Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/LZk446jop7drko9MvPyMTH7Ko9A.roa
File:                     LZk446jop7drko9MvPyMTH7Ko9A.roa (raw, json)
Hash identifier:          jIT3NqJKdP/s6VcdkC3CmwpLZAzs5XLNwCZM3DxyAnw=
Subject key identifier:   2D:99:38:E3:A8:E8:A7:B7:6B:92:8F:4C:BC:FC:8C:4C:7E:CA:A3:D0
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019D27D71108DD3467DC435673CFC38EAC93
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/LZk446jop7drko9MvPyMTH7Ko9A.roa
Signing time:             Thu 26 Mar 2026 01:51:39 +0000
ROA not before:           Thu 26 Mar 2026 01:51:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     396993
IP address blocks:        2a06:9801:268::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Mar 2026 20:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:27:d7:11:08:dd:34:67:dc:43:56:73:cf:c3:8e:ac:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Mar 26 01:51:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2d9938e3a8e8a7b76b928f4cbcfc8c4c7ecaa3d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:6b:85:8a:d7:f3:cf:aa:1e:a0:e0:b7:04:94:
                    24:ac:d1:48:67:42:f5:2a:bc:e0:d7:55:61:9a:6f:
                    2b:35:2d:d0:94:1b:cb:a9:a8:9b:d7:96:ab:5f:4f:
                    46:71:66:a6:67:d8:e7:cc:9b:d6:59:81:bb:1d:bc:
                    77:c0:9b:3d:05:6e:1f:1d:db:f5:3c:8c:8b:1d:0b:
                    a4:8b:c9:ee:26:8a:df:53:34:d0:b8:45:9e:20:24:
                    e9:bd:39:77:9e:f7:ae:ea:c8:21:0b:50:67:c9:1b:
                    9f:98:1d:08:97:ce:9c:48:e0:ce:5f:c5:39:ee:ca:
                    8c:7f:02:dc:6f:f0:2d:59:7c:5b:f6:04:a8:9d:c5:
                    b8:19:d8:bf:6e:cd:a1:32:be:a6:fd:24:09:2a:cb:
                    34:69:dd:43:ef:57:80:cd:d3:ee:a0:09:73:89:9a:
                    9a:b1:89:1d:28:d0:da:b3:74:28:42:cd:1d:2c:f5:
                    de:af:2e:cb:01:79:85:62:e2:40:20:97:aa:be:fc:
                    16:c2:9d:ab:96:fa:2e:e1:77:d2:1f:67:c2:4a:82:
                    73:b9:fd:cc:ce:e6:03:de:d9:90:96:12:5e:f6:7c:
                    f2:44:cc:68:17:11:01:84:88:ab:95:b9:85:23:e1:
                    0f:94:5d:06:61:b1:30:6f:cb:ba:7a:e1:fa:aa:18:
                    8b:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:99:38:E3:A8:E8:A7:B7:6B:92:8F:4C:BC:FC:8C:4C:7E:CA:A3:D0
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/LZk446jop7drko9MvPyMTH7Ko9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:268::/48

    Signature Algorithm: sha256WithRSAEncryption
         5c:07:13:c5:c4:a6:b7:68:bb:57:37:3a:d0:13:ea:35:5a:63:
         42:77:19:1c:91:c0:24:3f:80:36:62:11:78:f7:d9:a0:8e:2f:
         db:96:40:b4:6a:04:f5:ab:02:db:39:26:9c:22:f1:c3:cb:59:
         2c:77:20:e9:77:d2:17:c0:bf:1b:96:0a:0f:0c:8b:e7:d8:bd:
         dc:b8:d7:69:88:1a:04:00:62:80:b8:ee:42:af:ba:d1:6e:77:
         85:1c:ec:f7:98:d9:84:8c:21:d2:53:31:e1:4f:e0:9e:6b:e2:
         38:6c:d7:28:24:99:ee:86:98:9a:f0:5e:1d:e5:bd:b6:dc:dd:
         c0:9f:ea:07:73:5e:0a:9e:f4:91:2b:9f:01:ff:cd:ea:4c:74:
         a7:9b:14:14:d3:91:58:01:77:93:4f:f3:ab:f3:1d:70:88:56:
         d0:d8:fd:bb:78:e1:16:5e:23:b0:00:b0:03:b4:f7:49:35:f5:
         12:be:6c:45:6b:c0:02:80:ac:62:2a:4e:f8:8a:4a:3c:04:6d:
         88:7d:ee:f8:57:30:5d:ef:5f:dd:97:bf:4a:05:4c:b3:ed:79:
         09:a3:01:66:b6:a7:ca:b1:e4:79:61:6f:08:07:d8:ba:e7:11:
         46:7f:06:ad:55:7b:18:90:27:61:79:62:f4:66:5d:53:1d:a4:
         d3:fc:5f:bf
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ0n1xEI3TRn3ENWc8/DjqyTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwMzI2MDE1MTM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDk5MzhlM2E4ZThhN2I3NmI5MjhmNGNiY2ZjOGM0YzdlY2FhM2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo2uFitfzz6oeoOC3BJQkrNFIZ0L1
Krzg11Vhmm8rNS3QlBvLqaib15arX09GcWamZ9jnzJvWWYG7Hbx3wJs9BW4fHdv1
PIyLHQuki8nuJorfUzTQuEWeICTpvTl3nveu6sghC1BnyRufmB0Il86cSODOX8U5
7sqMfwLcb/AtWXxb9gSoncW4Gdi/bs2hMr6m/SQJKss0ad1D71eAzdPuoAlziZqa
sYkdKNDas3QoQs0dLPXery7LAXmFYuJAIJeqvvwWwp2rlvou4XfSH2fCSoJzuf3M
zuYD3tmQlhJe9nzyRMxoFxEBhIirlbmFI+EPlF0GYbEwb8u6euH6qhiLoQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFC2ZOOOo6Ke3a5KPTLz8jEx+yqPQMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvTFprNDQ2am9wN2Rya285TXZQeU1USDdLbzlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQJo
MA0GCSqGSIb3DQEBCwUAA4IBAQBcBxPFxKa3aLtXNzrQE+o1WmNCdxkckcAkP4A2
YhF499mgji/blkC0agT1qwLbOSacIvHDy1ksdyDpd9IXwL8blgoPDIvn2L3cuNdp
iBoEAGKAuO5Cr7rRbneFHOz3mNmEjCHSUzHhT+Cea+I4bNcoJJnuhpia8F4d5b22
3N3An+oHc14KnvSRK58B/83qTHSnmxQU05FYAXeTT/Or8x1wiFbQ2P27eOEWXiOw
ALADtPdJNfUSvmxFa8ACgKxiKk74iko8BG2Ife74VzBd71/dl79KBUyz7XkJowFm
tqfKseR5YW8IB9i65xFGfwatVXsYkCdheWL0Zl1THaTT/F+/
-----END CERTIFICATE-----