Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/65cc20-0dfb-4180-9ac1-c8302e82ea22/1/Z1V5lwUUrZll1KmPOgWR8Eag8b4.roa
File:                     Z1V5lwUUrZll1KmPOgWR8Eag8b4.roa (raw, json)
Hash identifier:          xUsruNjtSsoiCiUtber3+Ze8kadAYwEP/UxnWmjwonA=
Subject key identifier:   67:55:79:97:05:14:AD:99:65:D4:A9:8F:3A:05:91:F0:46:A0:F1:BE
Certificate issuer:       /CN=5fc90518df70b13d706bfe237aa5a76926a576d1
Certificate serial:       019D5E4E589078604ED8C2075B5871B3C7F8
Authority key identifier: 5F:C9:05:18:DF:70:B1:3D:70:6B:FE:23:7A:A5:A7:69:26:A5:76:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X8kFGN9wsT1wa_4jeqWnaSaldtE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/65cc20-0dfb-4180-9ac1-c8302e82ea22/1/Z1V5lwUUrZll1KmPOgWR8Eag8b4.roa
Signing time:             Sun 05 Apr 2026 15:41:25 +0000
ROA not before:           Sun 05 Apr 2026 15:41:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215607
IP address blocks:        2a12:4041:8::/48 maxlen: 48
                          2a12:4041:9::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/65cc20-0dfb-4180-9ac1-c8302e82ea22/1/X8kFGN9wsT1wa_4jeqWnaSaldtE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/65cc20-0dfb-4180-9ac1-c8302e82ea22/1/X8kFGN9wsT1wa_4jeqWnaSaldtE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X8kFGN9wsT1wa_4jeqWnaSaldtE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:5e:4e:58:90:78:60:4e:d8:c2:07:5b:58:71:b3:c7:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fc90518df70b13d706bfe237aa5a76926a576d1
        Validity
            Not Before: Apr  5 15:41:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=675579970514ad9965d4a98f3a0591f046a0f1be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ed:60:b6:3c:c5:f5:cd:f2:7a:b0:ab:2a:ec:
                    12:57:3a:42:85:5f:e2:5c:45:a7:dc:f1:61:68:e2:
                    05:bf:b0:32:a4:58:49:b0:82:7f:a4:d2:c7:69:10:
                    33:79:6e:a1:95:c0:f0:a7:d3:2f:74:c1:35:f0:7d:
                    cb:5e:4f:d6:5a:65:11:c9:f4:9b:83:89:da:32:59:
                    10:3d:0c:1c:29:1e:18:00:0c:e3:bf:75:e8:3e:b7:
                    c4:40:fe:e3:0d:25:1b:b1:8f:b7:af:f6:71:2f:5b:
                    1a:a2:d9:50:2c:40:51:33:3c:14:df:07:e1:f3:60:
                    d1:e1:7b:d4:ac:c9:1d:a0:1c:57:de:c2:2e:30:fd:
                    94:22:6f:85:c4:5d:45:2f:ae:85:81:64:fb:a9:17:
                    2a:ce:28:d0:72:2c:55:fe:bb:13:79:44:bd:a5:2a:
                    97:47:89:8c:a6:9e:72:cb:c9:bb:4b:12:c3:bc:11:
                    84:28:75:8e:2d:81:ec:bd:67:f3:56:f6:6d:30:50:
                    41:70:94:a6:61:80:6c:ab:47:38:12:b9:2b:16:cc:
                    53:f7:9e:d1:38:1e:78:e8:dd:17:98:80:de:eb:01:
                    95:f0:ce:af:d1:8d:8e:f2:55:4f:3e:5c:2f:ec:50:
                    5b:58:62:19:38:91:f3:20:9c:67:99:1a:ac:9d:0f:
                    9c:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:55:79:97:05:14:AD:99:65:D4:A9:8F:3A:05:91:F0:46:A0:F1:BE
            X509v3 Authority Key Identifier:
                keyid:5F:C9:05:18:DF:70:B1:3D:70:6B:FE:23:7A:A5:A7:69:26:A5:76:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X8kFGN9wsT1wa_4jeqWnaSaldtE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/65cc20-0dfb-4180-9ac1-c8302e82ea22/1/Z1V5lwUUrZll1KmPOgWR8Eag8b4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/65cc20-0dfb-4180-9ac1-c8302e82ea22/1/X8kFGN9wsT1wa_4jeqWnaSaldtE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:4041:8::/47

    Signature Algorithm: sha256WithRSAEncryption
         2d:66:84:c1:00:5a:37:c4:41:74:7b:45:7c:bf:fb:cb:b9:3c:
         6b:59:56:e7:18:27:b9:d4:0b:e3:9c:e7:e2:a5:eb:60:59:ce:
         ca:37:e9:a7:e9:bf:fd:0c:79:f7:f5:c1:bb:9b:92:41:94:33:
         63:7c:7c:cf:90:71:b5:03:e7:d8:86:11:e6:d6:e8:6c:ff:b1:
         9a:5d:07:05:d1:df:7b:50:82:2b:5c:dd:04:38:43:41:a6:6a:
         0e:e0:4b:94:f6:d9:73:4c:17:d2:69:e1:6c:fe:6e:ae:b6:50:
         38:83:8e:e3:b5:4a:59:45:85:af:47:44:73:07:32:af:02:8d:
         f3:c3:cc:ef:d2:e4:5c:f3:db:00:f9:9f:1c:4e:a1:d8:17:99:
         d9:19:90:08:95:76:84:c1:02:30:ea:8a:5c:ed:d2:3d:fc:06:
         86:e7:8c:ac:66:c0:f0:54:6c:1c:68:af:81:8a:b7:27:ac:d8:
         cf:5c:18:f4:d0:28:e4:59:c8:93:04:a6:a3:51:0b:66:e9:13:
         f8:48:29:be:9d:ee:30:9a:59:ec:24:ef:13:f6:b1:a1:ac:d4:
         79:ce:ec:dc:b6:b8:35:dc:c3:49:17:70:85:cd:1b:7a:d2:f8:
         4d:02:bf:82:71:43:34:d9:72:ff:fb:0d:f6:27:40:6d:30:d9:
         ed:80:33:fc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ1eTliQeGBO2MIHW1hxs8f4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmYzkwNTE4ZGY3MGIxM2Q3MDZiZmUyMzdhYTVhNzY5MjZh
NTc2ZDEwHhcNMjYwNDA1MTU0MTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzU1Nzk5NzA1MTRhZDk5NjVkNGE5OGYzYTA1OTFmMDQ2YTBmMWJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxO1gtjzF9c3yerCrKuwSVzpChV/i
XEWn3PFhaOIFv7AypFhJsIJ/pNLHaRAzeW6hlcDwp9MvdME18H3LXk/WWmURyfSb
g4naMlkQPQwcKR4YAAzjv3XoPrfEQP7jDSUbsY+3r/ZxL1saotlQLEBRMzwU3wfh
82DR4XvUrMkdoBxX3sIuMP2UIm+FxF1FL66FgWT7qRcqzijQcixV/rsTeUS9pSqX
R4mMpp5yy8m7SxLDvBGEKHWOLYHsvWfzVvZtMFBBcJSmYYBsq0c4ErkrFsxT957R
OB546N0XmIDe6wGV8M6v0Y2O8lVPPlwv7FBbWGIZOJHzIJxnmRqsnQ+cyQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGdVeZcFFK2ZZdSpjzoFkfBGoPG+MB8GA1UdIwQY
MBaAFF/JBRjfcLE9cGv+I3qlp2kmpXbRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDhrRkdOOXdzVDF3YV80amVxV25hU2FsZHRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82NWNjMjAtMGRmYi00MTgwLTlhYzEt
YzgzMDJlODJlYTIyLzEvWjFWNWx3VVVyWmxsMUttUE9nV1I4RWFnOGI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS82NWNjMjAtMGRmYi00MTgwLTlhYzEtYzgzMDJlODJlYTIy
LzEvWDhrRkdOOXdzVDF3YV80amVxV25hU2FsZHRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKhJAQQAI
MA0GCSqGSIb3DQEBCwUAA4IBAQAtZoTBAFo3xEF0e0V8v/vLuTxrWVbnGCe51Avj
nOfipetgWc7KN+mn6b/9DHn39cG7m5JBlDNjfHzPkHG1A+fYhhHm1uhs/7GaXQcF
0d97UIIrXN0EOENBpmoO4EuU9tlzTBfSaeFs/m6utlA4g47jtUpZRYWvR0RzBzKv
Ao3zw8zv0uRc89sA+Z8cTqHYF5nZGZAIlXaEwQIw6opc7dI9/AaG54ysZsDwVGwc
aK+BircnrNjPXBj00CjkWciTBKajUQtm6RP4SCm+ne4wmlnsJO8T9rGhrNR5zuzc
trg13MNJF3CFzRt60vhNAr+CcUM02XL/+w32J0BtMNntgDP8
-----END CERTIFICATE-----