Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/09b295-2032-4778-9318-9164b542a219/1/5zk72GIBe30KoSZXKwmuFndxTrk.roa
File:                     5zk72GIBe30KoSZXKwmuFndxTrk.roa (raw, json)
Hash identifier:          GT3JzXwUUjVRP+4i+zBT3todjjTDmn2sEVsNEsZY/Ag=
Subject key identifier:   E7:39:3B:D8:62:01:7B:7D:0A:A1:26:57:2B:09:AE:16:77:71:4E:B9
Certificate issuer:       /CN=6833200837d6beabf358388a00e545b8ce73f631
Certificate serial:       019CAF0688C9C9B9AB255E42CE3FDB5C6E37
Authority key identifier: 68:33:20:08:37:D6:BE:AB:F3:58:38:8A:00:E5:45:B8:CE:73:F6:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aDMgCDfWvqvzWDiKAOVFuM5z9jE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/09b295-2032-4778-9318-9164b542a219/1/5zk72GIBe30KoSZXKwmuFndxTrk.roa
Signing time:             Mon 02 Mar 2026 14:49:26 +0000
ROA not before:           Mon 02 Mar 2026 14:49:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200493
IP address blocks:        2001:67c:a8c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/09b295-2032-4778-9318-9164b542a219/1/aDMgCDfWvqvzWDiKAOVFuM5z9jE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/09b295-2032-4778-9318-9164b542a219/1/aDMgCDfWvqvzWDiKAOVFuM5z9jE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aDMgCDfWvqvzWDiKAOVFuM5z9jE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:af:06:88:c9:c9:b9:ab:25:5e:42:ce:3f:db:5c:6e:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6833200837d6beabf358388a00e545b8ce73f631
        Validity
            Not Before: Mar  2 14:49:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e7393bd862017b7d0aa126572b09ae1677714eb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:6b:3b:ba:fa:c4:29:9c:01:03:36:bb:b9:c6:
                    d2:74:6e:5a:ae:bc:c9:85:81:1b:c2:0e:b4:12:ee:
                    64:c7:ae:3f:43:63:69:e9:5e:93:3e:8e:32:99:2f:
                    22:e3:5e:98:96:a2:83:57:f6:dd:30:8b:23:a0:94:
                    27:1a:3e:57:a8:3b:26:1b:22:4b:f9:69:52:75:03:
                    29:6a:54:44:48:69:7b:47:9f:ce:88:9c:c0:c7:1d:
                    d7:e3:32:74:8e:7e:fa:09:1b:fc:fe:b4:e8:2d:5a:
                    b1:e9:1d:2f:ce:03:be:64:bb:5f:e1:72:24:4f:90:
                    e2:a0:39:46:15:19:f7:61:40:0c:af:2a:da:c0:77:
                    c5:7d:f5:18:9b:30:e1:53:11:f7:b6:c2:0a:21:0b:
                    5a:46:97:6e:99:81:cb:2a:2b:9c:55:0b:e1:91:c9:
                    c1:03:86:27:5b:d7:20:3c:20:dc:87:d0:fa:ad:45:
                    95:64:30:3b:2f:d8:73:ad:6d:b7:95:2c:68:42:7e:
                    7b:2a:b5:2b:f3:59:7b:c9:f6:27:e3:0c:f5:7e:ca:
                    c8:1e:de:7f:20:e2:12:c7:05:a8:c2:30:52:ad:cd:
                    f5:59:77:9e:a0:f0:db:66:d3:75:3a:1c:9a:ac:ce:
                    e0:8d:bd:8d:f9:f0:ee:8a:a4:57:00:b9:28:d3:0b:
                    58:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:39:3B:D8:62:01:7B:7D:0A:A1:26:57:2B:09:AE:16:77:71:4E:B9
            X509v3 Authority Key Identifier:
                keyid:68:33:20:08:37:D6:BE:AB:F3:58:38:8A:00:E5:45:B8:CE:73:F6:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aDMgCDfWvqvzWDiKAOVFuM5z9jE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/09b295-2032-4778-9318-9164b542a219/1/5zk72GIBe30KoSZXKwmuFndxTrk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/09b295-2032-4778-9318-9164b542a219/1/aDMgCDfWvqvzWDiKAOVFuM5z9jE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:a8c::/48

    Signature Algorithm: sha256WithRSAEncryption
         90:6c:11:a6:14:6b:c7:f5:3f:f9:43:ec:4e:86:78:09:33:0b:
         04:20:93:4b:01:f3:a7:43:bb:85:89:fb:9b:49:73:91:c1:54:
         3c:ad:e8:92:87:47:76:74:fe:b8:55:d4:8e:57:67:7b:90:4e:
         4e:f3:ef:c2:af:03:8a:7d:f1:ea:ec:20:db:b6:06:28:3c:28:
         39:38:7e:b7:fd:69:a3:39:f8:81:b3:7f:48:1f:be:2a:89:0e:
         3e:61:61:53:d8:2b:d2:73:a5:2c:77:a6:c0:a8:17:f9:8c:95:
         be:47:92:c9:1b:5d:80:1a:d3:fc:75:d7:68:14:f8:05:9a:b8:
         a9:39:7e:76:36:e7:da:aa:a0:00:ee:4c:2b:df:48:08:e6:5c:
         59:bb:2b:19:a3:62:be:17:d2:9d:00:3b:3d:76:d6:0d:67:fa:
         42:eb:09:df:ed:ec:97:ce:9a:5e:25:43:3d:13:cb:14:b6:c6:
         e4:03:df:e4:a9:e4:49:9c:ae:f4:9e:07:20:6f:f7:3f:ce:ed:
         ad:cd:15:a3:bb:bf:61:e8:ed:38:3e:9a:de:c0:5a:5e:8a:68:
         8d:c1:99:e4:54:f3:9b:23:a9:e0:1c:7a:0a:68:82:79:78:a5:
         3d:8b:ba:53:4f:82:d0:67:e1:ab:04:9e:a1:b9:e0:40:99:9b:
         6b:75:a1:be
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZyvBojJybmrJV5Czj/bXG43MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4MzMyMDA4MzdkNmJlYWJmMzU4Mzg4YTAwZTU0NWI4Y2U3
M2Y2MzEwHhcNMjYwMzAyMTQ0OTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzM5M2JkODYyMDE3YjdkMGFhMTI2NTcyYjA5YWUxNjc3NzE0ZWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk2s7uvrEKZwBAza7ucbSdG5arrzJ
hYEbwg60Eu5kx64/Q2Np6V6TPo4ymS8i416YlqKDV/bdMIsjoJQnGj5XqDsmGyJL
+WlSdQMpalRESGl7R5/OiJzAxx3X4zJ0jn76CRv8/rToLVqx6R0vzgO+ZLtf4XIk
T5DioDlGFRn3YUAMryrawHfFffUYmzDhUxH3tsIKIQtaRpdumYHLKiucVQvhkcnB
A4YnW9cgPCDch9D6rUWVZDA7L9hzrW23lSxoQn57KrUr81l7yfYn4wz1fsrIHt5/
IOISxwWowjBSrc31WXeeoPDbZtN1OhyarM7gjb2N+fDuiqRXALko0wtYUQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOc5O9hiAXt9CqEmVysJrhZ3cU65MB8GA1UdIwQY
MBaAFGgzIAg31r6r81g4igDlRbjOc/YxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYURNZ0NEZld2cXZ6V0RpS0FPVkZ1TTV6OWpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8wOWIyOTUtMjAzMi00Nzc4LTkzMTgt
OTE2NGI1NDJhMjE5LzEvNXprNzJHSUJlMzBLb1NaWEt3bXVGbmR4VHJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8wOWIyOTUtMjAzMi00Nzc4LTkzMTgtOTE2NGI1NDJhMjE5
LzEvYURNZ0NEZld2cXZ6V0RpS0FPVkZ1TTV6OWpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAqM
MA0GCSqGSIb3DQEBCwUAA4IBAQCQbBGmFGvH9T/5Q+xOhngJMwsEIJNLAfOnQ7uF
ifubSXORwVQ8reiSh0d2dP64VdSOV2d7kE5O8+/CrwOKffHq7CDbtgYoPCg5OH63
/WmjOfiBs39IH74qiQ4+YWFT2CvSc6Usd6bAqBf5jJW+R5LJG12AGtP8dddoFPgF
mripOX52NufaqqAA7kwr30gI5lxZuysZo2K+F9KdADs9dtYNZ/pC6wnf7eyXzppe
JUM9E8sUtsbkA9/kqeRJnK70ngcgb/c/zu2tzRWju79h6O04PprewFpeimiNwZnk
VPObI6ngHHoKaIJ5eKU9i7pTT4LQZ+GrBJ6hueBAmZtrdaG+
-----END CERTIFICATE-----