Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/YzlzcRhu-iD3ZDhfYDRmSdZddgQ.roa
File:                     YzlzcRhu-iD3ZDhfYDRmSdZddgQ.roa (raw, json)
Hash identifier:          753e9bkRX1Fsp5S+P9nf7VxsaR5WwPAEieFcCkQGZ4o=
Subject key identifier:   63:39:73:71:18:6E:FA:20:F7:64:38:5F:60:34:66:49:D6:5D:76:04
Certificate issuer:       /CN=2160b2b1c829d88936b1adaeec97fdd1b40d41e5
Certificate serial:       019DAAC9637B4660D8AD21BF8DB42850DD7D
Authority key identifier: 21:60:B2:B1:C8:29:D8:89:36:B1:AD:AE:EC:97:FD:D1:B4:0D:41:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IWCyscgp2Ik2sa2u7Jf90bQNQeU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/YzlzcRhu-iD3ZDhfYDRmSdZddgQ.roa
Signing time:             Mon 20 Apr 2026 12:06:58 +0000
ROA not before:           Mon 20 Apr 2026 12:06:58 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204427
IP address blocks:        2a03:6f00:16::/48 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/IWCyscgp2Ik2sa2u7Jf90bQNQeU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/IWCyscgp2Ik2sa2u7Jf90bQNQeU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IWCyscgp2Ik2sa2u7Jf90bQNQeU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:aa:c9:63:7b:46:60:d8:ad:21:bf:8d:b4:28:50:dd:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2160b2b1c829d88936b1adaeec97fdd1b40d41e5
        Validity
            Not Before: Apr 20 12:06:58 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=63397371186efa20f764385f60346649d65d7604
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:b5:98:9d:e3:71:e9:6c:d1:7b:43:b0:68:90:
                    57:ef:3e:5e:98:ae:45:75:3d:2f:78:03:ee:f3:49:
                    9a:e5:94:02:b5:28:bc:05:2a:94:de:ef:d5:f9:35:
                    d5:ee:85:b2:2e:93:07:26:a7:bc:a3:1f:b5:3e:8b:
                    9c:e1:6f:08:3e:94:76:b8:0c:bb:0d:04:6f:65:77:
                    db:d3:3a:e8:cd:f8:d5:08:68:80:41:7b:38:63:d7:
                    76:eb:70:1c:06:86:12:24:81:f2:3c:b1:e9:c8:3e:
                    d9:20:49:e6:d5:5c:a3:f0:1d:0b:81:ef:f1:2b:28:
                    47:1d:42:fa:cf:20:77:d0:8d:a6:e2:8d:84:10:65:
                    9c:25:64:92:99:d2:86:19:e1:0f:73:9b:38:00:ff:
                    88:c7:5f:44:64:14:6f:cb:1a:00:17:9c:e7:b2:3a:
                    f5:9a:3b:76:f2:d8:b1:61:a2:48:7c:80:75:80:0e:
                    5a:0d:61:c4:29:17:ab:b2:00:1b:cf:14:f3:51:35:
                    65:05:0c:50:90:c2:5b:95:6e:8e:0c:d5:81:00:ce:
                    b4:5f:1a:39:6c:85:78:a6:ad:1f:13:f8:9d:67:9a:
                    a3:f5:b1:20:24:bf:f6:ab:b7:55:46:f3:f3:45:a5:
                    2f:ab:87:4a:10:74:9f:84:1b:af:6b:94:23:d2:43:
                    49:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:39:73:71:18:6E:FA:20:F7:64:38:5F:60:34:66:49:D6:5D:76:04
            X509v3 Authority Key Identifier:
                keyid:21:60:B2:B1:C8:29:D8:89:36:B1:AD:AE:EC:97:FD:D1:B4:0D:41:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IWCyscgp2Ik2sa2u7Jf90bQNQeU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/YzlzcRhu-iD3ZDhfYDRmSdZddgQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/db1e20-dc36-488d-91a1-3df7faf3535d/1/IWCyscgp2Ik2sa2u7Jf90bQNQeU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:6f00:16::/48

    Signature Algorithm: sha256WithRSAEncryption
         10:13:fc:bc:ae:45:3f:7d:0a:91:ec:56:73:e9:7b:c6:f0:1c:
         e0:d7:4f:ec:b3:56:c9:0a:8a:62:2b:55:19:e4:ca:2c:3f:5d:
         8c:4f:c0:a6:24:1f:e4:5e:cc:a6:2d:f6:57:09:49:0f:95:97:
         87:1b:37:0f:07:95:6d:69:4b:ea:0a:a7:4a:ae:cc:7a:71:88:
         57:ef:fc:d9:49:a2:c4:74:73:36:e2:08:9c:18:63:67:7a:43:
         1d:23:f0:ff:f4:39:e8:9c:bd:d7:bf:65:d1:16:be:46:f1:8f:
         b6:97:96:e0:ad:d9:92:e5:81:71:79:8b:b2:8b:e2:fa:10:79:
         9e:8d:e5:c9:cd:5a:3e:a0:8f:a1:c5:db:76:81:a6:df:69:b4:
         d8:c6:3f:67:98:b9:28:fd:b6:ea:22:1c:17:c8:78:94:33:4b:
         c3:e8:27:7c:fa:29:5f:0b:e7:8d:59:4c:7a:de:9c:89:69:86:
         c0:91:d7:81:4b:d3:04:13:b9:03:78:73:c2:72:2a:f0:7e:a3:
         d8:fe:b0:62:96:7e:6d:c4:5c:d9:b4:00:ba:fa:f2:ba:3b:07:
         71:f1:a7:ab:a5:e2:e7:1e:cb:d5:53:28:89:e1:87:d5:6e:28:
         d3:12:69:6b:a5:be:4c:b1:71:d8:a1:47:86:c3:2e:bd:8e:20:
         cd:a2:57:1c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ2qyWN7RmDYrSG/jbQoUN19MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxNjBiMmIxYzgyOWQ4ODkzNmIxYWRhZWVjOTdmZGQxYjQw
ZDQxZTUwHhcNMjYwNDIwMTIwNjU4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzM5NzM3MTE4NmVmYTIwZjc2NDM4NWY2MDM0NjY0OWQ2NWQ3NjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwbWYneNx6WzRe0OwaJBX7z5emK5F
dT0veAPu80ma5ZQCtSi8BSqU3u/V+TXV7oWyLpMHJqe8ox+1Pouc4W8IPpR2uAy7
DQRvZXfb0zrozfjVCGiAQXs4Y9d263AcBoYSJIHyPLHpyD7ZIEnm1Vyj8B0Lge/x
KyhHHUL6zyB30I2m4o2EEGWcJWSSmdKGGeEPc5s4AP+Ix19EZBRvyxoAF5znsjr1
mjt28tixYaJIfIB1gA5aDWHEKRersgAbzxTzUTVlBQxQkMJblW6ODNWBAM60Xxo5
bIV4pq0fE/idZ5qj9bEgJL/2q7dVRvPzRaUvq4dKEHSfhBuva5Qj0kNJFQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGM5c3EYbvog92Q4X2A0ZknWXXYEMB8GA1UdIwQY
MBaAFCFgsrHIKdiJNrGtruyX/dG0DUHlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVdDeXNjZ3AySWsyc2EydTdKZjkwYlFOUWVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi9kYjFlMjAtZGMzNi00ODhkLTkxYTEt
M2RmN2ZhZjM1MzVkLzEvWXpsemNSaHUtaUQzWkRoZllEUm1TZFpkZGdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi9kYjFlMjAtZGMzNi00ODhkLTkxYTEtM2RmN2ZhZjM1MzVk
LzEvSVdDeXNjZ3AySWsyc2EydTdKZjkwYlFOUWVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNvAAAW
MA0GCSqGSIb3DQEBCwUAA4IBAQAQE/y8rkU/fQqR7FZz6XvG8Bzg10/ss1bJCopi
K1UZ5MosP12MT8CmJB/kXsymLfZXCUkPlZeHGzcPB5VtaUvqCqdKrsx6cYhX7/zZ
SaLEdHM24gicGGNnekMdI/D/9DnonL3Xv2XRFr5G8Y+2l5bgrdmS5YFxeYuyi+L6
EHmejeXJzVo+oI+hxdt2gabfabTYxj9nmLko/bbqIhwXyHiUM0vD6Cd8+ilfC+eN
WUx63pyJaYbAkdeBS9MEE7kDeHPCcirwfqPY/rBiln5txFzZtAC6+vK6Owdx8aer
peLnHsvVUyiJ4YfVbijTEmlrpb5MsXHYoUeGwy69jiDNolcc
-----END CERTIFICATE-----