Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ZWu1l3D_D4z-p-hiQITLFBOgEvk.roa
File:                     ZWu1l3D_D4z-p-hiQITLFBOgEvk.roa (raw, json)
Hash identifier:          q8wbWOHY8O6OZ164vtVsThC0xyNZBb27VxUltI4C838=
Subject key identifier:   65:6B:B5:97:70:FF:0F:8C:FE:A7:E8:62:40:84:CB:14:13:A0:12:F9
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019E88999A47B77697E1C14F8570B9AA3817
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ZWu1l3D_D4z-p-hiQITLFBOgEvk.roa
Signing time:             Tue 02 Jun 2026 13:50:28 +0000
ROA not before:           Tue 02 Jun 2026 13:50:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205621
IP address blocks:        2a0e:97c0:3c0::/44 maxlen: 48
                          2a0e:97c0:3c1::/48 maxlen: 48
                          2a0e:97c0:3c2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 13:50:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:88:99:9a:47:b7:76:97:e1:c1:4f:85:70:b9:aa:38:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jun  2 13:50:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=656bb59770ff0f8cfea7e8624084cb1413a012f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:06:c7:ce:d5:d6:ec:17:84:89:f5:3f:b8:f7:
                    01:17:98:bd:96:10:60:4a:d4:9c:81:d5:48:57:56:
                    f8:d9:6b:2a:c6:d8:2a:ac:cd:5e:32:87:c5:e2:7f:
                    1a:75:50:4f:17:bb:8d:6c:3a:56:6e:7c:32:cb:fd:
                    48:c1:b8:be:2a:13:a9:3e:18:6b:97:4f:b9:d9:29:
                    2b:fd:c8:2a:24:8e:08:5f:1f:00:4e:5a:b6:df:3a:
                    9f:12:3d:5e:6f:18:ac:55:07:12:79:84:aa:66:fd:
                    b0:30:0e:8e:83:29:1d:33:83:58:d8:00:3c:70:12:
                    cf:0b:ab:6c:b8:8c:b5:89:ae:bc:d2:7f:cb:b0:eb:
                    de:d9:91:f7:a1:c9:e4:7c:9a:f8:ba:83:78:66:b6:
                    86:0c:84:1c:c6:97:58:9f:c5:82:dd:8f:83:dc:70:
                    79:ab:3b:29:16:5e:53:18:76:cb:c6:01:66:33:9d:
                    1a:ef:44:15:34:60:3d:84:30:0c:c2:9d:ce:29:f7:
                    39:54:df:e6:51:d6:2c:a2:3c:76:81:73:2e:9f:d1:
                    04:b5:ec:6d:ce:99:47:8b:91:3a:6b:72:20:4b:a3:
                    e4:44:df:a2:e9:ea:85:f4:fd:71:29:9e:d8:f0:df:
                    54:d0:5d:2d:fd:54:fe:33:b2:da:2a:4f:d6:c3:5b:
                    52:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:6B:B5:97:70:FF:0F:8C:FE:A7:E8:62:40:84:CB:14:13:A0:12:F9
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ZWu1l3D_D4z-p-hiQITLFBOgEvk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:3c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         aa:57:94:23:de:eb:a8:d3:01:df:da:bd:b6:87:cd:b0:00:c9:
         67:39:4b:14:e5:85:c6:b8:c4:48:45:94:9f:a7:03:00:e6:22:
         df:45:46:84:8b:f7:1c:17:17:dc:82:0e:19:e4:ac:82:61:24:
         31:1f:d2:03:ab:dd:21:0e:be:ca:46:0f:36:c4:07:8a:0f:78:
         e8:1b:f9:9e:15:78:f4:3c:a4:30:b7:b6:be:11:9b:9a:db:6e:
         96:44:c4:85:95:c5:10:a3:54:a9:db:2a:65:a5:2c:73:2f:10:
         e7:40:bf:f6:6a:a6:97:38:3d:64:b1:b9:ab:ac:33:7c:01:44:
         44:ce:13:75:4c:30:1c:1b:0e:73:ae:77:61:22:a7:27:fd:c7:
         cc:b1:e1:1f:ed:aa:02:35:a3:56:37:40:d4:c5:d5:42:48:6b:
         b5:28:1f:08:2c:3e:95:b2:cd:e3:0d:f6:34:8b:ea:82:ab:f3:
         83:0b:68:06:80:26:a0:86:eb:81:28:af:99:e2:6b:a0:cb:46:
         af:24:a7:3d:bf:30:99:92:30:ea:b8:04:8a:a5:0a:9d:c8:5a:
         e6:28:c4:35:be:49:85:90:5f:70:75:50:d4:85:a6:1d:22:f5:
         4f:cf:1a:71:1e:29:1d:97:d1:e8:fd:2e:f0:10:0a:80:88:2e:
         5f:fd:7a:a2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ6ImZpHt3aX4cFPhXC5qjgXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjYwNjAyMTM1MDI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTZiYjU5NzcwZmYwZjhjZmVhN2U4NjI0MDg0Y2IxNDEzYTAxMmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwwbHztXW7BeEifU/uPcBF5i9lhBg
StScgdVIV1b42WsqxtgqrM1eMofF4n8adVBPF7uNbDpWbnwyy/1Iwbi+KhOpPhhr
l0+52Skr/cgqJI4IXx8ATlq23zqfEj1ebxisVQcSeYSqZv2wMA6OgykdM4NY2AA8
cBLPC6tsuIy1ia680n/LsOve2ZH3ocnkfJr4uoN4ZraGDIQcxpdYn8WC3Y+D3HB5
qzspFl5TGHbLxgFmM50a70QVNGA9hDAMwp3OKfc5VN/mUdYsojx2gXMun9EEtext
zplHi5E6a3IgS6PkRN+i6eqF9P1xKZ7Y8N9U0F0t/VT+M7LaKk/Ww1tS3QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGVrtZdw/w+M/qfoYkCEyxQToBL5MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvWld1MWwzRF9ENHotcC1oaVFJVExGQk9nRXZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAPA
MA0GCSqGSIb3DQEBCwUAA4IBAQCqV5Qj3uuo0wHf2r22h82wAMlnOUsU5YXGuMRI
RZSfpwMA5iLfRUaEi/ccFxfcgg4Z5KyCYSQxH9IDq90hDr7KRg82xAeKD3joG/me
FXj0PKQwt7a+EZua226WRMSFlcUQo1Sp2yplpSxzLxDnQL/2aqaXOD1ksbmrrDN8
AUREzhN1TDAcGw5zrndhIqcn/cfMseEf7aoCNaNWN0DUxdVCSGu1KB8ILD6Vss3j
DfY0i+qCq/ODC2gGgCaghuuBKK+Z4mugy0avJKc9vzCZkjDquASKpQqdyFrmKMQ1
vkmFkF9wdVDUhaYdIvVPzxpxHikdl9Ho/S7wEAqAiC5f/Xqi
-----END CERTIFICATE-----