Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/c321f5-d611-4218-af1f-48cb0fcb90c3/1/nSTE3QopaGrpLJrHMCi5I8bZ5bw.roa
File:                     nSTE3QopaGrpLJrHMCi5I8bZ5bw.roa (raw, json)
Hash identifier:          baxR5slRLxHVOmtRsQKscXZczn9OJHENPHGtMrxxtQk=
Subject key identifier:   9D:24:C4:DD:0A:29:68:6A:E9:2C:9A:C7:30:28:B9:23:C6:D9:E5:BC
Certificate issuer:       /CN=993e814676f32f264771c7ad767a4df87d3c63e2
Certificate serial:       019D699C3D534C5B676D2F8F021EB5D81264
Authority key identifier: 99:3E:81:46:76:F3:2F:26:47:71:C7:AD:76:7A:4D:F8:7D:3C:63:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mT6BRnbzLyZHccetdnpN-H08Y-I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/c321f5-d611-4218-af1f-48cb0fcb90c3/1/nSTE3QopaGrpLJrHMCi5I8bZ5bw.roa
Signing time:             Tue 07 Apr 2026 20:22:20 +0000
ROA not before:           Tue 07 Apr 2026 20:22:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203537
IP address blocks:        2a0d:b081::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/c321f5-d611-4218-af1f-48cb0fcb90c3/1/mT6BRnbzLyZHccetdnpN-H08Y-I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/c321f5-d611-4218-af1f-48cb0fcb90c3/1/mT6BRnbzLyZHccetdnpN-H08Y-I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mT6BRnbzLyZHccetdnpN-H08Y-I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:69:9c:3d:53:4c:5b:67:6d:2f:8f:02:1e:b5:d8:12:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=993e814676f32f264771c7ad767a4df87d3c63e2
        Validity
            Not Before: Apr  7 20:22:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9d24c4dd0a29686ae92c9ac73028b923c6d9e5bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:2c:2c:91:f1:3f:b7:0f:e3:7c:6c:57:45:a0:
                    b7:20:73:fb:3a:e6:5f:a6:58:c4:a2:8b:4d:c0:b7:
                    4f:07:96:93:7c:d7:20:2e:cd:2c:9b:db:8d:95:3f:
                    12:93:96:ef:a1:d1:8d:75:13:4d:44:22:40:b7:c5:
                    ed:e7:7f:8d:be:94:8c:a3:eb:b9:d7:12:b0:1f:fc:
                    28:88:de:44:9b:7b:73:48:2c:50:04:38:bf:27:e2:
                    cf:d4:ca:06:a7:1f:05:f0:7d:d2:d5:11:3a:9f:93:
                    c8:64:87:96:dc:39:37:39:c0:f4:c3:49:85:41:6b:
                    a5:48:9b:74:1c:6a:60:22:2c:14:6e:ec:99:29:0c:
                    eb:47:93:d0:6d:5b:3f:58:21:16:47:a7:ba:aa:37:
                    00:ec:df:e3:05:c6:bd:c2:ce:12:49:1e:41:36:99:
                    90:06:d0:14:ba:f8:62:43:9b:cd:50:d1:8d:df:1b:
                    70:cd:e6:a4:cf:9c:53:c8:44:03:eb:bf:8c:49:43:
                    6f:14:d1:7f:d0:b9:d9:76:7c:1e:ef:3b:38:8d:ff:
                    06:2f:7a:c6:14:74:4b:c0:8d:c2:13:89:ce:ad:32:
                    2f:b9:1c:c2:f8:dd:6c:75:8d:89:39:64:b2:1e:1c:
                    85:e3:e5:f1:62:d3:2f:2d:38:95:5f:4f:25:f2:85:
                    01:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:24:C4:DD:0A:29:68:6A:E9:2C:9A:C7:30:28:B9:23:C6:D9:E5:BC
            X509v3 Authority Key Identifier:
                keyid:99:3E:81:46:76:F3:2F:26:47:71:C7:AD:76:7A:4D:F8:7D:3C:63:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mT6BRnbzLyZHccetdnpN-H08Y-I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/c321f5-d611-4218-af1f-48cb0fcb90c3/1/nSTE3QopaGrpLJrHMCi5I8bZ5bw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/c321f5-d611-4218-af1f-48cb0fcb90c3/1/mT6BRnbzLyZHccetdnpN-H08Y-I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:b081::/48

    Signature Algorithm: sha256WithRSAEncryption
         d2:1c:40:b3:90:df:2b:0c:12:29:fa:78:f3:eb:65:31:06:c3:
         79:cd:cd:02:34:c3:e9:c6:59:6c:ee:0a:bf:d8:18:19:1b:33:
         d4:72:aa:82:db:5e:41:3f:22:0d:c5:a4:9c:23:09:ae:e5:ac:
         f5:c6:0e:00:29:92:f3:d9:3f:f1:4b:8b:52:96:fa:b5:c8:97:
         4d:d3:75:3f:44:0b:ca:37:f2:38:39:8b:a8:d5:dd:80:96:32:
         16:18:f2:e4:6c:c9:77:c3:fa:e7:eb:08:30:eb:67:c2:53:b4:
         4f:80:7e:73:c7:b5:18:56:75:90:af:29:22:02:65:e7:f1:b2:
         68:8d:48:5f:b5:7a:ae:36:94:b4:08:d3:6a:9c:52:3c:c1:24:
         d9:ee:6f:13:65:c7:16:d0:d2:fc:f1:7f:c4:00:13:3a:cb:a0:
         df:0f:d1:47:f5:e7:2e:80:a0:68:10:98:f0:4b:d0:9a:80:5e:
         f6:0d:a2:0d:39:ea:07:f6:58:9c:7b:66:51:9b:7a:67:52:2f:
         44:77:3f:8f:81:fc:59:1d:24:38:90:b5:9c:fa:94:53:c7:4b:
         ea:03:ec:2b:ac:3f:b1:52:fc:84:05:8f:72:15:2f:d0:29:5c:
         5b:45:2e:b6:a6:d7:dd:4a:a2:d3:6e:b4:38:36:05:71:85:e2:
         cf:64:4c:df
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ1pnD1TTFtnbS+PAh612BJkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5M2U4MTQ2NzZmMzJmMjY0NzcxYzdhZDc2N2E0ZGY4N2Qz
YzYzZTIwHhcNMjYwNDA3MjAyMjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDI0YzRkZDBhMjk2ODZhZTkyYzlhYzczMDI4YjkyM2M2ZDllNWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoywskfE/tw/jfGxXRaC3IHP7OuZf
pljEootNwLdPB5aTfNcgLs0sm9uNlT8Sk5bvodGNdRNNRCJAt8Xt53+NvpSMo+u5
1xKwH/woiN5Em3tzSCxQBDi/J+LP1MoGpx8F8H3S1RE6n5PIZIeW3Dk3OcD0w0mF
QWulSJt0HGpgIiwUbuyZKQzrR5PQbVs/WCEWR6e6qjcA7N/jBca9ws4SSR5BNpmQ
BtAUuvhiQ5vNUNGN3xtwzeakz5xTyEQD67+MSUNvFNF/0LnZdnwe7zs4jf8GL3rG
FHRLwI3CE4nOrTIvuRzC+N1sdY2JOWSyHhyF4+XxYtMvLTiVX08l8oUBeQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ0kxN0KKWhq6SyaxzAouSPG2eW8MB8GA1UdIwQY
MBaAFJk+gUZ28y8mR3HHrXZ6Tfh9PGPiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbVQ2QlJuYnpMeVpIY2NldGRucE4tSDA4WS1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9jMzIxZjUtZDYxMS00MjE4LWFmMWYt
NDhjYjBmY2I5MGMzLzEvblNURTNRb3BhR3JwTEpySE1DaTVJOGJaNWJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9jMzIxZjUtZDYxMS00MjE4LWFmMWYtNDhjYjBmY2I5MGMz
LzEvbVQ2QlJuYnpMeVpIY2NldGRucE4tSDA4WS1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg2wgQAA
MA0GCSqGSIb3DQEBCwUAA4IBAQDSHECzkN8rDBIp+njz62UxBsN5zc0CNMPpxlls
7gq/2BgZGzPUcqqC215BPyINxaScIwmu5az1xg4AKZLz2T/xS4tSlvq1yJdN03U/
RAvKN/I4OYuo1d2AljIWGPLkbMl3w/rn6wgw62fCU7RPgH5zx7UYVnWQrykiAmXn
8bJojUhftXquNpS0CNNqnFI8wSTZ7m8TZccW0NL88X/EABM6y6DfD9FH9ecugKBo
EJjwS9CagF72DaINOeoH9lice2ZRm3pnUi9Edz+PgfxZHSQ4kLWc+pRTx0vqA+wr
rD+xUvyEBY9yFS/QKVxbRS62ptfdSqLTbrQ4NgVxheLPZEzf
-----END CERTIFICATE-----