Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/Z6ubyFNaPLuvtqj--P7EGZhh2LU.roa
File:                     Z6ubyFNaPLuvtqj--P7EGZhh2LU.roa (raw, json)
Hash identifier:          IEEdBo72+rjQLUXX+s6K/FoohF6R/aWo64ZoEKCWyHA=
Subject key identifier:   67:AB:9B:C8:53:5A:3C:BB:AF:B6:A8:FE:F8:FE:C4:19:98:61:D8:B5
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       019EAE7B875B0693DF47B3AE2A1B14202D24
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/Z6ubyFNaPLuvtqj--P7EGZhh2LU.roa
Signing time:             Tue 09 Jun 2026 22:23:11 +0000
ROA not before:           Tue 09 Jun 2026 22:23:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199742
IP address blocks:        2a0d:d940:120::/44 maxlen: 48
                          2a0d:d940:130::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ae:7b:87:5b:06:93:df:47:b3:ae:2a:1b:14:20:2d:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Jun  9 22:23:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=67ab9bc8535a3cbbafb6a8fef8fec4199861d8b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:ae:0b:86:cf:48:32:a0:a9:e8:b7:1f:b8:85:
                    ae:80:98:38:d9:82:79:d3:aa:0d:0e:55:1d:07:db:
                    e7:70:b1:65:71:ea:f7:b9:dd:79:0c:cd:6d:fb:6d:
                    c6:4b:b8:71:39:1b:23:52:47:e0:c0:ee:a1:24:43:
                    fa:88:70:0a:68:05:78:d8:01:64:d5:d2:a9:a2:8a:
                    38:20:1e:71:3f:5a:3a:8c:c2:d3:cc:46:a9:ab:0c:
                    a0:e2:dd:78:65:5d:d1:6f:f9:49:40:90:31:9c:f8:
                    44:a3:9d:a5:d1:17:01:fe:9d:93:68:13:81:cc:d8:
                    0f:32:67:1a:ef:3c:b8:43:8f:7b:dd:ff:d5:0a:3f:
                    8a:e1:af:55:dc:b9:d8:e8:9f:37:f0:37:2d:94:dd:
                    6e:a2:eb:0c:1b:aa:e2:1d:d0:9d:11:82:15:f5:df:
                    af:40:36:62:ef:be:5f:f0:cb:82:43:5f:8d:37:fc:
                    66:a1:3c:c1:b0:36:82:85:bb:db:a3:5a:12:53:ad:
                    da:8b:34:b2:34:ce:3c:eb:03:d2:24:76:df:c6:14:
                    4c:f8:2e:48:5a:4c:ed:4f:2f:a6:8e:ff:c2:3a:3d:
                    74:fe:dc:fb:17:4f:b2:af:5e:e0:9d:ad:a2:a6:cd:
                    8e:b5:8a:fa:fc:c5:c4:66:2e:39:4a:98:6e:bc:c0:
                    23:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:AB:9B:C8:53:5A:3C:BB:AF:B6:A8:FE:F8:FE:C4:19:98:61:D8:B5
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/Z6ubyFNaPLuvtqj--P7EGZhh2LU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:120::/43

    Signature Algorithm: sha256WithRSAEncryption
         1d:cb:18:51:15:a2:d0:7d:7a:90:a0:a0:39:dd:86:b8:2f:56:
         17:f4:9e:52:2f:2c:4e:5c:c8:dd:11:52:81:18:1c:0b:9b:e9:
         69:d5:1a:5a:a9:49:32:ff:d4:68:f1:e3:91:37:12:b4:ea:ad:
         af:4b:ce:04:7f:0a:0a:c7:3f:21:f9:a9:46:66:6e:fa:aa:cc:
         af:57:4c:61:0e:b8:6e:be:bd:35:78:e9:26:5d:4a:98:e2:f5:
         57:e9:db:99:f4:d2:61:be:32:ee:be:e1:22:df:39:b7:34:37:
         10:69:cb:69:d4:69:b4:76:f1:06:ae:6d:a8:af:1a:1a:65:5c:
         01:d7:a0:3f:15:76:4d:ab:a9:15:95:51:29:a1:b8:55:e7:d1:
         7f:0c:52:a3:68:69:f5:ac:7d:61:39:67:47:81:93:da:92:b6:
         04:66:8f:70:dc:71:d8:b0:01:d2:e8:c7:8c:f8:1e:7c:3d:72:
         ed:a1:da:ce:23:a5:a6:9e:76:c7:88:31:f4:c0:10:93:c8:f3:
         c4:04:cd:eb:2e:91:47:47:64:55:cb:97:8d:39:b0:a3:a1:57:
         d3:5d:8e:c4:a1:23:a2:3d:23:61:f9:ad:e5:b1:6a:1f:af:a2:
         ef:cf:a6:6a:c9:10:a0:33:c7:12:8b:3b:ac:e7:15:4e:5d:ee:
         8c:a5:08:66
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ6ue4dbBpPfR7OuKhsUIC0kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjYwNjA5MjIyMzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2FiOWJjODUzNWEzY2JiYWZiNmE4ZmVmOGZlYzQxOTk4NjFkOGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuq4Lhs9IMqCp6LcfuIWugJg42YJ5
06oNDlUdB9vncLFlcer3ud15DM1t+23GS7hxORsjUkfgwO6hJEP6iHAKaAV42AFk
1dKpooo4IB5xP1o6jMLTzEapqwyg4t14ZV3Rb/lJQJAxnPhEo52l0RcB/p2TaBOB
zNgPMmca7zy4Q4973f/VCj+K4a9V3LnY6J838DctlN1uousMG6riHdCdEYIV9d+v
QDZi775f8MuCQ1+NN/xmoTzBsDaChbvbo1oSU63aizSyNM486wPSJHbfxhRM+C5I
WkztTy+mjv/COj10/tz7F0+yr17gna2ips2OtYr6/MXEZi45SphuvMAjUQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGerm8hTWjy7r7ao/vj+xBmYYdi1MB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvWjZ1YnlGTmFQTHV2dHFqLS1QN0VHWmhoMkxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcFKg3ZQAEg
MA0GCSqGSIb3DQEBCwUAA4IBAQAdyxhRFaLQfXqQoKA53Ya4L1YX9J5SLyxOXMjd
EVKBGBwLm+lp1RpaqUky/9Ro8eORNxK06q2vS84EfwoKxz8h+alGZm76qsyvV0xh
Drhuvr01eOkmXUqY4vVX6duZ9NJhvjLuvuEi3zm3NDcQactp1Gm0dvEGrm2orxoa
ZVwB16A/FXZNq6kVlVEpobhV59F/DFKjaGn1rH1hOWdHgZPakrYEZo9w3HHYsAHS
6MeM+B58PXLtodrOI6WmnnbHiDH0wBCTyPPEBM3rLpFHR2RVy5eNObCjoVfTXY7E
oSOiPSNh+a3lsWofr6Lvz6ZqyRCgM8cSizus5xVOXe6MpQhm
-----END CERTIFICATE-----