Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/waZz0IyLkJZ2XZs5mcy2zeGt7KA.roa
File:                     waZz0IyLkJZ2XZs5mcy2zeGt7KA.roa (raw, json)
Hash identifier:          PLFFtAchWYCJ5jmh6ddgth619HvoXK3NBze7KzilKF8=
Subject key identifier:   C1:A6:73:D0:8C:8B:90:96:76:5D:9B:39:99:CC:B6:CD:E1:AD:EC:A0
Certificate issuer:       /CN=206f1c32bc0a9006081d552fede67d6842921ec3
Certificate serial:       019E4B3136005867108C6F64E9223F040A71
Authority key identifier: 20:6F:1C:32:BC:0A:90:06:08:1D:55:2F:ED:E6:7D:68:42:92:1E:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/waZz0IyLkJZ2XZs5mcy2zeGt7KA.roa
Signing time:             Thu 21 May 2026 15:39:36 +0000
ROA not before:           Thu 21 May 2026 15:39:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199649
IP address blocks:        2a07:245:202::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4b:31:36:00:58:67:10:8c:6f:64:e9:22:3f:04:0a:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=206f1c32bc0a9006081d552fede67d6842921ec3
        Validity
            Not Before: May 21 15:39:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c1a673d08c8b9096765d9b3999ccb6cde1adeca0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:cc:56:e1:13:fe:6e:e8:be:9d:78:4d:8d:16:
                    cf:91:4a:13:d9:d2:6e:e8:93:e3:97:65:9d:cb:d5:
                    ef:0f:3e:19:92:2d:64:fd:d9:03:ba:9e:96:93:1d:
                    7c:c9:74:0c:96:e9:56:1b:37:eb:bd:8e:0c:bf:e9:
                    f0:77:7d:63:fa:bc:41:44:e9:67:0b:24:6e:15:61:
                    0d:b7:42:d0:5d:75:57:f9:24:b3:cd:d8:1d:0c:3b:
                    ff:77:be:b0:19:a5:dd:53:05:65:cb:41:6d:26:1a:
                    72:2f:51:be:d2:d1:52:e8:3a:f9:90:ea:ef:82:be:
                    71:cd:26:35:e0:65:74:45:dd:f6:93:8d:7f:e4:ab:
                    f5:42:a9:eb:a7:84:71:b8:70:f6:2c:65:8d:7e:6c:
                    cd:fc:35:5e:11:09:ee:f8:77:39:dd:f4:27:d5:80:
                    95:f9:3a:fd:1e:2d:50:d4:e2:6b:b1:5a:0b:b0:0a:
                    d3:7a:ec:62:97:4d:56:b2:f8:03:7b:a7:09:da:4d:
                    94:58:45:3c:3c:5d:a2:a3:9d:83:bc:86:e0:7c:91:
                    96:62:7b:a0:57:f7:dc:af:a0:9b:09:66:12:98:0b:
                    ff:9f:a3:5b:6f:38:d8:ff:87:d9:3c:7a:13:4d:3a:
                    8d:ff:c9:79:e4:03:d1:bd:35:cc:28:87:fc:c1:51:
                    d7:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:A6:73:D0:8C:8B:90:96:76:5D:9B:39:99:CC:B6:CD:E1:AD:EC:A0
            X509v3 Authority Key Identifier:
                keyid:20:6F:1C:32:BC:0A:90:06:08:1D:55:2F:ED:E6:7D:68:42:92:1E:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/waZz0IyLkJZ2XZs5mcy2zeGt7KA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/a91884-6f58-4ddd-8932-bba860b26c02/1/IG8cMrwKkAYIHVUv7eZ9aEKSHsM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:245:202::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:33:ba:df:25:75:ab:ad:68:63:97:cb:c3:70:07:a0:e5:c8:
         38:6a:5e:0f:28:92:8c:f9:43:ab:d5:b2:db:c5:70:c0:86:bf:
         9b:b6:20:72:7a:10:4d:f6:4e:d8:cc:46:74:31:1c:b4:55:23:
         68:b2:9b:a8:3f:c5:5a:cf:dc:c1:4b:27:d7:de:bc:be:f0:f4:
         eb:eb:51:f2:f6:cb:97:b2:49:3c:a8:f5:e8:7c:04:de:63:2f:
         8a:7b:c9:15:ee:38:1e:38:53:2d:13:ea:3b:d8:0b:d3:2a:55:
         e9:48:08:87:9f:59:cf:8e:00:1c:60:e2:01:21:7b:76:ca:a6:
         a0:da:b2:e6:c9:f8:88:4b:d3:e3:f7:cf:0d:90:9d:c6:31:a9:
         5f:8b:35:5c:a5:09:21:b7:d7:f1:c6:75:85:24:0a:07:d0:34:
         e4:28:3d:29:26:db:aa:b6:86:da:b3:19:75:95:cd:52:6d:5a:
         08:88:7f:e6:69:6e:58:d0:3f:39:07:10:37:8e:b0:cd:c9:9d:
         2e:c3:4a:25:c8:6c:70:b1:8e:84:5b:46:93:0c:0c:e1:8a:e3:
         59:cc:c9:3e:ad:98:b1:80:fe:07:d7:19:49:5e:a3:a8:ee:76:
         ec:8e:49:1f:e4:ce:e3:d7:ab:32:02:a4:e3:13:76:6f:05:5b:
         b7:22:da:fc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ5LMTYAWGcQjG9k6SI/BApxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwNmYxYzMyYmMwYTkwMDYwODFkNTUyZmVkZTY3ZDY4NDI5
MjFlYzMwHhcNMjYwNTIxMTUzOTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWE2NzNkMDhjOGI5MDk2NzY1ZDliMzk5OWNjYjZjZGUxYWRlY2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA08xW4RP+bui+nXhNjRbPkUoT2dJu
6JPjl2Wdy9XvDz4Zki1k/dkDup6Wkx18yXQMlulWGzfrvY4Mv+nwd31j+rxBROln
CyRuFWENt0LQXXVX+SSzzdgdDDv/d76wGaXdUwVly0FtJhpyL1G+0tFS6Dr5kOrv
gr5xzSY14GV0Rd32k41/5Kv1Qqnrp4RxuHD2LGWNfmzN/DVeEQnu+Hc53fQn1YCV
+Tr9Hi1Q1OJrsVoLsArTeuxil01WsvgDe6cJ2k2UWEU8PF2io52DvIbgfJGWYnug
V/fcr6CbCWYSmAv/n6NbbzjY/4fZPHoTTTqN/8l55APRvTXMKIf8wVHXrQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMGmc9CMi5CWdl2bOZnMts3hreygMB8GA1UdIwQY
MBaAFCBvHDK8CpAGCB1VL+3mfWhCkh7DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUc4Y01yd0trQVlJSFZVdjdlWjlhRUtTSHNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9hOTE4ODQtNmY1OC00ZGRkLTg5MzIt
YmJhODYwYjI2YzAyLzEvd2FaejBJeUxrSloyWFpzNW1jeTJ6ZUd0N0tBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9hOTE4ODQtNmY1OC00ZGRkLTg5MzItYmJhODYwYjI2YzAy
LzEvSUc4Y01yd0trQVlJSFZVdjdlWjlhRUtTSHNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgcCRQIC
MA0GCSqGSIb3DQEBCwUAA4IBAQBRM7rfJXWrrWhjl8vDcAeg5cg4al4PKJKM+UOr
1bLbxXDAhr+btiByehBN9k7YzEZ0MRy0VSNospuoP8Vaz9zBSyfX3ry+8PTr61Hy
9suXskk8qPXofATeYy+Ke8kV7jgeOFMtE+o72AvTKlXpSAiHn1nPjgAcYOIBIXt2
yqag2rLmyfiIS9Pj988NkJ3GMalfizVcpQkht9fxxnWFJAoH0DTkKD0pJtuqtoba
sxl1lc1SbVoIiH/maW5Y0D85BxA3jrDNyZ0uw0olyGxwsY6EW0aTDAzhiuNZzMk+
rZixgP4H1xlJXqOo7nbsjkkf5M7j16syAqTjE3ZvBVu3Itr8
-----END CERTIFICATE-----