Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/2gq2gn_prAEylsBMFhuxP33EkKg.roa
File:                     2gq2gn_prAEylsBMFhuxP33EkKg.roa (raw, json)
Hash identifier:          cK9sGKg8TYHpHUD0bj1w86fXqLDiJfLZ49OgNCSYB0w=
Subject key identifier:   DA:0A:B6:82:7F:E9:AC:01:32:96:C0:4C:16:1B:B1:3F:7D:C4:90:A8
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019DF3B5C7900A62CC4CA265321A0D0FF758
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/2gq2gn_prAEylsBMFhuxP33EkKg.roa
Signing time:             Mon 04 May 2026 15:57:49 +0000
ROA not before:           Mon 04 May 2026 15:57:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63023
IP address blocks:        103.114.41.0/24 maxlen: 24
                          2a13:18c2::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:35:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f3:b5:c7:90:0a:62:cc:4c:a2:65:32:1a:0d:0f:f7:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: May  4 15:57:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=da0ab6827fe9ac013296c04c161bb13f7dc490a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:29:b6:ef:0f:84:f3:89:63:1b:fe:01:25:20:
                    1b:a0:08:52:35:78:16:a5:00:7e:35:74:1d:9e:e8:
                    b9:33:f2:4c:6f:9a:8c:44:a6:47:3b:6d:9c:a9:71:
                    af:58:55:40:58:03:ea:a0:fb:1f:ce:d0:f4:98:1d:
                    c5:41:de:20:4c:61:52:d2:14:79:e1:bd:f8:5a:bb:
                    fa:1f:a6:12:b7:aa:3c:38:9c:c1:10:54:ed:10:6c:
                    a5:a8:d2:e4:4a:58:39:95:00:30:2b:6d:b4:8a:3f:
                    f8:88:e1:8d:ef:34:39:08:ca:87:bd:6a:dd:9b:05:
                    f0:76:9b:fd:4d:65:88:21:3c:d6:7e:c1:e8:43:88:
                    2e:0e:9e:14:99:73:52:a4:42:07:89:10:ad:cb:1e:
                    46:aa:95:2f:a1:7d:cc:7f:28:3f:be:3b:1e:20:ae:
                    49:67:54:b0:c5:d9:22:69:eb:ae:27:04:bf:23:05:
                    ec:0b:da:ba:77:fd:f8:f0:92:e4:80:32:c7:eb:8d:
                    7d:9e:b7:ea:94:81:7c:06:ff:1c:f5:ad:98:56:8f:
                    34:28:64:8f:d1:92:9e:a9:26:f3:b8:c6:20:a6:00:
                    87:d4:66:54:9a:0a:16:29:3f:f9:0d:04:8d:e2:a6:
                    71:db:f4:49:49:0b:7b:7d:13:9b:3d:b2:2c:9d:79:
                    46:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:0A:B6:82:7F:E9:AC:01:32:96:C0:4C:16:1B:B1:3F:7D:C4:90:A8
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/2gq2gn_prAEylsBMFhuxP33EkKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.114.41.0/24
                IPv6:
                  2a13:18c2::/32

    Signature Algorithm: sha256WithRSAEncryption
         bf:f1:1d:85:f1:d4:40:e2:8c:25:b6:3a:e6:f9:0b:3a:3b:d9:
         f0:c2:fe:b3:61:83:d6:39:22:17:a9:8b:7c:4f:b7:dd:ac:ac:
         bf:22:ac:4d:56:c3:cb:48:05:78:11:12:5c:8d:0c:51:4b:c5:
         2a:36:d5:eb:d8:0b:b3:21:7c:8b:a6:6c:7a:41:d9:83:16:91:
         62:84:08:33:7a:e9:82:b0:d8:53:8c:81:02:ca:14:a7:d8:65:
         ac:b1:aa:82:ac:c7:f9:4a:36:72:a6:60:9d:55:a1:52:56:2c:
         82:26:22:86:5f:3f:c8:8e:67:07:a2:7f:1f:9f:1b:a8:b0:2c:
         ce:e3:08:d1:d0:98:58:1f:98:f8:b4:2c:4e:9f:40:92:51:bb:
         2e:ec:63:b6:82:48:c6:77:d2:37:06:10:cf:53:14:ee:d4:12:
         ef:9a:78:8b:85:ba:b4:38:34:29:b4:7b:0d:ca:7b:23:eb:80:
         03:b7:5b:df:f5:b4:8e:8f:f4:c5:61:d2:84:95:ed:7a:a2:cc:
         22:ce:a3:58:fe:58:04:7c:c1:af:16:f6:cc:13:e4:6b:a0:34:
         3f:4e:4a:37:18:c6:bb:aa:25:13:33:8f:ba:20:9e:85:57:2f:
         92:ac:e3:6a:d7:cf:88:44:06:c8:3a:6c:0a:87:53:3f:99:07:
         d6:3e:34:e7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ3ztceQCmLMTKJlMhoND/dYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwNTA0MTU1NzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTBhYjY4MjdmZTlhYzAxMzI5NmMwNGMxNjFiYjEzZjdkYzQ5MGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnCm27w+E84ljG/4BJSAboAhSNXgW
pQB+NXQdnui5M/JMb5qMRKZHO22cqXGvWFVAWAPqoPsfztD0mB3FQd4gTGFS0hR5
4b34Wrv6H6YSt6o8OJzBEFTtEGylqNLkSlg5lQAwK220ij/4iOGN7zQ5CMqHvWrd
mwXwdpv9TWWIITzWfsHoQ4guDp4UmXNSpEIHiRCtyx5GqpUvoX3Mfyg/vjseIK5J
Z1SwxdkiaeuuJwS/IwXsC9q6d/348JLkgDLH6419nrfqlIF8Bv8c9a2YVo80KGSP
0ZKeqSbzuMYgpgCH1GZUmgoWKT/5DQSN4qZx2/RJSQt7fRObPbIsnXlGGwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNoKtoJ/6awBMpbATBYbsT99xJCoMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvMmdxMmduX3ByQUV5bHNCTUZodXhQMzNFa0tnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAZ3IpMA0E
AgACMAcDBQAqExjCMA0GCSqGSIb3DQEBCwUAA4IBAQC/8R2F8dRA4owltjrm+Qs6
O9nwwv6zYYPWOSIXqYt8T7fdrKy/IqxNVsPLSAV4ERJcjQxRS8UqNtXr2AuzIXyL
pmx6QdmDFpFihAgzeumCsNhTjIECyhSn2GWssaqCrMf5SjZypmCdVaFSViyCJiKG
Xz/IjmcHon8fnxuosCzO4wjR0JhYH5j4tCxOn0CSUbsu7GO2gkjGd9I3BhDPUxTu
1BLvmniLhbq0ODQptHsNynsj64ADt1vf9bSOj/TFYdKEle16oswizqNY/lgEfMGv
FvbME+RroDQ/Tko3GMa7qiUTM4+6IJ6FVy+SrONq18+IRAbIOmwKh1M/mQfWPjTn
-----END CERTIFICATE-----