Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/c55ea2-62d0-4db9-901c-eac63c33b085/1/CQZ3Wvtvw7Tv7fItmM3mogc4Qxg.roa
File:                     CQZ3Wvtvw7Tv7fItmM3mogc4Qxg.roa (raw, json)
Hash identifier:          Q3zCRpkKL4sZk2yTM6o3cXqzSXL9K3Ls8SG+mWFVbvE=
Subject key identifier:   09:06:77:5A:FB:6F:C3:B4:EF:ED:F2:2D:98:CD:E6:A2:07:38:43:18
Certificate issuer:       /CN=eed7f6b165a38cff346de3e352118dc99ed822c7
Certificate serial:       019B7CEDC245F4D0A5406A44C7432CD529C8
Authority key identifier: EE:D7:F6:B1:65:A3:8C:FF:34:6D:E3:E3:52:11:8D:C9:9E:D8:22:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7tf2sWWjjP80bePjUhGNyZ7YIsc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/c55ea2-62d0-4db9-901c-eac63c33b085/1/CQZ3Wvtvw7Tv7fItmM3mogc4Qxg.roa
Signing time:             Fri 02 Jan 2026 04:18:35 +0000
ROA not before:           Fri 02 Jan 2026 04:18:35 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210957
IP address blocks:        2001:67c:2d08::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/c55ea2-62d0-4db9-901c-eac63c33b085/1/7tf2sWWjjP80bePjUhGNyZ7YIsc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/c55ea2-62d0-4db9-901c-eac63c33b085/1/7tf2sWWjjP80bePjUhGNyZ7YIsc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7tf2sWWjjP80bePjUhGNyZ7YIsc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Feb 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7c:ed:c2:45:f4:d0:a5:40:6a:44:c7:43:2c:d5:29:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eed7f6b165a38cff346de3e352118dc99ed822c7
        Validity
            Not Before: Jan  2 04:18:35 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0906775afb6fc3b4efedf22d98cde6a207384318
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:14:95:20:0d:2e:7e:0e:90:79:7d:9c:ad:75:
                    b3:08:b7:0f:f0:b9:f5:81:db:a8:13:19:54:6b:15:
                    88:bb:f1:b0:0d:ea:52:42:fd:8f:3a:38:ab:a8:f8:
                    71:74:5a:49:90:ef:7b:6e:13:88:6d:04:cc:17:ac:
                    90:d7:2a:09:1e:37:e2:e2:2b:b7:5d:fe:3d:04:00:
                    14:c4:ec:a0:d3:e3:db:de:21:1f:26:1b:d9:36:cc:
                    9e:cf:2f:22:05:cc:28:b3:00:e0:6d:73:39:3a:e0:
                    23:6f:e8:1d:0f:6f:ea:76:cd:a9:7c:10:54:e5:f9:
                    ae:7c:ae:59:70:2b:4a:9e:28:f0:92:0a:31:a2:c6:
                    f4:05:bc:d2:4f:bc:c0:93:d0:4b:04:0e:e9:75:34:
                    e9:9a:ef:3a:0e:16:8b:6b:ea:88:41:fa:35:04:d1:
                    ef:f4:4c:42:7b:77:bc:17:eb:e4:0c:87:50:9e:fc:
                    cf:4e:5f:6f:12:4f:3b:e9:c7:ad:8c:46:24:45:5d:
                    ca:61:ef:e0:7f:bc:65:11:b2:41:ab:b4:61:3a:92:
                    41:d5:fd:b3:20:99:8d:33:34:0c:c1:b4:91:f5:5f:
                    8a:02:52:1e:a9:f2:bc:c1:b9:4d:6b:d8:c8:e5:4a:
                    09:a1:a9:32:c1:ce:cf:3f:60:14:9c:4f:99:20:13:
                    7b:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:06:77:5A:FB:6F:C3:B4:EF:ED:F2:2D:98:CD:E6:A2:07:38:43:18
            X509v3 Authority Key Identifier:
                keyid:EE:D7:F6:B1:65:A3:8C:FF:34:6D:E3:E3:52:11:8D:C9:9E:D8:22:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7tf2sWWjjP80bePjUhGNyZ7YIsc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/c55ea2-62d0-4db9-901c-eac63c33b085/1/CQZ3Wvtvw7Tv7fItmM3mogc4Qxg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/c55ea2-62d0-4db9-901c-eac63c33b085/1/7tf2sWWjjP80bePjUhGNyZ7YIsc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2d08::/48

    Signature Algorithm: sha256WithRSAEncryption
         38:c6:a5:d2:ba:ab:9e:dc:12:41:8f:39:03:e0:d5:ad:79:ff:
         65:cf:eb:14:01:c9:dd:32:c8:75:e0:65:e4:82:b2:8c:69:c4:
         ea:da:df:f1:79:93:f9:02:f0:df:65:cc:c3:e4:64:ba:1c:ad:
         63:bc:1d:3f:0d:43:5a:21:42:54:80:8f:c2:22:d6:be:ad:9e:
         ec:18:9e:64:48:2d:33:e4:4d:7c:8a:03:7b:64:c7:04:e5:7f:
         d5:95:4c:a4:43:26:d4:0a:65:f1:bd:d0:7a:b1:3b:f4:94:64:
         4e:44:a9:2e:15:0b:c0:b9:a7:df:70:37:d2:59:98:18:f4:5c:
         01:2d:24:7c:b6:38:7f:b4:56:92:25:50:36:f0:25:5b:f0:bb:
         84:cc:37:ec:24:9a:e4:c3:65:6a:63:5d:df:63:61:90:3c:2b:
         32:3e:66:c9:8f:dc:07:81:ba:0f:18:bb:28:76:e2:d1:85:bd:
         7a:0f:e6:f5:f4:7c:8e:51:92:f9:f4:ab:bf:f0:6d:f9:0f:86:
         c5:f1:62:45:2e:f8:73:64:61:d8:42:99:cb:9d:1d:15:ae:a2:
         c9:90:b9:43:cc:e0:28:f2:b0:ef:7e:ad:14:4f:32:2c:9d:12:
         13:a0:44:83:3d:c6:6e:cb:ab:47:a8:ce:6b:d8:3e:33:5d:a9:
         e3:d5:29:99
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt87cJF9NClQGpEx0Ms1SnIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlZDdmNmIxNjVhMzhjZmYzNDZkZTNlMzUyMTE4ZGM5OWVk
ODIyYzcwHhcNMjYwMTAyMDQxODM1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTA2Nzc1YWZiNmZjM2I0ZWZlZGYyMmQ5OGNkZTZhMjA3Mzg0MzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvRSVIA0ufg6QeX2crXWzCLcP8Ln1
gduoExlUaxWIu/GwDepSQv2POjirqPhxdFpJkO97bhOIbQTMF6yQ1yoJHjfi4iu3
Xf49BAAUxOyg0+Pb3iEfJhvZNsyezy8iBcwoswDgbXM5OuAjb+gdD2/qds2pfBBU
5fmufK5ZcCtKnijwkgoxosb0BbzST7zAk9BLBA7pdTTpmu86DhaLa+qIQfo1BNHv
9ExCe3e8F+vkDIdQnvzPTl9vEk876cetjEYkRV3KYe/gf7xlEbJBq7RhOpJB1f2z
IJmNMzQMwbSR9V+KAlIeqfK8wblNa9jI5UoJoakywc7PP2AUnE+ZIBN7RwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAkGd1r7b8O07+3yLZjN5qIHOEMYMB8GA1UdIwQY
MBaAFO7X9rFlo4z/NG3j41IRjcme2CLHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3RmMnNXV2pqUDgwYmVQalVoR055WjdZSXNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9jNTVlYTItNjJkMC00ZGI5LTkwMWMt
ZWFjNjNjMzNiMDg1LzEvQ1FaM1d2dHZ3N1R2N2ZJdG1NM21vZ2M0UXhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9jNTVlYTItNjJkMC00ZGI5LTkwMWMtZWFjNjNjMzNiMDg1
LzEvN3RmMnNXV2pqUDgwYmVQalVoR055WjdZSXNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC0I
MA0GCSqGSIb3DQEBCwUAA4IBAQA4xqXSuque3BJBjzkD4NWtef9lz+sUAcndMsh1
4GXkgrKMacTq2t/xeZP5AvDfZczD5GS6HK1jvB0/DUNaIUJUgI/CIta+rZ7sGJ5k
SC0z5E18igN7ZMcE5X/VlUykQybUCmXxvdB6sTv0lGRORKkuFQvAuaffcDfSWZgY
9FwBLSR8tjh/tFaSJVA28CVb8LuEzDfsJJrkw2VqY13fY2GQPCsyPmbJj9wHgboP
GLsoduLRhb16D+b19HyOUZL59Ku/8G35D4bF8WJFLvhzZGHYQpnLnR0VrqLJkLlD
zOAo8rDvfq0UTzIsnRIToESDPcZuy6tHqM5r2D4zXanj1SmZ
-----END CERTIFICATE-----