Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/2AQ9n2GpCf8GP2AE-rXk2_FqZjk.roa
File:                     2AQ9n2GpCf8GP2AE-rXk2_FqZjk.roa (raw, json)
Hash identifier:          iTDUWj3l9k6SlkDyszlyZZ8hv/XQjroWzxy9kd7cE/8=
Subject key identifier:   D8:04:3D:9F:61:A9:09:FF:06:3F:60:04:FA:B5:E4:DB:F1:6A:66:39
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019D1C49ED87499FD046F8D852247A1275B0
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/2AQ9n2GpCf8GP2AE-rXk2_FqZjk.roa
Signing time:             Mon 23 Mar 2026 20:01:40 +0000
ROA not before:           Mon 23 Mar 2026 20:01:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25198
IP address blocks:        45.128.78.0/24 maxlen: 24
                          84.21.188.0/24 maxlen: 24
                          2a10:7500::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1c:49:ed:87:49:9f:d0:46:f8:d8:52:24:7a:12:75:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Mar 23 20:01:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d8043d9f61a909ff063f6004fab5e4dbf16a6639
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:29:4f:6a:9e:87:b4:53:9d:c2:20:a6:e1:40:
                    b6:0f:b7:cd:b1:90:a2:e6:04:44:d9:4e:92:e7:4f:
                    9a:90:cb:39:7d:6c:1c:b3:a2:76:39:1b:8a:9f:c7:
                    8d:32:c7:5d:86:64:0b:f5:01:c6:25:2d:ec:24:f3:
                    1b:9c:e4:30:b5:b3:b0:16:14:de:49:23:dd:0b:37:
                    5b:fc:fb:66:00:1d:a0:6f:90:9a:22:40:cd:5f:34:
                    84:08:99:1d:57:ab:ad:c8:1e:34:c4:9a:83:83:e8:
                    07:5b:8b:ae:2d:c0:04:77:6c:34:1c:2a:af:47:c0:
                    7a:07:bc:7b:b5:52:80:15:e9:7e:98:e4:64:1b:5e:
                    38:84:3c:fc:78:f8:16:cd:c5:3f:f1:b4:dc:72:a0:
                    b7:0e:d8:db:c1:56:6c:10:34:a0:71:61:db:cc:1b:
                    ca:53:63:bf:ea:5d:0f:ed:84:fd:d9:16:39:19:2e:
                    d8:6f:3e:37:91:54:13:c4:b9:4c:ac:02:f6:56:1d:
                    04:49:fb:6d:8c:78:ec:f9:39:20:27:4c:59:7d:14:
                    16:fa:2a:3e:c5:ab:77:09:6d:15:b5:e7:5b:e5:f7:
                    47:ea:eb:31:2e:3a:72:2a:61:99:e6:d6:83:f2:c8:
                    5e:dd:14:f8:95:07:74:47:2c:1e:cb:b8:bb:92:91:
                    cb:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:04:3D:9F:61:A9:09:FF:06:3F:60:04:FA:B5:E4:DB:F1:6A:66:39
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/2AQ9n2GpCf8GP2AE-rXk2_FqZjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.78.0/24
                  84.21.188.0/24
                IPv6:
                  2a10:7500::/29

    Signature Algorithm: sha256WithRSAEncryption
         cf:db:8f:ef:c4:5e:51:36:ba:08:2d:2c:73:d6:8b:77:fc:4e:
         bb:eb:07:9e:6b:20:01:1b:31:b5:45:51:d1:88:50:b6:d8:4e:
         01:c6:b0:60:4d:8e:40:28:ca:e3:be:a4:36:9f:f1:74:db:51:
         f7:0a:64:23:b4:18:0a:0a:7f:6f:08:da:69:6d:7e:b0:c1:fa:
         76:1d:08:83:ae:e1:35:5b:90:9f:af:dc:0e:45:23:70:ba:67:
         e4:0c:62:81:aa:84:1a:d8:97:b9:2d:6b:0e:a2:b8:16:6c:a3:
         60:b3:fa:2b:ae:06:1c:a1:c9:b1:23:48:b4:f5:d8:d7:32:ad:
         93:9f:c7:d8:90:26:ca:b0:a0:ef:1e:43:b1:17:22:66:8d:82:
         a0:99:20:98:a9:4f:1e:3c:bb:6e:cf:d2:66:cd:e7:7f:e7:c1:
         50:88:85:72:fd:5e:ad:6f:af:6d:64:5e:88:30:49:e9:8c:b4:
         3d:f8:1d:f1:24:fa:df:66:ec:15:45:5f:85:1a:f2:97:f2:27:
         ac:a6:d5:f6:ce:34:ad:32:49:43:12:04:cd:24:6e:c9:66:69:
         28:4e:27:68:54:d0:45:9e:d0:78:b4:5f:df:fa:da:36:8d:85:
         10:9f:c9:67:fb:15:ab:4e:90:d8:a6:e0:d6:6e:2c:bf:76:ad:
         bd:4a:7c:83
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZ0cSe2HSZ/QRvjYUiR6EnWwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwMzIzMjAwMTQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODA0M2Q5ZjYxYTkwOWZmMDYzZjYwMDRmYWI1ZTRkYmYxNmE2NjM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuClPap6HtFOdwiCm4UC2D7fNsZCi
5gRE2U6S50+akMs5fWwcs6J2ORuKn8eNMsddhmQL9QHGJS3sJPMbnOQwtbOwFhTe
SSPdCzdb/PtmAB2gb5CaIkDNXzSECJkdV6utyB40xJqDg+gHW4uuLcAEd2w0HCqv
R8B6B7x7tVKAFel+mORkG144hDz8ePgWzcU/8bTccqC3DtjbwVZsEDSgcWHbzBvK
U2O/6l0P7YT92RY5GS7Ybz43kVQTxLlMrAL2Vh0ESfttjHjs+TkgJ0xZfRQW+io+
xat3CW0Vtedb5fdH6usxLjpyKmGZ5taD8she3RT4lQd0Rywey7i7kpHLAQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNgEPZ9hqQn/Bj9gBPq15NvxamY5MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvMkFROW4yR3BDZjhHUDJBRS1yWGsyX0ZxWmprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQALYBOAwQA
VBW8MA0EAgACMAcDBQMqEHUAMA0GCSqGSIb3DQEBCwUAA4IBAQDP24/vxF5RNroI
LSxz1ot3/E676weeayABGzG1RVHRiFC22E4BxrBgTY5AKMrjvqQ2n/F021H3CmQj
tBgKCn9vCNppbX6wwfp2HQiDruE1W5Cfr9wORSNwumfkDGKBqoQa2Je5LWsOorgW
bKNgs/orrgYcocmxI0i09djXMq2Tn8fYkCbKsKDvHkOxFyJmjYKgmSCYqU8ePLtu
z9Jmzed/58FQiIVy/V6tb69tZF6IMEnpjLQ9+B3xJPrfZuwVRV+FGvKX8iesptX2
zjStMklDEgTNJG7JZmkoTidoVNBFntB4tF/f+to2jYUQn8ln+xWrTpDYpuDWbiy/
dq29SnyD
-----END CERTIFICATE-----