Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/81EEDBDWt_A7AJxVp15PHciYxD8.roa
File:                     81EEDBDWt_A7AJxVp15PHciYxD8.roa (raw, json)
Hash identifier:          OiicPsxQnNOiaazMwFRDHzU0ZNQnVFUX+Gq8hP64PyI=
Subject key identifier:   F3:51:04:0C:10:D6:B7:F0:3B:00:9C:55:A7:5E:4F:1D:C8:98:C4:3F
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019D24EEFFCB0B7735E623C4AF985C7B1877
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/81EEDBDWt_A7AJxVp15PHciYxD8.roa
Signing time:             Wed 25 Mar 2026 12:18:55 +0000
ROA not before:           Wed 25 Mar 2026 12:18:55 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     400328
IP address blocks:        2a0f:1e06::/32 maxlen: 32
                          2a10:68c6::/32 maxlen: 32
                          2a10:7b00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:24:ee:ff:cb:0b:77:35:e6:23:c4:af:98:5c:7b:18:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Mar 25 12:18:55 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f351040c10d6b7f03b009c55a75e4f1dc898c43f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:59:54:9f:84:d1:7f:74:3b:3b:6c:49:a7:82:
                    77:dc:4e:6f:52:8b:3a:33:2b:b9:e7:02:d9:a4:ef:
                    06:ed:c4:a4:37:68:b7:65:8a:1e:17:57:8e:d1:0f:
                    56:94:41:7f:f1:a8:72:3b:81:70:c8:1d:00:18:c5:
                    64:e9:3d:e2:f3:3c:a0:33:91:a0:18:96:f1:d8:41:
                    24:9b:eb:8e:6a:ee:a1:e1:c5:b0:02:f1:39:af:5e:
                    e9:17:44:6c:97:1a:16:d4:c5:be:b6:1c:45:3a:56:
                    54:ec:4e:55:d0:2b:ef:5a:b7:85:05:5e:2c:30:9f:
                    c3:fb:c0:21:ca:fc:2b:b6:e0:87:b4:33:e6:1c:27:
                    fe:99:95:c2:78:89:a6:e1:c7:66:28:de:45:7f:3c:
                    48:26:0c:d1:8f:a9:34:7e:01:60:5e:df:16:2a:33:
                    32:ce:10:e0:bb:cb:3b:34:bd:06:9d:09:66:da:92:
                    28:47:26:77:ab:4f:4b:de:d3:0a:66:af:b8:35:31:
                    f9:80:98:31:02:1d:f4:6a:f1:00:4f:22:24:80:09:
                    23:45:c0:94:d4:f6:78:40:5b:7b:14:d1:15:30:a4:
                    de:cb:c3:4f:28:f3:42:4d:a9:69:db:ef:8c:35:6e:
                    74:7b:6c:a8:09:33:04:b5:1c:d3:ca:cf:fa:7f:91:
                    7c:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:51:04:0C:10:D6:B7:F0:3B:00:9C:55:A7:5E:4F:1D:C8:98:C4:3F
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/81EEDBDWt_A7AJxVp15PHciYxD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:1e06::/32
                  2a10:68c6::/32
                  2a10:7b00::/29

    Signature Algorithm: sha256WithRSAEncryption
         21:ec:aa:bb:b5:75:ef:c8:f3:cb:89:98:ae:51:aa:c2:03:9a:
         22:7d:48:d1:9b:64:fd:9d:c3:99:eb:d5:d7:b0:26:1c:eb:4e:
         f5:e7:ed:1c:15:18:d6:83:8b:a6:26:58:45:5b:41:65:38:13:
         a7:5e:16:d8:68:ff:f0:16:c7:d4:1d:48:58:29:22:a7:b1:e5:
         f0:88:94:ff:0b:b9:79:80:63:4d:32:7d:6e:ac:e4:04:47:3d:
         7f:93:0c:13:28:ae:6c:47:8b:19:d9:9e:1a:d4:27:69:4e:5a:
         fa:72:69:c1:14:42:fe:51:b9:22:48:ef:1e:96:05:8d:63:97:
         2b:19:09:45:fa:c4:99:23:62:1c:c1:67:c4:f6:2c:71:0c:49:
         f5:91:8c:af:13:09:bd:a4:89:cd:bd:da:7b:82:e0:5c:ff:10:
         e3:52:4f:63:ca:e3:ff:b5:1a:7b:e1:e2:71:fb:5e:c5:bf:c2:
         45:9b:a7:df:7b:59:00:4d:40:e8:d9:97:1e:08:57:71:dc:0f:
         97:2d:2f:92:40:00:93:8f:15:01:5d:c5:45:bc:08:6d:bd:ed:
         56:7c:4f:0b:66:ec:7b:52:d8:e8:e3:7f:da:7e:af:05:d5:33:
         0f:a0:1b:2e:42:ed:88:72:35:7e:c0:a6:c4:bb:a9:0b:62:94:
         95:0d:85:cc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ0k7v/LC3c15iPEr5hcexh3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwMzI1MTIxODU1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzUxMDQwYzEwZDZiN2YwM2IwMDljNTVhNzVlNGYxZGM4OThjNDNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5VlUn4TRf3Q7O2xJp4J33E5vUos6
Myu55wLZpO8G7cSkN2i3ZYoeF1eO0Q9WlEF/8ahyO4FwyB0AGMVk6T3i8zygM5Gg
GJbx2EEkm+uOau6h4cWwAvE5r17pF0RslxoW1MW+thxFOlZU7E5V0CvvWreFBV4s
MJ/D+8AhyvwrtuCHtDPmHCf+mZXCeImm4cdmKN5FfzxIJgzRj6k0fgFgXt8WKjMy
zhDgu8s7NL0GnQlm2pIoRyZ3q09L3tMKZq+4NTH5gJgxAh30avEATyIkgAkjRcCU
1PZ4QFt7FNEVMKTey8NPKPNCTalp2++MNW50e2yoCTMEtRzTys/6f5F8tQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPNRBAwQ1rfwOwCcVadeTx3ImMQ/MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvODFFRURCRFd0X0E3QUp4VnAxNVBIY2lZeEQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKg8eBgMF
ACoQaMYDBQMqEHsAMA0GCSqGSIb3DQEBCwUAA4IBAQAh7Kq7tXXvyPPLiZiuUarC
A5oifUjRm2T9ncOZ69XXsCYc60715+0cFRjWg4umJlhFW0FlOBOnXhbYaP/wFsfU
HUhYKSKnseXwiJT/C7l5gGNNMn1urOQERz1/kwwTKK5sR4sZ2Z4a1CdpTlr6cmnB
FEL+UbkiSO8elgWNY5crGQlF+sSZI2IcwWfE9ixxDEn1kYyvEwm9pInNvdp7guBc
/xDjUk9jyuP/tRp74eJx+17Fv8JFm6ffe1kATUDo2ZceCFdx3A+XLS+SQACTjxUB
XcVFvAhtve1WfE8LZux7Utjo43/afq8F1TMPoBsuQu2IcjV+wKbEu6kLYpSVDYXM
-----END CERTIFICATE-----