Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/BLYgTxx2nvGwm24dcBQ-YdFCsuw.roa
File:                     BLYgTxx2nvGwm24dcBQ-YdFCsuw.roa (raw, json)
Hash identifier:          Rp5hXkx6ysCk7AZelhS8sNMOsvfpaWOlo4nWOWQj4pA=
Subject key identifier:   04:B6:20:4F:1C:76:9E:F1:B0:9B:6E:1D:70:14:3E:61:D1:42:B2:EC
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019D249F17DBE512DF6855E5B0DC06DADBB1
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/BLYgTxx2nvGwm24dcBQ-YdFCsuw.roa
Signing time:             Wed 25 Mar 2026 10:51:39 +0000
ROA not before:           Wed 25 Mar 2026 10:51:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213734
IP address blocks:        2a0f:b400::/29 maxlen: 29
                          2a10:3340::/29 maxlen: 29
                          2a12:ef00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:24:9f:17:db:e5:12:df:68:55:e5:b0:dc:06:da:db:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Mar 25 10:51:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=04b6204f1c769ef1b09b6e1d70143e61d142b2ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:13:11:30:06:e6:27:d0:b3:78:e8:b9:08:3e:
                    51:04:dd:c1:c4:c9:40:73:bb:bd:74:f5:93:f4:24:
                    33:ee:82:65:1a:8a:0f:c1:f3:93:19:c7:ae:8d:79:
                    66:24:ac:37:18:fd:0d:bb:32:11:42:55:aa:bc:e5:
                    23:d9:ac:90:8d:69:59:ac:51:49:e9:4d:13:a8:28:
                    6b:ba:b4:49:fd:f9:29:6c:c3:65:a0:b2:10:c7:98:
                    8a:1d:ad:9c:b0:d7:c3:f3:38:3c:f4:08:0d:47:30:
                    71:83:5e:73:00:37:73:d4:06:92:b4:2d:25:23:0e:
                    d6:94:89:c6:1d:03:22:d9:68:b7:b0:69:dc:a0:8e:
                    74:35:bc:25:95:9b:a6:72:f0:d0:83:40:57:67:d8:
                    1d:0a:0f:fa:a0:90:9a:cc:a6:d8:78:20:b3:16:20:
                    bd:9b:48:22:09:59:8f:bc:09:0a:a4:2e:7d:af:9f:
                    40:92:c1:94:c5:79:bc:9a:7e:e9:ac:54:da:59:c0:
                    62:69:b3:ba:29:38:13:57:ce:d7:cf:8f:7b:7f:98:
                    c3:84:09:75:34:ca:6b:a2:5e:3b:70:c8:92:dd:19:
                    58:7f:fa:1b:ec:cb:fb:de:54:49:f8:a3:68:ad:fd:
                    59:4a:b1:3e:76:cf:59:63:af:5d:38:7b:c4:3e:76:
                    15:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:B6:20:4F:1C:76:9E:F1:B0:9B:6E:1D:70:14:3E:61:D1:42:B2:EC
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/BLYgTxx2nvGwm24dcBQ-YdFCsuw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b400::/29
                  2a10:3340::/29
                  2a12:ef00::/29

    Signature Algorithm: sha256WithRSAEncryption
         40:d5:0b:81:80:d2:a8:a2:9a:1a:03:6f:b6:e7:82:7c:fb:9c:
         de:bd:78:57:38:c9:9a:3f:28:06:7c:72:b6:e1:86:30:a4:35:
         58:44:3a:10:75:25:a7:14:2f:fe:6d:c2:fa:63:f1:86:c7:28:
         04:7d:a9:e5:07:48:32:80:3e:f2:3c:cf:49:38:dc:dd:3e:5e:
         f5:74:9c:08:c2:64:78:4f:6d:93:c3:ee:82:2c:e3:37:04:69:
         d7:50:c0:9b:34:9a:1b:0f:5f:db:d2:a4:6f:3c:bd:c6:a0:84:
         df:c0:2a:d5:b9:53:7f:81:3f:d0:d4:d7:d4:b5:0b:60:6e:89:
         b3:53:9d:58:a3:cc:f8:71:4d:de:2d:11:f2:24:4e:6c:92:54:
         ad:3b:2b:91:0c:1d:ae:bc:e6:29:6c:bd:21:ef:3b:41:96:d4:
         7f:a2:f6:8d:22:a2:c4:e7:e9:e5:b8:43:bd:7a:89:05:6b:32:
         0d:d2:e1:51:a1:b7:54:23:e9:bd:41:dc:cc:93:1f:36:20:6c:
         9d:ed:5e:90:5f:5d:bd:58:21:79:64:3e:f6:2d:66:73:fc:a0:
         c9:0d:ef:31:1d:15:5a:e8:0d:98:72:cf:55:ef:04:9c:a5:71:
         76:84:2d:87:59:3c:e6:02:05:76:46:43:7d:e6:48:f7:b8:13:
         bc:9c:76:d3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ0knxfb5RLfaFXlsNwG2tuxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwMzI1MTA1MTM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGI2MjA0ZjFjNzY5ZWYxYjA5YjZlMWQ3MDE0M2U2MWQxNDJiMmVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBMRMAbmJ9CzeOi5CD5RBN3BxMlA
c7u9dPWT9CQz7oJlGooPwfOTGceujXlmJKw3GP0NuzIRQlWqvOUj2ayQjWlZrFFJ
6U0TqChrurRJ/fkpbMNloLIQx5iKHa2csNfD8zg89AgNRzBxg15zADdz1AaStC0l
Iw7WlInGHQMi2Wi3sGncoI50NbwllZumcvDQg0BXZ9gdCg/6oJCazKbYeCCzFiC9
m0giCVmPvAkKpC59r59AksGUxXm8mn7prFTaWcBiabO6KTgTV87Xz497f5jDhAl1
NMprol47cMiS3RlYf/ob7Mv73lRJ+KNorf1ZSrE+ds9ZY69dOHvEPnYV0wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAS2IE8cdp7xsJtuHXAUPmHRQrLsMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvQkxZZ1R4eDJudkd3bTI0ZGNCUS1ZZEZDc3V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKg+0AAMF
AyoQM0ADBQMqEu8AMA0GCSqGSIb3DQEBCwUAA4IBAQBA1QuBgNKoopoaA2+254J8
+5zevXhXOMmaPygGfHK24YYwpDVYRDoQdSWnFC/+bcL6Y/GGxygEfanlB0gygD7y
PM9JONzdPl71dJwIwmR4T22Tw+6CLOM3BGnXUMCbNJobD1/b0qRvPL3GoITfwCrV
uVN/gT/Q1NfUtQtgbomzU51Yo8z4cU3eLRHyJE5sklStOyuRDB2uvOYpbL0h7ztB
ltR/ovaNIqLE5+nluEO9eokFazIN0uFRobdUI+m9QdzMkx82IGyd7V6QX129WCF5
ZD72LWZz/KDJDe8xHRVa6A2Ycs9V7wScpXF2hC2HWTzmAgV2RkN95kj3uBO8nHbT
-----END CERTIFICATE-----