Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/ecda3d-a2db-4908-862f-111056369a23/1/zCVYNwSb6R9Q5adien3vj6-COxI.roa
File:                     zCVYNwSb6R9Q5adien3vj6-COxI.roa (raw, json)
Hash identifier:          4WkrjYGFdpzJeGxKIOg7LPmr739iupPTe/+MPRyS+UI=
Subject key identifier:   CC:25:58:37:04:9B:E9:1F:50:E5:A7:62:7A:7D:EF:8F:AF:82:3B:12
Certificate issuer:       /CN=340bea3fcc3cbcedc82919cf57c74108baea369e
Certificate serial:       019D8C71798D39EC892D91EBADF248A8BD28
Authority key identifier: 34:0B:EA:3F:CC:3C:BC:ED:C8:29:19:CF:57:C7:41:08:BA:EA:36:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NAvqP8w8vO3IKRnPV8dBCLrqNp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/ecda3d-a2db-4908-862f-111056369a23/1/zCVYNwSb6R9Q5adien3vj6-COxI.roa
Signing time:             Tue 14 Apr 2026 14:42:20 +0000
ROA not before:           Tue 14 Apr 2026 14:42:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16625
IP address blocks:        2001:41a8:806:200::/56 maxlen: 56
                          2001:41a8:807:100::/56 maxlen: 56
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/ecda3d-a2db-4908-862f-111056369a23/1/NAvqP8w8vO3IKRnPV8dBCLrqNp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/ecda3d-a2db-4908-862f-111056369a23/1/NAvqP8w8vO3IKRnPV8dBCLrqNp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NAvqP8w8vO3IKRnPV8dBCLrqNp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 05:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8c:71:79:8d:39:ec:89:2d:91:eb:ad:f2:48:a8:bd:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=340bea3fcc3cbcedc82919cf57c74108baea369e
        Validity
            Not Before: Apr 14 14:42:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cc255837049be91f50e5a7627a7def8faf823b12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:fe:b9:e9:2f:0b:10:f6:a6:7d:8e:2f:4c:cb:
                    bc:82:84:44:3a:3c:33:9b:ce:9f:9b:36:24:b1:b8:
                    f8:e0:f9:5f:54:e9:15:4d:0f:8a:bb:bf:4e:d3:e4:
                    58:95:2f:75:a0:3a:b1:79:23:6f:04:3d:dd:4e:a7:
                    d8:b7:53:3e:47:ed:96:f9:fb:60:cd:81:a5:53:8d:
                    16:ce:b7:d3:88:41:e8:1a:62:ad:ad:f5:f8:a5:41:
                    12:b8:ab:4d:20:94:11:8e:af:5b:68:62:18:82:63:
                    e2:4b:b6:32:01:ea:29:34:95:d4:ee:37:90:66:86:
                    51:83:2d:21:4f:d8:15:48:ff:6a:75:73:8f:13:37:
                    73:71:b2:05:cd:71:41:de:e2:2b:8b:cb:e3:77:1b:
                    78:62:2f:72:40:bf:77:ab:7f:ca:20:e7:45:0e:1f:
                    bd:43:01:21:d3:e7:dd:fc:c7:e8:7c:55:f8:2f:39:
                    63:fb:5f:ed:af:96:91:28:8e:82:51:7b:36:dc:34:
                    01:11:65:90:5d:e9:65:a1:0f:65:d9:8f:d4:d2:50:
                    50:6e:d8:14:18:34:2a:72:2f:4b:51:9f:70:92:27:
                    07:3f:ca:48:e6:b3:2c:9e:8b:13:02:eb:7e:a3:49:
                    1a:e5:82:7e:32:29:d8:bb:93:17:63:41:65:e2:3a:
                    73:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:25:58:37:04:9B:E9:1F:50:E5:A7:62:7A:7D:EF:8F:AF:82:3B:12
            X509v3 Authority Key Identifier:
                keyid:34:0B:EA:3F:CC:3C:BC:ED:C8:29:19:CF:57:C7:41:08:BA:EA:36:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NAvqP8w8vO3IKRnPV8dBCLrqNp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/ecda3d-a2db-4908-862f-111056369a23/1/zCVYNwSb6R9Q5adien3vj6-COxI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/ecda3d-a2db-4908-862f-111056369a23/1/NAvqP8w8vO3IKRnPV8dBCLrqNp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:41a8:806:200::/56
                  2001:41a8:807:100::/56

    Signature Algorithm: sha256WithRSAEncryption
         4b:37:d3:e4:c9:f5:02:66:c0:c1:3c:34:c4:74:da:f0:9b:20:
         b8:0b:33:f4:69:09:f7:08:62:6f:b3:22:53:ef:6a:8d:71:da:
         88:58:84:3c:1c:8d:48:e0:b1:fe:2d:93:23:7f:17:06:46:d0:
         f2:38:44:6b:75:52:b1:c1:fe:90:d1:71:77:63:ea:f3:c3:80:
         aa:0a:48:91:19:7b:53:46:fe:19:a4:60:26:9f:ad:f0:e7:90:
         83:6d:d1:8c:73:c0:28:39:09:af:24:96:a7:6c:e3:f6:f4:02:
         3d:27:35:77:a8:cf:50:0e:bb:b1:3b:34:73:ae:9e:2e:c8:8e:
         5c:45:df:82:6f:b4:c7:26:ed:58:25:c6:8f:81:9d:2a:50:ba:
         f9:50:22:c4:04:9a:28:e2:3d:b4:4b:de:e7:f3:9a:de:47:c5:
         74:91:7a:ac:e3:60:71:f6:13:52:0f:1b:ad:f2:0e:a3:65:3b:
         4c:1d:c0:da:3c:c3:b1:86:c2:45:5a:ef:48:04:fa:37:08:7d:
         59:9b:c6:ef:ce:c9:c2:c3:ec:43:55:7e:6c:e4:4d:40:b7:b9:
         5d:da:50:37:fb:24:47:d1:11:b8:35:fc:58:6f:14:05:97:78:
         d4:cb:0d:21:bd:37:09:25:d6:ff:f5:22:e0:eb:4c:fd:84:8d:
         15:70:8b:76
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ2McXmNOeyJLZHrrfJIqL0oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0MGJlYTNmY2MzY2JjZWRjODI5MTljZjU3Yzc0MTA4YmFl
YTM2OWUwHhcNMjYwNDE0MTQ0MjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzI1NTgzNzA0OWJlOTFmNTBlNWE3NjI3YTdkZWY4ZmFmODIzYjEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxf656S8LEPamfY4vTMu8goREOjwz
m86fmzYksbj44PlfVOkVTQ+Ku79O0+RYlS91oDqxeSNvBD3dTqfYt1M+R+2W+ftg
zYGlU40WzrfTiEHoGmKtrfX4pUESuKtNIJQRjq9baGIYgmPiS7YyAeopNJXU7jeQ
ZoZRgy0hT9gVSP9qdXOPEzdzcbIFzXFB3uIri8vjdxt4Yi9yQL93q3/KIOdFDh+9
QwEh0+fd/MfofFX4Lzlj+1/tr5aRKI6CUXs23DQBEWWQXelloQ9l2Y/U0lBQbtgU
GDQqci9LUZ9wkicHP8pI5rMsnosTAut+o0ka5YJ+MinYu5MXY0Fl4jpzowIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFMwlWDcEm+kfUOWnYnp974+vgjsSMB8GA1UdIwQY
MBaAFDQL6j/MPLztyCkZz1fHQQi66jaeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkF2cVA4dzh2TzNJS1JuUFY4ZEJDTHJxTnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy9lY2RhM2QtYTJkYi00OTA4LTg2MmYt
MTExMDU2MzY5YTIzLzEvekNWWU53U2I2UjlRNWFkaWVuM3ZqNi1DT3hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy9lY2RhM2QtYTJkYi00OTA4LTg2MmYtMTExMDU2MzY5YTIz
LzEvTkF2cVA4dzh2TzNJS1JuUFY4ZEJDTHJxTnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUAwgAIAFBqAgG
AgMIACABQagIBwEwDQYJKoZIhvcNAQELBQADggEBAEs30+TJ9QJmwME8NMR02vCb
ILgLM/RpCfcIYm+zIlPvao1x2ohYhDwcjUjgsf4tkyN/FwZG0PI4RGt1UrHB/pDR
cXdj6vPDgKoKSJEZe1NG/hmkYCafrfDnkINt0YxzwCg5Ca8klqds4/b0Aj0nNXeo
z1AOu7E7NHOuni7IjlxF34JvtMcm7Vglxo+BnSpQuvlQIsQEmijiPbRL3ufzmt5H
xXSReqzjYHH2E1IPG63yDqNlO0wdwNo8w7GGwkVa70gE+jcIfVmbxu/OycLD7ENV
fmzkTUC3uV3aUDf7JEfREbg1/FhvFAWXeNTLDSG9Nwkl1v/1IuDrTP2EjRVwi3Y=
-----END CERTIFICATE-----