Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/15e905-fa4f-4d83-bff6-70d13306cd1c/1/3z35gDmHecdzIYEGmIKw6RYeXEA.roa
File:                     3z35gDmHecdzIYEGmIKw6RYeXEA.roa (raw, json)
Hash identifier:          j55RlWKFCQCXc2QwhpECXuc0I1p5c8gSybgzQ5rlp3w=
Subject key identifier:   DF:3D:F9:80:39:87:79:C7:73:21:81:06:98:82:B0:E9:16:1E:5C:40
Certificate issuer:       /CN=1b098412c984b89be38011a72a3c471975fc47a2
Certificate serial:       019EBB55EEFAD3DF4F431EF1B4776AA53DBB
Authority key identifier: 1B:09:84:12:C9:84:B8:9B:E3:80:11:A7:2A:3C:47:19:75:FC:47:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwmEEsmEuJvjgBGnKjxHGXX8R6I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/15e905-fa4f-4d83-bff6-70d13306cd1c/1/3z35gDmHecdzIYEGmIKw6RYeXEA.roa
Signing time:             Fri 12 Jun 2026 10:17:11 +0000
ROA not before:           Fri 12 Jun 2026 10:17:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197992
IP address blocks:        2a13:8340::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/15e905-fa4f-4d83-bff6-70d13306cd1c/1/GwmEEsmEuJvjgBGnKjxHGXX8R6I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/15e905-fa4f-4d83-bff6-70d13306cd1c/1/GwmEEsmEuJvjgBGnKjxHGXX8R6I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwmEEsmEuJvjgBGnKjxHGXX8R6I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 16 Jun 2026 07:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:bb:55:ee:fa:d3:df:4f:43:1e:f1:b4:77:6a:a5:3d:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b098412c984b89be38011a72a3c471975fc47a2
        Validity
            Not Before: Jun 12 10:17:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=df3df980398779c7732181069882b0e9161e5c40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:bc:0c:df:13:da:f2:3f:a7:ed:6b:1c:50:38:
                    9b:10:ad:10:df:d9:06:c6:ad:62:df:ed:90:81:ef:
                    29:6c:f9:bb:cf:72:7c:43:20:dc:45:7a:dc:03:9a:
                    b3:31:95:b9:ac:dc:78:af:47:d0:51:d3:4b:cc:c3:
                    9b:7d:86:58:75:df:89:15:12:cd:2c:20:c4:4e:28:
                    b9:29:26:e2:8f:7e:0d:3d:71:a5:ec:8e:77:17:bd:
                    2d:bb:ad:02:99:af:29:52:b1:3d:01:5e:75:0f:24:
                    9c:c4:2a:e5:da:3e:1d:7f:a4:04:de:f1:af:4e:32:
                    71:af:6a:20:93:71:cb:98:d8:8c:f7:e5:60:91:b1:
                    74:02:fb:24:ea:50:5c:62:8a:14:9c:f6:9a:d9:5d:
                    20:62:80:cd:90:25:a5:85:70:a7:b4:0f:4e:f8:2b:
                    ea:7b:0f:c3:23:69:9f:42:ab:67:d4:7c:f1:09:84:
                    65:8b:95:fc:ad:91:06:4c:e0:26:5f:15:f0:27:68:
                    a7:45:15:b1:13:b1:44:23:3e:2f:88:14:f7:08:2b:
                    61:ff:dc:2e:40:c5:38:51:9f:4f:a8:cc:45:4c:4a:
                    11:a5:2e:5e:6f:6d:f5:75:3a:c2:33:71:df:09:45:
                    bd:ee:bc:7d:36:eb:10:8c:bd:ed:9d:67:95:41:55:
                    c8:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:3D:F9:80:39:87:79:C7:73:21:81:06:98:82:B0:E9:16:1E:5C:40
            X509v3 Authority Key Identifier:
                keyid:1B:09:84:12:C9:84:B8:9B:E3:80:11:A7:2A:3C:47:19:75:FC:47:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwmEEsmEuJvjgBGnKjxHGXX8R6I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/15e905-fa4f-4d83-bff6-70d13306cd1c/1/3z35gDmHecdzIYEGmIKw6RYeXEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/15e905-fa4f-4d83-bff6-70d13306cd1c/1/GwmEEsmEuJvjgBGnKjxHGXX8R6I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:8340::/29

    Signature Algorithm: sha256WithRSAEncryption
         53:06:41:2e:29:61:48:64:ae:4e:d6:9e:d1:e9:20:f6:f7:d3:
         3c:22:a0:6a:69:35:5b:02:bd:72:0e:ca:08:3f:65:1c:9e:8d:
         3b:e4:c5:25:bb:ef:de:90:1f:30:4d:40:40:e9:0d:c6:57:a7:
         14:0b:14:14:c3:f3:c6:c4:53:aa:9c:19:8e:0d:6b:dd:f7:29:
         99:a9:08:fb:d4:04:1c:06:45:e3:ea:e0:11:01:6b:17:88:ad:
         c2:7c:bb:fe:86:33:77:64:54:84:ee:d9:b9:0c:be:b7:c4:9e:
         9b:b0:32:08:42:bd:09:af:aa:91:fd:63:ba:65:38:66:f7:ab:
         27:73:e7:50:ad:07:0c:0d:8d:28:78:c4:ff:7f:fe:7b:0b:57:
         d1:1d:8e:f2:3d:d0:53:e7:cf:da:ae:4e:7e:8a:18:b9:04:a1:
         f2:b0:80:87:22:88:33:77:05:93:8b:d2:81:76:23:0d:aa:9a:
         2c:99:ea:11:8f:63:6f:5e:36:4c:b6:05:b6:67:a8:01:dc:a2:
         b6:1a:cd:b5:62:53:3e:6b:b3:e0:be:38:2e:0a:71:94:99:d3:
         b0:b1:65:96:80:96:66:70:7d:f7:93:3c:bf:75:04:05:7e:94:
         7a:e5:8d:cc:b3:1a:ce:37:9c:af:d8:84:23:d7:f6:ef:5c:8d:
         97:ce:99:92
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ67Ve76099PQx7xtHdqpT27MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDk4NDEyYzk4NGI4OWJlMzgwMTFhNzJhM2M0NzE5NzVm
YzQ3YTIwHhcNMjYwNjEyMTAxNzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjNkZjk4MDM5ODc3OWM3NzMyMTgxMDY5ODgyYjBlOTE2MWU1YzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs7wM3xPa8j+n7WscUDibEK0Q39kG
xq1i3+2Qge8pbPm7z3J8QyDcRXrcA5qzMZW5rNx4r0fQUdNLzMObfYZYdd+JFRLN
LCDETii5KSbij34NPXGl7I53F70tu60Cma8pUrE9AV51DyScxCrl2j4df6QE3vGv
TjJxr2ogk3HLmNiM9+VgkbF0Avsk6lBcYooUnPaa2V0gYoDNkCWlhXCntA9O+Cvq
ew/DI2mfQqtn1HzxCYRli5X8rZEGTOAmXxXwJ2inRRWxE7FEIz4viBT3CCth/9wu
QMU4UZ9PqMxFTEoRpS5eb231dTrCM3HfCUW97rx9NusQjL3tnWeVQVXIlQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFN89+YA5h3nHcyGBBpiCsOkWHlxAMB8GA1UdIwQY
MBaAFBsJhBLJhLib44ARpyo8Rxl1/EeiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dtRUVzbUV1SnZqZ0JHbktqeEhHWFg4UjZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8xNWU5MDUtZmE0Zi00ZDgzLWJmZjYt
NzBkMTMzMDZjZDFjLzEvM3ozNWdEbUhlY2R6SVlFR21JS3c2UlllWEVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8xNWU5MDUtZmE0Zi00ZDgzLWJmZjYtNzBkMTMzMDZjZDFj
LzEvR3dtRUVzbUV1SnZqZ0JHbktqeEhHWFg4UjZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhODQDAN
BgkqhkiG9w0BAQsFAAOCAQEAUwZBLilhSGSuTtae0ekg9vfTPCKgamk1WwK9cg7K
CD9lHJ6NO+TFJbvv3pAfME1AQOkNxlenFAsUFMPzxsRTqpwZjg1r3fcpmakI+9QE
HAZF4+rgEQFrF4itwny7/oYzd2RUhO7ZuQy+t8Sem7AyCEK9Ca+qkf1jumU4Zver
J3PnUK0HDA2NKHjE/3/+ewtX0R2O8j3QU+fP2q5OfooYuQSh8rCAhyKIM3cFk4vS
gXYjDaqaLJnqEY9jb142TLYFtmeoAdyithrNtWJTPmuz4L44LgpxlJnTsLFlloCW
ZnB995M8v3UEBX6UeuWNzLMazjecr9iEI9f271yNl86Zkg==
-----END CERTIFICATE-----