Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/pZi1ekGMy05xj7hBLDw2iKWp2bI.roa
File:                     pZi1ekGMy05xj7hBLDw2iKWp2bI.roa (raw, json)
Hash identifier:          n1EUHg5urFKLJjdGpJJd/+T1TdiIQ2v7+Daa3bhlgJY=
Subject key identifier:   A5:98:B5:7A:41:8C:CB:4E:71:8F:B8:41:2C:3C:36:88:A5:A9:D9:B2
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019CAF2C14FD5082276D32E4AB90403FB8EE
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/pZi1ekGMy05xj7hBLDw2iKWp2bI.roa
Signing time:             Mon 02 Mar 2026 15:30:27 +0000
ROA not before:           Mon 02 Mar 2026 15:30:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200489
IP address blocks:        2a0c:b641:9f0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Mar 2026 01:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:af:2c:14:fd:50:82:27:6d:32:e4:ab:90:40:3f:b8:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Mar  2 15:30:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a598b57a418ccb4e718fb8412c3c3688a5a9d9b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:c0:8d:22:4f:9c:bc:b4:0a:01:91:93:8b:5c:
                    db:75:70:aa:c2:b7:04:62:1c:25:5e:e7:89:74:02:
                    e2:b1:03:39:8c:4b:c4:a0:ee:72:0c:99:0b:ed:d9:
                    3d:75:48:e0:61:f8:91:35:bf:c0:c6:40:a4:89:1c:
                    e2:2a:4c:20:43:c1:ae:d4:da:4b:1e:22:f2:87:70:
                    a8:17:9d:18:ce:25:fd:39:40:28:0f:28:f4:b1:29:
                    f8:63:4d:92:ce:23:09:a4:fe:13:e8:c7:7c:64:5d:
                    6a:bd:f5:9d:26:c5:2b:9f:f7:6e:b5:ee:6e:1d:cc:
                    e6:09:c4:cb:f5:93:04:2d:1c:c8:fb:72:c2:a6:80:
                    b7:7b:d0:9f:32:65:57:fe:f4:ca:3b:d8:3d:c8:67:
                    8c:57:54:ca:fa:b3:7e:da:27:5b:10:7f:7f:6c:88:
                    9e:8f:de:69:05:9e:41:22:ad:e2:88:44:1b:04:4a:
                    0b:0a:14:2e:3b:1b:35:07:1d:9c:cc:ce:43:ec:03:
                    c7:42:dd:8e:f0:81:3f:01:11:9d:f2:50:c3:44:be:
                    0d:29:da:fa:ae:e6:c6:aa:9e:a0:f5:0e:f6:85:3f:
                    de:79:f7:67:a0:d5:44:fa:65:ec:8e:b2:c9:c2:fd:
                    4e:24:19:c8:ed:c3:0f:8d:e9:41:d7:0f:b3:f0:08:
                    b6:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:98:B5:7A:41:8C:CB:4E:71:8F:B8:41:2C:3C:36:88:A5:A9:D9:B2
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/pZi1ekGMy05xj7hBLDw2iKWp2bI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:9f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         57:86:ef:c9:be:11:d4:88:ca:4c:6e:d6:3c:cc:ac:b0:42:e7:
         0f:a4:ad:c1:15:75:44:35:85:04:8c:1b:17:73:45:9b:c0:fa:
         31:08:68:15:d8:e3:2b:a6:b1:d5:3d:95:f2:ee:9e:ca:d2:78:
         93:db:ad:45:cb:ca:19:f8:bb:fb:31:cc:f2:1a:2f:be:5c:1d:
         be:e1:42:2d:95:76:8c:cf:42:02:e9:11:85:41:d8:cc:86:ff:
         83:78:2a:ba:c4:a5:be:a2:6e:f4:72:67:be:59:f8:d7:8e:44:
         38:72:38:6a:b2:75:93:c9:4b:a9:75:7c:f8:94:4c:96:8b:c1:
         97:1a:db:f1:ed:80:1b:96:57:30:67:cc:d6:bc:30:e4:74:0c:
         5c:22:2a:ab:22:ba:6b:fb:5e:90:04:8d:fd:96:6f:dc:63:f5:
         2e:d6:e6:3d:8f:81:dc:93:dd:84:e4:b1:0f:b4:43:9f:3e:00:
         27:28:ea:64:9f:a5:7d:4d:70:75:88:f3:0a:a6:be:37:a6:56:
         1f:f5:70:56:04:ac:66:76:50:e9:73:a3:2f:2b:10:04:07:b6:
         a7:c5:61:d0:c0:ce:d1:4c:73:b1:50:ed:87:21:84:f6:44:c5:
         ac:df:55:82:fc:41:f4:b8:9d:8d:ad:9a:90:62:ea:3d:60:44:
         3e:71:eb:7a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZyvLBT9UIInbTLkq5BAP7juMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwMzAyMTUzMDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTk4YjU3YTQxOGNjYjRlNzE4ZmI4NDEyYzNjMzY4OGE1YTlkOWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApcCNIk+cvLQKAZGTi1zbdXCqwrcE
YhwlXueJdALisQM5jEvEoO5yDJkL7dk9dUjgYfiRNb/AxkCkiRziKkwgQ8Gu1NpL
HiLyh3CoF50YziX9OUAoDyj0sSn4Y02SziMJpP4T6Md8ZF1qvfWdJsUrn/dute5u
HczmCcTL9ZMELRzI+3LCpoC3e9CfMmVX/vTKO9g9yGeMV1TK+rN+2idbEH9/bIie
j95pBZ5BIq3iiEQbBEoLChQuOxs1Bx2czM5D7APHQt2O8IE/ARGd8lDDRL4NKdr6
rubGqp6g9Q72hT/eefdnoNVE+mXsjrLJwv1OJBnI7cMPjelB1w+z8Ai2EwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKWYtXpBjMtOcY+4QSw8NoilqdmyMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvcFppMWVrR015MDV4ajdoQkxEdzJpS1dwMmJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQnw
MA0GCSqGSIb3DQEBCwUAA4IBAQBXhu/JvhHUiMpMbtY8zKywQucPpK3BFXVENYUE
jBsXc0WbwPoxCGgV2OMrprHVPZXy7p7K0niT261Fy8oZ+Lv7MczyGi++XB2+4UIt
lXaMz0IC6RGFQdjMhv+DeCq6xKW+om70cme+WfjXjkQ4cjhqsnWTyUupdXz4lEyW
i8GXGtvx7YAbllcwZ8zWvDDkdAxcIiqrIrpr+16QBI39lm/cY/Uu1uY9j4Hck92E
5LEPtEOfPgAnKOpkn6V9TXB1iPMKpr43plYf9XBWBKxmdlDpc6MvKxAEB7anxWHQ
wM7RTHOxUO2HIYT2RMWs31WC/EH0uJ2NrZqQYuo9YEQ+cet6
-----END CERTIFICATE-----