Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/LSZwY0GZOAKfx-Q2b-21vP9e-sU.roa
File:                     LSZwY0GZOAKfx-Q2b-21vP9e-sU.roa (raw, json)
Hash identifier:          ensBSwzzb5ulhhzU/ofxOQV4gqGYD1cbvPEu7R/JN3k=
Subject key identifier:   2D:26:70:63:41:99:38:02:9F:C7:E4:36:6F:ED:B5:BC:FF:5E:FA:C5
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019DF3B3F2121AD557B81DA93490BA918715
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/LSZwY0GZOAKfx-Q2b-21vP9e-sU.roa
Signing time:             Mon 04 May 2026 15:55:49 +0000
ROA not before:           Mon 04 May 2026 15:55:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14315
IP address blocks:        2a0f:1580::/32 maxlen: 32
                          2a0f:bc05::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:35:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f3:b3:f2:12:1a:d5:57:b8:1d:a9:34:90:ba:91:87:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: May  4 15:55:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2d267063419938029fc7e4366fedb5bcff5efac5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:26:71:6b:a5:4a:ae:10:c0:8a:df:55:bc:37:
                    e6:22:83:8e:c4:fd:24:16:80:02:26:52:53:d6:44:
                    df:62:c0:63:6d:6c:04:a8:22:4a:2a:70:44:78:b0:
                    56:8f:c7:f9:e9:34:a1:c4:23:1f:e4:97:32:d6:0d:
                    e0:8e:f2:59:fb:b3:48:d2:6a:4a:d0:c8:72:d6:98:
                    53:0b:41:1a:bf:30:4c:f4:cd:af:f3:47:b1:5b:de:
                    79:44:70:25:3d:93:60:fa:f3:63:ae:2c:86:90:ba:
                    5f:12:84:aa:cf:b6:55:3c:a0:0c:0a:fb:27:39:4e:
                    c4:52:d9:5b:05:8c:3d:e1:d1:b5:e4:f2:9e:51:9d:
                    33:55:98:f3:46:db:8d:c8:e6:9d:49:a8:26:78:6c:
                    f1:0d:f0:e6:48:1e:8b:d8:f6:02:b2:61:56:3e:28:
                    15:ed:31:bd:7f:6b:f3:4b:df:72:0a:f5:29:73:09:
                    0f:e7:97:64:72:fb:ac:1f:90:f1:0e:20:bb:0f:6a:
                    f0:e9:e9:1c:26:67:4d:aa:e9:db:59:43:c0:93:34:
                    b6:d4:dc:c1:13:91:e6:f8:e2:d6:88:ea:ab:fe:ad:
                    d0:da:75:3b:6a:c5:bc:50:e6:e1:e1:89:03:dd:7c:
                    1c:50:23:56:5e:37:7a:cf:1e:ce:8a:c5:ae:c7:36:
                    7e:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:26:70:63:41:99:38:02:9F:C7:E4:36:6F:ED:B5:BC:FF:5E:FA:C5
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/LSZwY0GZOAKfx-Q2b-21vP9e-sU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:1580::/32
                  2a0f:bc05::/32

    Signature Algorithm: sha256WithRSAEncryption
         0e:1b:d7:b9:fd:84:ca:4b:ed:74:d7:11:c9:89:64:e6:c3:d2:
         25:6b:d8:f9:9a:43:88:ca:ac:f6:07:e3:05:43:53:8c:00:4f:
         4f:e5:35:92:57:a3:52:7b:d4:ae:e0:0b:8a:69:60:ef:5b:bb:
         12:15:29:d8:39:16:e5:3b:2f:cf:91:f2:1b:e7:01:a6:f9:31:
         09:9b:d7:af:e4:a5:6b:6a:44:82:ae:51:6f:18:51:60:0f:fd:
         85:74:8b:ee:50:47:48:91:70:92:b3:11:ec:72:07:bb:92:fd:
         49:13:22:26:f0:90:a6:04:89:1b:12:29:9c:ff:89:97:c4:07:
         8d:99:b5:2b:3c:9e:6a:f8:88:65:df:ac:8b:a9:83:d5:c7:82:
         f0:26:13:a1:da:cf:89:e7:8d:93:a3:e9:98:9b:15:7d:3e:8e:
         79:e2:ec:56:be:fa:30:c4:e6:04:33:23:87:2a:99:a8:50:e3:
         69:1d:b7:24:10:ee:4e:28:00:81:ac:56:ac:be:ce:b1:14:b4:
         f9:1b:ee:dc:88:d1:c1:e4:ad:e9:15:63:f2:25:c2:29:89:93:
         7a:27:90:c6:1f:19:62:84:46:84:47:99:b7:85:07:e8:76:c7:
         55:b4:aa:4e:64:89:b3:df:bd:06:52:d4:c9:a5:73:90:9f:f1:
         91:58:5a:86
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ3zs/ISGtVXuB2pNJC6kYcVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwNTA0MTU1NTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDI2NzA2MzQxOTkzODAyOWZjN2U0MzY2ZmVkYjViY2ZmNWVmYWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAySZxa6VKrhDAit9VvDfmIoOOxP0k
FoACJlJT1kTfYsBjbWwEqCJKKnBEeLBWj8f56TShxCMf5Jcy1g3gjvJZ+7NI0mpK
0Mhy1phTC0EavzBM9M2v80exW955RHAlPZNg+vNjriyGkLpfEoSqz7ZVPKAMCvsn
OU7EUtlbBYw94dG15PKeUZ0zVZjzRtuNyOadSagmeGzxDfDmSB6L2PYCsmFWPigV
7TG9f2vzS99yCvUpcwkP55dkcvusH5DxDiC7D2rw6ekcJmdNqunbWUPAkzS21NzB
E5Hm+OLWiOqr/q3Q2nU7asW8UObh4YkD3XwcUCNWXjd6zx7OisWuxzZ+IQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFC0mcGNBmTgCn8fkNm/ttbz/XvrFMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvTFNad1kwR1pPQUtmeC1RMmItMjF2UDllLXNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKg8VgAMF
ACoPvAUwDQYJKoZIhvcNAQELBQADggEBAA4b17n9hMpL7XTXEcmJZObD0iVr2Pma
Q4jKrPYH4wVDU4wAT0/lNZJXo1J71K7gC4ppYO9buxIVKdg5FuU7L8+R8hvnAab5
MQmb16/kpWtqRIKuUW8YUWAP/YV0i+5QR0iRcJKzEexyB7uS/UkTIibwkKYEiRsS
KZz/iZfEB42ZtSs8nmr4iGXfrIupg9XHgvAmE6Haz4nnjZOj6ZibFX0+jnni7Fa+
+jDE5gQzI4cqmahQ42kdtyQQ7k4oAIGsVqy+zrEUtPkb7tyI0cHkrekVY/IlwimJ
k3onkMYfGWKERoRHmbeFB+h2x1W0qk5kibPfvQZS1Mmlc5Cf8ZFYWoY=
-----END CERTIFICATE-----