Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/XZk-yWmlDDM9CxBVtm8oXZP5lLg.roa
File:                     XZk-yWmlDDM9CxBVtm8oXZP5lLg.roa (raw, json)
Hash identifier:          4M0vAZEtj82VVd8AbgFS4P7h6woEavJ+CLFH4jVH08E=
Subject key identifier:   5D:99:3E:C9:69:A5:0C:33:3D:0B:10:55:B6:6F:28:5D:93:F9:94:B8
Certificate issuer:       /CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
Certificate serial:       019CE1B83885037F0BFAD68613CA7A6F077F
Authority key identifier: 2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/XZk-yWmlDDM9CxBVtm8oXZP5lLg.roa
Signing time:             Thu 12 Mar 2026 11:04:32 +0000
ROA not before:           Thu 12 Mar 2026 11:04:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39499
IP address blocks:        2a02:7f0:101::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 08:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e1:b8:38:85:03:7f:0b:fa:d6:86:13:ca:7a:6f:07:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c3963ba2aae5abd38a6eed09da985611f1b5021
        Validity
            Not Before: Mar 12 11:04:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5d993ec969a50c333d0b1055b66f285d93f994b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:3e:79:0d:b4:83:e7:3a:a4:d7:03:8f:e4:c9:
                    a7:85:f8:74:bb:29:7a:46:fc:d4:68:82:e5:65:ef:
                    8b:d0:37:1a:54:33:b7:04:3e:73:54:26:a1:c5:7a:
                    d9:27:34:c0:07:c6:ba:1d:3c:92:f2:12:43:0e:60:
                    ed:b1:8e:01:96:98:69:cd:c2:b7:20:35:97:60:7c:
                    3d:c5:1b:20:82:a7:c1:e4:54:a6:62:30:d5:fb:21:
                    a8:e6:e8:0c:9d:3b:81:a9:a7:10:7b:23:16:37:65:
                    06:fd:6b:5d:ce:be:c3:4b:78:30:45:3d:b8:31:6a:
                    4a:ce:bc:ed:8d:1e:88:21:15:4b:54:8f:10:9d:f0:
                    d9:de:29:d3:f6:7a:8e:f4:29:3c:2c:f9:c5:8f:e6:
                    98:18:b9:7c:fb:1c:1c:14:b2:3f:1c:5c:5e:22:43:
                    f7:4f:79:02:49:7e:83:ce:1e:38:75:1f:fd:6b:4b:
                    45:4e:27:82:42:e6:87:22:5e:f2:60:75:b8:56:ee:
                    16:1f:d6:39:64:2e:cf:0b:d3:40:da:0b:1a:13:16:
                    c6:e4:63:be:71:4b:3f:7e:4c:f6:8d:03:71:10:b3:
                    d0:64:6e:94:26:c9:e0:83:86:50:47:a6:c6:8f:c5:
                    bb:97:b7:dc:3c:ec:54:16:3c:8c:ca:61:8d:d5:91:
                    99:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:99:3E:C9:69:A5:0C:33:3D:0B:10:55:B6:6F:28:5D:93:F9:94:B8
            X509v3 Authority Key Identifier:
                keyid:2C:39:63:BA:2A:AE:5A:BD:38:A6:EE:D0:9D:A9:85:61:1F:1B:50:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LDljuiquWr04pu7QnamFYR8bUCE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/XZk-yWmlDDM9CxBVtm8oXZP5lLg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/381ecc-9d75-41ba-85f6-17693e7ea67a/1/LDljuiquWr04pu7QnamFYR8bUCE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:7f0:101::/48

    Signature Algorithm: sha256WithRSAEncryption
         58:c0:58:ae:a6:4f:47:e7:66:82:aa:77:04:6a:ac:a8:a4:ee:
         63:25:6b:7d:41:79:2b:5e:3a:86:4b:3d:f4:07:4e:d0:b3:ef:
         81:cb:d7:c1:5f:9f:3a:e5:ce:a4:ae:78:a8:0e:f4:f7:21:d7:
         9c:67:e7:31:5e:f3:be:68:ae:8d:69:99:d5:18:ec:be:ca:cd:
         f8:fe:ea:7b:16:39:01:39:e0:a5:e3:da:c2:5c:56:eb:ab:75:
         0c:e6:c5:5d:d8:db:b2:2a:68:5e:d2:e5:f2:24:af:99:da:da:
         a4:dc:f0:a4:4e:80:7f:ef:00:80:12:3c:d3:83:12:88:ef:ca:
         b2:06:9c:ed:4b:e3:26:a9:c4:3b:54:1b:58:94:d1:1b:85:05:
         67:f6:29:30:7c:04:95:ed:9b:ba:37:6c:79:58:9a:b3:a8:6f:
         f7:7d:b7:3e:79:66:ff:00:62:8b:f4:0a:5b:20:c2:84:5f:a8:
         d9:a4:a3:c1:ff:32:80:6b:5b:6d:ee:e7:2b:7f:7e:fb:66:f4:
         bc:6e:a5:b3:0a:62:b8:80:24:fc:62:54:be:76:a7:95:dc:41:
         1b:dd:a2:98:5b:0f:51:6a:f0:4c:d2:94:3c:c0:d9:87:c3:4b:
         d0:d0:ff:7b:0e:d0:01:d1:2e:4b:f2:1d:2e:92:d4:44:bf:ac:
         8d:25:63:7e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZzhuDiFA38L+taGE8p6bwd/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjMzk2M2JhMmFhZTVhYmQzOGE2ZWVkMDlkYTk4NTYxMWYx
YjUwMjEwHhcNMjYwMzEyMTEwNDMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDk5M2VjOTY5YTUwYzMzM2QwYjEwNTViNjZmMjg1ZDkzZjk5NGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxD55DbSD5zqk1wOP5Mmnhfh0uyl6
RvzUaILlZe+L0DcaVDO3BD5zVCahxXrZJzTAB8a6HTyS8hJDDmDtsY4BlphpzcK3
IDWXYHw9xRsggqfB5FSmYjDV+yGo5ugMnTuBqacQeyMWN2UG/Wtdzr7DS3gwRT24
MWpKzrztjR6IIRVLVI8QnfDZ3inT9nqO9Ck8LPnFj+aYGLl8+xwcFLI/HFxeIkP3
T3kCSX6Dzh44dR/9a0tFTieCQuaHIl7yYHW4Vu4WH9Y5ZC7PC9NA2gsaExbG5GO+
cUs/fkz2jQNxELPQZG6UJsngg4ZQR6bGj8W7l7fcPOxUFjyMymGN1ZGZMQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF2ZPslppQwzPQsQVbZvKF2T+ZS4MB8GA1UdIwQY
MBaAFCw5Y7oqrlq9OKbu0J2phWEfG1AhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYt
MTc2OTNlN2VhNjdhLzEvWFprLXlXbWxERE05Q3hCVnRtOG9YWlA1bExnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8zODFlY2MtOWQ3NS00MWJhLTg1ZjYtMTc2OTNlN2VhNjdh
LzEvTERsanVpcXVXcjA0cHU3UW5hbUZZUjhiVUNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIH8AEB
MA0GCSqGSIb3DQEBCwUAA4IBAQBYwFiupk9H52aCqncEaqyopO5jJWt9QXkrXjqG
Sz30B07Qs++By9fBX5865c6krnioDvT3IdecZ+cxXvO+aK6NaZnVGOy+ys34/up7
FjkBOeCl49rCXFbrq3UM5sVd2NuyKmhe0uXyJK+Z2tqk3PCkToB/7wCAEjzTgxKI
78qyBpztS+MmqcQ7VBtYlNEbhQVn9ikwfASV7Zu6N2x5WJqzqG/3fbc+eWb/AGKL
9ApbIMKEX6jZpKPB/zKAa1tt7ucrf377ZvS8bqWzCmK4gCT8YlS+dqeV3EEb3aKY
Ww9RavBM0pQ8wNmHw0vQ0P97DtAB0S5L8h0uktREv6yNJWN+
-----END CERTIFICATE-----