Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/ZrKCdsVyUJvxbWJ2n2fHMWGV7KA.roa
File:                     ZrKCdsVyUJvxbWJ2n2fHMWGV7KA.roa (raw, json)
Hash identifier:          YGndF5FjIEYRodveLPo+FJHSSlNi17ucW51A9UnyGf8=
Subject key identifier:   66:B2:82:76:C5:72:50:9B:F1:6D:62:76:9F:67:C7:31:61:95:EC:A0
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019CD937B0098311CA8691473EA0F494BAB1
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/ZrKCdsVyUJvxbWJ2n2fHMWGV7KA.roa
Signing time:             Tue 10 Mar 2026 19:27:11 +0000
ROA not before:           Tue 10 Mar 2026 19:27:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204490
IP address blocks:        2a0e:19c5::/32 maxlen: 32
                          2a12:8783::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d9:37:b0:09:83:11:ca:86:91:47:3e:a0:f4:94:ba:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Mar 10 19:27:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=66b28276c572509bf16d62769f67c7316195eca0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:36:08:df:e7:95:f1:ef:f5:2f:0e:08:7e:7f:
                    fb:a6:ea:45:00:92:18:e3:4f:63:b9:25:ce:8e:45:
                    5a:68:19:1c:14:6f:c5:50:f9:94:82:1a:f2:98:ee:
                    84:fb:9f:38:3f:cc:dc:b9:fe:c1:89:98:54:73:c9:
                    b7:b0:38:d5:7a:11:8b:8d:83:04:e3:63:64:93:7d:
                    46:db:47:8e:0d:c5:34:10:74:41:81:18:4c:20:97:
                    41:47:1b:6e:73:5f:5c:1f:06:5a:55:f7:6f:bd:6e:
                    46:35:ca:72:09:4d:0b:c1:4b:22:06:41:60:ff:9d:
                    6a:ac:49:1f:1a:1b:ab:be:a5:68:a1:8d:53:9f:df:
                    d8:6b:c1:6c:92:65:f4:10:ec:c2:67:3f:f1:5f:c2:
                    30:82:bd:d1:26:df:16:e9:fb:10:00:5a:80:2f:81:
                    f0:02:7c:f0:9e:90:d5:de:3b:40:ff:b5:68:b0:4d:
                    5d:e0:2d:12:fb:5c:6e:6b:c0:ad:e7:cd:c7:84:17:
                    1a:82:97:0b:71:a3:3d:55:c6:f8:6d:28:98:4d:b1:
                    06:52:b5:bc:a8:1d:9a:51:5c:03:9d:48:fd:44:a0:
                    e7:96:3e:70:77:eb:41:84:60:0a:a7:ad:c3:4c:ff:
                    3a:1e:d3:4e:02:f7:ed:3e:50:e8:30:0d:ae:3b:a6:
                    5f:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:B2:82:76:C5:72:50:9B:F1:6D:62:76:9F:67:C7:31:61:95:EC:A0
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/ZrKCdsVyUJvxbWJ2n2fHMWGV7KA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:19c5::/32
                  2a12:8783::/32

    Signature Algorithm: sha256WithRSAEncryption
         81:42:7d:04:74:99:2c:75:da:51:7e:47:e4:a5:0c:f6:42:bc:
         65:ef:60:46:e0:27:0a:4d:ad:e3:4c:c9:56:91:af:f3:43:ea:
         5f:c1:05:df:b0:01:a7:60:5c:a6:d9:b5:01:d8:e8:ed:60:94:
         fb:3c:66:ca:be:3e:7b:f1:08:52:3d:14:a1:69:b8:7c:0e:ef:
         f9:85:8d:f0:d5:80:e2:e2:29:ea:8a:d4:f9:3e:db:49:3c:7f:
         cf:a1:d2:fa:61:6c:9d:d5:11:d3:3c:5e:6a:4b:3d:97:59:e4:
         65:0c:5b:a2:2d:6a:0f:06:8b:ff:5b:0d:69:09:b8:8b:bd:0b:
         9d:1b:0d:62:21:e7:c7:91:34:b4:6b:dd:f6:e5:2f:8d:f5:8b:
         b7:44:00:69:b1:1b:92:53:90:b9:6e:88:f4:6a:ed:cf:f6:cd:
         b3:61:99:bf:84:96:f2:e4:49:2b:b7:20:cb:ab:a9:35:7d:d0:
         aa:51:ba:ec:d8:0e:b7:95:bb:57:f5:0f:e7:7c:f9:67:60:7d:
         8a:84:92:3b:83:b2:79:38:5e:9a:fb:52:f4:72:07:11:6f:09:
         40:42:45:13:fe:23:48:65:27:a6:c4:c2:96:1a:7b:40:21:ea:
         1c:b3:4f:d7:b3:a2:15:9d:09:5c:6a:e8:ad:af:9b:ed:c3:e4:
         d8:f1:32:a2
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZzZN7AJgxHKhpFHPqD0lLqxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjYwMzEwMTkyNzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmIyODI3NmM1NzI1MDliZjE2ZDYyNzY5ZjY3YzczMTYxOTVlY2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjYI3+eV8e/1Lw4Ifn/7pupFAJIY
409juSXOjkVaaBkcFG/FUPmUghrymO6E+584P8zcuf7BiZhUc8m3sDjVehGLjYME
42Nkk31G20eODcU0EHRBgRhMIJdBRxtuc19cHwZaVfdvvW5GNcpyCU0LwUsiBkFg
/51qrEkfGhurvqVooY1Tn9/Ya8FskmX0EOzCZz/xX8Iwgr3RJt8W6fsQAFqAL4Hw
AnzwnpDV3jtA/7VosE1d4C0S+1xua8Ct583HhBcagpcLcaM9Vcb4bSiYTbEGUrW8
qB2aUVwDnUj9RKDnlj5wd+tBhGAKp63DTP86HtNOAvftPlDoMA2uO6ZfTQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGaygnbFclCb8W1idp9nxzFhleygMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvWnJLQ2RzVnlVSnZ4YldKMm4yZkhNV0dWN0tBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKg4ZxQMF
ACoSh4MwDQYJKoZIhvcNAQELBQADggEBAIFCfQR0mSx12lF+R+SlDPZCvGXvYEbg
JwpNreNMyVaRr/ND6l/BBd+wAadgXKbZtQHY6O1glPs8Zsq+PnvxCFI9FKFpuHwO
7/mFjfDVgOLiKeqK1Pk+20k8f8+h0vphbJ3VEdM8XmpLPZdZ5GUMW6Itag8Gi/9b
DWkJuIu9C50bDWIh58eRNLRr3fblL431i7dEAGmxG5JTkLluiPRq7c/2zbNhmb+E
lvLkSSu3IMurqTV90KpRuuzYDreVu1f1D+d8+WdgfYqEkjuDsnk4Xpr7UvRyBxFv
CUBCRRP+I0hlJ6bEwpYae0Ah6hyzT9ezohWdCVxq6K2vm+3D5NjxMqI=
-----END CERTIFICATE-----