Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/045f70-9ea5-42a3-8786-ee8cfdd2ed94/1/MkNbmL-bwgTzJpQVm2n28YMq0OM.roa
File:                     MkNbmL-bwgTzJpQVm2n28YMq0OM.roa (raw, json)
Hash identifier:          II6Fqtr94SyEUF5jlxZEH8VdvchWb9qZeEAdekDWgKo=
Subject key identifier:   32:43:5B:98:BF:9B:C2:04:F3:26:94:15:9B:69:F6:F1:83:2A:D0:E3
Certificate issuer:       /CN=367160181739568e578e1b5f57976a60398062e6
Certificate serial:       019E9400F0578BA67370C5F1C3DFC5AC7273
Authority key identifier: 36:71:60:18:17:39:56:8E:57:8E:1B:5F:57:97:6A:60:39:80:62:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NnFgGBc5Vo5XjhtfV5dqYDmAYuY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/045f70-9ea5-42a3-8786-ee8cfdd2ed94/1/MkNbmL-bwgTzJpQVm2n28YMq0OM.roa
Signing time:             Thu 04 Jun 2026 18:59:10 +0000
ROA not before:           Thu 04 Jun 2026 18:59:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198590
IP address blocks:        2a09:3f00:1001::/48 maxlen: 48
                          2a09:3f00:5000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/045f70-9ea5-42a3-8786-ee8cfdd2ed94/1/NnFgGBc5Vo5XjhtfV5dqYDmAYuY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/045f70-9ea5-42a3-8786-ee8cfdd2ed94/1/NnFgGBc5Vo5XjhtfV5dqYDmAYuY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NnFgGBc5Vo5XjhtfV5dqYDmAYuY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:94:00:f0:57:8b:a6:73:70:c5:f1:c3:df:c5:ac:72:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=367160181739568e578e1b5f57976a60398062e6
        Validity
            Not Before: Jun  4 18:59:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=32435b98bf9bc204f32694159b69f6f1832ad0e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:f1:3b:6e:f0:2d:c6:f9:67:dc:ef:01:de:5e:
                    e0:5c:30:1f:af:b5:ab:ad:64:a9:81:27:63:13:b3:
                    5d:3e:3f:a9:f4:ce:98:4f:74:c9:9e:27:21:3c:b7:
                    ea:ca:3e:85:76:a9:2d:91:26:44:28:5d:03:9f:29:
                    cf:63:b0:4b:f8:de:b5:01:be:82:00:99:2a:2d:52:
                    8d:10:21:6d:a6:81:3b:83:21:a1:8a:f8:ae:50:77:
                    2a:99:c0:34:e0:ee:67:eb:6f:a0:b8:c2:12:46:06:
                    5e:7a:62:94:71:ca:3c:df:cd:9e:f7:0b:9c:eb:ef:
                    a5:c4:8b:8d:32:6f:60:d0:13:24:49:87:c2:21:a7:
                    ee:d9:71:a0:98:4f:a9:ab:c8:68:95:8b:4e:cf:0d:
                    12:e4:ab:44:51:fb:e2:49:c2:9c:23:f7:6e:41:68:
                    f6:da:0d:1d:37:cf:e4:e0:c4:a7:5f:90:fd:d0:4c:
                    a7:b8:a1:8d:73:6a:f4:ce:a7:b6:b5:a6:53:3b:bd:
                    80:c3:43:31:04:6c:b8:f3:97:3a:f1:61:e2:84:95:
                    12:01:6f:8e:5b:38:52:6d:20:b1:48:e8:44:f9:b0:
                    98:18:cc:cd:cd:e0:22:1f:27:ae:5d:6c:a8:02:2b:
                    82:d9:d9:40:1a:6b:b3:bc:be:37:97:46:8d:8d:1b:
                    1a:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:43:5B:98:BF:9B:C2:04:F3:26:94:15:9B:69:F6:F1:83:2A:D0:E3
            X509v3 Authority Key Identifier:
                keyid:36:71:60:18:17:39:56:8E:57:8E:1B:5F:57:97:6A:60:39:80:62:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NnFgGBc5Vo5XjhtfV5dqYDmAYuY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/045f70-9ea5-42a3-8786-ee8cfdd2ed94/1/MkNbmL-bwgTzJpQVm2n28YMq0OM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/045f70-9ea5-42a3-8786-ee8cfdd2ed94/1/NnFgGBc5Vo5XjhtfV5dqYDmAYuY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:3f00:1001::/48
                  2a09:3f00:5000::/36

    Signature Algorithm: sha256WithRSAEncryption
         ba:bf:d1:41:c4:c7:20:fe:fa:b5:0c:62:1f:fe:9a:80:84:11:
         fd:f5:86:cb:03:f3:bf:bd:63:fa:a5:49:8b:10:7f:bc:70:4a:
         ec:b6:9b:a9:a9:c1:41:58:ec:4b:92:a9:84:57:3b:36:7a:e7:
         47:a6:a3:7c:e8:f0:32:4a:0e:a1:3d:a3:d8:ee:da:ea:3a:28:
         16:9c:8c:49:66:80:bf:77:bc:a0:d3:f9:7b:05:9b:0e:bf:e4:
         45:1a:6f:38:5c:89:43:47:a9:32:94:6e:ce:00:a0:ba:13:63:
         66:af:83:99:e1:03:9c:3d:99:f1:08:18:d7:f6:48:d4:be:76:
         6f:f6:ba:00:79:2f:e1:2d:4f:2e:df:1a:26:98:a0:a4:a1:97:
         cb:dd:a8:51:55:3f:2a:e4:e2:b8:ae:a3:9d:cf:6d:e3:7c:54:
         03:ed:46:d2:4b:ab:0f:31:a1:79:fb:b6:da:20:d4:77:98:a9:
         56:b0:28:85:55:fa:9d:78:39:c6:e1:d7:b3:93:b5:eb:fe:39:
         18:c0:9d:de:76:a5:be:e4:5a:ba:6c:c4:ab:5f:c2:e1:38:79:
         cf:51:be:12:4e:e1:ef:c4:64:21:d5:11:a0:77:f9:4c:c0:78:
         1a:ae:23:71:04:2b:2a:cb:cf:fd:45:cb:57:99:d7:89:24:a8:
         a8:b6:9c:aa
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZ6UAPBXi6ZzcMXxw9/FrHJzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2NzE2MDE4MTczOTU2OGU1NzhlMWI1ZjU3OTc2YTYwMzk4
MDYyZTYwHhcNMjYwNjA0MTg1OTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjQzNWI5OGJmOWJjMjA0ZjMyNjk0MTU5YjY5ZjZmMTgzMmFkMGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm/E7bvAtxvln3O8B3l7gXDAfr7Wr
rWSpgSdjE7NdPj+p9M6YT3TJnichPLfqyj6FdqktkSZEKF0DnynPY7BL+N61Ab6C
AJkqLVKNECFtpoE7gyGhiviuUHcqmcA04O5n62+guMISRgZeemKUcco8382e9wuc
6++lxIuNMm9g0BMkSYfCIafu2XGgmE+pq8holYtOzw0S5KtEUfviScKcI/duQWj2
2g0dN8/k4MSnX5D90EynuKGNc2r0zqe2taZTO72Aw0MxBGy485c68WHihJUSAW+O
WzhSbSCxSOhE+bCYGMzNzeAiHyeuXWyoAiuC2dlAGmuzvL43l0aNjRsamQIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFDJDW5i/m8IE8yaUFZtp9vGDKtDjMB8GA1UdIwQY
MBaAFDZxYBgXOVaOV44bX1eXamA5gGLmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm5GZ0dCYzVWbzVYamh0ZlY1ZHFZRG1BWXVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS8wNDVmNzAtOWVhNS00MmEzLTg3ODYt
ZWU4Y2ZkZDJlZDk0LzEvTWtOYm1MLWJ3Z1R6SnBRVm0ybjI4WU1xME9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS8wNDVmNzAtOWVhNS00MmEzLTg3ODYtZWU4Y2ZkZDJlZDk0
LzEvTm5GZ0dCYzVWbzVYamh0ZlY1ZHFZRG1BWXVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcAKgk/ABAB
AwYEKgk/AFAwDQYJKoZIhvcNAQELBQADggEBALq/0UHExyD++rUMYh/+moCEEf31
hssD87+9Y/qlSYsQf7xwSuy2m6mpwUFY7EuSqYRXOzZ650emo3zo8DJKDqE9o9ju
2uo6KBacjElmgL93vKDT+XsFmw6/5EUabzhciUNHqTKUbs4AoLoTY2avg5nhA5w9
mfEIGNf2SNS+dm/2ugB5L+EtTy7fGiaYoKShl8vdqFFVPyrk4riuo53PbeN8VAPt
RtJLqw8xoXn7ttog1HeYqVawKIVV+p14Ocbh17OTtev+ORjAnd52pb7kWrpsxKtf
wuE4ec9RvhJO4e/EZCHVEaB3+UzAeBquI3EEKyrLz/1Fy1eZ14kkqKi2nKo=
-----END CERTIFICATE-----