Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/nl18z_txQo1UsYcC9xzbC0JFQUw.roa
File:                     nl18z_txQo1UsYcC9xzbC0JFQUw.roa (raw, json)
Hash identifier:          xBI1bIaaVRguH9EN9M/TAEINNqKlbWdYHFdg4iaOi7c=
Subject key identifier:   9E:5D:7C:CF:FB:71:42:8D:54:B1:87:02:F7:1C:DB:0B:42:45:41:4C
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019D4BF03280A07D90C993071A12675F5DF8
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/nl18z_txQo1UsYcC9xzbC0JFQUw.roa
Signing time:             Thu 02 Apr 2026 02:05:25 +0000
ROA not before:           Thu 02 Apr 2026 02:05:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199539
IP address blocks:        2a06:9801:263::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:4b:f0:32:80:a0:7d:90:c9:93:07:1a:12:67:5f:5d:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Apr  2 02:05:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9e5d7ccffb71428d54b18702f71cdb0b4245414c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:6c:c0:20:c9:20:72:8a:b9:c7:10:80:e4:a6:
                    d6:6e:de:00:92:d2:91:fc:2e:8b:42:be:f2:f1:43:
                    f6:96:c5:f7:9a:74:ab:f7:11:fc:ba:ea:cf:d1:86:
                    c4:b5:bf:11:b2:b8:b1:fc:0e:72:94:fd:5a:ed:d6:
                    c1:44:d4:ce:d5:19:31:29:09:c2:40:47:06:9b:ff:
                    fe:32:d0:cc:92:36:64:e9:71:c7:6a:a6:33:8f:6a:
                    6b:f8:1c:e8:74:b1:41:86:f4:6b:8d:42:a7:89:e9:
                    d3:67:d8:da:00:21:f0:a4:7f:a6:cb:50:3d:8a:e0:
                    d0:94:98:61:02:63:bb:6f:c8:0a:cb:48:8a:e6:94:
                    35:63:ed:16:ae:fa:37:fe:ae:53:a0:c4:a9:50:f3:
                    16:88:6d:07:44:a1:fa:f4:98:18:eb:19:c9:91:0a:
                    37:37:f3:0b:39:f1:89:30:cb:20:b9:9d:b4:b3:d3:
                    1f:5f:a0:2f:cb:ea:a1:af:31:d5:f0:08:4f:18:08:
                    09:50:2d:1d:7b:cf:60:9a:c0:3b:f7:5f:35:ca:51:
                    99:05:7b:a6:93:52:66:c6:a9:11:5b:d2:ec:4a:26:
                    84:a5:a8:bf:8a:b2:fb:72:37:92:e5:b8:b7:bb:8d:
                    e1:41:2c:48:6b:4d:08:83:c9:b7:5d:fb:65:5f:5d:
                    58:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:5D:7C:CF:FB:71:42:8D:54:B1:87:02:F7:1C:DB:0B:42:45:41:4C
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/nl18z_txQo1UsYcC9xzbC0JFQUw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:263::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:3d:14:d9:4e:a1:ce:c3:28:58:e9:c9:f3:af:47:e0:5a:2b:
         68:5d:80:6e:2e:c2:25:6f:05:95:93:81:88:cc:57:21:39:09:
         7b:bc:4b:ac:6d:40:31:45:25:c8:68:64:0b:78:7c:c9:d2:ac:
         f8:38:e0:4a:a1:89:99:a9:8f:02:9f:08:80:43:20:af:33:d0:
         8e:b3:bc:fc:0f:3b:c7:26:17:13:a5:d5:1e:5a:0c:36:cb:55:
         ed:a4:79:66:ec:21:5e:e7:1c:19:53:2b:7e:9c:77:50:1a:ea:
         5b:46:76:c4:0e:4f:b1:7e:a5:f5:7e:4d:64:df:ea:67:e4:0e:
         c8:1f:68:e3:c7:e5:91:64:b0:c7:0f:8a:01:ee:4d:3b:54:a7:
         7a:55:58:e1:ad:76:40:ba:6b:8f:09:35:5b:1f:77:08:49:7f:
         18:fa:f2:f7:bb:2c:e9:84:e6:f7:d6:00:89:4e:03:4c:84:46:
         f7:6e:37:32:c7:7d:36:6d:9b:65:d3:4a:2c:f2:b1:47:a9:b7:
         2c:d5:83:49:94:bc:fa:8d:4b:7a:a6:b4:bb:34:62:a0:09:fc:
         c2:c6:31:f6:8c:f3:9b:df:91:e4:73:b6:50:fb:06:98:25:a4:
         52:17:de:26:89:60:08:f3:33:b4:c9:26:68:9a:95:76:ca:d0:
         24:16:66:ab
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ1L8DKAoH2QyZMHGhJnX134MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNDAyMDIwNTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTVkN2NjZmZiNzE0MjhkNTRiMTg3MDJmNzFjZGIwYjQyNDU0MTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomzAIMkgcoq5xxCA5KbWbt4AktKR
/C6LQr7y8UP2lsX3mnSr9xH8uurP0YbEtb8Rsrix/A5ylP1a7dbBRNTO1RkxKQnC
QEcGm//+MtDMkjZk6XHHaqYzj2pr+BzodLFBhvRrjUKnienTZ9jaACHwpH+my1A9
iuDQlJhhAmO7b8gKy0iK5pQ1Y+0Wrvo3/q5ToMSpUPMWiG0HRKH69JgY6xnJkQo3
N/MLOfGJMMsguZ20s9MfX6Avy+qhrzHV8AhPGAgJUC0de89gmsA79181ylGZBXum
k1JmxqkRW9LsSiaEpai/irL7cjeS5bi3u43hQSxIa00Ig8m3XftlX11YQwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ5dfM/7cUKNVLGHAvcc2wtCRUFMMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvbmwxOHpfdHhRbzFVc1ljQzl4emJDMEpGUVV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQJj
MA0GCSqGSIb3DQEBCwUAA4IBAQANPRTZTqHOwyhY6cnzr0fgWitoXYBuLsIlbwWV
k4GIzFchOQl7vEusbUAxRSXIaGQLeHzJ0qz4OOBKoYmZqY8CnwiAQyCvM9COs7z8
DzvHJhcTpdUeWgw2y1XtpHlm7CFe5xwZUyt+nHdQGupbRnbEDk+xfqX1fk1k3+pn
5A7IH2jjx+WRZLDHD4oB7k07VKd6VVjhrXZAumuPCTVbH3cISX8Y+vL3uyzphOb3
1gCJTgNMhEb3bjcyx302bZtl00os8rFHqbcs1YNJlLz6jUt6prS7NGKgCfzCxjH2
jPOb35Hkc7ZQ+waYJaRSF94miWAI8zO0ySZompV2ytAkFmar
-----END CERTIFICATE-----