Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/CZNr-FwVxvFfoT22yU8bGCzzZ7M.roa
File:                     CZNr-FwVxvFfoT22yU8bGCzzZ7M.roa (raw, json)
Hash identifier:          Wzkp2Bw/RSltq5x7qjxHcTSrEnODOhExu4krbiNOdxY=
Subject key identifier:   09:93:6B:F8:5C:15:C6:F1:5F:A1:3D:B6:C9:4F:1B:18:2C:F3:67:B3
Certificate issuer:       /CN=b05d28d16626bc5dcabf2e915435782b96e14071
Certificate serial:       019DB971A7EB9CE3ED0CEB373B57457BEAD0
Authority key identifier: B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/CZNr-FwVxvFfoT22yU8bGCzzZ7M.roa
Signing time:             Thu 23 Apr 2026 08:25:26 +0000
ROA not before:           Thu 23 Apr 2026 08:25:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21221
IP address blocks:        2a07:3501:1230::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 Apr 2026 17:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b9:71:a7:eb:9c:e3:ed:0c:eb:37:3b:57:45:7b:ea:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b05d28d16626bc5dcabf2e915435782b96e14071
        Validity
            Not Before: Apr 23 08:25:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=09936bf85c15c6f15fa13db6c94f1b182cf367b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:e1:0f:d3:3b:80:1b:3f:54:a6:2a:a8:d5:64:
                    f4:61:84:d1:5b:26:89:c4:50:ee:e3:bd:30:65:86:
                    7f:c1:16:58:9d:92:69:68:b0:d4:ca:8f:24:9c:f3:
                    b1:f8:75:b4:70:f3:92:2b:30:47:ef:56:77:3f:ad:
                    f4:02:27:40:25:52:b1:84:05:77:a1:b5:67:d4:e6:
                    3b:75:16:f7:aa:44:ca:1e:1b:db:7b:f6:e8:9f:d4:
                    6a:d4:4f:7a:52:d3:5d:cc:41:96:f3:3a:c3:e7:a9:
                    6f:53:7c:0a:4b:00:a5:3c:fc:10:82:46:88:7c:8d:
                    c7:93:d0:fa:57:83:ac:e5:69:bd:9f:0a:29:84:05:
                    dd:8d:9d:67:f9:c9:88:9c:63:cd:65:08:c7:11:4c:
                    6e:5f:db:ee:db:75:1a:43:5d:94:f2:65:40:8a:5c:
                    80:a9:21:cd:5b:72:4d:8b:33:f2:09:6e:9a:3b:9c:
                    2b:64:60:45:c4:27:d9:69:ed:e1:9e:b2:e2:b2:fd:
                    60:0d:69:70:e5:e7:56:0f:04:6f:67:25:8c:cb:19:
                    d4:1f:64:81:3f:4e:09:5d:1e:e4:80:16:13:dd:00:
                    da:4e:7e:fb:13:06:bb:f2:96:44:6a:b7:fd:70:af:
                    20:ad:49:44:8d:80:89:07:b6:4f:42:f3:1a:bc:35:
                    94:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:93:6B:F8:5C:15:C6:F1:5F:A1:3D:B6:C9:4F:1B:18:2C:F3:67:B3
            X509v3 Authority Key Identifier:
                keyid:B0:5D:28:D1:66:26:BC:5D:CA:BF:2E:91:54:35:78:2B:96:E1:40:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/CZNr-FwVxvFfoT22yU8bGCzzZ7M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/bba973-7c9f-4b11-b611-ad575522b365/1/sF0o0WYmvF3Kvy6RVDV4K5bhQHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:3501:1230::/46

    Signature Algorithm: sha256WithRSAEncryption
         c1:76:3c:14:a8:f3:8f:f3:5f:d0:af:36:91:61:46:cf:58:1b:
         06:1f:9d:ce:dd:7e:73:63:12:65:cf:51:d7:38:52:92:3f:a3:
         fc:50:91:35:b4:69:1e:86:7d:d5:67:41:e7:db:ab:b8:fa:93:
         21:f2:45:b8:70:1a:70:02:e0:db:68:39:c8:84:5e:be:4f:db:
         a1:a9:fe:93:b9:ca:83:f3:d8:1e:13:1d:96:e7:78:50:78:37:
         ea:f8:30:00:67:0d:66:ef:52:4d:d1:1b:8a:79:48:87:1d:f1:
         bf:12:8d:95:51:0f:dd:a0:b5:38:fa:cd:20:15:06:38:8a:ad:
         53:f4:bd:c1:31:4b:36:41:bd:50:e5:dc:a1:52:04:9a:da:16:
         5a:d1:24:33:c9:96:82:ed:37:de:13:a7:4e:d1:44:11:eb:f5:
         6b:93:f6:d3:31:b9:e2:e7:ba:d8:c1:72:87:c9:fa:ac:6b:f2:
         5c:da:71:8c:1d:f7:f1:b8:e9:a6:5b:48:c7:b6:dd:5d:39:c5:
         02:41:77:11:6f:72:a8:0e:ce:e9:4c:62:68:0b:83:45:4d:d3:
         3a:84:61:da:3c:b5:d6:16:49:a4:ad:f8:68:d9:22:36:5c:2c:
         a2:e2:fa:d3:f8:ef:27:8b:8f:e3:d3:9b:4e:cf:36:3f:6e:06:
         8d:5b:06:88
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ25cafrnOPtDOs3O1dFe+rQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNWQyOGQxNjYyNmJjNWRjYWJmMmU5MTU0MzU3ODJiOTZl
MTQwNzEwHhcNMjYwNDIzMDgyNTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTkzNmJmODVjMTVjNmYxNWZhMTNkYjZjOTRmMWIxODJjZjM2N2IzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAteEP0zuAGz9Upiqo1WT0YYTRWyaJ
xFDu470wZYZ/wRZYnZJpaLDUyo8knPOx+HW0cPOSKzBH71Z3P630AidAJVKxhAV3
obVn1OY7dRb3qkTKHhvbe/bon9Rq1E96UtNdzEGW8zrD56lvU3wKSwClPPwQgkaI
fI3Hk9D6V4Os5Wm9nwophAXdjZ1n+cmInGPNZQjHEUxuX9vu23UaQ12U8mVAilyA
qSHNW3JNizPyCW6aO5wrZGBFxCfZae3hnrLisv1gDWlw5edWDwRvZyWMyxnUH2SB
P04JXR7kgBYT3QDaTn77Ewa78pZEarf9cK8grUlEjYCJB7ZPQvMavDWUoQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAmTa/hcFcbxX6E9tslPGxgs82ezMB8GA1UdIwQY
MBaAFLBdKNFmJrxdyr8ukVQ1eCuW4UBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEt
YWQ1NzU1MjJiMzY1LzEvQ1pOci1Gd1Z4dkZmb1QyMnlVOGJHQ3p6WjdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9iYmE5NzMtN2M5Zi00YjExLWI2MTEtYWQ1NzU1MjJiMzY1
LzEvc0YwbzBXWW12RjNLdnk2UlZEVjRLNWJoUUhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKgc1ARIw
MA0GCSqGSIb3DQEBCwUAA4IBAQDBdjwUqPOP81/QrzaRYUbPWBsGH53O3X5zYxJl
z1HXOFKSP6P8UJE1tGkehn3VZ0Hn26u4+pMh8kW4cBpwAuDbaDnIhF6+T9uhqf6T
ucqD89geEx2W53hQeDfq+DAAZw1m71JN0RuKeUiHHfG/Eo2VUQ/doLU4+s0gFQY4
iq1T9L3BMUs2Qb1Q5dyhUgSa2hZa0SQzyZaC7TfeE6dO0UQR6/Vrk/bTMbni57rY
wXKHyfqsa/Jc2nGMHffxuOmmW0jHtt1dOcUCQXcRb3KoDs7pTGJoC4NFTdM6hGHa
PLXWFkmkrfho2SI2XCyi4vrT+O8ni4/j05tOzzY/bgaNWwaI
-----END CERTIFICATE-----