Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/PZOfXkMDADVBf7NT6Rj7RN56siM.roa
File:                     PZOfXkMDADVBf7NT6Rj7RN56siM.roa (raw, json)
Hash identifier:          SMDC4UDcpAMIXDcIa/4V8NacOsggpeu0mE3jv/ToZ+w=
Subject key identifier:   3D:93:9F:5E:43:03:00:35:41:7F:B3:53:E9:18:FB:44:DE:7A:B2:23
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       019C09554A617060F3639C1231351A03019E
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/PZOfXkMDADVBf7NT6Rj7RN56siM.roa
Signing time:             Thu 29 Jan 2026 10:38:30 +0000
ROA not before:           Thu 29 Jan 2026 10:38:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214079
IP address blocks:        2a0d:d940:2003::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:09:55:4a:61:70:60:f3:63:9c:12:31:35:1a:03:01:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Jan 29 10:38:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3d939f5e43030035417fb353e918fb44de7ab223
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:3c:7f:4c:42:ea:e6:21:89:4a:43:2d:8d:5d:
                    0c:59:4b:30:b7:5f:7c:03:12:27:55:8d:89:df:ca:
                    58:f3:95:7b:d3:28:71:1d:ae:a6:5f:aa:c0:7a:84:
                    8e:03:21:49:a1:09:c6:c9:08:ea:a6:57:3c:27:14:
                    a6:68:37:a9:5e:6f:4a:9f:47:5d:35:9e:64:f1:60:
                    1c:b2:7d:02:5b:13:8f:7b:d6:7d:c6:6b:0e:64:45:
                    e7:0e:c4:57:fd:d0:8e:04:b5:a9:57:bd:9f:f5:76:
                    83:7e:12:4d:4d:c9:df:6f:48:a2:0f:86:5b:e3:fa:
                    8e:66:da:01:a6:ca:47:52:47:d7:cf:f6:0a:6e:66:
                    e2:15:ef:f5:8e:5f:b1:a0:52:4d:31:76:10:77:28:
                    d0:5b:fa:f6:de:8d:54:32:fb:49:47:10:59:e0:4b:
                    bb:38:1c:03:6b:6b:41:98:33:5a:69:68:44:9c:f3:
                    03:d3:bf:c8:f7:da:14:61:2e:bd:ed:3a:d0:bf:7b:
                    55:7f:e7:51:8e:13:ec:57:ee:4a:d6:49:cc:5b:18:
                    e2:49:96:71:22:cd:76:d0:d5:f6:73:c6:61:a3:b1:
                    99:53:44:42:0e:04:16:74:42:de:ae:fb:b9:4c:88:
                    92:82:a7:b8:1a:85:18:5f:c4:f5:8d:df:76:df:58:
                    8f:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:93:9F:5E:43:03:00:35:41:7F:B3:53:E9:18:FB:44:DE:7A:B2:23
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/PZOfXkMDADVBf7NT6Rj7RN56siM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:2003::/48

    Signature Algorithm: sha256WithRSAEncryption
         bd:0e:eb:6d:5d:dd:fc:65:ba:a4:c6:d7:d4:a8:d3:88:6e:7f:
         44:0e:80:bd:0e:09:38:f3:3d:e9:fe:e1:74:0a:87:62:07:23:
         f9:f8:b6:4a:d4:75:20:03:e8:0e:69:68:95:6a:dc:37:0a:99:
         51:ea:59:d1:da:c9:ae:2c:b1:9c:36:eb:07:79:5f:47:bb:89:
         59:ba:34:05:43:0f:2c:8d:27:42:da:0f:7d:98:0d:15:30:5d:
         87:85:ea:8f:9a:fb:64:c6:78:ef:20:67:58:e5:05:9b:bf:a7:
         74:05:4d:9a:71:c4:da:93:63:ce:6c:f9:28:93:08:49:36:6c:
         f3:76:c7:88:9c:aa:ee:1b:13:82:4d:67:78:f0:28:b5:9d:b7:
         e8:a7:c5:5b:42:a9:fd:49:29:1a:73:61:6e:e5:07:6b:3f:c6:
         b2:42:fe:3d:6d:2e:3d:1a:ac:00:c9:32:6a:e3:a8:ca:57:de:
         df:89:5b:b8:5c:25:88:2f:13:5b:88:68:23:84:63:c6:ce:10:
         16:d7:f7:fd:24:e0:64:d7:ea:1d:1e:1a:aa:19:48:86:30:a6:
         62:4c:ff:cb:43:bd:f0:74:6e:4c:f1:62:9e:64:90:b0:79:98:
         e8:d4:51:98:1e:81:82:74:c0:9f:89:fd:67:e6:17:22:8c:5f:
         68:9c:c3:3a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZwJVUphcGDzY5wSMTUaAwGeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjYwMTI5MTAzODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDkzOWY1ZTQzMDMwMDM1NDE3ZmIzNTNlOTE4ZmI0NGRlN2FiMjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTx/TELq5iGJSkMtjV0MWUswt198
AxInVY2J38pY85V70yhxHa6mX6rAeoSOAyFJoQnGyQjqplc8JxSmaDepXm9Kn0dd
NZ5k8WAcsn0CWxOPe9Z9xmsOZEXnDsRX/dCOBLWpV72f9XaDfhJNTcnfb0iiD4Zb
4/qOZtoBpspHUkfXz/YKbmbiFe/1jl+xoFJNMXYQdyjQW/r23o1UMvtJRxBZ4Eu7
OBwDa2tBmDNaaWhEnPMD07/I99oUYS697TrQv3tVf+dRjhPsV+5K1knMWxjiSZZx
Is120NX2c8Zho7GZU0RCDgQWdELervu5TIiSgqe4GoUYX8T1jd9231iPwQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFD2Tn15DAwA1QX+zU+kY+0TeerIjMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvUFpPZlhrTURBRFZCZjdOVDZSajdSTjU2c2lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg3ZQCAD
MA0GCSqGSIb3DQEBCwUAA4IBAQC9DuttXd38ZbqkxtfUqNOIbn9EDoC9Dgk48z3p
/uF0CodiByP5+LZK1HUgA+gOaWiVatw3CplR6lnR2smuLLGcNusHeV9Hu4lZujQF
Qw8sjSdC2g99mA0VMF2HheqPmvtkxnjvIGdY5QWbv6d0BU2accTak2PObPkokwhJ
NmzzdseInKruGxOCTWd48Ci1nbfop8VbQqn9SSkac2Fu5QdrP8ayQv49bS49GqwA
yTJq46jKV97fiVu4XCWILxNbiGgjhGPGzhAW1/f9JOBk1+odHhqqGUiGMKZiTP/L
Q73wdG5M8WKeZJCweZjo1FGYHoGCdMCfif1n5hcijF9onMM6
-----END CERTIFICATE-----