Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/zl9a6eQsJ3DfOxhDj9wKbJLx4Uc.roa
File:                     zl9a6eQsJ3DfOxhDj9wKbJLx4Uc.roa (raw, json)
Hash identifier:          GtWhb1HWStkTLvPPKC4+PE0+adtITAuVDXGWtFF4ZOI=
Subject key identifier:   CE:5F:5A:E9:E4:2C:27:70:DF:3B:18:43:8F:DC:0A:6C:92:F1:E1:47
Certificate issuer:       /CN=706d3abbb478b74ef2adef9bb7c4336e34111d51
Certificate serial:       019DDAE143C6600A7F948C342037E20DB7C9
Authority key identifier: 70:6D:3A:BB:B4:78:B7:4E:F2:AD:EF:9B:B7:C4:33:6E:34:11:1D:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cG06u7R4t07yre-bt8QzbjQRHVE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/zl9a6eQsJ3DfOxhDj9wKbJLx4Uc.roa
Signing time:             Wed 29 Apr 2026 20:14:49 +0000
ROA not before:           Wed 29 Apr 2026 20:14:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401776
IP address blocks:        2a11:b800::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/cG06u7R4t07yre-bt8QzbjQRHVE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/cG06u7R4t07yre-bt8QzbjQRHVE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cG06u7R4t07yre-bt8QzbjQRHVE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:da:e1:43:c6:60:0a:7f:94:8c:34:20:37:e2:0d:b7:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=706d3abbb478b74ef2adef9bb7c4336e34111d51
        Validity
            Not Before: Apr 29 20:14:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ce5f5ae9e42c2770df3b18438fdc0a6c92f1e147
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:c2:d6:ac:1f:82:14:0d:03:08:8f:42:e5:63:
                    e6:b1:e4:7a:17:c3:38:c3:b5:59:a3:86:ca:28:15:
                    fd:e7:d6:d9:93:32:aa:36:08:cd:24:c7:f4:1d:19:
                    17:f7:f6:07:d4:05:94:12:93:00:d9:f1:b3:63:e5:
                    e7:a9:40:4c:0a:34:2e:f8:28:17:8a:5c:fa:eb:2a:
                    b2:68:43:84:79:3c:af:e6:a4:a1:9b:b5:cd:83:f4:
                    c6:39:a2:ae:2a:2c:c9:0a:f0:82:c4:cd:d2:34:62:
                    aa:43:c8:96:2d:4a:fa:5e:05:34:53:a7:1c:0e:aa:
                    47:ec:2c:12:b1:a7:74:ff:4a:d7:22:10:9d:33:bb:
                    0c:28:b8:c8:9e:ee:7d:17:a2:97:27:dd:8e:f8:73:
                    70:90:6a:83:31:cf:0c:87:12:da:7d:0a:5d:30:fd:
                    06:68:0f:1c:ac:ba:a8:03:c7:46:2a:64:cf:a1:ca:
                    e7:a6:a8:df:31:ba:65:99:f0:13:7f:db:2a:10:57:
                    fc:ea:9f:ac:2f:e4:89:56:34:1b:30:d4:86:46:34:
                    f8:99:d9:8e:ba:68:9c:75:a6:e1:e2:6f:f6:a4:cb:
                    ec:88:4f:7c:8e:17:03:53:f9:6a:d4:b0:67:42:8a:
                    db:3e:56:4f:1e:8f:77:3a:4f:8e:44:65:97:40:09:
                    c4:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:5F:5A:E9:E4:2C:27:70:DF:3B:18:43:8F:DC:0A:6C:92:F1:E1:47
            X509v3 Authority Key Identifier:
                keyid:70:6D:3A:BB:B4:78:B7:4E:F2:AD:EF:9B:B7:C4:33:6E:34:11:1D:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cG06u7R4t07yre-bt8QzbjQRHVE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/zl9a6eQsJ3DfOxhDj9wKbJLx4Uc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/cG06u7R4t07yre-bt8QzbjQRHVE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a11:b800::/29

    Signature Algorithm: sha256WithRSAEncryption
         94:a9:fd:02:54:49:be:b5:31:b6:5a:96:5c:f7:33:b7:bf:7d:
         80:bb:3c:51:a6:7c:31:cc:8c:bc:b6:22:c4:28:b7:db:9f:47:
         ae:6d:82:91:8c:25:e0:a8:81:77:76:06:03:62:09:88:05:33:
         de:3b:08:8c:66:b9:58:84:91:b9:83:04:99:46:ae:25:97:91:
         53:e7:45:b9:02:1e:1a:d2:f4:88:0a:b5:68:54:90:3d:d5:93:
         91:d7:cb:15:13:78:ff:23:d1:9b:5c:3d:b2:ed:aa:89:34:39:
         0d:31:08:5e:8d:5a:45:1e:bb:d5:62:73:7d:96:27:a1:fa:9f:
         6d:dc:ec:4e:86:d9:40:cb:d6:6b:0a:78:74:54:1a:e7:76:ed:
         e3:0a:37:45:23:66:37:4a:09:de:54:79:e7:bf:48:69:43:bb:
         64:24:a4:67:66:58:e9:45:9d:b8:c1:e2:8a:7d:95:d6:69:4d:
         64:1c:8c:b0:9d:4f:c6:73:ae:68:09:93:20:a3:bf:6b:69:8c:
         1f:55:9f:fe:f7:a7:5d:af:dd:5e:96:1f:a0:83:b6:7e:52:ad:
         a7:5d:a1:84:f4:99:59:95:37:12:ff:3c:f3:c3:25:20:1d:dd:
         ff:19:f4:52:22:53:e5:38:3a:63:98:83:66:58:f0:ed:58:25:
         1d:61:a7:96
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ3a4UPGYAp/lIw0IDfiDbfJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNmQzYWJiYjQ3OGI3NGVmMmFkZWY5YmI3YzQzMzZlMzQx
MTFkNTEwHhcNMjYwNDI5MjAxNDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTVmNWFlOWU0MmMyNzcwZGYzYjE4NDM4ZmRjMGE2YzkyZjFlMTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkcLWrB+CFA0DCI9C5WPmseR6F8M4
w7VZo4bKKBX959bZkzKqNgjNJMf0HRkX9/YH1AWUEpMA2fGzY+XnqUBMCjQu+CgX
ilz66yqyaEOEeTyv5qShm7XNg/TGOaKuKizJCvCCxM3SNGKqQ8iWLUr6XgU0U6cc
DqpH7CwSsad0/0rXIhCdM7sMKLjInu59F6KXJ92O+HNwkGqDMc8MhxLafQpdMP0G
aA8crLqoA8dGKmTPocrnpqjfMbplmfATf9sqEFf86p+sL+SJVjQbMNSGRjT4mdmO
umicdabh4m/2pMvsiE98jhcDU/lq1LBnQorbPlZPHo93Ok+ORGWXQAnEXQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFM5fWunkLCdw3zsYQ4/cCmyS8eFHMB8GA1UdIwQY
MBaAFHBtOru0eLdO8q3vm7fEM240ER1RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0cwNnU3UjR0MDd5cmUtYnQ4UXpialFSSFZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wYzZmNDctNDcxMy00NDcxLWIwOGYt
YTQyMTNjOTNmMWY3LzEvemw5YTZlUXNKM0RmT3hoRGo5d0tiSkx4NFVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wYzZmNDctNDcxMy00NDcxLWIwOGYtYTQyMTNjOTNmMWY3
LzEvY0cwNnU3UjR0MDd5cmUtYnQ4UXpialFSSFZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhG4ADAN
BgkqhkiG9w0BAQsFAAOCAQEAlKn9AlRJvrUxtlqWXPczt799gLs8UaZ8McyMvLYi
xCi3259Hrm2CkYwl4KiBd3YGA2IJiAUz3jsIjGa5WISRuYMEmUauJZeRU+dFuQIe
GtL0iAq1aFSQPdWTkdfLFRN4/yPRm1w9su2qiTQ5DTEIXo1aRR671WJzfZYnofqf
bdzsTobZQMvWawp4dFQa53bt4wo3RSNmN0oJ3lR5579IaUO7ZCSkZ2ZY6UWduMHi
in2V1mlNZByMsJ1PxnOuaAmTIKO/a2mMH1Wf/venXa/dXpYfoIO2flKtp12hhPSZ
WZU3Ev8888MlIB3d/xn0UiJT5Tg6Y5iDZljw7VglHWGnlg==
-----END CERTIFICATE-----