Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/8d58e4-88f6-4aed-ba43-7ae6359d3110/1/y4G9mRrrfIFLyRt2r89a8gmg8mc.roa
File:                     y4G9mRrrfIFLyRt2r89a8gmg8mc.roa (raw, json)
Hash identifier:          finM2/HCMe/DtvJS1kSHmkJEWZjf4ms8DJyhnnxJWGc=
Subject key identifier:   CB:81:BD:99:1A:EB:7C:81:4B:C9:1B:76:AF:CF:5A:F2:09:A0:F2:67
Certificate issuer:       /CN=53129d048deb2e0bf62271399a090b9010160b39
Certificate serial:       019EAB9E3191A9B6A6367090881EAF4DD222
Authority key identifier: 53:12:9D:04:8D:EB:2E:0B:F6:22:71:39:9A:09:0B:90:10:16:0B:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UxKdBI3rLgv2InE5mgkLkBAWCzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/8d58e4-88f6-4aed-ba43-7ae6359d3110/1/y4G9mRrrfIFLyRt2r89a8gmg8mc.roa
Signing time:             Tue 09 Jun 2026 09:02:11 +0000
ROA not before:           Tue 09 Jun 2026 09:02:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396993
IP address blocks:        2001:3580::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/8d58e4-88f6-4aed-ba43-7ae6359d3110/1/UxKdBI3rLgv2InE5mgkLkBAWCzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/8d58e4-88f6-4aed-ba43-7ae6359d3110/1/UxKdBI3rLgv2InE5mgkLkBAWCzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UxKdBI3rLgv2InE5mgkLkBAWCzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 03:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ab:9e:31:91:a9:b6:a6:36:70:90:88:1e:af:4d:d2:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=53129d048deb2e0bf62271399a090b9010160b39
        Validity
            Not Before: Jun  9 09:02:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cb81bd991aeb7c814bc91b76afcf5af209a0f267
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:5f:56:e1:85:f7:42:73:3a:ff:9d:c1:aa:01:
                    02:82:01:f3:b4:5a:ee:25:e1:88:09:1e:b3:d8:e6:
                    ff:26:fb:95:4e:f4:0d:28:26:be:ea:91:f2:17:69:
                    75:30:47:22:d3:3a:95:12:91:17:73:e4:fd:9a:00:
                    06:46:f9:8a:31:ed:da:2d:75:75:e7:e0:f9:5f:c0:
                    1e:0f:07:8d:f5:20:c0:32:e8:a5:bc:27:fb:9b:4e:
                    1d:3e:91:70:57:c8:e6:ae:23:c2:ab:ac:c1:de:3c:
                    b2:fc:14:45:41:59:3a:c9:ae:5b:1f:8c:64:c7:36:
                    6c:1a:68:40:3c:f7:4f:e9:df:ee:91:26:50:1e:6f:
                    46:c1:e0:49:2e:64:ee:37:95:74:d5:79:27:33:69:
                    84:0b:cb:1a:c8:3d:9f:11:51:cf:e0:aa:02:9c:20:
                    aa:69:e4:71:89:4e:b0:37:e1:07:d2:72:78:d1:80:
                    ec:a5:f9:29:61:3e:ad:35:2a:6b:eb:59:b3:81:c6:
                    9d:8c:44:70:d7:e0:93:f1:a3:08:a6:ff:93:bb:70:
                    d2:6a:71:61:cb:ee:43:43:4d:e3:cd:8a:8e:16:93:
                    72:54:3f:2e:07:bc:59:10:dc:dd:fb:ed:fd:5e:1c:
                    fb:0d:94:81:ab:05:af:52:e2:ba:41:0b:6d:71:fb:
                    65:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:81:BD:99:1A:EB:7C:81:4B:C9:1B:76:AF:CF:5A:F2:09:A0:F2:67
            X509v3 Authority Key Identifier:
                keyid:53:12:9D:04:8D:EB:2E:0B:F6:22:71:39:9A:09:0B:90:10:16:0B:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UxKdBI3rLgv2InE5mgkLkBAWCzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/8d58e4-88f6-4aed-ba43-7ae6359d3110/1/y4G9mRrrfIFLyRt2r89a8gmg8mc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/8d58e4-88f6-4aed-ba43-7ae6359d3110/1/UxKdBI3rLgv2InE5mgkLkBAWCzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3580::/29

    Signature Algorithm: sha256WithRSAEncryption
         6f:6e:26:45:66:b6:a5:61:66:7f:64:e1:82:e7:8f:ee:f7:07:
         06:23:33:c7:be:bd:ef:cb:b9:12:6c:64:6f:59:fd:6e:a0:77:
         9b:1a:cb:da:4a:eb:bd:42:88:28:ce:7f:74:05:12:90:78:bc:
         54:d8:53:d8:7c:eb:43:58:06:1e:73:a3:c5:84:9b:5c:eb:15:
         76:55:75:d3:54:b6:ab:8e:ea:55:dc:3d:f9:a4:24:69:9f:13:
         01:e2:44:8a:e6:b6:af:27:39:ca:90:9d:c0:50:7f:08:e8:e7:
         04:ff:c2:43:d2:c3:49:1a:ae:6c:21:66:9d:36:cd:71:c5:74:
         c6:2b:de:f7:4b:ad:db:21:80:32:8e:69:fc:a2:a8:29:f6:ab:
         d5:6c:9e:0a:16:ee:22:a1:74:7c:f2:0d:59:cf:f1:d5:2c:5b:
         65:4a:a1:1b:d4:a4:4d:58:33:90:4b:c3:18:d9:8d:6b:e3:89:
         41:2b:99:30:6d:5c:69:c5:60:86:c8:cb:b2:21:36:34:98:ad:
         4d:36:12:75:09:5f:e7:75:e6:38:db:22:a0:cd:32:78:54:ce:
         ca:55:b9:f9:8f:56:f2:a7:c2:9d:9b:c4:e3:e4:e8:b5:15:9d:
         03:64:5c:4f:83:7d:7d:37:ad:50:7a:58:82:98:34:2f:f8:54:
         6a:25:4b:8b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ6rnjGRqbamNnCQiB6vTdIiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzMTI5ZDA0OGRlYjJlMGJmNjIyNzEzOTlhMDkwYjkwMTAx
NjBiMzkwHhcNMjYwNjA5MDkwMjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjgxYmQ5OTFhZWI3YzgxNGJjOTFiNzZhZmNmNWFmMjA5YTBmMjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7V9W4YX3QnM6/53BqgECggHztFru
JeGICR6z2Ob/JvuVTvQNKCa+6pHyF2l1MEci0zqVEpEXc+T9mgAGRvmKMe3aLXV1
5+D5X8AeDweN9SDAMuilvCf7m04dPpFwV8jmriPCq6zB3jyy/BRFQVk6ya5bH4xk
xzZsGmhAPPdP6d/ukSZQHm9GweBJLmTuN5V01XknM2mEC8sayD2fEVHP4KoCnCCq
aeRxiU6wN+EH0nJ40YDspfkpYT6tNSpr61mzgcadjERw1+CT8aMIpv+Tu3DSanFh
y+5DQ03jzYqOFpNyVD8uB7xZENzd++39Xhz7DZSBqwWvUuK6QQttcftlxQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMuBvZka63yBS8kbdq/PWvIJoPJnMB8GA1UdIwQY
MBaAFFMSnQSN6y4L9iJxOZoJC5AQFgs5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXhLZEJJM3JMZ3YySW5FNW1na0xrQkFXQ3prLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS84ZDU4ZTQtODhmNi00YWVkLWJhNDMt
N2FlNjM1OWQzMTEwLzEveTRHOW1ScnJmSUZMeVJ0MnI4OWE4Z21nOG1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS84ZDU4ZTQtODhmNi00YWVkLWJhNDMtN2FlNjM1OWQzMTEw
LzEvVXhLZEJJM3JMZ3YySW5FNW1na0xrQkFXQ3prLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDIAE1gDAN
BgkqhkiG9w0BAQsFAAOCAQEAb24mRWa2pWFmf2ThgueP7vcHBiMzx76978u5Emxk
b1n9bqB3mxrL2krrvUKIKM5/dAUSkHi8VNhT2HzrQ1gGHnOjxYSbXOsVdlV101S2
q47qVdw9+aQkaZ8TAeJEiua2ryc5ypCdwFB/COjnBP/CQ9LDSRqubCFmnTbNccV0
xive90ut2yGAMo5p/KKoKfar1WyeChbuIqF0fPINWc/x1SxbZUqhG9SkTVgzkEvD
GNmNa+OJQSuZMG1cacVghsjLsiE2NJitTTYSdQlf53XmONsioM0yeFTOylW5+Y9W
8qfCnZvE4+TotRWdA2RcT4N9fTetUHpYgpg0L/hUaiVLiw==
-----END CERTIFICATE-----