Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/ZxhgvJUp5L4sq4b3OuTxkXUrhbk.roa
File:                     ZxhgvJUp5L4sq4b3OuTxkXUrhbk.roa (raw, json)
Hash identifier:          z/k/9AIwvyg4zpuGghpg0rweLWMdEBY0L4pxUIcere0=
Subject key identifier:   67:18:60:BC:95:29:E4:BE:2C:AB:86:F7:3A:E4:F1:91:75:2B:85:B9
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       019DD49A83F50C0820B5AB51BADCB7F262AE
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/ZxhgvJUp5L4sq4b3OuTxkXUrhbk.roa
Signing time:             Tue 28 Apr 2026 14:59:49 +0000
ROA not before:           Tue 28 Apr 2026 14:59:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201861
IP address blocks:        2a0d:d940:110::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 03:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d4:9a:83:f5:0c:08:20:b5:ab:51:ba:dc:b7:f2:62:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Apr 28 14:59:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=671860bc9529e4be2cab86f73ae4f191752b85b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:83:61:6d:9d:ce:71:29:6d:3e:ee:4e:e1:a4:
                    6c:d5:d9:81:51:ca:a6:b3:45:ca:30:01:ee:c3:70:
                    e0:24:66:36:35:bd:44:ea:7d:c3:b8:8b:27:3e:ae:
                    1d:a0:c1:77:2e:43:b2:28:1c:3f:9e:90:6a:1e:99:
                    2a:9d:34:35:d5:f3:1c:04:95:2d:29:c2:8b:a5:cb:
                    e3:c0:9e:c8:56:40:38:9a:34:a5:60:73:bd:4b:6d:
                    ca:04:78:69:25:3d:6c:38:7d:2c:0b:19:62:4e:79:
                    c7:2a:d2:5e:2e:a7:ff:c9:3c:63:d3:f9:55:ce:7c:
                    f9:72:97:a4:0d:80:10:2d:d0:38:0d:62:0c:65:f9:
                    7a:32:be:98:82:33:77:8e:28:e4:13:9d:97:d9:d8:
                    dc:70:1a:13:67:2e:28:0c:7f:e0:54:fe:0a:b1:b1:
                    89:ce:72:9c:fe:28:bb:65:b1:b9:fd:79:3b:86:11:
                    34:a9:40:03:e1:f4:73:25:fb:c9:9a:a1:38:3b:64:
                    a2:ca:b2:f7:ed:d4:ba:92:a4:09:ba:51:1b:f7:d6:
                    5e:86:54:20:89:38:97:bd:d8:54:1a:82:af:95:59:
                    72:14:27:13:43:8b:48:bf:4f:de:a2:3d:dd:12:89:
                    86:89:26:6d:bb:08:ed:4a:bc:46:e7:23:c6:5c:ec:
                    9a:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:18:60:BC:95:29:E4:BE:2C:AB:86:F7:3A:E4:F1:91:75:2B:85:B9
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/ZxhgvJUp5L4sq4b3OuTxkXUrhbk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:110::/44

    Signature Algorithm: sha256WithRSAEncryption
         0c:ae:2b:26:ab:be:26:4e:5f:30:c9:ca:f9:be:28:a2:32:b5:
         04:90:a8:50:37:76:73:ce:43:79:0c:78:01:4d:9e:3b:d8:b2:
         4c:a4:fe:ba:c8:78:f9:dd:27:ed:bf:51:c3:08:3c:ee:fa:52:
         24:a0:e5:96:0a:03:63:b5:56:3e:4d:90:3f:56:56:c2:e0:17:
         23:44:02:a0:af:50:b8:c7:59:1f:eb:8c:2b:ae:c2:4a:c7:4a:
         84:ba:e7:1f:6f:98:f1:16:75:88:98:89:21:8b:d3:a5:e3:32:
         86:e1:06:b5:22:b3:c6:bc:a4:e9:ad:b9:cd:51:d0:70:f5:fc:
         6e:af:f2:cb:66:38:91:c9:39:30:c9:05:1c:69:6d:e6:9f:d6:
         17:1f:fe:18:5b:e6:77:43:5f:4a:43:85:08:44:45:58:41:7e:
         4a:f7:d5:9c:0d:e8:ff:38:ac:40:7e:77:34:fa:8f:0f:ad:30:
         23:f7:da:3d:db:62:59:b2:f7:96:2f:f1:3d:d3:c7:2b:80:4d:
         15:9c:b0:29:83:63:09:0c:52:49:05:35:b1:ea:3c:18:16:ab:
         ed:64:68:2b:29:c0:9f:98:9b:28:4c:62:da:78:e3:68:47:3b:
         02:57:35:e8:37:5e:f4:1d:62:82:ac:3f:13:da:61:7b:a2:32:
         51:b1:74:f2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ3UmoP1DAggtatRuty38mKuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjYwNDI4MTQ1OTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzE4NjBiYzk1MjllNGJlMmNhYjg2ZjczYWU0ZjE5MTc1MmI4NWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqINhbZ3OcSltPu5O4aRs1dmBUcqm
s0XKMAHuw3DgJGY2Nb1E6n3DuIsnPq4doMF3LkOyKBw/npBqHpkqnTQ11fMcBJUt
KcKLpcvjwJ7IVkA4mjSlYHO9S23KBHhpJT1sOH0sCxliTnnHKtJeLqf/yTxj0/lV
znz5cpekDYAQLdA4DWIMZfl6Mr6YgjN3jijkE52X2djccBoTZy4oDH/gVP4KsbGJ
znKc/ii7ZbG5/Xk7hhE0qUAD4fRzJfvJmqE4O2SiyrL37dS6kqQJulEb99ZehlQg
iTiXvdhUGoKvlVlyFCcTQ4tIv0/eoj3dEomGiSZtuwjtSrxG5yPGXOyapQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGcYYLyVKeS+LKuG9zrk8ZF1K4W5MB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvWnhoZ3ZKVXA1TDRzcTRiM091VHhrWFVyaGJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg3ZQAEQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAMrismq74mTl8wycr5viiiMrUEkKhQN3ZzzkN5
DHgBTZ472LJMpP66yHj53Sftv1HDCDzu+lIkoOWWCgNjtVY+TZA/VlbC4BcjRAKg
r1C4x1kf64wrrsJKx0qEuucfb5jxFnWImIkhi9Ol4zKG4Qa1IrPGvKTprbnNUdBw
9fxur/LLZjiRyTkwyQUcaW3mn9YXH/4YW+Z3Q19KQ4UIREVYQX5K99WcDej/OKxA
fnc0+o8PrTAj99o922JZsveWL/E908crgE0VnLApg2MJDFJJBTWx6jwYFqvtZGgr
KcCfmJsoTGLaeONoRzsCVzXoN170HWKCrD8T2mF7ojJRsXTy
-----END CERTIFICATE-----