Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/nS3xH7cGj9BDJlwOGwCeOD2uQDY.roa
File:                     nS3xH7cGj9BDJlwOGwCeOD2uQDY.roa (raw, json)
Hash identifier:          M1GyU2bjsnbtdQbFDBbEEQI+7ONAKAgYrl5x43zMSck=
Subject key identifier:   9D:2D:F1:1F:B7:06:8F:D0:43:26:5C:0E:1B:00:9E:38:3D:AE:40:36
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019EAE1FFAD5C3144C414796D20AA70AD37A
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/nS3xH7cGj9BDJlwOGwCeOD2uQDY.roa
Signing time:             Tue 09 Jun 2026 20:43:11 +0000
ROA not before:           Tue 09 Jun 2026 20:43:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219478
IP address blocks:        2a06:9801:790::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ae:1f:fa:d5:c3:14:4c:41:47:96:d2:0a:a7:0a:d3:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Jun  9 20:43:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9d2df11fb7068fd043265c0e1b009e383dae4036
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:69:65:31:a9:3b:c0:d7:88:18:3a:04:57:cd:
                    5d:75:39:7f:21:fc:db:0b:af:aa:87:c9:74:8b:fc:
                    3b:19:de:f9:0c:f3:51:8a:15:d0:cc:64:f1:c7:d1:
                    71:47:c9:0b:50:64:9a:f0:78:48:83:d8:cc:e1:36:
                    10:e6:cb:f9:c9:19:89:5d:94:28:c3:6b:59:17:dd:
                    96:af:c7:1f:56:87:e8:b7:a5:e4:86:ac:81:ce:92:
                    2a:a9:ed:7f:bb:0e:34:3f:0d:8e:4c:a3:43:d7:d1:
                    0f:c2:ed:6e:6c:89:93:46:ca:5b:c3:89:b8:fe:49:
                    47:74:58:ff:cf:fa:f5:cb:a2:c5:cb:5e:3d:38:8b:
                    06:5a:79:e5:9c:14:f2:ea:38:3f:b5:ae:3c:9a:ac:
                    5d:f4:9e:b7:18:33:80:f5:36:eb:c4:75:a3:aa:97:
                    6f:aa:f8:c7:14:42:0d:d6:d2:95:7e:a3:1b:ce:b7:
                    1b:f0:4c:bd:24:54:09:de:2b:38:e7:7c:d3:c4:b3:
                    96:05:b3:37:ce:b6:a2:0e:f5:1f:53:99:f2:c6:32:
                    cd:05:9a:b4:47:3f:67:6b:bf:34:3b:69:3e:bd:af:
                    65:70:0b:a2:57:06:40:ce:26:33:70:2f:15:eb:d7:
                    e4:98:0b:18:02:8a:ee:42:55:c5:82:9b:e7:f5:38:
                    ae:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:2D:F1:1F:B7:06:8F:D0:43:26:5C:0E:1B:00:9E:38:3D:AE:40:36
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/nS3xH7cGj9BDJlwOGwCeOD2uQDY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:790::/48

    Signature Algorithm: sha256WithRSAEncryption
         07:72:9c:9a:88:1f:b1:c0:c5:2f:f3:94:34:5f:a5:96:5f:78:
         3f:9d:ac:e6:2a:4a:73:32:df:e8:d2:67:3b:67:26:0b:43:1c:
         91:d1:55:37:d5:4e:ed:40:65:fa:b3:29:0d:fa:12:d5:a2:6e:
         fb:8f:fa:47:e6:bb:6a:0d:e2:2c:45:bb:f9:95:98:b6:e3:7b:
         a9:18:64:a5:b9:cb:4d:b5:cf:53:6b:82:25:6a:3f:49:e4:b8:
         dc:10:55:93:a9:8e:48:b9:52:40:0a:b6:d2:37:79:0f:b0:e5:
         6a:86:45:8c:eb:9e:09:ca:bd:b0:eb:10:e3:a2:cc:40:57:30:
         66:dc:5f:c3:1f:b7:a1:07:ae:92:74:30:b2:02:cc:89:e3:eb:
         de:58:69:c2:bb:aa:56:11:8b:a4:4f:d6:33:a2:2c:e3:b2:3d:
         b2:1e:08:eb:cf:05:b2:fb:93:45:86:0a:0d:05:e1:a4:5b:de:
         65:0a:82:f4:00:c8:7e:35:36:a6:b1:97:df:1c:a7:fa:65:d8:
         d0:ef:f4:dc:f1:35:91:5f:7f:40:d4:d5:86:77:2d:09:c5:01:
         d9:2c:be:0b:74:28:b2:23:f8:53:95:be:a2:c5:50:60:2d:bc:
         d2:94:bc:c6:0d:14:a1:e3:49:c4:61:6b:87:47:90:5a:e2:cf:
         5c:b5:a2:83
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ6uH/rVwxRMQUeW0gqnCtN6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNjA5MjA0MzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDJkZjExZmI3MDY4ZmQwNDMyNjVjMGUxYjAwOWUzODNkYWU0MDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsGllMak7wNeIGDoEV81ddTl/Ifzb
C6+qh8l0i/w7Gd75DPNRihXQzGTxx9FxR8kLUGSa8HhIg9jM4TYQ5sv5yRmJXZQo
w2tZF92Wr8cfVofot6XkhqyBzpIqqe1/uw40Pw2OTKND19EPwu1ubImTRspbw4m4
/klHdFj/z/r1y6LFy149OIsGWnnlnBTy6jg/ta48mqxd9J63GDOA9TbrxHWjqpdv
qvjHFEIN1tKVfqMbzrcb8Ey9JFQJ3is453zTxLOWBbM3zraiDvUfU5nyxjLNBZq0
Rz9na780O2k+va9lcAuiVwZAziYzcC8V69fkmAsYAoruQlXFgpvn9TiuJQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ0t8R+3Bo/QQyZcDhsAnjg9rkA2MB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvblMzeEg3Y0dqOUJESmx3T0d3Q2VPRDJ1UURZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQeQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAHcpyaiB+xwMUv85Q0X6WWX3g/nazmKkpzMt/o
0mc7ZyYLQxyR0VU31U7tQGX6sykN+hLVom77j/pH5rtqDeIsRbv5lZi243upGGSl
uctNtc9Ta4Ilaj9J5LjcEFWTqY5IuVJACrbSN3kPsOVqhkWM654Jyr2w6xDjosxA
VzBm3F/DH7ehB66SdDCyAsyJ4+veWGnCu6pWEYukT9Yzoizjsj2yHgjrzwWy+5NF
hgoNBeGkW95lCoL0AMh+NTamsZffHKf6ZdjQ7/Tc8TWRX39A1NWGdy0JxQHZLL4L
dCiyI/hTlb6ixVBgLbzSlLzGDRSh40nEYWuHR5Ba4s9ctaKD
-----END CERTIFICATE-----