Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/df2e60-5b0f-4960-b9cd-55a3547abbd6/1/azUbLhud6FB2bh2XAm_dpaxr0YI.roa
File:                     azUbLhud6FB2bh2XAm_dpaxr0YI.roa (raw, json)
Hash identifier:          aywHfLorqu+EfWUXaUMykj9Eo6Bcs30AyfzDLZ1+ymg=
Subject key identifier:   6B:35:1B:2E:1B:9D:E8:50:76:6E:1D:97:02:6F:DD:A5:AC:6B:D1:82
Certificate issuer:       /CN=9e795dd011953414715cc6875dfd39c61e5181c8
Certificate serial:       019D61C83E7749BBDC1EF22C2EF3A7E365B7
Authority key identifier: 9E:79:5D:D0:11:95:34:14:71:5C:C6:87:5D:FD:39:C6:1E:51:81:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nnld0BGVNBRxXMaHXf05xh5Rgcg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/df2e60-5b0f-4960-b9cd-55a3547abbd6/1/azUbLhud6FB2bh2XAm_dpaxr0YI.roa
Signing time:             Mon 06 Apr 2026 07:53:26 +0000
ROA not before:           Mon 06 Apr 2026 07:53:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3320
IP address blocks:        2a09:6f80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/df2e60-5b0f-4960-b9cd-55a3547abbd6/1/nnld0BGVNBRxXMaHXf05xh5Rgcg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/df2e60-5b0f-4960-b9cd-55a3547abbd6/1/nnld0BGVNBRxXMaHXf05xh5Rgcg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nnld0BGVNBRxXMaHXf05xh5Rgcg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 01:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:61:c8:3e:77:49:bb:dc:1e:f2:2c:2e:f3:a7:e3:65:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e795dd011953414715cc6875dfd39c61e5181c8
        Validity
            Not Before: Apr  6 07:53:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6b351b2e1b9de850766e1d97026fdda5ac6bd182
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:09:4e:9d:72:ce:bd:b1:25:6d:a7:26:42:a0:
                    d3:f8:c9:b5:95:1f:63:8e:62:5e:43:56:4f:71:9a:
                    3a:56:8e:d3:1b:c9:56:99:f6:9b:2a:37:73:fc:8a:
                    af:77:b6:73:2e:8e:91:71:9d:87:fd:f2:0c:6a:22:
                    56:03:5f:59:ef:a5:94:2c:a4:60:75:e2:8e:ec:fb:
                    9d:1b:be:2b:ee:40:e7:27:aa:26:9a:92:e9:98:89:
                    50:bb:95:48:a9:33:62:d8:17:56:44:26:8c:a3:b7:
                    ef:74:47:26:ad:61:b5:f9:db:8a:03:83:85:3a:31:
                    8c:a5:d2:36:97:e0:cc:e5:71:04:e2:2c:7e:ba:15:
                    f4:f1:22:f2:f8:7c:f1:d3:b3:ba:2f:d6:72:37:75:
                    59:8c:e5:f3:74:77:c7:48:f3:bd:5b:6a:02:43:1c:
                    a4:61:40:14:b4:58:3b:6b:11:5c:9b:10:68:a6:96:
                    0c:03:85:a3:c1:69:1d:8b:e0:72:95:3e:fd:28:07:
                    20:1f:5a:8d:05:1c:d7:1d:b8:24:c3:5b:3a:a7:60:
                    c0:0e:ed:22:50:36:15:71:c9:d2:51:1f:a3:e6:5f:
                    42:2f:d0:ec:56:e7:31:34:94:fa:62:c9:8e:88:8c:
                    ba:18:b2:96:02:ca:20:36:2c:1d:ab:1f:2b:0c:10:
                    c4:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:35:1B:2E:1B:9D:E8:50:76:6E:1D:97:02:6F:DD:A5:AC:6B:D1:82
            X509v3 Authority Key Identifier:
                keyid:9E:79:5D:D0:11:95:34:14:71:5C:C6:87:5D:FD:39:C6:1E:51:81:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nnld0BGVNBRxXMaHXf05xh5Rgcg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/df2e60-5b0f-4960-b9cd-55a3547abbd6/1/azUbLhud6FB2bh2XAm_dpaxr0YI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/df2e60-5b0f-4960-b9cd-55a3547abbd6/1/nnld0BGVNBRxXMaHXf05xh5Rgcg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:6f80::/29

    Signature Algorithm: sha256WithRSAEncryption
         80:78:15:22:09:85:76:99:c2:99:15:83:21:c9:ff:84:cc:3d:
         81:07:65:5e:7d:fa:9d:60:7d:27:57:d0:9f:ef:bf:96:61:90:
         78:ed:e5:c2:72:70:00:e3:40:be:ea:64:53:02:f5:b3:0e:b7:
         d3:ac:38:e0:b4:22:ac:4b:f7:5c:13:7e:52:5c:2b:f4:8c:b6:
         b3:27:bf:0e:f4:ee:b4:52:dc:11:87:f5:1a:59:f9:f6:fd:2f:
         71:aa:4a:49:a0:98:91:25:8e:8e:7d:c2:d3:aa:1d:b2:69:42:
         f5:61:9b:bf:39:c0:42:f2:3f:2f:3d:b8:64:70:13:7a:4b:08:
         3d:6b:d5:90:4a:55:8c:08:c9:a1:24:4f:5e:b2:b0:be:bf:8d:
         b5:1c:d0:7c:d1:07:5e:af:fd:4b:78:6b:e2:b3:1a:4a:56:48:
         bd:7e:30:5a:35:84:08:06:70:8e:43:09:f8:f8:f7:1b:1d:9f:
         cb:70:ea:87:e6:64:d1:51:68:f5:f7:be:b7:74:ad:af:06:41:
         65:0d:84:32:25:45:28:a0:72:29:9b:0d:44:ae:ba:5d:61:a0:
         a1:8b:09:fa:9a:c7:20:a8:1e:f9:7b:f8:12:5f:e2:f3:66:b0:
         3c:dc:62:73:03:b1:d9:e0:71:87:3b:9e:72:cc:07:6e:34:25:
         79:76:4e:dc
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ1hyD53SbvcHvIsLvOn42W3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNzk1ZGQwMTE5NTM0MTQ3MTVjYzY4NzVkZmQzOWM2MWU1
MTgxYzgwHhcNMjYwNDA2MDc1MzI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YjM1MWIyZTFiOWRlODUwNzY2ZTFkOTcwMjZmZGRhNWFjNmJkMTgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQlOnXLOvbElbacmQqDT+Mm1lR9j
jmJeQ1ZPcZo6Vo7TG8lWmfabKjdz/Iqvd7ZzLo6RcZ2H/fIMaiJWA19Z76WULKRg
deKO7PudG74r7kDnJ6ommpLpmIlQu5VIqTNi2BdWRCaMo7fvdEcmrWG1+duKA4OF
OjGMpdI2l+DM5XEE4ix+uhX08SLy+Hzx07O6L9ZyN3VZjOXzdHfHSPO9W2oCQxyk
YUAUtFg7axFcmxBoppYMA4WjwWkdi+BylT79KAcgH1qNBRzXHbgkw1s6p2DADu0i
UDYVccnSUR+j5l9CL9DsVucxNJT6YsmOiIy6GLKWAsogNiwdqx8rDBDECQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGs1Gy4bnehQdm4dlwJv3aWsa9GCMB8GA1UdIwQY
MBaAFJ55XdARlTQUcVzGh139OcYeUYHIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbm5sZDBCR1ZOQlJ4WE1hSFhmMDV4aDVSZ2NnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9kZjJlNjAtNWIwZi00OTYwLWI5Y2Qt
NTVhMzU0N2FiYmQ2LzEvYXpVYkxodWQ2RkIyYmgyWEFtX2RwYXhyMFlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9kZjJlNjAtNWIwZi00OTYwLWI5Y2QtNTVhMzU0N2FiYmQ2
LzEvbm5sZDBCR1ZOQlJ4WE1hSFhmMDV4aDVSZ2NnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKglvgDAN
BgkqhkiG9w0BAQsFAAOCAQEAgHgVIgmFdpnCmRWDIcn/hMw9gQdlXn36nWB9J1fQ
n++/lmGQeO3lwnJwAONAvupkUwL1sw6306w44LQirEv3XBN+Ulwr9Iy2sye/DvTu
tFLcEYf1Gln59v0vcapKSaCYkSWOjn3C06odsmlC9WGbvznAQvI/Lz24ZHATeksI
PWvVkEpVjAjJoSRPXrKwvr+NtRzQfNEHXq/9S3hr4rMaSlZIvX4wWjWECAZwjkMJ
+Pj3Gx2fy3Dqh+Zk0VFo9fe+t3StrwZBZQ2EMiVFKKByKZsNRK66XWGgoYsJ+prH
IKge+Xv4El/i82awPNxicwOx2eBxhzuecswHbjQleXZO3A==
-----END CERTIFICATE-----