Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/lmzlBCUz9yZIdgPzideTxQA5J8Q.roa
File:                     lmzlBCUz9yZIdgPzideTxQA5J8Q.roa (raw, json)
Hash identifier:          QeBa/Ll3nXUwExPc5+JS0Crkm1cs6Bz+7vAM7JqzfYE=
Subject key identifier:   96:6C:E5:04:25:33:F7:26:48:76:03:F3:89:D7:93:C5:00:39:27:C4
Certificate issuer:       /CN=31d2424123ed07725330bf817944fd276b7ca36b
Certificate serial:       019E82A2800BE7123DE7A42F913FEB113050
Authority key identifier: 31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/lmzlBCUz9yZIdgPzideTxQA5J8Q.roa
Signing time:             Mon 01 Jun 2026 10:02:28 +0000
ROA not before:           Mon 01 Jun 2026 10:02:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58212
IP address blocks:        2a06:9801:7a0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:82:a2:80:0b:e7:12:3d:e7:a4:2f:91:3f:eb:11:30:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=31d2424123ed07725330bf817944fd276b7ca36b
        Validity
            Not Before: Jun  1 10:02:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=966ce5042533f726487603f389d793c5003927c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:4a:14:2b:fc:ef:6d:67:78:ba:49:89:39:12:
                    6c:37:75:2d:15:90:eb:1a:cb:03:04:d4:9f:71:6d:
                    0a:be:75:ba:54:ee:92:8d:53:b5:6d:55:a7:c5:e9:
                    eb:06:c6:c9:0a:2a:27:7a:af:04:f4:8a:5f:27:35:
                    74:4a:00:2a:b9:5c:08:32:f9:55:b0:ce:22:e8:dc:
                    a3:67:3b:31:73:31:d0:02:c0:e9:63:8d:b6:51:3d:
                    95:14:82:e0:07:75:52:88:af:14:31:fe:a4:3f:e1:
                    07:d0:2f:3b:e0:7b:4f:62:59:33:70:a4:3c:12:64:
                    00:9e:8f:cd:17:2a:6a:55:a8:4b:d5:3e:c4:15:0a:
                    04:58:df:77:da:70:47:5e:d5:fd:86:b8:8a:ea:12:
                    39:eb:c1:7e:b9:11:b8:14:e4:6a:be:c2:1c:43:d8:
                    a2:f4:50:15:b4:63:ad:34:55:1d:aa:a1:f2:b4:b0:
                    be:04:62:c9:28:9f:5d:d0:b8:0c:a8:45:e2:50:0b:
                    47:26:fe:cb:05:64:ac:9e:4c:fa:a7:e0:5d:c8:c2:
                    af:f6:e2:9e:48:f0:26:a2:52:dd:a6:79:16:bc:56:
                    b7:a0:37:75:6b:b4:26:1a:b0:3e:04:cd:63:e2:4b:
                    d4:ea:d4:2c:2d:41:6b:f9:83:6a:38:92:95:95:05:
                    bb:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:6C:E5:04:25:33:F7:26:48:76:03:F3:89:D7:93:C5:00:39:27:C4
            X509v3 Authority Key Identifier:
                keyid:31:D2:42:41:23:ED:07:72:53:30:BF:81:79:44:FD:27:6B:7C:A3:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MdJCQSPtB3JTML-BeUT9J2t8o2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/lmzlBCUz9yZIdgPzideTxQA5J8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/1a6b17-e3fe-4c6d-b8c1-ed8cfaf1b81f/1/MdJCQSPtB3JTML-BeUT9J2t8o2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:9801:7a0::/44

    Signature Algorithm: sha256WithRSAEncryption
         68:71:d3:33:65:c8:92:a0:c8:4d:99:7d:c5:fc:13:5f:d0:e7:
         f9:5f:90:6e:c1:cc:4a:3e:9d:14:af:18:95:87:57:f5:83:83:
         43:57:dc:bb:46:bf:ae:7b:8a:2b:a7:1f:a9:65:c7:94:cf:68:
         a0:0a:9a:10:6f:98:37:2e:9e:c7:a9:09:e4:bd:d8:8e:fd:4d:
         4e:d8:e5:7b:f2:ee:00:5d:1f:3e:7a:d3:5c:21:8e:3b:09:d0:
         d4:37:3d:32:2b:69:7c:d4:7c:66:0e:7f:2a:4e:c6:72:17:9a:
         b3:48:92:5f:e9:56:db:53:7b:3a:7f:e0:f3:35:89:f5:6f:aa:
         5a:34:a6:21:17:85:1e:0e:29:01:ad:61:0f:c4:ca:f4:36:88:
         05:12:9f:1e:d0:1b:50:ae:5e:5f:3d:1e:23:f5:d1:81:ab:d9:
         d5:45:ea:ec:cb:58:a3:44:49:cb:52:1d:83:e5:91:01:fa:50:
         9a:02:0b:d3:1b:81:d5:8f:20:89:e5:94:a4:18:61:6a:74:9e:
         f5:c6:30:86:83:48:b5:e5:d6:1a:c6:e3:41:37:27:49:8f:e0:
         a0:ab:17:3b:8a:30:6d:0c:3b:35:8a:f7:21:6f:bf:3b:69:f3:
         6e:fb:7d:ff:bb:b6:b3:a9:23:76:6a:c7:4f:e7:83:cd:96:6d:
         b7:10:35:96
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ6CooAL5xI956QvkT/rETBQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxZDI0MjQxMjNlZDA3NzI1MzMwYmY4MTc5NDRmZDI3NmI3
Y2EzNmIwHhcNMjYwNjAxMTAwMjI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjZjZTUwNDI1MzNmNzI2NDg3NjAzZjM4OWQ3OTNjNTAwMzkyN2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxEoUK/zvbWd4ukmJORJsN3UtFZDr
GssDBNSfcW0KvnW6VO6SjVO1bVWnxenrBsbJCioneq8E9IpfJzV0SgAquVwIMvlV
sM4i6NyjZzsxczHQAsDpY422UT2VFILgB3VSiK8UMf6kP+EH0C874HtPYlkzcKQ8
EmQAno/NFypqVahL1T7EFQoEWN932nBHXtX9hriK6hI568F+uRG4FORqvsIcQ9ii
9FAVtGOtNFUdqqHytLC+BGLJKJ9d0LgMqEXiUAtHJv7LBWSsnkz6p+BdyMKv9uKe
SPAmolLdpnkWvFa3oDd1a7QmGrA+BM1j4kvU6tQsLUFr+YNqOJKVlQW7+wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJZs5QQlM/cmSHYD84nXk8UAOSfEMB8GA1UdIwQY
MBaAFDHSQkEj7QdyUzC/gXlE/SdrfKNrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEt
ZWQ4Y2ZhZjFiODFmLzEvbG16bEJDVXo5eVpJZGdQemlkZVR4UUE1SjhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8xYTZiMTctZTNmZS00YzZkLWI4YzEtZWQ4Y2ZhZjFiODFm
LzEvTWRKQ1FTUHRCM0pUTUwtQmVVVDlKMnQ4bzJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgaYAQeg
MA0GCSqGSIb3DQEBCwUAA4IBAQBocdMzZciSoMhNmX3F/BNf0Of5X5BuwcxKPp0U
rxiVh1f1g4NDV9y7Rr+ue4orpx+pZceUz2igCpoQb5g3Lp7HqQnkvdiO/U1O2OV7
8u4AXR8+etNcIY47CdDUNz0yK2l81HxmDn8qTsZyF5qzSJJf6VbbU3s6f+DzNYn1
b6paNKYhF4UeDikBrWEPxMr0NogFEp8e0BtQrl5fPR4j9dGBq9nVRersy1ijREnL
Uh2D5ZEB+lCaAgvTG4HVjyCJ5ZSkGGFqdJ71xjCGg0i15dYaxuNBNydJj+Cgqxc7
ijBtDDs1ivchb787afNu+33/u7azqSN2asdP54PNlm23EDWW
-----END CERTIFICATE-----