Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/zHpubGz_rgPu-aPWbWK7fAww5Bo.roa
File:                     zHpubGz_rgPu-aPWbWK7fAww5Bo.roa (raw, json)
Hash identifier:          jGrhxzmzuQCq4KGtY8z+GJFrFtdTbOOJRpJfenug2wc=
Subject key identifier:   CC:7A:6E:6C:6C:FF:AE:03:EE:F9:A3:D6:6D:62:BB:7C:0C:30:E4:1A
Certificate issuer:       /CN=f72e9c9146ed7bc58c85cdab6eb858e42286eef4
Certificate serial:       019E5ADEE23757577858CBBCB4339E38AFFA
Authority key identifier: F7:2E:9C:91:46:ED:7B:C5:8C:85:CD:AB:6E:B8:58:E4:22:86:EE:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9y6ckUbte8WMhc2rbrhY5CKG7vQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/zHpubGz_rgPu-aPWbWK7fAww5Bo.roa
Signing time:             Sun 24 May 2026 16:43:36 +0000
ROA not before:           Sun 24 May 2026 16:43:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216215
IP address blocks:        2a01:f140::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/9y6ckUbte8WMhc2rbrhY5CKG7vQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/9y6ckUbte8WMhc2rbrhY5CKG7vQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9y6ckUbte8WMhc2rbrhY5CKG7vQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 02:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5a:de:e2:37:57:57:78:58:cb:bc:b4:33:9e:38:af:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f72e9c9146ed7bc58c85cdab6eb858e42286eef4
        Validity
            Not Before: May 24 16:43:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cc7a6e6c6cffae03eef9a3d66d62bb7c0c30e41a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:c7:9d:34:cd:27:eb:14:66:69:3d:e8:bd:f7:
                    a6:a7:0b:c2:f9:69:55:4e:3b:7a:3e:7c:a8:59:2f:
                    ae:31:df:05:f8:b7:9b:f3:db:ee:c6:13:5a:11:4b:
                    a7:eb:2d:c6:99:0c:cd:60:cf:5f:09:8d:2e:56:3a:
                    ab:5f:a0:e7:da:23:da:59:51:32:73:86:95:7d:05:
                    41:bf:15:b2:e3:55:bc:8d:90:ab:94:28:35:2a:6f:
                    21:b4:7e:fe:3e:f2:d8:1c:f5:f0:e8:ef:90:0f:b6:
                    6b:99:15:63:fb:98:2d:d4:83:d9:e0:59:f8:3e:ec:
                    f2:f1:25:41:ed:69:61:64:2d:e8:f2:7e:18:d3:05:
                    96:c3:05:d2:74:7d:70:37:10:88:f6:a3:a0:a5:91:
                    94:cd:4d:97:2a:71:73:06:26:f4:a9:d4:97:8b:b5:
                    a0:42:84:05:50:34:82:b5:34:b1:37:6e:09:f7:12:
                    a3:ab:8f:8b:f0:ba:e9:2b:fc:ad:b6:f9:ea:2a:96:
                    11:a3:99:ac:5a:7a:ac:23:0f:ca:29:3c:a2:0d:58:
                    81:04:79:2f:80:f7:28:bb:15:49:68:5b:53:0c:c0:
                    ab:2f:83:bf:fa:9b:4f:a2:2b:57:01:fc:d2:12:42:
                    ef:49:fc:7b:11:e4:3f:f7:c6:2d:5d:1b:90:16:42:
                    63:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:7A:6E:6C:6C:FF:AE:03:EE:F9:A3:D6:6D:62:BB:7C:0C:30:E4:1A
            X509v3 Authority Key Identifier:
                keyid:F7:2E:9C:91:46:ED:7B:C5:8C:85:CD:AB:6E:B8:58:E4:22:86:EE:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9y6ckUbte8WMhc2rbrhY5CKG7vQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/zHpubGz_rgPu-aPWbWK7fAww5Bo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/5efef4-6299-47cc-a9ca-d516f0e1487b/1/9y6ckUbte8WMhc2rbrhY5CKG7vQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a01:f140::/29

    Signature Algorithm: sha256WithRSAEncryption
         84:3b:1a:1c:fa:11:1a:78:a1:5f:9a:40:22:37:da:a3:98:9f:
         79:1a:7e:9d:61:d5:a1:b1:4c:8c:f0:9c:b5:25:6a:60:30:05:
         02:e9:a4:43:52:30:43:33:2a:ad:c6:bd:58:51:86:f4:6d:5e:
         c1:8f:a1:55:d7:3c:01:af:e8:88:af:8b:0a:9f:f3:4e:4b:16:
         0b:99:3d:9a:c7:e0:3d:18:62:4b:0d:2c:de:48:48:b0:4a:b8:
         8a:0f:5e:c4:46:d3:55:b6:f7:e2:a2:8e:32:65:03:3c:02:22:
         40:f8:40:57:a5:a2:cd:55:89:ee:d6:70:a5:b5:0d:90:16:83:
         4a:d5:14:ed:63:3a:f8:31:18:9c:e9:9d:c4:5c:3f:d6:ff:37:
         a5:bc:87:0c:cb:fc:78:b5:01:7d:dd:31:83:1c:40:e0:4c:fd:
         52:8f:7a:23:a8:93:1c:b5:7e:62:55:df:18:60:78:85:50:3b:
         98:20:b6:e5:97:7e:47:38:17:54:68:40:ec:36:a3:71:65:e6:
         f2:75:16:97:73:c9:01:32:52:75:97:62:b3:17:db:e7:bc:cd:
         2e:bb:e5:99:a3:d4:49:c1:69:97:be:47:77:e5:80:df:09:2d:
         59:50:e2:6a:8d:75:5e:cd:5b:3a:50:f2:cd:5b:2c:f2:6b:f3:
         39:57:ed:cf
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ5a3uI3V1d4WMu8tDOeOK/6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3MmU5YzkxNDZlZDdiYzU4Yzg1Y2RhYjZlYjg1OGU0MjI4
NmVlZjQwHhcNMjYwNTI0MTY0MzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzdhNmU2YzZjZmZhZTAzZWVmOWEzZDY2ZDYyYmI3YzBjMzBlNDFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsedNM0n6xRmaT3ovfempwvC+WlV
Tjt6PnyoWS+uMd8F+Leb89vuxhNaEUun6y3GmQzNYM9fCY0uVjqrX6Dn2iPaWVEy
c4aVfQVBvxWy41W8jZCrlCg1Km8htH7+PvLYHPXw6O+QD7ZrmRVj+5gt1IPZ4Fn4
Puzy8SVB7WlhZC3o8n4Y0wWWwwXSdH1wNxCI9qOgpZGUzU2XKnFzBib0qdSXi7Wg
QoQFUDSCtTSxN24J9xKjq4+L8LrpK/yttvnqKpYRo5msWnqsIw/KKTyiDViBBHkv
gPcouxVJaFtTDMCrL4O/+ptPoitXAfzSEkLvSfx7EeQ/98YtXRuQFkJjbwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMx6bmxs/64D7vmj1m1iu3wMMOQaMB8GA1UdIwQY
MBaAFPcunJFG7XvFjIXNq264WOQihu70MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXk2Y2tVYnRlOFdNaGMycmJyaFk1Q0tHN3ZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC81ZWZlZjQtNjI5OS00N2NjLWE5Y2Et
ZDUxNmYwZTE0ODdiLzEvekhwdWJHel9yZ1B1LWFQV2JXSzdmQXd3NUJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC81ZWZlZjQtNjI5OS00N2NjLWE5Y2EtZDUxNmYwZTE0ODdi
LzEvOXk2Y2tVYnRlOFdNaGMycmJyaFk1Q0tHN3ZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgHxQDAN
BgkqhkiG9w0BAQsFAAOCAQEAhDsaHPoRGnihX5pAIjfao5ifeRp+nWHVobFMjPCc
tSVqYDAFAumkQ1IwQzMqrca9WFGG9G1ewY+hVdc8Aa/oiK+LCp/zTksWC5k9msfg
PRhiSw0s3khIsEq4ig9exEbTVbb34qKOMmUDPAIiQPhAV6WizVWJ7tZwpbUNkBaD
StUU7WM6+DEYnOmdxFw/1v83pbyHDMv8eLUBfd0xgxxA4Ez9Uo96I6iTHLV+YlXf
GGB4hVA7mCC25Zd+RzgXVGhA7DajcWXm8nUWl3PJATJSdZdisxfb57zNLrvlmaPU
ScFpl75Hd+WA3wktWVDiao11Xs1bOlDyzVss8mvzOVftzw==
-----END CERTIFICATE-----