Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/JzcUDrjPH1TUiUsoZg0w4H953qQ.roa
File:                     JzcUDrjPH1TUiUsoZg0w4H953qQ.roa (raw, json)
Hash identifier:          D5CsutvC/e3U+aohzUNLex1mNvn/N/QgAB3NOEyf/vU=
Subject key identifier:   27:37:14:0E:B8:CF:1F:54:D4:89:4B:28:66:0D:30:E0:7F:79:DE:A4
Certificate issuer:       /CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
Certificate serial:       019DD45D2E022D850E2A5686C6389F0A9722
Authority key identifier: 93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/JzcUDrjPH1TUiUsoZg0w4H953qQ.roa
Signing time:             Tue 28 Apr 2026 13:52:49 +0000
ROA not before:           Tue 28 Apr 2026 13:52:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206916
IP address blocks:        2a0e:aa07:e270::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d4:5d:2e:02:2d:85:0e:2a:56:86:c6:38:9f:0a:97:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9361b5cd696825b74fccba7d97c3d0a2724ef3aa
        Validity
            Not Before: Apr 28 13:52:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2737140eb8cf1f54d4894b28660d30e07f79dea4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:63:8d:0e:b4:f4:b1:d4:81:2c:4c:c1:ee:ca:
                    ba:8c:9d:c3:bf:3d:8d:82:48:22:d8:64:6b:09:24:
                    e2:c7:41:ef:3a:49:11:a2:93:cd:d4:13:f0:b1:a6:
                    4b:d0:86:f6:f0:88:46:43:8c:6c:98:22:b9:42:8d:
                    f3:94:5e:5b:5b:45:85:59:42:2a:5d:f8:87:ed:b8:
                    fc:f8:5b:fa:52:35:f3:49:c7:27:b7:7f:78:3a:7f:
                    93:c0:16:12:d8:79:77:0e:51:90:fa:69:7b:3c:89:
                    fd:17:c3:67:8f:eb:e2:6b:b9:fd:4a:ce:bc:84:12:
                    6a:f9:9b:f4:3a:90:e1:77:56:38:b5:f1:20:17:aa:
                    5d:a9:8e:ca:94:3e:bc:11:d1:73:47:41:60:55:1a:
                    55:b3:0c:d3:92:ec:a5:ee:83:e6:c6:63:ce:81:f4:
                    06:4a:1d:25:5f:e0:ae:90:3a:6c:d9:80:bd:29:77:
                    5e:cf:f8:a7:4b:ff:c9:e4:4c:d8:0a:b5:29:77:45:
                    15:12:44:e5:3e:dc:83:f0:ce:41:cb:1b:e7:72:84:
                    50:96:2b:0d:fe:8f:8a:43:bd:58:68:e1:08:6c:fe:
                    75:cd:91:68:df:5d:00:c3:58:c6:9a:c0:a2:b2:83:
                    91:78:43:56:cc:2b:5d:41:9f:b4:81:f8:33:ad:3a:
                    b2:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:37:14:0E:B8:CF:1F:54:D4:89:4B:28:66:0D:30:E0:7F:79:DE:A4
            X509v3 Authority Key Identifier:
                keyid:93:61:B5:CD:69:68:25:B7:4F:CC:BA:7D:97:C3:D0:A2:72:4E:F3:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k2G1zWloJbdPzLp9l8PQonJO86o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/JzcUDrjPH1TUiUsoZg0w4H953qQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/72bf2f-8e34-48a2-849a-a541d1bcee19/1/k2G1zWloJbdPzLp9l8PQonJO86o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:aa07:e270::/44

    Signature Algorithm: sha256WithRSAEncryption
         2f:ba:6d:eb:2b:47:d7:88:06:60:0d:5b:71:4e:10:50:54:a1:
         c7:20:12:f8:89:72:a0:1a:01:fe:3b:3b:62:a9:6f:a7:69:14:
         47:e9:0f:32:1e:a8:cc:12:77:80:8d:f4:f2:f8:9f:66:37:06:
         40:31:c8:74:74:a2:4d:80:4c:1e:29:be:18:54:e8:19:51:ff:
         cb:4d:d3:cb:3c:35:16:88:5f:28:b4:09:b3:31:d7:34:b9:63:
         87:f2:50:59:0e:14:66:77:c7:40:5e:48:12:19:66:2a:63:d6:
         a7:4b:23:05:e3:60:ec:13:91:dd:7d:12:51:4d:68:3b:a5:5e:
         23:b1:ad:2f:61:84:09:7f:5b:d0:ee:e6:31:b3:99:f4:86:05:
         dc:8c:ac:ea:f2:bb:40:0f:04:38:6b:6c:1e:e8:3f:64:67:a4:
         44:77:58:31:5e:c7:52:10:5f:d1:2d:c5:bd:d4:4d:d8:52:67:
         2a:24:0e:1b:af:95:41:51:17:86:ef:47:5a:50:b4:1e:88:b3:
         78:34:76:54:21:b6:24:75:a0:20:54:c4:24:c8:2c:33:14:d4:
         fc:92:d7:fb:3e:c3:c0:b3:4d:a1:70:20:3b:b9:e2:43:2c:20:
         e5:f4:92:7c:b6:b4:fe:b3:9d:49:71:b2:f8:d4:4b:e9:61:63:
         7a:4e:dd:6b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ3UXS4CLYUOKlaGxjifCpciMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzNjFiNWNkNjk2ODI1Yjc0ZmNjYmE3ZDk3YzNkMGEyNzI0
ZWYzYWEwHhcNMjYwNDI4MTM1MjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzM3MTQwZWI4Y2YxZjU0ZDQ4OTRiMjg2NjBkMzBlMDdmNzlkZWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumONDrT0sdSBLEzB7sq6jJ3Dvz2N
gkgi2GRrCSTix0HvOkkRopPN1BPwsaZL0Ib28IhGQ4xsmCK5Qo3zlF5bW0WFWUIq
XfiH7bj8+Fv6UjXzSccnt394On+TwBYS2Hl3DlGQ+ml7PIn9F8Nnj+via7n9Ss68
hBJq+Zv0OpDhd1Y4tfEgF6pdqY7KlD68EdFzR0FgVRpVswzTkuyl7oPmxmPOgfQG
Sh0lX+CukDps2YC9KXdez/inS//J5EzYCrUpd0UVEkTlPtyD8M5ByxvncoRQlisN
/o+KQ71YaOEIbP51zZFo310Aw1jGmsCisoOReENWzCtdQZ+0gfgzrTqy/QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCc3FA64zx9U1IlLKGYNMOB/ed6kMB8GA1UdIwQY
MBaAFJNhtc1paCW3T8y6fZfD0KJyTvOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEt
YTU0MWQxYmNlZTE5LzEvSnpjVURyalBIMVRVaVVzb1pnMHc0SDk1M3FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi83MmJmMmYtOGUzNC00OGEyLTg0OWEtYTU0MWQxYmNlZTE5
LzEvazJHMXpXbG9KYmRQekxwOWw4UFFvbkpPODZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6qB+Jw
MA0GCSqGSIb3DQEBCwUAA4IBAQAvum3rK0fXiAZgDVtxThBQVKHHIBL4iXKgGgH+
OztiqW+naRRH6Q8yHqjMEneAjfTy+J9mNwZAMch0dKJNgEweKb4YVOgZUf/LTdPL
PDUWiF8otAmzMdc0uWOH8lBZDhRmd8dAXkgSGWYqY9anSyMF42DsE5HdfRJRTWg7
pV4jsa0vYYQJf1vQ7uYxs5n0hgXcjKzq8rtADwQ4a2we6D9kZ6REd1gxXsdSEF/R
LcW91E3YUmcqJA4br5VBUReG70daULQeiLN4NHZUIbYkdaAgVMQkyCwzFNT8ktf7
PsPAs02hcCA7ueJDLCDl9JJ8trT+s51JcbL41EvpYWN6Tt1r
-----END CERTIFICATE-----