Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/ZGLSeC44jM0byIt-NZO4ulOZZg0.roa
File:                     ZGLSeC44jM0byIt-NZO4ulOZZg0.roa (raw, json)
Hash identifier:          DoyGEXMqzei4JliMX8poQjmaMnKFLAdrFcHlrK4RSBY=
Subject key identifier:   64:62:D2:78:2E:38:8C:CD:1B:C8:8B:7E:35:93:B8:BA:53:99:66:0D
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       019D944765FA1D0BA951023D639ED8A58AA4
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/ZGLSeC44jM0byIt-NZO4ulOZZg0.roa
Signing time:             Thu 16 Apr 2026 03:13:20 +0000
ROA not before:           Thu 16 Apr 2026 03:13:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203090
IP address blocks:        2a0f:b240:10::/48 maxlen: 48
                          2a0f:b240:12::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 06:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:94:47:65:fa:1d:0b:a9:51:02:3d:63:9e:d8:a5:8a:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Apr 16 03:13:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6462d2782e388ccd1bc88b7e3593b8ba5399660d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:44:d3:b3:ba:63:a0:3a:60:36:bf:9c:f4:7a:
                    ea:ea:ad:3e:c0:99:b0:bd:d5:3c:59:2b:7b:53:43:
                    dd:68:81:2d:db:f1:c3:09:37:51:53:2e:30:50:60:
                    01:68:40:de:8a:a4:c3:c8:04:b2:99:94:ac:f4:d9:
                    d8:a5:cf:82:e9:52:8c:9c:ab:98:7a:09:2e:28:df:
                    7d:de:bf:fd:27:f5:2e:fe:e5:53:51:42:a6:53:11:
                    91:ed:bb:69:e3:e4:7a:64:5c:dc:9c:dd:74:0b:f1:
                    c5:1a:8f:22:83:8c:9a:44:1f:9a:11:08:1f:b5:53:
                    e2:2f:fa:b7:54:95:c9:57:d0:b2:bb:68:68:b0:75:
                    50:63:af:98:57:01:a0:f3:c9:fa:74:bf:cb:22:06:
                    82:d4:ab:82:4b:98:a7:59:f7:ab:05:bd:73:a7:1b:
                    3b:01:9c:85:bd:6a:fc:8c:04:1f:ce:72:27:88:ab:
                    49:b9:25:ab:0e:45:70:e7:81:d9:31:c3:28:82:8c:
                    41:93:6b:53:f8:a1:6c:7d:46:36:49:de:62:0a:c5:
                    63:e2:8d:5a:c1:8e:77:5b:5d:56:db:de:c6:6a:4a:
                    2e:b6:76:5c:b7:59:bf:3d:42:d5:ed:11:d4:2e:9a:
                    1b:30:52:00:37:b8:a2:3a:83:0d:1f:8d:0d:25:5e:
                    49:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:62:D2:78:2E:38:8C:CD:1B:C8:8B:7E:35:93:B8:BA:53:99:66:0D
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/ZGLSeC44jM0byIt-NZO4ulOZZg0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b240:10::/48
                  2a0f:b240:12::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:e6:c5:99:38:93:79:75:45:b1:28:3d:77:ce:07:d4:af:a6:
         ef:ab:ef:ed:1e:fa:23:83:2e:59:1f:2b:50:35:b7:6a:e6:f1:
         cf:d3:18:6a:00:ab:60:ef:cb:5a:62:fd:ad:21:b8:e8:18:96:
         2d:9a:0d:24:e8:0c:f8:a3:73:b6:aa:9c:54:ff:d1:0c:52:2e:
         db:4d:d8:68:28:eb:ba:60:9c:b9:eb:77:f7:34:83:0e:6b:b6:
         86:be:5e:7b:b4:e0:42:7f:3a:c5:b4:98:4f:cf:18:24:05:a8:
         86:b8:6b:a9:37:9d:27:d5:35:30:33:aa:f6:f4:79:b1:13:a5:
         30:ec:18:b9:20:23:74:0b:a6:3e:52:17:b8:e0:82:0e:03:70:
         f5:a2:c5:6d:89:a2:af:e9:93:f1:92:a0:69:3b:4c:4c:55:ff:
         a6:ba:b7:2a:f5:25:aa:39:cd:21:4e:bd:6f:62:9c:32:f5:e0:
         8b:57:f0:4d:b7:85:36:c0:fc:c6:39:38:6b:6a:0e:e6:b6:64:
         91:88:5e:aa:46:b1:64:2a:31:56:6d:07:7d:74:ef:d7:24:25:
         26:cf:55:b6:eb:35:9c:d3:cf:ad:58:cd:5b:9a:db:d4:1d:3a:
         e9:8e:10:f1:68:e7:81:b2:0e:17:bd:f4:6f:a0:1f:dc:4a:1d:
         ea:69:d1:29
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ2UR2X6HQupUQI9Y57YpYqkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjYwNDE2MDMxMzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDYyZDI3ODJlMzg4Y2NkMWJjODhiN2UzNTkzYjhiYTUzOTk2NjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0kTTs7pjoDpgNr+c9Hrq6q0+wJmw
vdU8WSt7U0PdaIEt2/HDCTdRUy4wUGABaEDeiqTDyASymZSs9NnYpc+C6VKMnKuY
egkuKN993r/9J/Uu/uVTUUKmUxGR7btp4+R6ZFzcnN10C/HFGo8ig4yaRB+aEQgf
tVPiL/q3VJXJV9Cyu2hosHVQY6+YVwGg88n6dL/LIgaC1KuCS5inWferBb1zpxs7
AZyFvWr8jAQfznIniKtJuSWrDkVw54HZMcMogoxBk2tT+KFsfUY2Sd5iCsVj4o1a
wY53W11W297GakoutnZct1m/PULV7RHULpobMFIAN7iiOoMNH40NJV5JCwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGRi0nguOIzNG8iLfjWTuLpTmWYNMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvWkdMU2VDNDRqTTBieUl0LU5aTzR1bE9aWmcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg+yQAAQ
AwcAKg+yQAASMA0GCSqGSIb3DQEBCwUAA4IBAQAG5sWZOJN5dUWxKD13zgfUr6bv
q+/tHvojgy5ZHytQNbdq5vHP0xhqAKtg78taYv2tIbjoGJYtmg0k6Az4o3O2qpxU
/9EMUi7bTdhoKOu6YJy563f3NIMOa7aGvl57tOBCfzrFtJhPzxgkBaiGuGupN50n
1TUwM6r29HmxE6Uw7Bi5ICN0C6Y+Uhe44IIOA3D1osVtiaKv6ZPxkqBpO0xMVf+m
urcq9SWqOc0hTr1vYpwy9eCLV/BNt4U2wPzGOThrag7mtmSRiF6qRrFkKjFWbQd9
dO/XJCUmz1W26zWc08+tWM1bmtvUHTrpjhDxaOeBsg4XvfRvoB/cSh3qadEp
-----END CERTIFICATE-----