Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/8035e2-1f20-47e7-ad64-07143765fffe/1/DRNZ2Noj1jQqoeJCWv4JOU1HsDw.roa
File:                     DRNZ2Noj1jQqoeJCWv4JOU1HsDw.roa (raw, json)
Hash identifier:          yIgbar3MOMeY3sZNtgZrdUU7Wm2ezjgMSXqvJFogWMk=
Subject key identifier:   0D:13:59:D8:DA:23:D6:34:2A:A1:E2:42:5A:FE:09:39:4D:47:B0:3C
Certificate issuer:       /CN=d66df7599e243b462864126a8c241078a2e2b045
Certificate serial:       019B76EAE2E25E286176D5AC9C98DA108FDD
Authority key identifier: D6:6D:F7:59:9E:24:3B:46:28:64:12:6A:8C:24:10:78:A2:E2:B0:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1m33WZ4kO0YoZBJqjCQQeKLisEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/8035e2-1f20-47e7-ad64-07143765fffe/1/DRNZ2Noj1jQqoeJCWv4JOU1HsDw.roa
Signing time:             Thu 01 Jan 2026 00:17:43 +0000
ROA not before:           Thu 01 Jan 2026 00:17:43 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209539
IP address blocks:        2a07:3580:11::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/8035e2-1f20-47e7-ad64-07143765fffe/1/1m33WZ4kO0YoZBJqjCQQeKLisEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/8035e2-1f20-47e7-ad64-07143765fffe/1/1m33WZ4kO0YoZBJqjCQQeKLisEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1m33WZ4kO0YoZBJqjCQQeKLisEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:ea:e2:e2:5e:28:61:76:d5:ac:9c:98:da:10:8f:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d66df7599e243b462864126a8c241078a2e2b045
        Validity
            Not Before: Jan  1 00:17:43 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0d1359d8da23d6342aa1e2425afe09394d47b03c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:99:7b:25:39:a9:c6:56:e6:63:c4:b4:42:82:
                    44:9a:0c:94:1f:2b:52:9e:08:26:02:87:d2:48:98:
                    b9:a5:87:54:e7:08:0b:39:bb:37:a9:d7:ec:62:ae:
                    da:cc:a2:12:6f:97:51:31:73:58:bd:eb:ec:5a:81:
                    da:48:10:b5:8d:1c:fe:e9:c5:ee:93:36:b7:21:e3:
                    c6:b0:7c:9d:60:9b:7f:78:c2:1e:c7:f1:a3:82:ef:
                    34:f1:a1:01:00:58:75:2a:87:12:78:fa:3a:40:f5:
                    d1:eb:2b:f5:fb:13:21:a3:21:7c:31:dc:5a:ef:86:
                    5a:7e:09:b2:ec:d3:fb:28:1c:6d:89:17:65:86:ef:
                    db:af:38:ea:cb:54:04:c9:1f:a4:ec:db:8f:48:53:
                    c7:2b:f8:f0:33:4c:a6:06:a6:0e:3d:5e:de:f4:63:
                    f1:17:4c:84:5d:ee:81:5d:be:86:c0:22:fd:a2:3e:
                    34:57:eb:38:0e:19:68:8b:4e:37:74:cc:75:59:93:
                    71:10:4e:f6:1c:76:9b:8e:cd:8e:73:2e:11:c3:0e:
                    b7:44:6c:a9:49:e6:35:33:c4:25:68:c9:6b:fd:65:
                    32:4b:c8:fa:84:2a:04:2c:2a:cb:40:96:be:77:6b:
                    67:3e:76:f8:78:8d:11:d3:c8:8e:7b:4e:af:a7:45:
                    ff:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:13:59:D8:DA:23:D6:34:2A:A1:E2:42:5A:FE:09:39:4D:47:B0:3C
            X509v3 Authority Key Identifier:
                keyid:D6:6D:F7:59:9E:24:3B:46:28:64:12:6A:8C:24:10:78:A2:E2:B0:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1m33WZ4kO0YoZBJqjCQQeKLisEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/8035e2-1f20-47e7-ad64-07143765fffe/1/DRNZ2Noj1jQqoeJCWv4JOU1HsDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/8035e2-1f20-47e7-ad64-07143765fffe/1/1m33WZ4kO0YoZBJqjCQQeKLisEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:3580:11::/48

    Signature Algorithm: sha256WithRSAEncryption
         47:92:2b:96:1e:73:ed:49:09:49:32:47:c5:74:76:3f:f9:f5:
         ef:85:fa:d7:a4:51:5f:8b:6c:c3:70:d4:95:53:ac:bb:a3:2c:
         e5:13:23:c1:68:2c:eb:33:7f:bc:74:7d:26:9c:93:f7:31:68:
         26:c7:21:d8:e7:37:6d:fc:ba:ec:a3:25:11:91:e3:30:fb:36:
         3c:94:69:d7:5a:bd:c6:57:d4:8c:56:cb:1b:64:e3:fa:32:c5:
         56:ed:51:e5:bd:b4:dd:ec:84:16:d0:ec:78:69:a6:69:39:0d:
         f4:43:65:cd:62:3c:9b:f7:b7:8f:cc:59:6e:a8:87:d0:c5:c5:
         58:90:e0:b1:6d:a3:43:1f:e1:fd:b1:ed:38:99:77:c1:4c:40:
         eb:92:f4:c6:ec:de:a9:88:40:b8:d9:d0:9d:a2:f4:07:2a:2d:
         d9:11:52:52:17:c3:89:ec:70:d1:d8:1a:e3:98:fc:42:8c:0d:
         9d:85:0d:bd:96:cc:cc:1f:a7:d7:9c:76:39:d2:1b:e4:a3:48:
         74:03:21:44:38:a3:79:d7:18:17:7a:5e:54:c9:a1:29:c3:95:
         1b:5f:ee:3b:48:a7:1a:bc:4f:c7:05:af:1d:18:c6:e1:fa:14:
         b7:15:3f:51:4a:c0:d6:fd:14:e5:6e:6b:85:8d:b8:2b:dc:6e:
         2b:49:6d:4d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt26uLiXihhdtWsnJjaEI/dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2NmRmNzU5OWUyNDNiNDYyODY0MTI2YThjMjQxMDc4YTJl
MmIwNDUwHhcNMjYwMTAxMDAxNzQzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDEzNTlkOGRhMjNkNjM0MmFhMWUyNDI1YWZlMDkzOTRkNDdiMDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Zl7JTmpxlbmY8S0QoJEmgyUHytS
nggmAofSSJi5pYdU5wgLObs3qdfsYq7azKISb5dRMXNYvevsWoHaSBC1jRz+6cXu
kza3IePGsHydYJt/eMIex/Gjgu808aEBAFh1KocSePo6QPXR6yv1+xMhoyF8Mdxa
74Zafgmy7NP7KBxtiRdlhu/brzjqy1QEyR+k7NuPSFPHK/jwM0ymBqYOPV7e9GPx
F0yEXe6BXb6GwCL9oj40V+s4Dhloi043dMx1WZNxEE72HHabjs2Ocy4Rww63RGyp
SeY1M8QlaMlr/WUyS8j6hCoELCrLQJa+d2tnPnb4eI0R08iOe06vp0X/1wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA0TWdjaI9Y0KqHiQlr+CTlNR7A8MB8GA1UdIwQY
MBaAFNZt91meJDtGKGQSaowkEHii4rBFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMW0zM1daNGtPMFlvWkJKcWpDUVFlS0xpc0VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS84MDM1ZTItMWYyMC00N2U3LWFkNjQt
MDcxNDM3NjVmZmZlLzEvRFJOWjJOb2oxalFxb2VKQ1d2NEpPVTFIc0R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS84MDM1ZTItMWYyMC00N2U3LWFkNjQtMDcxNDM3NjVmZmZl
LzEvMW0zM1daNGtPMFlvWkJKcWpDUVFlS0xpc0VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgc1gAAR
MA0GCSqGSIb3DQEBCwUAA4IBAQBHkiuWHnPtSQlJMkfFdHY/+fXvhfrXpFFfi2zD
cNSVU6y7oyzlEyPBaCzrM3+8dH0mnJP3MWgmxyHY5zdt/LrsoyURkeMw+zY8lGnX
Wr3GV9SMVssbZOP6MsVW7VHlvbTd7IQW0Ox4aaZpOQ30Q2XNYjyb97ePzFluqIfQ
xcVYkOCxbaNDH+H9se04mXfBTEDrkvTG7N6piEC42dCdovQHKi3ZEVJSF8OJ7HDR
2BrjmPxCjA2dhQ29lszMH6fXnHY50hvko0h0AyFEOKN51xgXel5UyaEpw5UbX+47
SKcavE/HBa8dGMbh+hS3FT9RSsDW/RTlbmuFjbgr3G4rSW1N
-----END CERTIFICATE-----