Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/bc57ff-ab1b-4651-95b4-ddd7bf93d356/1/zL-LWx-Rz7OMaI1EPMJkxLg31_M.roa
File:                     zL-LWx-Rz7OMaI1EPMJkxLg31_M.roa (raw, json)
Hash identifier:          cgNfkZmen0X8xi6X3N5ufjIJZAx+Um78IAgsseJM+y8=
Subject key identifier:   CC:BF:8B:5B:1F:91:CF:B3:8C:68:8D:44:3C:C2:64:C4:B8:37:D7:F3
Certificate issuer:       /CN=e73df155c87a590ac1e538544cf3356e4fc81748
Certificate serial:       019B78A24D04E93F9ADB7459F45F1C642AFE
Authority key identifier: E7:3D:F1:55:C8:7A:59:0A:C1:E5:38:54:4C:F3:35:6E:4F:C8:17:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5z3xVch6WQrB5ThUTPM1bk_IF0g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/bc57ff-ab1b-4651-95b4-ddd7bf93d356/1/zL-LWx-Rz7OMaI1EPMJkxLg31_M.roa
Signing time:             Thu 01 Jan 2026 08:17:41 +0000
ROA not before:           Thu 01 Jan 2026 08:17:41 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206384
IP address blocks:        2001:678:ce0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/bc57ff-ab1b-4651-95b4-ddd7bf93d356/1/5z3xVch6WQrB5ThUTPM1bk_IF0g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/bc57ff-ab1b-4651-95b4-ddd7bf93d356/1/5z3xVch6WQrB5ThUTPM1bk_IF0g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5z3xVch6WQrB5ThUTPM1bk_IF0g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:78:a2:4d:04:e9:3f:9a:db:74:59:f4:5f:1c:64:2a:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e73df155c87a590ac1e538544cf3356e4fc81748
        Validity
            Not Before: Jan  1 08:17:41 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ccbf8b5b1f91cfb38c688d443cc264c4b837d7f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:ba:f2:d6:24:62:1c:74:ad:4c:a9:02:36:98:
                    fd:32:97:c8:ac:13:1f:bf:01:05:c4:47:e3:3f:25:
                    f6:d5:04:2e:9f:71:62:a1:da:d4:f2:8b:1d:11:66:
                    18:bf:8e:0d:96:05:bd:6f:86:b2:c0:3d:70:de:79:
                    29:7f:c8:e3:1f:52:3e:74:c8:ce:3e:4f:75:ee:64:
                    ae:55:2e:73:d3:fa:87:85:01:26:ba:77:52:12:51:
                    7a:3f:f0:10:b6:56:ff:97:b4:8c:d4:d1:27:87:0b:
                    e6:08:e2:d7:25:b2:4c:d8:2c:b7:d1:28:bf:cb:ba:
                    a1:aa:3c:97:42:2e:2b:6d:00:44:4e:12:07:c6:4f:
                    90:04:13:91:b8:da:cf:df:9c:8f:eb:91:f6:38:54:
                    ba:29:b1:1d:07:ae:44:da:9a:8d:db:4b:b2:16:16:
                    5e:87:4c:46:95:1e:6b:fb:0e:f5:da:42:43:ed:54:
                    3d:b6:80:4a:78:8b:50:c5:43:12:12:29:97:ff:da:
                    dc:db:61:2a:33:70:c9:53:35:54:12:fe:0b:0d:e4:
                    78:32:b6:52:e0:d1:c6:3c:5b:36:7a:e3:23:5c:fb:
                    dc:6a:ba:03:4f:e9:25:88:3c:4c:ba:06:f0:b0:28:
                    47:54:a9:4d:aa:27:10:d6:fb:c6:2a:a9:ce:3b:24:
                    c3:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:BF:8B:5B:1F:91:CF:B3:8C:68:8D:44:3C:C2:64:C4:B8:37:D7:F3
            X509v3 Authority Key Identifier:
                keyid:E7:3D:F1:55:C8:7A:59:0A:C1:E5:38:54:4C:F3:35:6E:4F:C8:17:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5z3xVch6WQrB5ThUTPM1bk_IF0g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/bc57ff-ab1b-4651-95b4-ddd7bf93d356/1/zL-LWx-Rz7OMaI1EPMJkxLg31_M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/bc57ff-ab1b-4651-95b4-ddd7bf93d356/1/5z3xVch6WQrB5ThUTPM1bk_IF0g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:ce0::/48

    Signature Algorithm: sha256WithRSAEncryption
         83:a4:2b:c3:5b:dc:88:d2:94:8f:35:54:65:f4:94:19:cb:ac:
         9a:20:e2:fa:ad:82:d9:9d:95:32:2e:85:20:17:e2:4d:33:a7:
         b4:f6:24:60:2c:30:dd:a3:42:c3:03:b0:0e:e7:75:5a:25:42:
         12:4e:98:e4:8b:79:cd:f1:0f:cd:33:e6:2e:f5:b8:df:1d:92:
         fc:07:25:28:49:b2:df:b0:e4:ef:5a:b5:69:3e:8e:8d:5d:fe:
         e7:1a:ae:b6:2f:b4:5d:06:08:4d:e6:54:6f:0f:23:15:a4:6a:
         0c:fc:7c:f4:f2:fa:86:b7:ef:f6:b4:cb:a0:8b:ae:29:26:d8:
         35:e3:e2:7c:40:07:0d:5e:12:38:e6:c0:c4:a5:c3:84:05:c7:
         8c:49:af:6d:f3:de:95:01:64:64:7e:72:35:cf:f1:9b:19:75:
         9b:d7:e0:48:63:42:04:98:81:a7:ea:4c:af:10:29:b7:49:0e:
         de:11:2f:fb:b9:24:f0:eb:70:3a:8b:32:0b:e9:a0:40:96:c5:
         34:b5:17:f3:a8:c4:21:cd:a5:f0:06:70:60:cf:da:88:a3:e8:
         d5:83:a0:8e:92:e3:86:7c:d7:c4:9c:11:92:ff:ae:3d:4e:9a:
         e5:84:1b:1c:bc:e2:cb:65:0e:6a:c5:06:7c:fb:70:2d:c4:19:
         8f:fe:a2:e9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt4ok0E6T+a23RZ9F8cZCr+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3M2RmMTU1Yzg3YTU5MGFjMWU1Mzg1NDRjZjMzNTZlNGZj
ODE3NDgwHhcNMjYwMTAxMDgxNzQxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2JmOGI1YjFmOTFjZmIzOGM2ODhkNDQzY2MyNjRjNGI4MzdkN2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlLry1iRiHHStTKkCNpj9MpfIrBMf
vwEFxEfjPyX21QQun3FiodrU8osdEWYYv44NlgW9b4aywD1w3nkpf8jjH1I+dMjO
Pk917mSuVS5z0/qHhQEmundSElF6P/AQtlb/l7SM1NEnhwvmCOLXJbJM2Cy30Si/
y7qhqjyXQi4rbQBEThIHxk+QBBORuNrP35yP65H2OFS6KbEdB65E2pqN20uyFhZe
h0xGlR5r+w712kJD7VQ9toBKeItQxUMSEimX/9rc22EqM3DJUzVUEv4LDeR4MrZS
4NHGPFs2euMjXPvcaroDT+kliDxMugbwsChHVKlNqicQ1vvGKqnOOyTDewIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMy/i1sfkc+zjGiNRDzCZMS4N9fzMB8GA1UdIwQY
MBaAFOc98VXIelkKweU4VEzzNW5PyBdIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXozeFZjaDZXUXJCNVRoVVRQTTFia19JRjBnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9iYzU3ZmYtYWIxYi00NjUxLTk1YjQt
ZGRkN2JmOTNkMzU2LzEvekwtTFd4LVJ6N09NYUkxRVBNSmt4TGczMV9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9iYzU3ZmYtYWIxYi00NjUxLTk1YjQtZGRkN2JmOTNkMzU2
LzEvNXozeFZjaDZXUXJCNVRoVVRQTTFia19JRjBnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeAzg
MA0GCSqGSIb3DQEBCwUAA4IBAQCDpCvDW9yI0pSPNVRl9JQZy6yaIOL6rYLZnZUy
LoUgF+JNM6e09iRgLDDdo0LDA7AO53VaJUISTpjki3nN8Q/NM+Yu9bjfHZL8ByUo
SbLfsOTvWrVpPo6NXf7nGq62L7RdBghN5lRvDyMVpGoM/Hz08vqGt+/2tMugi64p
Jtg14+J8QAcNXhI45sDEpcOEBceMSa9t896VAWRkfnI1z/GbGXWb1+BIY0IEmIGn
6kyvECm3SQ7eES/7uSTw63A6izIL6aBAlsU0tRfzqMQhzaXwBnBgz9qIo+jVg6CO
kuOGfNfEnBGS/649TprlhBscvOLLZQ5qxQZ8+3AtxBmP/qLp
-----END CERTIFICATE-----