:09:C4:2A:68:91:98:63:A9:B8:BA:85:78:67:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZtPx9jwQCcQqaJGYY6m4uoV4ZzA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/6d157e-267f-43a4-ae0a-5a2e9d6695fc/1/NmfGAB9g6IwfbTf5IGeRlUzzLK8.roa
Signing time:             Wed 06 May 2026 18:36:42 +0000
ROA not before:           Wed 06 May 2026 18:36:42 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        2a03:e680::/29 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/6d157e-267f-43a4-ae0a-5a2e9d6695fc/1/ZtPx9jwQCcQqaJGYY6m4uoV4ZzA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/6d157e-267f-43a4-ae0a-5a2e9d6695fc/1/ZtPx9jwQCcQqaJGYY6m4uoV4ZzA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZtPx9jwQCcQqaJGYY6m4uoV4ZzA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fe:93:f5:38:d1:e0:24:ce:87:53:60:87:8b:36:a1:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66d3f1f63c1009c42a68919863a9b8ba85786730
        Validity
            Not Before: May  6 18:36:42 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3667c6001f60e88c1f6d37f9206791954cf32caf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:71:46:4f:05:d3:2b:57:3a:4b:e2:e0:a5:89:
                    3b:d5:96:14:18:46:29:ad:5a:f4:9f:4d:9b:70:76:
                    b6:1d:9e:fc:b9:1c:4f:c9:e6:ca:d7:9e:4a:e9:9f:
                    51:2b:9f:51:d0:c1:5c:89:4f:ef:e6:d4:41:41:66:
                    04:93:34:0d:a2:a0:c1:07:47:36:95:80:a7:ce:ba:
                    f6:f6:ed:6e:86:20:20:14:c5:81:88:90:ef:79:d3:
                    5e:17:1e:6f:8e:02:6a:19:83:50:89:ff:b8:3c:f9:
                    e3:8e:10:64:c1:4c:c5:47:7e:28:10:c3:f5:5c:b2:
                    b0:98:d2:a1:f0:24:ee:85:32:cb:72:80:32:bd:e1:
                    ec:89:9a:30:1a:c0:28:9b:c4:f7:4d:19:c2:60:ba:
                    b6:5b:6e:5b:38:c9:ce:36:d8:5e:7c:03:e9:15:89:
                    73:cd:99:94:ef:f7:25:b5:94:3c:12:1f:35:ce:67:
                    fa:3d:be:60:a8:2b:85:3b:1d:9b:e4:79:33:ee:60:
                    70:c9:86:e5:d4:49:3c:c1:03:97:1e:15:6b:4a:f3:
                    2d:a4:e8:97:f6:fb:7f:12:55:64:c6:e4:28:0f:4c:
                    b7:bb:64:4e:7c:71:c4:11:f2:a6:25:15:fb:5c:75:
                    4b:fa:fe:12:fa:2e:79:ba:a7:8c:b7:8b:70:f6:33:
                    9b:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:67:C6:00:1F:60:E8:8C:1F:6D:37:F9:20:67:91:95:4C:F3:2C:AF
            X509v3 Authority Key Identifier:
                keyid:66:D3:F1:F6:3C:10:09:C4:2A:68:91:98:63:A9:B8:BA:85:78:67:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZtPx9jwQCcQqaJGYY6m4uoV4ZzA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/6d157e-267f-43a4-ae0a-5a2e9d6695fc/1/NmfGAB9g6IwfbTf5IGeRlUzzLK8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/6d157e-267f-43a4-ae0a-5a2e9d6695fc/1/ZtPx9jwQCcQqaJGYY6m4uoV4ZzA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:e680::/29

    Signature Algorithm: sha256WithRSAEncryption
         29:fe:15:57:2b:a8:4e:23:17:48:db:6a:e4:0c:6d:ae:f6:9b:
         25:5c:cc:dc:62:95:d5:82:53:3a:12:12:f3:88:ab:d7:28:a8:
         6e:5b:65:be:ee:2a:9a:b6:98:c3:26:c9:97:d6:1f:55:c6:b9:
         b1:ea:c5:eb:db:5f:67:9e:8d:63:a5:39:03:d6:12:69:1d:05:
         d3:23:e5:ac:20:c2:22:62:5f:13:6e:61:fc:d3:b2:a5:90:f5:
         6a:9d:0c:6d:74:5c:f3:b4:52:13:0d:f1:c5:ce:e0:6a:0d:fd:
         dd:6a:fe:5e:f2:a4:61:2e:9c:0a:65:76:8c:3c:a1:73:f4:0f:
         99:18:da:db:f8:26:57:93:f3:5a:fc:ab:11:9f:b6:73:e7:21:
         e1:6d:0d:9d:d2:7c:2a:47:b0:6f:d7:85:8a:f0:9d:ab:17:b4:
         90:22:24:a7:92:7f:4f:0c:d7:0b:9d:62:f9:da:2f:f2:ac:90:
         7e:12:b1:08:07:4e:90:57:91:bd:bd:9c:cc:f8:13:a3:2a:53:
         f0:39:f6:04:78:48:67:b2:99:62:e0:1e:f1:a5:ef:01:18:42:
         70:70:f4:37:0f:26:34:db:ae:e4:c7:c6:0e:f0:2c:4b:f3:e3:
         87:6d:67:8b:4e:0f:4a:4b:99:f8:ab:b6:4d:5e:e2:e3:9b:7f:
         48:46:08:b8
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ3+k/U40eAkzodTYIeLNqHIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZDNmMWY2M2MxMDA5YzQyYTY4OTE5ODYzYTliOGJhODU3
ODY3MzAwHhcNMjYwNTA2MTgzNjQyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjY3YzYwMDFmNjBlODhjMWY2ZDM3ZjkyMDY3OTE5NTRjZjMyY2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3FGTwXTK1c6S+LgpYk71ZYUGEYp
rVr0n02bcHa2HZ78uRxPyebK155K6Z9RK59R0MFciU/v5tRBQWYEkzQNoqDBB0c2
lYCnzrr29u1uhiAgFMWBiJDvedNeFx5vjgJqGYNQif+4PPnjjhBkwUzFR34oEMP1
XLKwmNKh8CTuhTLLcoAyveHsiZowGsAom8T3TRnCYLq2W25bOMnONthefAPpFYlz
zZmU7/cltZQ8Eh81zmf6Pb5gqCuFOx2b5Hkz7mBwyYbl1Ek8wQOXHhVrSvMtpOiX
9vt/ElVkxuQoD0y3u2ROfHHEEfKmJRX7XHVL+v4S+i55uqeMt4tw9jObmQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDZnxgAfYOiMH203+SBnkZVM8yyvMB8GA1UdIwQY
MBaAFGbT8fY8EAnEKmiRmGOpuLqFeGcwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnRQeDlqd1FDY1FxYUpHWVk2bTR1b1Y0WnpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS82ZDE1N2UtMjY3Zi00M2E0LWFlMGEt
NWEyZTlkNjY5NWZjLzEvTm1mR0FCOWc2SXdmYlRmNUlHZVJsVXp6TEs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS82ZDE1N2UtMjY3Zi00M2E0LWFlMGEtNWEyZTlkNjY5NWZj
LzEvWnRQeDlqd1FDY1FxYUpHWVk2bTR1b1Y0WnpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgPmgDAN
BgkqhkiG9w0BAQsFAAOCAQEAKf4VVyuoTiMXSNtq5AxtrvabJVzM3GKV1YJTOhIS
84ir1yiobltlvu4qmraYwybJl9YfVca5serF69tfZ56NY6U5A9YSaR0F0yPlrCDC
ImJfE25h/NOypZD1ap0MbXRc87RSEw3xxc7gag393Wr+XvKkYS6cCmV2jDyhc/QP
mRja2/gmV5PzWvyrEZ+2c+ch4W0NndJ8Kkewb9eFivCdqxe0kCIkp5J/TwzXC51i
+dov8qyQfhKxCAdOkFeRvb2czPgToypT8Dn2BHhIZ7KZYuAe8aXvARhCcHD0Nw8m
NNuu5MfGDvAsS/Pjh21ni04PSkuZ+Ku2TV7i45t/SEYIuA==
-----END CERTIFICATE-----