Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/ZYQV5XDVAY1V5oIUbOxSh3VFdzU.roa
File:                     ZYQV5XDVAY1V5oIUbOxSh3VFdzU.roa (raw, json)
Hash identifier:          8U1eRPND410yXZRK+sAXNgFIqbhW+8jvM5q6w+Rmdz8=
Subject key identifier:   65:84:15:E5:70:D5:01:8D:55:E6:82:14:6C:EC:52:87:75:45:77:35
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019C4A34B13D78273599F51816727A6A91ED
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/ZYQV5XDVAY1V5oIUbOxSh3VFdzU.roa
Signing time:             Wed 11 Feb 2026 00:58:13 +0000
ROA not before:           Wed 11 Feb 2026 00:58:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204085
IP address blocks:        2a06:9801:3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 24 Feb 2026 05:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:4a:34:b1:3d:78:27:35:99:f5:18:16:72:7a:6a:91:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Feb 11 00:58:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=658415e570d5018d55e682146cec528775457735
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:33:57:a4:00:ac:cb:08:ac:7d:61:f7:e3:15:
                    be:46:a8:e2:8d:14:4c:27:c8:df:68:9b:7a:19:06:
                    46:59:6e:53:25:d5:b9:43:dc:42:24:d6:a9:32:9b:
                    ae:45:a3:a7:68:25:05:00:6c:cc:66:8d:e4:87:1b:
                    17:08:f0:92:e9:1b:d4:db:8c:38:d1:ab:75:9d:e8:
                    9d:f9:91:8b:85:d0:15:ba:c0:1f:c3:a0:5b:55:45:
                    2d:ed:0b:05:50:3b:72:e7:28:60:70:95:c8:ed:ba:
                    71:3e:15:8a:5a:b5:98:75:0a:72:7e:79:a5:34:fd:
                    4d:1e:50:e2:d6:5e:d4:3a:9b:35:5f:b4:2a:78:cc:
                    57:54:e1:06:37:c3:b0:6e:b1:94:e7:a1:eb:e9:ab:
                    63:76:52:63:0e:d1:d8:dd:95:df:47:52:74:23:0e:
                    6b:4e:f0:58:95:6c:77:64:ee:b5:cd:10:56:3f:da:
                    e4:44:e6:00:c2:7e:27:5d:90:2c:41:8f:1c:6e:4a:
                    89:7e:cb:93:9c:f9:10:bd:17:80:76:e9:a2:c7:64:
                    6f:46:83:6e:66:7a:59:b9:04:89:bf:27:c2:26:ad:
                    2a:91:01:6a:23:56:22:8a:1c:68:5e:eb:5c:4c:0b:
                    cf:7b:07:df:46:a6:4a:df:97:32:da:2c:ea:87:7d:
                    a2:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:84:15:E5:70:D5:01:8D:55:E6:82:14:6C:EC:52:87:75:45:77:35
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/ZYQV5XDVAY1V5oIUbOxSh3VFdzU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:7d:bc:a4:3b:3a:28:d1:99:0f:07:a4:17:5f:85:c8:ca:d7:
         f9:69:3a:8a:ff:09:79:76:1d:5d:69:08:2f:e4:24:89:1c:41:
         97:4d:66:82:f3:b5:12:e5:51:db:05:d5:ae:42:15:c7:1a:5c:
         8d:28:ea:26:da:5c:eb:b0:62:a3:92:1e:1b:29:27:37:25:a0:
         73:9b:58:0a:34:85:2a:5d:23:df:c6:a2:24:1f:4e:12:0c:df:
         a9:ae:9f:11:54:b6:5f:62:bc:fb:7f:e5:68:fd:81:20:6a:ed:
         4c:a7:32:67:1b:49:3d:1f:b6:6a:9f:47:65:92:3f:66:fb:33:
         4c:95:2f:ad:4a:45:e1:cf:ff:d1:6d:0a:67:c0:75:c3:ad:fb:
         0f:99:b9:bf:a3:76:64:92:db:bc:5f:d6:ee:2b:5f:2f:58:7d:
         ae:f1:88:2d:1e:2c:e8:03:e4:b8:8e:00:7d:f5:30:b6:15:a8:
         35:9c:2e:8a:f6:2a:dc:09:4f:6d:a3:35:f1:1f:2d:be:b7:5e:
         f8:e3:5a:b3:9a:75:a8:d9:44:5b:3f:88:40:e4:2c:b0:bb:29:
         f3:d2:78:12:f0:12:f0:1f:76:6b:0d:c9:d6:23:43:ed:81:3b:
         8b:e0:83:1c:01:d7:24:52:89:00:b2:a3:9b:66:e8:41:87:b5:
         18:d6:0d:a4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZxKNLE9eCc1mfUYFnJ6apHtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwMjExMDA1ODEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTg0MTVlNTcwZDUwMThkNTVlNjgyMTQ2Y2VjNTI4Nzc1NDU3NzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDNXpACsywisfWH34xW+RqjijRRM
J8jfaJt6GQZGWW5TJdW5Q9xCJNapMpuuRaOnaCUFAGzMZo3khxsXCPCS6RvU24w4
0at1neid+ZGLhdAVusAfw6BbVUUt7QsFUDty5yhgcJXI7bpxPhWKWrWYdQpyfnml
NP1NHlDi1l7UOps1X7QqeMxXVOEGN8OwbrGU56Hr6atjdlJjDtHY3ZXfR1J0Iw5r
TvBYlWx3ZO61zRBWP9rkROYAwn4nXZAsQY8cbkqJfsuTnPkQvReAdumix2RvRoNu
ZnpZuQSJvyfCJq0qkQFqI1YiihxoXutcTAvPewffRqZK35cy2izqh32iOQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGWEFeVw1QGNVeaCFGzsUod1RXc1MB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvWllRVjVYRFZBWTFWNW9JVWJPeFNoM1ZGZHpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgaYAQAD
MA0GCSqGSIb3DQEBCwUAA4IBAQCRfbykOzoo0ZkPB6QXX4XIytf5aTqK/wl5dh1d
aQgv5CSJHEGXTWaC87US5VHbBdWuQhXHGlyNKOom2lzrsGKjkh4bKSc3JaBzm1gK
NIUqXSPfxqIkH04SDN+prp8RVLZfYrz7f+Vo/YEgau1MpzJnG0k9H7Zqn0dlkj9m
+zNMlS+tSkXhz//RbQpnwHXDrfsPmbm/o3Zkktu8X9buK18vWH2u8YgtHizoA+S4
jgB99TC2Fag1nC6K9ircCU9tozXxHy2+t17441qzmnWo2URbP4hA5Cywuynz0ngS
8BLwH3ZrDcnWI0PtgTuL4IMcAdckUokAsqObZuhBh7UY1g2k
-----END CERTIFICATE-----