Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/M5z_FJkpC3bqs6y8rNLlO6L7mt4.roa
File:                     M5z_FJkpC3bqs6y8rNLlO6L7mt4.roa (raw, json)
Hash identifier:          pnzeAaisjISO2SuVi7e+PqwovvETfQV3LOc/UO86oM4=
Subject key identifier:   33:9C:FF:14:99:29:0B:76:EA:B3:AC:BC:AC:D2:E5:3B:A2:FB:9A:DE
Certificate issuer:       /CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
Certificate serial:       019C95D3BB5331FF1DEFFF6479DF3649BC20
Authority key identifier: 7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/M5z_FJkpC3bqs6y8rNLlO6L7mt4.roa
Signing time:             Wed 25 Feb 2026 17:23:27 +0000
ROA not before:           Wed 25 Feb 2026 17:23:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207279
IP address blocks:        2a0f:bb00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:95:d3:bb:53:31:ff:1d:ef:ff:64:79:df:36:49:bc:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b9447fe9a4acc7d6ff72d6c798d43d66cd50c3f
        Validity
            Not Before: Feb 25 17:23:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=339cff1499290b76eab3acbcacd2e53ba2fb9ade
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:67:ba:2a:ee:26:09:3e:b3:13:84:2f:36:f6:
                    6a:24:f9:a1:e9:2c:bd:6d:f3:cf:49:66:9e:57:55:
                    2a:2c:cc:f4:a0:78:2c:30:15:1b:63:b6:c1:5a:8b:
                    41:9c:de:0c:7a:98:14:a0:f7:a9:e5:9d:7b:b1:2c:
                    a8:3e:b1:83:a6:bf:ad:3a:f8:0b:71:5d:40:1d:e7:
                    f0:05:14:7a:be:fb:1c:0b:2d:b7:27:7b:8b:0b:13:
                    31:df:ab:2e:7f:3c:2f:cc:7f:19:30:42:af:03:9c:
                    09:d3:10:37:52:e6:9b:ef:44:7e:c8:5c:b4:ec:a9:
                    84:a4:4a:dc:cc:90:80:3d:ae:79:46:af:f0:7e:67:
                    45:a6:94:d5:e1:87:87:ea:f6:99:4a:4c:06:0f:5f:
                    9f:46:86:12:88:35:90:4c:84:a6:7c:9c:e2:a9:f9:
                    a6:0f:3b:a6:79:5e:3e:f8:51:a1:58:29:79:a6:e2:
                    f1:96:96:11:e1:8d:47:18:58:bc:c6:e9:ed:90:5c:
                    39:12:56:27:66:70:ab:f0:fe:51:be:6a:95:a8:49:
                    ac:ee:31:32:3f:79:29:da:db:f4:82:d7:16:66:7e:
                    b0:40:96:fd:6d:7c:65:42:23:c4:85:75:3a:c7:94:
                    9d:20:ce:ab:9d:e2:71:75:b2:7c:5b:2a:f6:04:d6:
                    89:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:9C:FF:14:99:29:0B:76:EA:B3:AC:BC:AC:D2:E5:3B:A2:FB:9A:DE
            X509v3 Authority Key Identifier:
                keyid:7B:94:47:FE:9A:4A:CC:7D:6F:F7:2D:6C:79:8D:43:D6:6C:D5:0C:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5RH_ppKzH1v9y1seY1D1mzVDD8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/M5z_FJkpC3bqs6y8rNLlO6L7mt4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/ac24df-09d6-4457-9d2e-9fceb45d6fdb/1/e5RH_ppKzH1v9y1seY1D1mzVDD8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:bb00::/29

    Signature Algorithm: sha256WithRSAEncryption
         8d:e1:8a:5b:43:82:04:db:16:55:1f:27:59:38:5a:6a:5a:59:
         61:85:69:3a:34:59:ef:0c:13:97:10:77:5a:1d:4d:bb:7e:70:
         3c:f4:55:b0:53:31:bf:d0:b1:3c:e7:fa:64:30:f1:93:97:32:
         fb:c5:1a:33:c2:b2:5e:40:36:39:32:7e:d3:b4:cc:9a:02:37:
         a0:f1:33:06:d1:5f:b3:fc:cb:20:53:f6:67:1d:7d:94:ca:2e:
         1d:94:4a:c1:be:03:31:08:2b:b8:ec:92:3e:cb:a4:3d:b2:68:
         48:dc:10:f6:8c:30:38:d9:fc:48:5c:3d:ce:73:93:78:9c:3c:
         3a:05:31:19:ef:46:8f:43:5d:86:db:ff:3d:85:69:80:ee:78:
         a5:7d:0e:04:5d:68:e5:8b:d0:05:b3:ca:85:27:8b:5f:8e:f8:
         eb:7a:3f:41:93:63:a0:3b:d2:ef:7b:bc:b5:1d:4e:fe:18:39:
         f6:30:9a:e3:6f:f9:d6:9c:9d:70:29:a4:24:0a:c9:5e:a7:c0:
         49:83:a6:f0:c2:e6:10:c2:80:da:c5:21:43:35:c2:bb:79:cd:
         6d:5d:f8:37:7a:3a:c4:36:ed:77:49:7c:7f:63:84:44:57:49:
         66:d4:e0:7e:c8:37:91:d5:30:54:05:01:f2:f7:f9:28:01:d5:
         db:d6:18:8c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZyV07tTMf8d7/9ked82SbwgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiOTQ0N2ZlOWE0YWNjN2Q2ZmY3MmQ2Yzc5OGQ0M2Q2NmNk
NTBjM2YwHhcNMjYwMjI1MTcyMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzljZmYxNDk5MjkwYjc2ZWFiM2FjYmNhY2QyZTUzYmEyZmI5YWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyme6Ku4mCT6zE4QvNvZqJPmh6Sy9
bfPPSWaeV1UqLMz0oHgsMBUbY7bBWotBnN4MepgUoPep5Z17sSyoPrGDpr+tOvgL
cV1AHefwBRR6vvscCy23J3uLCxMx36sufzwvzH8ZMEKvA5wJ0xA3Uuab70R+yFy0
7KmEpErczJCAPa55Rq/wfmdFppTV4YeH6vaZSkwGD1+fRoYSiDWQTISmfJziqfmm
DzumeV4++FGhWCl5puLxlpYR4Y1HGFi8xuntkFw5ElYnZnCr8P5RvmqVqEms7jEy
P3kp2tv0gtcWZn6wQJb9bXxlQiPEhXU6x5SdIM6rneJxdbJ8Wyr2BNaJQwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDOc/xSZKQt26rOsvKzS5Tui+5reMB8GA1UdIwQY
MBaAFHuUR/6aSsx9b/ctbHmNQ9Zs1Qw/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUt
OWZjZWI0NWQ2ZmRiLzEvTTV6X0ZKa3BDM2JxczZ5OHJOTGxPNkw3bXQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy9hYzI0ZGYtMDlkNi00NDU3LTlkMmUtOWZjZWI0NWQ2ZmRi
LzEvZTVSSF9wcEt6SDF2OXkxc2VZMUQxbXpWREQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg+7ADAN
BgkqhkiG9w0BAQsFAAOCAQEAjeGKW0OCBNsWVR8nWThaalpZYYVpOjRZ7wwTlxB3
Wh1Nu35wPPRVsFMxv9CxPOf6ZDDxk5cy+8UaM8KyXkA2OTJ+07TMmgI3oPEzBtFf
s/zLIFP2Zx19lMouHZRKwb4DMQgruOySPsukPbJoSNwQ9owwONn8SFw9znOTeJw8
OgUxGe9Gj0Ndhtv/PYVpgO54pX0OBF1o5YvQBbPKhSeLX47463o/QZNjoDvS73u8
tR1O/hg59jCa42/51pydcCmkJArJXqfASYOm8MLmEMKA2sUhQzXCu3nNbV34N3o6
xDbtd0l8f2OERFdJZtTgfsg3kdUwVAUB8vf5KAHV29YYjA==
-----END CERTIFICATE-----