Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/0a3fff-1a42-4044-ae8f-7354a73bda7e/1/NUJylcfXdFrCcbkx_Ikhy-r9ACI.roa
File:                     NUJylcfXdFrCcbkx_Ikhy-r9ACI.roa (raw, json)
Hash identifier:          xCgVcHczCrXe0p6YIfGOAkusfmbv3Ur+pdnA0nDzp+0=
Subject key identifier:   35:42:72:95:C7:D7:74:5A:C2:71:B9:31:FC:89:21:CB:EA:FD:00:22
Certificate issuer:       /CN=9f6fb7954179a9666b4cb6afe346d1e21ec30e45
Certificate serial:       019D4B0A6574E53AB28ED04B87EBF643EE74
Authority key identifier: 9F:6F:B7:95:41:79:A9:66:6B:4C:B6:AF:E3:46:D1:E2:1E:C3:0E:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/n2-3lUF5qWZrTLav40bR4h7DDkU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/0a3fff-1a42-4044-ae8f-7354a73bda7e/1/NUJylcfXdFrCcbkx_Ikhy-r9ACI.roa
Signing time:             Wed 01 Apr 2026 21:54:25 +0000
ROA not before:           Wed 01 Apr 2026 21:54:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212928
IP address blocks:        2a02:4b60:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/0a3fff-1a42-4044-ae8f-7354a73bda7e/1/n2-3lUF5qWZrTLav40bR4h7DDkU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/0a3fff-1a42-4044-ae8f-7354a73bda7e/1/n2-3lUF5qWZrTLav40bR4h7DDkU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/n2-3lUF5qWZrTLav40bR4h7DDkU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 14:47:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:4b:0a:65:74:e5:3a:b2:8e:d0:4b:87:eb:f6:43:ee:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f6fb7954179a9666b4cb6afe346d1e21ec30e45
        Validity
            Not Before: Apr  1 21:54:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=35427295c7d7745ac271b931fc8921cbeafd0022
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:d2:02:48:bf:ef:23:46:44:67:05:eb:e8:48:
                    0b:4e:75:c4:a5:1d:40:3d:83:f7:f6:29:ca:61:8b:
                    dc:98:a6:a0:c7:d6:13:b4:0c:ca:42:c9:02:c4:08:
                    73:7a:1f:59:66:66:fc:2e:ad:ee:ee:0d:d0:1f:8e:
                    c9:18:fc:fc:25:a6:21:e5:8f:e1:44:04:13:60:c3:
                    f3:28:fd:23:c3:8a:f4:64:31:5e:a8:d3:51:c7:9a:
                    34:97:48:4a:a4:c2:13:20:e8:e9:9a:98:c7:10:fa:
                    f4:a3:b6:de:d8:7b:ca:5c:63:88:ff:6e:5f:8b:81:
                    f3:e1:01:5c:34:a5:86:cb:07:8c:2a:4d:61:dc:94:
                    f4:6f:91:e2:d5:70:a5:48:84:a1:80:f0:74:fb:90:
                    ce:81:a5:1e:3e:ab:22:87:2e:9c:4b:a2:bf:19:7b:
                    b1:01:d1:d3:20:ce:80:f1:42:16:c0:08:39:32:90:
                    07:ce:10:2a:31:14:cd:de:18:c5:c7:2b:f4:db:b1:
                    02:9b:1a:33:50:44:a0:9d:13:34:23:4e:e7:70:01:
                    1f:c3:13:09:41:9a:6e:fa:42:aa:2c:1a:97:3f:62:
                    de:cb:d3:ee:00:13:4c:3b:1d:9b:bf:4a:81:00:9c:
                    1c:27:24:f7:76:56:bf:17:e3:b2:c1:a1:83:cb:84:
                    95:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:42:72:95:C7:D7:74:5A:C2:71:B9:31:FC:89:21:CB:EA:FD:00:22
            X509v3 Authority Key Identifier:
                keyid:9F:6F:B7:95:41:79:A9:66:6B:4C:B6:AF:E3:46:D1:E2:1E:C3:0E:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n2-3lUF5qWZrTLav40bR4h7DDkU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/0a3fff-1a42-4044-ae8f-7354a73bda7e/1/NUJylcfXdFrCcbkx_Ikhy-r9ACI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/0a3fff-1a42-4044-ae8f-7354a73bda7e/1/n2-3lUF5qWZrTLav40bR4h7DDkU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:4b60:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:4d:95:a2:07:ae:43:6c:30:b3:ec:ae:d7:6c:52:24:0f:70:
         79:d2:d0:e6:56:44:13:a0:0a:5b:69:f4:cd:76:c0:d1:72:94:
         10:37:66:6f:22:71:82:d4:91:d6:b1:76:91:b3:05:02:7a:0c:
         b5:00:1f:39:6a:dd:c8:00:0e:2b:23:95:7e:90:89:43:92:86:
         8b:96:c6:16:62:2b:71:14:1b:d3:a6:db:5d:cf:11:0d:68:c7:
         15:7e:1e:60:fd:38:53:ef:fb:6c:65:11:e7:95:d5:ba:05:cb:
         33:aa:d3:11:d3:d2:e3:22:fc:3d:71:10:33:87:c4:ee:43:8b:
         4e:83:8c:8b:8e:26:81:d9:84:a7:75:bd:d6:13:49:df:ae:b2:
         6f:dd:90:5d:cd:ad:ef:70:e2:ab:7a:5f:95:d7:bc:5e:ef:97:
         0e:44:e4:fc:4c:e3:9f:56:0e:d1:60:f7:e4:84:c2:d8:4e:8e:
         ca:7c:5e:ad:30:11:5d:13:f1:cc:59:e6:26:1c:8f:e4:f4:f4:
         92:dd:cd:cd:1b:a1:10:ef:b6:cf:63:a3:d5:a0:c6:47:8f:b5:
         17:3a:d9:4f:26:af:dc:14:ae:29:ac:e7:cb:77:48:1c:8b:70:
         ac:aa:84:e5:9e:92:ec:f6:e0:1b:02:69:26:49:a3:37:47:42:
         87:0e:d8:69
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ1LCmV05TqyjtBLh+v2Q+50MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmNmZiNzk1NDE3OWE5NjY2YjRjYjZhZmUzNDZkMWUyMWVj
MzBlNDUwHhcNMjYwNDAxMjE1NDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTQyNzI5NWM3ZDc3NDVhYzI3MWI5MzFmYzg5MjFjYmVhZmQwMDIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkdICSL/vI0ZEZwXr6EgLTnXEpR1A
PYP39inKYYvcmKagx9YTtAzKQskCxAhzeh9ZZmb8Lq3u7g3QH47JGPz8JaYh5Y/h
RAQTYMPzKP0jw4r0ZDFeqNNRx5o0l0hKpMITIOjpmpjHEPr0o7be2HvKXGOI/25f
i4Hz4QFcNKWGyweMKk1h3JT0b5Hi1XClSIShgPB0+5DOgaUePqsihy6cS6K/GXux
AdHTIM6A8UIWwAg5MpAHzhAqMRTN3hjFxyv027ECmxozUESgnRM0I07ncAEfwxMJ
QZpu+kKqLBqXP2Ley9PuABNMOx2bv0qBAJwcJyT3dla/F+OywaGDy4SV6wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDVCcpXH13RawnG5MfyJIcvq/QAiMB8GA1UdIwQY
MBaAFJ9vt5VBealma0y2r+NG0eIeww5FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjItM2xVRjVxV1pyVExhdjQwYlI0aDdERGtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi8wYTNmZmYtMWE0Mi00MDQ0LWFlOGYt
NzM1NGE3M2JkYTdlLzEvTlVKeWxjZlhkRnJDY2JreF9Ja2h5LXI5QUNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi8wYTNmZmYtMWE0Mi00MDQ0LWFlOGYtNzM1NGE3M2JkYTdl
LzEvbjItM2xVRjVxV1pyVExhdjQwYlI0aDdERGtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgJLYAAB
MA0GCSqGSIb3DQEBCwUAA4IBAQCNTZWiB65DbDCz7K7XbFIkD3B50tDmVkQToApb
afTNdsDRcpQQN2ZvInGC1JHWsXaRswUCegy1AB85at3IAA4rI5V+kIlDkoaLlsYW
YitxFBvTpttdzxENaMcVfh5g/ThT7/tsZRHnldW6BcszqtMR09LjIvw9cRAzh8Tu
Q4tOg4yLjiaB2YSndb3WE0nfrrJv3ZBdza3vcOKrel+V17xe75cOROT8TOOfVg7R
YPfkhMLYTo7KfF6tMBFdE/HMWeYmHI/k9PSS3c3NG6EQ77bPY6PVoMZHj7UXOtlP
Jq/cFK4prOfLd0gci3CsqoTlnpLs9uAbAmkmSaM3R0KHDthp
-----END CERTIFICATE-----