Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2nlj1AsSpgG5dvii1-Tf_yB35m4.roa
File:                     2nlj1AsSpgG5dvii1-Tf_yB35m4.roa (raw, json)
Hash identifier:          Mq02/sSzVf0qU9BZQN5CwSWoYnCYwGTRqsJ0OZU6rzI=
Subject key identifier:   DA:79:63:D4:0B:12:A6:01:B9:76:F8:A2:D7:E4:DF:FF:20:77:E6:6E
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       019EB5C736E6D79A224F8F053234F0DF2FE6
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2nlj1AsSpgG5dvii1-Tf_yB35m4.roa
Signing time:             Thu 11 Jun 2026 08:23:12 +0000
ROA not before:           Thu 11 Jun 2026 08:23:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     132359
IP address blocks:        81.168.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b5:c7:36:e6:d7:9a:22:4f:8f:05:32:34:f0:df:2f:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Jun 11 08:23:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=da7963d40b12a601b976f8a2d7e4dfff2077e66e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:16:16:9c:45:b8:c9:a4:d0:79:d7:10:77:74:
                    83:cb:6e:df:6b:2e:23:54:0c:c0:76:58:a3:f1:d7:
                    a9:7c:13:96:11:8d:b3:1c:40:d5:33:99:ea:f0:de:
                    32:93:83:56:53:0f:6d:e5:30:18:38:13:69:8a:bf:
                    46:38:da:c8:67:db:48:aa:fd:dd:f0:93:ed:43:ff:
                    91:db:b1:43:8c:2c:0b:80:f4:14:2c:85:4d:3b:fa:
                    4b:08:f2:10:17:4f:b7:5c:5d:3b:91:f2:3a:bc:2d:
                    fc:b4:d2:83:76:c2:4e:43:ac:e9:83:98:e2:c1:5b:
                    d8:7f:3d:78:cc:ac:1a:54:f3:2e:8f:55:25:67:14:
                    51:04:8f:46:dd:89:88:71:92:75:da:99:5a:1e:02:
                    60:00:4c:4f:41:13:4c:7a:5f:ca:f5:bc:8b:8b:e7:
                    c8:b1:2f:bb:84:da:e5:89:d3:fd:4a:48:c2:af:87:
                    65:f6:e3:31:53:4a:92:5d:3a:16:c2:c0:80:e4:d1:
                    93:5d:2c:ad:22:90:89:02:65:74:e3:c1:f3:72:84:
                    6f:66:de:2c:cf:58:bd:e6:bd:da:13:8a:4e:69:fb:
                    b1:cd:d5:90:ac:2c:d4:34:b2:d9:81:bc:b4:7d:e5:
                    8b:a4:05:b5:e5:63:4b:9c:23:e6:8e:f4:34:56:ab:
                    d1:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:79:63:D4:0B:12:A6:01:B9:76:F8:A2:D7:E4:DF:FF:20:77:E6:6E
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/2nlj1AsSpgG5dvii1-Tf_yB35m4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.168.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:9c:ad:fd:77:17:47:5b:32:ed:18:da:24:56:c8:9b:b7:40:
         92:b3:43:c3:b0:57:e9:46:28:70:61:3f:0f:ff:e9:7e:e8:e3:
         af:97:97:9a:15:cb:47:b9:2f:fb:79:3e:61:f7:12:20:a1:a2:
         22:0f:f4:a5:68:3f:bd:f5:c4:49:d4:66:52:f5:e7:fa:43:6e:
         ad:52:79:5c:7c:93:ce:d1:fc:ba:56:7f:02:92:1a:2b:d1:ed:
         28:a6:91:fb:6d:c2:b1:b2:03:05:71:39:8c:c3:71:2d:8b:5d:
         0f:23:08:55:49:7c:c9:c1:96:db:3a:91:db:0b:3c:64:35:2c:
         f1:90:bc:2d:dd:86:ca:cf:d2:ef:b2:b9:73:22:61:70:58:15:
         c8:cb:01:44:47:41:d9:cc:bd:a5:04:86:d6:fa:60:ca:3d:98:
         75:8e:05:eb:50:b8:39:95:36:13:72:72:2b:13:af:7c:69:a9:
         5b:93:46:d4:91:8e:41:b8:48:10:91:72:00:6a:b2:dc:93:d7:
         19:d0:f2:93:b5:5a:6e:86:b5:2a:ba:f9:12:06:83:48:7c:6d:
         f6:1f:b1:22:0b:91:ab:95:48:6a:e6:1b:ee:07:d4:54:ea:3e:
         29:ef:fb:3b:1d:49:8c:08:dd:c1:90:c8:97:b1:f6:59:9f:79:
         6f:8a:9c:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ61xzbm15oiT48FMjTw3y/mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjYwNjExMDgyMzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTc5NjNkNDBiMTJhNjAxYjk3NmY4YTJkN2U0ZGZmZjIwNzdlNjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnRYWnEW4yaTQedcQd3SDy27fay4j
VAzAdlij8depfBOWEY2zHEDVM5nq8N4yk4NWUw9t5TAYOBNpir9GONrIZ9tIqv3d
8JPtQ/+R27FDjCwLgPQULIVNO/pLCPIQF0+3XF07kfI6vC38tNKDdsJOQ6zpg5ji
wVvYfz14zKwaVPMuj1UlZxRRBI9G3YmIcZJ12plaHgJgAExPQRNMel/K9byLi+fI
sS+7hNrlidP9SkjCr4dl9uMxU0qSXToWwsCA5NGTXSytIpCJAmV048HzcoRvZt4s
z1i95r3aE4pOafuxzdWQrCzUNLLZgby0feWLpAW15WNLnCPmjvQ0VqvRkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNp5Y9QLEqYBuXb4otfk3/8gd+ZuMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvMm5sajFBc1NwZ0c1ZHZpaTEtVGZfeUIzNW00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUahjMA0G
CSqGSIb3DQEBCwUAA4IBAQBpnK39dxdHWzLtGNokVsibt0CSs0PDsFfpRihwYT8P
/+l+6OOvl5eaFctHuS/7eT5h9xIgoaIiD/SlaD+99cRJ1GZS9ef6Q26tUnlcfJPO
0fy6Vn8Ckhor0e0oppH7bcKxsgMFcTmMw3Eti10PIwhVSXzJwZbbOpHbCzxkNSzx
kLwt3YbKz9LvsrlzImFwWBXIywFER0HZzL2lBIbW+mDKPZh1jgXrULg5lTYTcnIr
E698aalbk0bUkY5BuEgQkXIAarLck9cZ0PKTtVpuhrUquvkSBoNIfG32H7EiC5Gr
lUhq5hvuB9RU6j4p7/s7HUmMCN3BkMiXsfZZn3lvipzM
-----END CERTIFICATE-----