Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/584691-a971-4587-a7a5-8cbb6e7822d2/1/cHiZ6LZ8hPW5ER2wStwg89RK_q4.roa
File:                     cHiZ6LZ8hPW5ER2wStwg89RK_q4.roa (raw, json)
Hash identifier:          zXYUqoAnuDgMfHstPqrZUYqgzvB3jLNDf5DCgccR8yM=
Subject key identifier:   70:78:99:E8:B6:7C:84:F5:B9:11:1D:B0:4A:DC:20:F3:D4:4A:FE:AE
Certificate issuer:       /CN=6fcf19ef7e2f721caaf69cf82d4ca7c4b5415364
Certificate serial:       019D148C922891F34E0023350E935C01B99F
Authority key identifier: 6F:CF:19:EF:7E:2F:72:1C:AA:F6:9C:F8:2D:4C:A7:C4:B5:41:53:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b88Z734vchyq9pz4LUynxLVBU2Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/584691-a971-4587-a7a5-8cbb6e7822d2/1/cHiZ6LZ8hPW5ER2wStwg89RK_q4.roa
Signing time:             Sun 22 Mar 2026 07:57:29 +0000
ROA not before:           Sun 22 Mar 2026 07:57:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205956
IP address blocks:        2001:678:430::/46 maxlen: 47
                          2001:678:432::/48 maxlen: 48
                          2001:678:433::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/584691-a971-4587-a7a5-8cbb6e7822d2/1/b88Z734vchyq9pz4LUynxLVBU2Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/584691-a971-4587-a7a5-8cbb6e7822d2/1/b88Z734vchyq9pz4LUynxLVBU2Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b88Z734vchyq9pz4LUynxLVBU2Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:14:8c:92:28:91:f3:4e:00:23:35:0e:93:5c:01:b9:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fcf19ef7e2f721caaf69cf82d4ca7c4b5415364
        Validity
            Not Before: Mar 22 07:57:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=707899e8b67c84f5b9111db04adc20f3d44afeae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:4b:6a:ab:4d:48:bb:f8:9c:97:cf:07:1b:54:
                    03:33:3d:06:5e:29:cf:e2:de:f8:a4:66:8d:51:f4:
                    f3:ae:ba:11:c2:ef:1b:20:8f:ad:1f:00:9e:7c:1f:
                    dd:5a:1d:37:b1:c8:56:d0:4c:8f:ce:e9:b8:5a:12:
                    c0:0d:0a:2c:9f:41:fa:0e:1a:9f:08:0b:a9:0d:f9:
                    6e:7c:21:39:cc:9d:54:3a:94:01:ea:57:39:d7:eb:
                    03:12:bc:5d:3b:e8:bf:e0:25:7a:0c:cd:78:44:d3:
                    59:db:10:2a:8b:3b:31:c3:d8:54:7d:96:40:3b:2f:
                    73:2f:db:e7:a4:2b:30:28:be:e1:39:af:46:12:b2:
                    eb:d5:3e:48:72:3d:2e:bb:99:bd:64:c0:0a:8d:97:
                    6a:f7:c2:32:cd:0f:7f:d9:1e:6f:db:9c:aa:57:b9:
                    71:5e:36:14:fa:e0:b1:29:0d:5c:22:3d:bb:59:85:
                    5f:99:30:24:cd:72:ab:6c:83:24:92:53:42:a2:3f:
                    c3:5c:0a:a4:5f:cb:d0:66:3b:ca:f6:5d:a3:60:4e:
                    65:47:48:7e:45:67:42:af:ff:40:94:21:3c:19:d1:
                    c6:96:51:38:3e:0c:2c:4e:16:af:73:6c:41:55:de:
                    ba:05:db:73:9c:00:04:ef:d4:9f:17:c4:d2:cf:4f:
                    e2:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:78:99:E8:B6:7C:84:F5:B9:11:1D:B0:4A:DC:20:F3:D4:4A:FE:AE
            X509v3 Authority Key Identifier:
                keyid:6F:CF:19:EF:7E:2F:72:1C:AA:F6:9C:F8:2D:4C:A7:C4:B5:41:53:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b88Z734vchyq9pz4LUynxLVBU2Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/584691-a971-4587-a7a5-8cbb6e7822d2/1/cHiZ6LZ8hPW5ER2wStwg89RK_q4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/584691-a971-4587-a7a5-8cbb6e7822d2/1/b88Z734vchyq9pz4LUynxLVBU2Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:430::/46

    Signature Algorithm: sha256WithRSAEncryption
         17:fa:bf:ec:7f:37:41:5d:96:10:45:83:47:b8:63:66:54:3e:
         0a:08:2f:05:e9:29:2c:c3:ff:6e:58:de:fc:3d:ae:0b:63:cb:
         ef:0f:51:ae:3d:b1:e1:78:ea:9d:a9:f2:87:7a:5e:c6:52:ac:
         28:e8:de:19:a1:18:d8:f7:56:ff:ec:5c:19:14:4f:6b:6e:3d:
         5b:14:4d:ff:e2:2b:2c:05:f2:c1:7f:19:12:e9:81:54:67:2e:
         f7:66:70:7f:8b:28:37:75:78:c1:43:62:87:38:ef:3e:a1:05:
         af:76:e4:fe:82:73:c1:9e:2b:d8:bc:9c:45:e7:18:91:35:47:
         7c:bc:6c:98:8a:33:2f:c8:17:0f:1a:1e:38:87:de:fd:e6:1f:
         57:6f:d6:03:71:bb:dc:48:19:50:29:72:cd:af:9a:c5:bb:99:
         44:0c:86:42:67:04:e2:09:3c:a5:0d:2d:ed:f4:0a:53:f1:a8:
         c7:b2:35:6b:bd:07:c0:9c:3e:4d:56:6d:e4:c4:c5:4b:61:4e:
         db:2f:62:09:21:65:b6:62:fc:16:10:57:98:c5:2b:a1:6b:e6:
         c1:89:9b:a3:a9:48:a2:8c:39:36:5c:57:d1:24:87:05:96:a2:
         2a:07:dd:de:2c:3d:9a:ed:41:91:8f:f2:1f:ab:b8:85:3b:73:
         2c:e9:5d:cc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ0UjJIokfNOACM1DpNcAbmfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmY2YxOWVmN2UyZjcyMWNhYWY2OWNmODJkNGNhN2M0YjU0
MTUzNjQwHhcNMjYwMzIyMDc1NzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDc4OTllOGI2N2M4NGY1YjkxMTFkYjA0YWRjMjBmM2Q0NGFmZWFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzktqq01Iu/icl88HG1QDMz0GXinP
4t74pGaNUfTzrroRwu8bII+tHwCefB/dWh03schW0EyPzum4WhLADQosn0H6Dhqf
CAupDflufCE5zJ1UOpQB6lc51+sDErxdO+i/4CV6DM14RNNZ2xAqizsxw9hUfZZA
Oy9zL9vnpCswKL7hOa9GErLr1T5Icj0uu5m9ZMAKjZdq98IyzQ9/2R5v25yqV7lx
XjYU+uCxKQ1cIj27WYVfmTAkzXKrbIMkklNCoj/DXAqkX8vQZjvK9l2jYE5lR0h+
RWdCr/9AlCE8GdHGllE4PgwsThavc2xBVd66BdtznAAE79SfF8TSz0/i/QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHB4mei2fIT1uREdsErcIPPUSv6uMB8GA1UdIwQY
MBaAFG/PGe9+L3Icqvac+C1Mp8S1QVNkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjg4WjczNHZjaHlxOXB6NExVeW54TFZCVTJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC81ODQ2OTEtYTk3MS00NTg3LWE3YTUt
OGNiYjZlNzgyMmQyLzEvY0hpWjZMWjhoUFc1RVIyd1N0d2c4OVJLX3E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC81ODQ2OTEtYTk3MS00NTg3LWE3YTUtOGNiYjZlNzgyMmQy
LzEvYjg4WjczNHZjaHlxOXB6NExVeW54TFZCVTJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCIAEGeAQw
MA0GCSqGSIb3DQEBCwUAA4IBAQAX+r/sfzdBXZYQRYNHuGNmVD4KCC8F6Sksw/9u
WN78Pa4LY8vvD1GuPbHheOqdqfKHel7GUqwo6N4ZoRjY91b/7FwZFE9rbj1bFE3/
4issBfLBfxkS6YFUZy73ZnB/iyg3dXjBQ2KHOO8+oQWvduT+gnPBnivYvJxF5xiR
NUd8vGyYijMvyBcPGh44h9795h9Xb9YDcbvcSBlQKXLNr5rFu5lEDIZCZwTiCTyl
DS3t9ApT8ajHsjVrvQfAnD5NVm3kxMVLYU7bL2IJIWW2YvwWEFeYxSuha+bBiZuj
qUiijDk2XFfRJIcFlqIqB93eLD2a7UGRj/Ifq7iFO3Ms6V3M
-----END CERTIFICATE-----