Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ec00e2-cbda-4b32-8c32-fbc6fcb5e7a6/1/zMUHewOkNECVYz7ml1umISWZOVE.roa
File:                     zMUHewOkNECVYz7ml1umISWZOVE.roa (raw, json)
Hash identifier:          G455vMmTjZpLOZTw+9pAQhVOSHGfalAl4TZYjQHUmAA=
Subject key identifier:   CC:C5:07:7B:03:A4:34:40:95:63:3E:E6:97:5B:A6:21:25:99:39:51
Certificate issuer:       /CN=ef54d9e41ea5e2d161b7c4cdb2e4702c4f248e14
Certificate serial:       019E640039CA9801A27FDEA84889AE3D2FC9
Authority key identifier: EF:54:D9:E4:1E:A5:E2:D1:61:B7:C4:CD:B2:E4:70:2C:4F:24:8E:14
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/71TZ5B6l4tFht8TNsuRwLE8kjhQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ec00e2-cbda-4b32-8c32-fbc6fcb5e7a6/1/zMUHewOkNECVYz7ml1umISWZOVE.roa
Signing time:             Tue 26 May 2026 11:16:36 +0000
ROA not before:           Tue 26 May 2026 11:16:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     54994
IP address blocks:        2a0b:1880:6::/48 maxlen: 48
                          2a0b:1880:9::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ec00e2-cbda-4b32-8c32-fbc6fcb5e7a6/1/71TZ5B6l4tFht8TNsuRwLE8kjhQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ec00e2-cbda-4b32-8c32-fbc6fcb5e7a6/1/71TZ5B6l4tFht8TNsuRwLE8kjhQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/71TZ5B6l4tFht8TNsuRwLE8kjhQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:64:00:39:ca:98:01:a2:7f:de:a8:48:89:ae:3d:2f:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef54d9e41ea5e2d161b7c4cdb2e4702c4f248e14
        Validity
            Not Before: May 26 11:16:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ccc5077b03a4344095633ee6975ba62125993951
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:4f:34:ca:4c:b2:e6:10:18:f9:c5:61:3a:9a:
                    d6:a4:b2:88:f4:f9:e1:27:9e:38:6c:cb:a8:b6:6d:
                    c1:7c:43:c4:25:3b:76:6c:dc:65:ed:99:8f:2a:f3:
                    36:44:1f:6a:3b:40:ad:b0:bd:9a:b8:44:54:98:2f:
                    5d:ef:d1:57:f4:da:01:76:f4:53:0a:54:b1:9f:73:
                    81:36:7a:90:fe:bd:0d:05:94:4a:d4:76:b2:bf:21:
                    e4:5b:1c:66:3c:59:07:c0:c4:66:fd:4e:f0:4f:71:
                    92:40:99:ac:e1:9b:cc:08:56:a7:8c:41:31:62:1c:
                    b4:d1:e7:f4:67:b3:21:48:95:72:ce:8d:90:db:ff:
                    e0:e4:e1:fa:df:06:db:5b:e6:2c:42:a0:eb:3f:c9:
                    18:bd:9b:11:6f:21:d3:d2:6d:65:6a:eb:f0:b9:dd:
                    1c:85:89:8a:32:4c:3f:2f:b4:48:c2:2d:4a:27:bd:
                    19:d3:5c:c2:90:73:2a:02:0f:91:5d:a4:fb:b4:bf:
                    71:9f:2b:9d:43:40:44:06:80:82:01:b0:e3:21:69:
                    3e:78:1a:c2:52:14:d3:68:ca:fc:4a:59:c3:d3:4f:
                    9a:30:dc:9a:01:fe:40:27:af:ad:de:83:7d:3b:6f:
                    ef:4e:7e:33:f2:b1:5e:b2:5e:1e:3b:ab:c7:8d:37:
                    65:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:C5:07:7B:03:A4:34:40:95:63:3E:E6:97:5B:A6:21:25:99:39:51
            X509v3 Authority Key Identifier:
                keyid:EF:54:D9:E4:1E:A5:E2:D1:61:B7:C4:CD:B2:E4:70:2C:4F:24:8E:14

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/71TZ5B6l4tFht8TNsuRwLE8kjhQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ec00e2-cbda-4b32-8c32-fbc6fcb5e7a6/1/zMUHewOkNECVYz7ml1umISWZOVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ec00e2-cbda-4b32-8c32-fbc6fcb5e7a6/1/71TZ5B6l4tFht8TNsuRwLE8kjhQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:1880:6::/48
                  2a0b:1880:9::/48

    Signature Algorithm: sha256WithRSAEncryption
         55:ea:d3:9c:cf:84:23:57:16:16:73:d7:0f:95:18:14:b0:47:
         ec:21:3e:a6:fb:70:cb:a9:58:6f:16:6a:2f:bd:d3:fc:d2:77:
         59:e4:52:06:a4:a4:47:23:27:fb:de:8a:b0:01:40:46:47:ec:
         88:f1:b0:a5:c2:ac:bf:79:e0:56:d5:0b:4e:64:12:0a:7d:a1:
         ad:a0:aa:f3:3f:b3:db:d1:39:40:21:43:7d:b5:54:f4:ea:67:
         e4:a6:73:1c:bd:d1:1d:ce:45:f3:b9:87:6b:c7:65:b6:74:1a:
         31:2e:1f:ee:e3:8a:d1:4a:d4:51:da:4d:f1:52:c9:d3:13:bb:
         b4:ce:2a:77:bf:e0:4a:ce:3a:18:a8:32:40:ee:bb:16:01:b2:
         82:b8:94:f5:b9:82:d8:27:d6:e0:43:d0:5e:38:d3:b5:58:33:
         d6:d8:2b:2b:db:22:fc:f6:65:47:4e:d4:36:36:83:fe:1b:9e:
         7b:6e:d8:87:93:6c:ce:c2:17:14:6b:7f:4e:42:92:28:d6:38:
         e6:c9:11:9c:a5:94:15:34:35:0a:19:18:3f:37:51:9b:93:10:
         83:de:3c:32:9a:20:82:54:5f:5c:64:51:cc:18:0d:4d:9d:1d:
         33:2d:22:b6:74:e5:73:d4:0c:1a:cc:c0:f0:82:61:83:c0:81:
         0d:bd:64:2f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ5kADnKmAGif96oSImuPS/JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNTRkOWU0MWVhNWUyZDE2MWI3YzRjZGIyZTQ3MDJjNGYy
NDhlMTQwHhcNMjYwNTI2MTExNjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2M1MDc3YjAzYTQzNDQwOTU2MzNlZTY5NzViYTYyMTI1OTkzOTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmU80ykyy5hAY+cVhOprWpLKI9Pnh
J544bMuotm3BfEPEJTt2bNxl7ZmPKvM2RB9qO0CtsL2auERUmC9d79FX9NoBdvRT
ClSxn3OBNnqQ/r0NBZRK1HayvyHkWxxmPFkHwMRm/U7wT3GSQJms4ZvMCFanjEEx
Yhy00ef0Z7MhSJVyzo2Q2//g5OH63wbbW+YsQqDrP8kYvZsRbyHT0m1lauvwud0c
hYmKMkw/L7RIwi1KJ70Z01zCkHMqAg+RXaT7tL9xnyudQ0BEBoCCAbDjIWk+eBrC
UhTTaMr8SlnD00+aMNyaAf5AJ6+t3oN9O2/vTn4z8rFesl4eO6vHjTdliQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMzFB3sDpDRAlWM+5pdbpiElmTlRMB8GA1UdIwQY
MBaAFO9U2eQepeLRYbfEzbLkcCxPJI4UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzFUWjVCNmw0dEZodDhUTnN1UndMRThramhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9lYzAwZTItY2JkYS00YjMyLThjMzIt
ZmJjNmZjYjVlN2E2LzEvek1VSGV3T2tORUNWWXo3bWwxdW1JU1daT1ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9lYzAwZTItY2JkYS00YjMyLThjMzItZmJjNmZjYjVlN2E2
LzEvNzFUWjVCNmw0dEZodDhUTnN1UndMRThramhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgsYgAAG
AwcAKgsYgAAJMA0GCSqGSIb3DQEBCwUAA4IBAQBV6tOcz4QjVxYWc9cPlRgUsEfs
IT6m+3DLqVhvFmovvdP80ndZ5FIGpKRHIyf73oqwAUBGR+yI8bClwqy/eeBW1QtO
ZBIKfaGtoKrzP7Pb0TlAIUN9tVT06mfkpnMcvdEdzkXzuYdrx2W2dBoxLh/u44rR
StRR2k3xUsnTE7u0zip3v+BKzjoYqDJA7rsWAbKCuJT1uYLYJ9bgQ9BeONO1WDPW
2Csr2yL89mVHTtQ2NoP+G557btiHk2zOwhcUa39OQpIo1jjmyRGcpZQVNDUKGRg/
N1GbkxCD3jwymiCCVF9cZFHMGA1NnR0zLSK2dOVz1AwazMDwgmGDwIENvWQv
-----END CERTIFICATE-----