Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3e/8e88a7-0232-4055-a5cf-dd9443579ed5/1/c7nHfsLGVr2Hpf16MebsVtcpfOw.roa
File:                     c7nHfsLGVr2Hpf16MebsVtcpfOw.roa (raw, json)
Hash identifier:          E4vHcrI652reSIpSis98/0RensPsP0hINBPiLEQ2aFI=
Subject key identifier:   73:B9:C7:7E:C2:C6:56:BD:87:A5:FD:7A:31:E6:EC:56:D7:29:7C:EC
Certificate issuer:       /CN=69d5d452a8ed535287feb36514bc87c022355a43
Certificate serial:       019E96A3AE990388BE58FDE3926562CB408F
Authority key identifier: 69:D5:D4:52:A8:ED:53:52:87:FE:B3:65:14:BC:87:C0:22:35:5A:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/adXUUqjtU1KH_rNlFLyHwCI1WkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3e/8e88a7-0232-4055-a5cf-dd9443579ed5/1/c7nHfsLGVr2Hpf16MebsVtcpfOw.roa
Signing time:             Fri 05 Jun 2026 07:16:09 +0000
ROA not before:           Fri 05 Jun 2026 07:16:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35332
IP address blocks:        2001:678:5b4::/48 maxlen: 48
                          2001:678:880::/48 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3e/8e88a7-0232-4055-a5cf-dd9443579ed5/1/adXUUqjtU1KH_rNlFLyHwCI1WkM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3e/8e88a7-0232-4055-a5cf-dd9443579ed5/1/adXUUqjtU1KH_rNlFLyHwCI1WkM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/adXUUqjtU1KH_rNlFLyHwCI1WkM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 08:43:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:96:a3:ae:99:03:88:be:58:fd:e3:92:65:62:cb:40:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=69d5d452a8ed535287feb36514bc87c022355a43
        Validity
            Not Before: Jun  5 07:16:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=73b9c77ec2c656bd87a5fd7a31e6ec56d7297cec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:96:32:9d:0d:d4:b9:f4:c4:53:a7:c3:61:c9:
                    64:54:b2:0c:c3:d0:3b:83:f1:50:39:e9:05:12:0d:
                    5e:72:e6:f6:78:93:a8:76:3d:ed:82:ae:d0:e7:fe:
                    61:1a:9b:11:bf:1f:7e:89:d4:c1:f9:ec:ec:84:4b:
                    38:f0:0e:8f:5e:fa:a6:a8:58:24:ae:99:80:45:5c:
                    95:07:29:a1:79:d7:b6:6e:29:7c:45:0c:ee:ac:c5:
                    52:27:f3:3b:2c:92:29:06:0d:38:b8:23:f7:56:d0:
                    90:53:72:53:43:f1:90:b4:2e:a2:c4:8d:e3:fc:e3:
                    ec:29:5c:57:7b:29:5b:91:df:c8:33:34:02:45:8b:
                    e4:5f:fc:82:f9:b8:1c:83:6d:2b:d6:23:79:16:57:
                    68:96:11:b6:82:3d:cb:6c:d6:f3:f8:15:e7:c9:fa:
                    b3:a3:01:c0:90:ac:5a:8c:84:3b:ce:92:df:37:6e:
                    45:2d:98:69:b6:e3:bc:eb:52:77:4b:38:e9:00:07:
                    93:69:2d:74:a1:e9:8b:50:94:52:03:bd:80:e7:37:
                    f3:30:f6:08:f2:5d:c0:e3:6b:4c:53:cf:37:13:8b:
                    c3:06:bd:71:82:5f:00:86:1d:21:c2:e6:0f:78:56:
                    d8:2e:f0:15:a7:9a:ed:83:1e:37:57:4f:9c:65:6e:
                    68:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:B9:C7:7E:C2:C6:56:BD:87:A5:FD:7A:31:E6:EC:56:D7:29:7C:EC
            X509v3 Authority Key Identifier:
                keyid:69:D5:D4:52:A8:ED:53:52:87:FE:B3:65:14:BC:87:C0:22:35:5A:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/adXUUqjtU1KH_rNlFLyHwCI1WkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/8e88a7-0232-4055-a5cf-dd9443579ed5/1/c7nHfsLGVr2Hpf16MebsVtcpfOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3e/8e88a7-0232-4055-a5cf-dd9443579ed5/1/adXUUqjtU1KH_rNlFLyHwCI1WkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:5b4::/48
                  2001:678:880::/48

    Signature Algorithm: sha256WithRSAEncryption
         4f:06:27:27:0e:d7:b9:af:8f:c3:c2:e4:10:99:27:7a:5f:0f:
         a1:c1:86:22:ba:cf:a9:64:90:c9:44:4f:d4:4c:1d:9a:19:48:
         64:20:4b:38:ee:26:96:db:8b:6e:36:45:77:00:b2:0f:48:19:
         f9:81:da:6c:b5:0a:8e:c3:ef:f9:32:3c:04:25:ba:97:37:ef:
         62:bb:a9:05:a1:a2:5e:24:ee:b6:b0:b5:e2:8f:7f:a1:00:2c:
         5c:91:78:e2:00:e9:98:53:aa:2e:27:0d:45:6c:0b:11:38:f3:
         3e:d1:a9:46:86:9e:71:fa:fa:3c:da:46:bf:ca:d1:e3:01:70:
         30:72:08:5f:80:d1:1c:c8:22:7e:4b:d0:4f:70:52:eb:8c:6f:
         2b:66:4d:f8:c3:28:24:7d:41:37:6e:01:45:29:d0:34:2c:d0:
         55:6b:3d:1c:03:b3:4d:f8:85:a5:6a:c3:60:d2:e2:3a:6e:74:
         bf:1c:40:68:82:be:69:c9:10:0a:94:83:f4:d8:3d:f8:94:2b:
         e2:94:0e:50:d2:91:35:e3:20:8f:52:0c:49:45:52:06:60:e9:
         0e:73:09:fc:f4:e5:4b:87:51:9d:a9:1b:a2:7d:94:98:35:25:
         19:0b:50:c0:bf:5a:52:ff:01:00:41:9e:d7:4c:cf:93:c2:e4:
         14:a2:d1:98
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ6Wo66ZA4i+WP3jkmViy0CPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5ZDVkNDUyYThlZDUzNTI4N2ZlYjM2NTE0YmM4N2MwMjIz
NTVhNDMwHhcNMjYwNjA1MDcxNjA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2I5Yzc3ZWMyYzY1NmJkODdhNWZkN2EzMWU2ZWM1NmQ3Mjk3Y2VjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5YynQ3UufTEU6fDYclkVLIMw9A7
g/FQOekFEg1ecub2eJOodj3tgq7Q5/5hGpsRvx9+idTB+ezshEs48A6PXvqmqFgk
rpmARVyVBymhede2bil8RQzurMVSJ/M7LJIpBg04uCP3VtCQU3JTQ/GQtC6ixI3j
/OPsKVxXeylbkd/IMzQCRYvkX/yC+bgcg20r1iN5FldolhG2gj3LbNbz+BXnyfqz
owHAkKxajIQ7zpLfN25FLZhptuO861J3SzjpAAeTaS10oemLUJRSA72A5zfzMPYI
8l3A42tMU883E4vDBr1xgl8Ahh0hwuYPeFbYLvAVp5rtgx43V0+cZW5oWQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHO5x37Cxla9h6X9ejHm7FbXKXzsMB8GA1UdIwQY
MBaAFGnV1FKo7VNSh/6zZRS8h8AiNVpDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWRYVVVxanRVMUtIX3JObEZMeUh3Q0kxV2tNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZS84ZTg4YTctMDIzMi00MDU1LWE1Y2Yt
ZGQ5NDQzNTc5ZWQ1LzEvYzduSGZzTEdWcjJIcGYxNk1lYnNWdGNwZk93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZS84ZTg4YTctMDIzMi00MDU1LWE1Y2YtZGQ5NDQzNTc5ZWQ1
LzEvYWRYVVVxanRVMUtIX3JObEZMeUh3Q0kxV2tNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAIAEGeAW0
AwcAIAEGeAiAMA0GCSqGSIb3DQEBCwUAA4IBAQBPBicnDte5r4/DwuQQmSd6Xw+h
wYYius+pZJDJRE/UTB2aGUhkIEs47iaW24tuNkV3ALIPSBn5gdpstQqOw+/5MjwE
JbqXN+9iu6kFoaJeJO62sLXij3+hACxckXjiAOmYU6ouJw1FbAsROPM+0alGhp5x
+vo82ka/ytHjAXAwcghfgNEcyCJ+S9BPcFLrjG8rZk34wygkfUE3bgFFKdA0LNBV
az0cA7NN+IWlasNg0uI6bnS/HEBogr5pyRAKlIP02D34lCvilA5Q0pE14yCPUgxJ
RVIGYOkOcwn89OVLh1GdqRuifZSYNSUZC1DAv1pS/wEAQZ7XTM+TwuQUotGY
-----END CERTIFICATE-----