Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/86b54c-b980-4817-8df6-dce7781a2c5c/1/3n_T-VlcRrJ25j9kvlj0HIaewlo.roa
File:                     3n_T-VlcRrJ25j9kvlj0HIaewlo.roa (raw, json)
Hash identifier:          /SFODLyEjo4ydNZxSHr6WaUeyDVcI7UoOeiXd0nt618=
Subject key identifier:   DE:7F:D3:F9:59:5C:46:B2:76:E6:3F:64:BE:58:F4:1C:86:9E:C2:5A
Certificate issuer:       /CN=1b09bd4d6a28c5f1fbe683cf2acd5e8bf2bae4c4
Certificate serial:       019E9441F1ACD8A3BB6C67C41FDD6DC0FA51
Authority key identifier: 1B:09:BD:4D:6A:28:C5:F1:FB:E6:83:CF:2A:CD:5E:8B:F2:BA:E4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gwm9TWooxfH75oPPKs1ei_K65MQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/86b54c-b980-4817-8df6-dce7781a2c5c/1/3n_T-VlcRrJ25j9kvlj0HIaewlo.roa
Signing time:             Thu 04 Jun 2026 20:10:10 +0000
ROA not before:           Thu 04 Jun 2026 20:10:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39702
IP address blocks:        86.111.248.0/21 maxlen: 21
                          193.7.176.0/21 maxlen: 21
                          2001:678:cac::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/86b54c-b980-4817-8df6-dce7781a2c5c/1/Gwm9TWooxfH75oPPKs1ei_K65MQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/86b54c-b980-4817-8df6-dce7781a2c5c/1/Gwm9TWooxfH75oPPKs1ei_K65MQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gwm9TWooxfH75oPPKs1ei_K65MQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 19:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:94:41:f1:ac:d8:a3:bb:6c:67:c4:1f:dd:6d:c0:fa:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b09bd4d6a28c5f1fbe683cf2acd5e8bf2bae4c4
        Validity
            Not Before: Jun  4 20:10:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=de7fd3f9595c46b276e63f64be58f41c869ec25a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:70:6b:81:3e:84:8e:a5:ef:85:a3:18:c4:6c:
                    62:06:03:72:c5:d5:9a:9c:cc:fc:3d:a4:09:ab:33:
                    e6:e6:e5:ee:da:b3:78:af:e6:99:61:88:a6:f5:29:
                    87:f3:49:51:a0:9c:f0:79:ed:ad:64:ef:66:de:8a:
                    be:c1:1d:53:41:15:73:3b:99:95:82:82:b3:84:ec:
                    0e:de:5b:5d:98:84:16:07:3d:85:cc:3d:85:2f:73:
                    4c:72:ec:31:1b:c2:8b:0f:ad:ab:2b:1c:83:f0:60:
                    ad:de:45:1e:9c:7c:bc:b1:80:db:91:b2:ae:74:a2:
                    d6:50:1e:20:ac:e7:42:05:c3:b8:85:bb:64:a1:a0:
                    c4:43:e4:b7:5f:8e:78:4c:34:29:1e:71:16:b5:c1:
                    87:0b:0b:04:92:9f:a8:84:d9:4a:3e:b9:d9:3d:e2:
                    e1:b1:f3:53:e7:da:54:aa:35:dd:2d:90:ce:e7:3d:
                    9d:48:8a:45:e0:db:b3:88:08:28:80:5f:74:9a:b1:
                    2b:38:e2:ae:83:fd:06:56:9b:ef:9e:d8:a3:02:be:
                    4d:fb:c3:a2:30:ac:26:e8:9c:75:64:e8:f1:69:c9:
                    33:87:3b:08:ea:ea:f7:3c:68:c3:ac:2d:e9:9c:70:
                    1e:23:64:e5:ed:4a:38:91:7a:92:e0:3b:41:92:00:
                    b4:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:7F:D3:F9:59:5C:46:B2:76:E6:3F:64:BE:58:F4:1C:86:9E:C2:5A
            X509v3 Authority Key Identifier:
                keyid:1B:09:BD:4D:6A:28:C5:F1:FB:E6:83:CF:2A:CD:5E:8B:F2:BA:E4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gwm9TWooxfH75oPPKs1ei_K65MQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/86b54c-b980-4817-8df6-dce7781a2c5c/1/3n_T-VlcRrJ25j9kvlj0HIaewlo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/86b54c-b980-4817-8df6-dce7781a2c5c/1/Gwm9TWooxfH75oPPKs1ei_K65MQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.111.248.0/21
                  193.7.176.0/21
                IPv6:
                  2001:678:cac::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:f1:05:3b:e2:15:91:64:cf:c7:76:c3:68:70:a7:a9:52:cc:
         a3:d0:10:28:69:f4:5d:f7:30:ec:23:ea:6d:5e:09:a2:6c:31:
         68:4b:eb:20:00:e9:0f:68:e2:17:53:d4:22:61:99:0e:1e:a9:
         22:3e:0b:e4:47:23:fd:e4:38:bd:02:47:87:a3:76:7c:5a:ee:
         fc:cb:48:0f:2a:79:87:e5:3a:ed:56:2c:6c:d0:23:8f:bf:00:
         90:7d:62:84:5b:ef:77:92:90:01:4b:c3:cc:51:0c:60:1b:2b:
         48:78:16:83:9f:29:16:0b:64:3f:15:ee:7e:2c:fc:22:e4:b4:
         8e:b1:e7:d8:9f:93:a3:0d:68:b0:4a:7e:4c:f5:ad:69:87:9b:
         a5:ba:b7:ca:9f:b7:70:37:dc:d2:1e:7f:74:b2:69:c9:6d:8c:
         9e:4a:2a:e0:97:a6:66:a2:4a:6a:d9:ff:33:d5:71:48:95:b7:
         e3:2b:7c:ce:4a:5d:dd:d2:72:91:69:88:96:7b:ab:a4:b1:e3:
         90:f5:52:0f:82:f9:66:96:f1:10:cb:ea:91:17:4c:b2:9d:0b:
         34:16:cc:1e:89:8b:bb:55:b6:27:ee:85:29:03:ba:66:c6:ec:
         0e:9d:81:ee:e8:3a:97:1e:5b:34:ae:a7:ab:39:4e:49:7e:04:
         a8:d6:54:23
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZ6UQfGs2KO7bGfEH91twPpRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDliZDRkNmEyOGM1ZjFmYmU2ODNjZjJhY2Q1ZThiZjJi
YWU0YzQwHhcNMjYwNjA0MjAxMDEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTdmZDNmOTU5NWM0NmIyNzZlNjNmNjRiZTU4ZjQxYzg2OWVjMjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtHBrgT6EjqXvhaMYxGxiBgNyxdWa
nMz8PaQJqzPm5uXu2rN4r+aZYYim9SmH80lRoJzwee2tZO9m3oq+wR1TQRVzO5mV
goKzhOwO3ltdmIQWBz2FzD2FL3NMcuwxG8KLD62rKxyD8GCt3kUenHy8sYDbkbKu
dKLWUB4grOdCBcO4hbtkoaDEQ+S3X454TDQpHnEWtcGHCwsEkp+ohNlKPrnZPeLh
sfNT59pUqjXdLZDO5z2dSIpF4NuziAgogF90mrErOOKug/0GVpvvntijAr5N+8Oi
MKwm6Jx1ZOjxackzhzsI6ur3PGjDrC3pnHAeI2Tl7Uo4kXqS4DtBkgC0wQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFN5/0/lZXEayduY/ZL5Y9ByGnsJaMB8GA1UdIwQY
MBaAFBsJvU1qKMXx++aDzyrNXovyuuTEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dtOVRXb294Zkg3NW9QUEtzMWVpX0s2NU1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS84NmI1NGMtYjk4MC00ODE3LThkZjYt
ZGNlNzc4MWEyYzVjLzEvM25fVC1WbGNSckoyNWo5a3ZsajBISWFld2xvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS84NmI1NGMtYjk4MC00ODE3LThkZjYtZGNlNzc4MWEyYzVj
LzEvR3dtOVRXb294Zkg3NW9QUEtzMWVpX0s2NU1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQDVm/4AwQD
wQewMA8EAgACMAkDBwAgAQZ4DKwwDQYJKoZIhvcNAQELBQADggEBAAzxBTviFZFk
z8d2w2hwp6lSzKPQEChp9F33MOwj6m1eCaJsMWhL6yAA6Q9o4hdT1CJhmQ4eqSI+
C+RHI/3kOL0CR4ejdnxa7vzLSA8qeYflOu1WLGzQI4+/AJB9YoRb73eSkAFLw8xR
DGAbK0h4FoOfKRYLZD8V7n4s/CLktI6x59ifk6MNaLBKfkz1rWmHm6W6t8qft3A3
3NIef3SyacltjJ5KKuCXpmaiSmrZ/zPVcUiVt+MrfM5KXd3ScpFpiJZ7q6Sx45D1
Ug+C+WaW8RDL6pEXTLKdCzQWzB6Ji7tVtifuhSkDumbG7A6dge7oOpceWzSup6s5
Tkl+BKjWVCM=
-----END CERTIFICATE-----