Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/8f41a4-e140-4f65-80e6-28170ac02b32/1/Z07oGH4qALSlhCqp4P64q2iB1us.roa
File:                     Z07oGH4qALSlhCqp4P64q2iB1us.roa (raw, json)
Hash identifier:          Z4N+HOJqsVfo6FvilkavZbY8gKGAnvRy13Fs0EXFZTI=
Subject key identifier:   67:4E:E8:18:7E:2A:00:B4:A5:84:2A:A9:E0:FE:B8:AB:68:81:D6:EB
Certificate issuer:       /CN=4813b9c5fe8315807d7856cd230003aa16741c0d
Certificate serial:       019F133A6F56BC6C1CE241B687422F4A0CE3
Authority key identifier: 48:13:B9:C5:FE:83:15:80:7D:78:56:CD:23:00:03:AA:16:74:1C:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SBO5xf6DFYB9eFbNIwADqhZ0HA0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/8f41a4-e140-4f65-80e6-28170ac02b32/1/Z07oGH4qALSlhCqp4P64q2iB1us.roa
Signing time:             Mon 29 Jun 2026 11:53:44 +0000
ROA not before:           Mon 29 Jun 2026 11:53:44 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     49244
IP address blocks:        2a12:c080::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/8f41a4-e140-4f65-80e6-28170ac02b32/1/SBO5xf6DFYB9eFbNIwADqhZ0HA0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/8f41a4-e140-4f65-80e6-28170ac02b32/1/SBO5xf6DFYB9eFbNIwADqhZ0HA0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SBO5xf6DFYB9eFbNIwADqhZ0HA0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 11:54:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:13:3a:6f:56:bc:6c:1c:e2:41:b6:87:42:2f:4a:0c:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4813b9c5fe8315807d7856cd230003aa16741c0d
        Validity
            Not Before: Jun 29 11:53:44 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=674ee8187e2a00b4a5842aa9e0feb8ab6881d6eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:f7:35:1f:16:01:dc:3d:e4:ea:23:64:1b:b5:
                    bf:9e:9b:27:d6:26:11:09:6e:6a:26:8e:34:9c:81:
                    09:2e:c3:69:96:a7:9d:f4:e6:58:32:41:86:3a:0d:
                    e5:17:bb:1e:23:59:8d:95:d3:31:12:0f:7c:49:a7:
                    d2:7f:af:2e:2e:c1:5c:5b:26:6e:6c:b7:69:8a:f6:
                    57:6d:a5:b9:7b:d1:f3:15:ff:41:1e:5a:a7:62:03:
                    43:89:15:a6:87:5a:75:0d:12:d8:5a:cb:20:6b:cb:
                    d9:38:84:f5:37:9c:30:0a:3d:21:ec:d7:06:68:e5:
                    7c:21:01:34:25:e2:28:30:af:ab:d1:56:2d:b4:65:
                    cc:55:a4:ec:ac:bf:f8:91:be:07:24:31:b4:b3:fd:
                    b9:fe:8c:68:05:2e:c4:ba:3c:e9:05:bc:ce:9b:13:
                    fa:5b:d3:d9:ab:10:09:9b:49:9b:0b:50:d5:72:2b:
                    0c:94:77:fa:28:a3:a6:a3:bd:89:e4:03:47:2d:77:
                    59:bb:27:f1:e3:0a:46:9c:bf:e9:74:c3:48:14:0f:
                    b8:1b:39:5e:e3:52:29:7e:bf:0e:54:ac:a7:79:fb:
                    a4:62:43:12:70:fb:1b:aa:1e:67:cb:8e:64:a4:20:
                    67:7c:e2:a2:80:72:29:f9:14:f1:79:fa:f1:0c:85:
                    ea:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:4E:E8:18:7E:2A:00:B4:A5:84:2A:A9:E0:FE:B8:AB:68:81:D6:EB
            X509v3 Authority Key Identifier:
                keyid:48:13:B9:C5:FE:83:15:80:7D:78:56:CD:23:00:03:AA:16:74:1C:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SBO5xf6DFYB9eFbNIwADqhZ0HA0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/8f41a4-e140-4f65-80e6-28170ac02b32/1/Z07oGH4qALSlhCqp4P64q2iB1us.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/8f41a4-e140-4f65-80e6-28170ac02b32/1/SBO5xf6DFYB9eFbNIwADqhZ0HA0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:c080::/29

    Signature Algorithm: sha256WithRSAEncryption
         12:58:5d:f3:33:57:46:de:f3:4f:2c:2e:31:a1:d7:73:89:58:
         a8:58:0b:e6:2f:32:63:32:70:e0:4e:9c:75:e5:df:70:b4:3f:
         18:58:ab:80:23:b9:b4:88:44:69:2b:3a:0e:de:93:4e:24:73:
         e8:6d:de:c8:99:a3:84:a1:28:e0:b6:84:de:51:c6:a4:ae:39:
         e7:e8:4c:8c:32:e3:f5:c8:5c:a0:0f:eb:47:7b:29:e0:72:ca:
         5d:0f:01:fc:ea:a9:32:a7:d8:29:54:e2:16:e2:98:12:a1:d2:
         04:dc:98:4a:28:33:98:63:34:09:0d:26:63:bd:53:66:83:26:
         2e:10:57:9b:84:cb:f7:05:0f:ac:b9:46:39:8f:93:7a:74:51:
         0d:eb:e2:a9:be:4a:ba:6d:ea:14:59:6c:d1:1a:f0:bf:e1:03:
         36:e5:e5:02:92:35:fe:f9:ac:f5:33:ef:01:9d:69:35:73:da:
         90:df:94:ee:a5:45:a2:18:db:b8:52:ef:38:9a:20:7f:13:4c:
         36:a3:e6:24:a4:c6:52:f3:03:8b:23:12:5d:18:09:90:e3:48:
         aa:46:05:20:17:da:cf:14:71:f4:17:d3:5a:59:61:88:98:56:
         01:5d:a8:01:c9:f2:14:e5:a2:e5:df:15:df:6b:f4:96:74:b7:
         33:28:37:21
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ8TOm9WvGwc4kG2h0IvSgzjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MTNiOWM1ZmU4MzE1ODA3ZDc4NTZjZDIzMDAwM2FhMTY3
NDFjMGQwHhcNMjYwNjI5MTE1MzQ0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzRlZTgxODdlMmEwMGI0YTU4NDJhYTllMGZlYjhhYjY4ODFkNmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApfc1HxYB3D3k6iNkG7W/npsn1iYR
CW5qJo40nIEJLsNplqed9OZYMkGGOg3lF7seI1mNldMxEg98SafSf68uLsFcWyZu
bLdpivZXbaW5e9HzFf9BHlqnYgNDiRWmh1p1DRLYWssga8vZOIT1N5wwCj0h7NcG
aOV8IQE0JeIoMK+r0VYttGXMVaTsrL/4kb4HJDG0s/25/oxoBS7EujzpBbzOmxP6
W9PZqxAJm0mbC1DVcisMlHf6KKOmo72J5ANHLXdZuyfx4wpGnL/pdMNIFA+4Gzle
41Ipfr8OVKynefukYkMScPsbqh5ny45kpCBnfOKigHIp+RTxefrxDIXqRwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGdO6Bh+KgC0pYQqqeD+uKtogdbrMB8GA1UdIwQY
MBaAFEgTucX+gxWAfXhWzSMAA6oWdBwNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0JPNXhmNkRGWUI5ZUZiTkl3QURxaFowSEEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS84ZjQxYTQtZTE0MC00ZjY1LTgwZTYt
MjgxNzBhYzAyYjMyLzEvWjA3b0dINHFBTFNsaENxcDRQNjRxMmlCMXVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS84ZjQxYTQtZTE0MC00ZjY1LTgwZTYtMjgxNzBhYzAyYjMy
LzEvU0JPNXhmNkRGWUI5ZUZiTkl3QURxaFowSEEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhLAgDAN
BgkqhkiG9w0BAQsFAAOCAQEAElhd8zNXRt7zTywuMaHXc4lYqFgL5i8yYzJw4E6c
deXfcLQ/GFirgCO5tIhEaSs6Dt6TTiRz6G3eyJmjhKEo4LaE3lHGpK455+hMjDLj
9chcoA/rR3sp4HLKXQ8B/OqpMqfYKVTiFuKYEqHSBNyYSigzmGM0CQ0mY71TZoMm
LhBXm4TL9wUPrLlGOY+TenRRDeviqb5Kum3qFFls0Rrwv+EDNuXlApI1/vms9TPv
AZ1pNXPakN+U7qVFohjbuFLvOJogfxNMNqPmJKTGUvMDiyMSXRgJkONIqkYFIBfa
zxRx9BfTWllhiJhWAV2oAcnyFOWi5d8V32v0lnS3Myg3IQ==
-----END CERTIFICATE-----