Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/zxUA5aB6YBOxHCSipMGJeu-kVTA.roa
File:                     zxUA5aB6YBOxHCSipMGJeu-kVTA.roa (raw, json)
Hash identifier:          GVnliG1VA0xQNEVx8Zt6OgrUejNn2O02ZV44tXNmePc=
Subject key identifier:   CF:15:00:E5:A0:7A:60:13:B1:1C:24:A2:A4:C1:89:7A:EF:A4:55:30
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       019CB3BD3552B1BB8EFBCFC72CCBF8DDAB69
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/zxUA5aB6YBOxHCSipMGJeu-kVTA.roa
Signing time:             Tue 03 Mar 2026 12:47:27 +0000
ROA not before:           Tue 03 Mar 2026 12:47:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213563
IP address blocks:        2a0c:b641:a20::/44 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Mar 2026 19:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b3:bd:35:52:b1:bb:8e:fb:cf:c7:2c:cb:f8:dd:ab:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Mar  3 12:47:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cf1500e5a07a6013b11c24a2a4c1897aefa45530
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:25:f1:a2:36:34:19:c7:a3:fd:fd:6a:30:47:
                    d3:2a:61:bf:5e:8e:c5:ed:77:5c:51:25:d4:a6:87:
                    2c:22:1c:99:76:62:7c:0b:c0:b0:84:ef:de:25:54:
                    15:02:73:7d:c2:99:26:ad:bf:46:52:b8:ba:e2:a2:
                    8f:9b:e4:04:0f:aa:1d:66:e4:24:f5:c0:2b:0a:63:
                    a9:aa:d6:fc:ed:8c:8c:7a:f6:86:6e:f6:41:fa:94:
                    b3:07:88:85:34:4b:7e:6a:bb:5d:38:7e:e5:f4:41:
                    ee:f5:a3:51:9d:98:b3:1f:5a:b4:6e:c7:c0:29:95:
                    b3:aa:94:52:d9:d6:75:7d:2f:fc:c5:2b:4c:87:51:
                    0b:f4:ed:69:c8:72:42:55:10:c1:bc:65:a5:cb:2a:
                    4e:41:6a:d1:10:b9:f6:76:66:9e:cf:3a:71:50:fd:
                    9d:16:f3:be:77:33:dd:9e:80:5f:79:76:cd:3f:5f:
                    24:d9:93:f0:f1:de:02:8c:b7:8d:de:49:6f:af:9f:
                    6b:32:4e:4d:09:3d:62:0a:a2:f1:19:f2:7e:8c:41:
                    9d:75:58:da:b0:4e:b4:c1:76:3a:9e:34:28:b8:12:
                    93:fa:12:38:92:d7:a4:34:89:78:d8:6e:16:f9:15:
                    1d:f5:44:d6:3b:07:79:2d:d8:dc:8b:38:10:e7:70:
                    d5:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:15:00:E5:A0:7A:60:13:B1:1C:24:A2:A4:C1:89:7A:EF:A4:55:30
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/zxUA5aB6YBOxHCSipMGJeu-kVTA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:a20::/44

    Signature Algorithm: sha256WithRSAEncryption
         18:bb:a9:df:79:bc:43:16:01:c1:74:6b:12:63:43:5c:af:90:
         18:b2:87:fc:20:43:93:20:9b:48:0c:3d:0a:87:a5:f2:58:97:
         80:3b:79:34:0c:3d:db:4c:9f:1c:11:12:02:a3:ce:e6:c9:43:
         23:c4:f4:70:f2:6f:1c:80:54:97:22:bb:dd:98:ab:46:95:bc:
         0f:02:16:4a:e1:11:e1:b8:b5:ec:68:20:3c:01:3e:df:6f:18:
         6d:4f:27:36:83:86:71:e8:ea:d2:f9:e9:e2:8f:22:cc:03:92:
         79:ec:ee:82:df:73:f1:91:77:42:3e:9e:de:6a:e0:29:93:69:
         20:d4:42:91:8f:4d:4b:52:4d:f0:75:b1:08:15:8d:74:c5:9c:
         b9:7a:24:c5:b4:08:30:6e:cd:c5:d4:0f:65:84:59:06:6d:32:
         65:01:39:1b:73:13:aa:2c:ef:1a:62:cf:ca:cd:1b:83:c9:76:
         75:de:f9:66:51:24:56:f9:ff:18:42:1a:b9:6c:c6:41:12:2b:
         80:f6:48:fe:29:d8:a4:00:5e:c1:a2:7d:b5:0e:d3:8f:57:19:
         49:29:50:4e:4c:a6:75:0c:36:c5:73:b2:57:fc:1c:c0:76:ef:
         fa:e1:e2:d4:b7:de:d0:85:f8:52:9d:21:f6:a4:c7:98:cc:cc:
         ff:e1:be:a7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZyzvTVSsbuO+8/HLMv43atpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjYwMzAzMTI0NzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjE1MDBlNWEwN2E2MDEzYjExYzI0YTJhNGMxODk3YWVmYTQ1NTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8yXxojY0Gcej/f1qMEfTKmG/Xo7F
7XdcUSXUpocsIhyZdmJ8C8CwhO/eJVQVAnN9wpkmrb9GUri64qKPm+QED6odZuQk
9cArCmOpqtb87YyMevaGbvZB+pSzB4iFNEt+artdOH7l9EHu9aNRnZizH1q0bsfA
KZWzqpRS2dZ1fS/8xStMh1EL9O1pyHJCVRDBvGWlyypOQWrRELn2dmaezzpxUP2d
FvO+dzPdnoBfeXbNP18k2ZPw8d4CjLeN3klvr59rMk5NCT1iCqLxGfJ+jEGddVja
sE60wXY6njQouBKT+hI4ktekNIl42G4W+RUd9UTWOwd5LdjcizgQ53DV1wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFM8VAOWgemATsRwkoqTBiXrvpFUwMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvenhVQTVhQjZZQk94SENTaXBNR0pldS1rVlRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQog
MA0GCSqGSIb3DQEBCwUAA4IBAQAYu6nfebxDFgHBdGsSY0Ncr5AYsof8IEOTIJtI
DD0Kh6XyWJeAO3k0DD3bTJ8cERICo87myUMjxPRw8m8cgFSXIrvdmKtGlbwPAhZK
4RHhuLXsaCA8AT7fbxhtTyc2g4Zx6OrS+enijyLMA5J57O6C33PxkXdCPp7eauAp
k2kg1EKRj01LUk3wdbEIFY10xZy5eiTFtAgwbs3F1A9lhFkGbTJlATkbcxOqLO8a
Ys/KzRuDyXZ13vlmUSRW+f8YQhq5bMZBEiuA9kj+KdikAF7Bon21DtOPVxlJKVBO
TKZ1DDbFc7JX/BzAdu/64eLUt97QhfhSnSH2pMeYzMz/4b6n
-----END CERTIFICATE-----