Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/YE02koB17-oItRRl6qmJi8rWuIU.roa
File:                     YE02koB17-oItRRl6qmJi8rWuIU.roa (raw, json)
Hash identifier:          JRpTzOD5n3Xij7Kimm+XUWApviFyontS5RPQYQiTXoM=
Subject key identifier:   60:4D:36:92:80:75:EF:EA:08:B5:14:65:EA:A9:89:8B:CA:D6:B8:85
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019D065C01B4219CDD00C87588E35ACA8777
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/YE02koB17-oItRRl6qmJi8rWuIU.roa
Signing time:             Thu 19 Mar 2026 13:49:46 +0000
ROA not before:           Thu 19 Mar 2026 13:49:46 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199879
IP address blocks:        2a06:1180:36af::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:06:5c:01:b4:21:9c:dd:00:c8:75:88:e3:5a:ca:87:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Mar 19 13:49:46 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=604d36928075efea08b51465eaa9898bcad6b885
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:91:e4:7d:00:e2:65:6c:c0:1b:2b:fd:95:34:
                    bb:53:73:82:ce:5c:01:22:21:89:61:c4:b2:72:d0:
                    e8:fa:99:a5:ba:d3:bc:c9:5f:ea:2f:82:10:9d:82:
                    90:20:1b:13:64:da:33:ee:07:1b:72:39:29:42:4b:
                    f4:73:00:a2:e3:bf:e5:1d:63:d8:35:f5:12:c8:bf:
                    af:dd:e5:ed:f9:ab:77:24:b7:d0:13:0e:0f:a4:31:
                    38:7f:f0:77:96:26:82:67:86:d4:22:d7:c0:33:79:
                    23:a1:8e:15:86:8f:7d:aa:34:e2:dc:ad:42:78:d2:
                    65:d3:37:19:77:51:f0:94:f5:33:ac:05:53:78:56:
                    9e:c1:27:08:5b:eb:6a:55:42:39:c3:a4:6d:9a:9d:
                    37:38:a8:01:22:1e:21:29:8b:b6:70:a8:87:b6:84:
                    95:cc:4b:45:af:49:c4:77:71:bd:5d:ad:53:29:07:
                    ac:53:07:b3:05:f3:9f:1c:29:b5:44:16:2e:b0:76:
                    d7:fd:f3:5f:78:c0:ff:4b:2d:c1:cd:f7:c8:d2:63:
                    3e:b8:7d:a1:ee:65:90:99:a3:4c:c9:f6:31:1e:a3:
                    e9:52:4e:63:fe:a9:0e:7e:8d:6b:87:8f:6d:c6:e4:
                    72:db:e4:a9:aa:40:fb:21:63:c3:12:16:15:da:f0:
                    11:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:4D:36:92:80:75:EF:EA:08:B5:14:65:EA:A9:89:8B:CA:D6:B8:85
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/YE02koB17-oItRRl6qmJi8rWuIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:1180:36af::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:12:13:8f:87:f0:9d:8e:57:4c:2c:b6:b6:fb:b3:95:44:1e:
         d0:a2:91:2f:b8:2e:40:db:ea:63:85:03:ff:90:21:79:0e:82:
         8b:f2:74:c7:db:18:60:a9:3c:42:ca:93:47:21:b7:79:7c:aa:
         64:35:a0:5b:c6:e5:a1:e4:46:c1:22:26:d2:68:c5:31:cc:77:
         ce:7d:fc:a8:43:28:0d:82:87:97:54:08:56:8c:d4:6a:56:47:
         f6:47:9f:a2:1f:53:27:92:71:97:01:81:af:81:84:5e:4d:76:
         30:03:00:0d:e7:be:d6:46:10:57:9e:20:2b:f2:62:21:5a:e8:
         e6:55:9d:19:00:fb:df:ae:27:5a:49:e2:ed:cc:92:c8:9c:a7:
         be:a9:45:ee:4a:67:d5:87:9e:68:2f:87:ac:77:e5:31:f3:26:
         0f:a2:28:9f:47:fd:de:aa:3b:ff:4b:3f:8c:11:25:7e:d1:c5:
         0b:d2:d9:e9:2e:b0:36:40:bd:fd:59:a6:93:95:a5:db:6b:f4:
         c1:ac:a8:fe:eb:c1:52:be:94:f2:ae:20:d1:40:b5:b2:07:56:
         6d:b2:d5:0b:9d:8c:29:4f:49:cb:a5:d5:c7:fe:3b:f1:43:16:
         03:7c:1a:67:d6:32:f3:dd:bf:a7:6a:bf:1a:99:90:0c:77:09:
         d3:3a:f5:9b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ0GXAG0IZzdAMh1iONayod3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwMzE5MTM0OTQ2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDRkMzY5MjgwNzVlZmVhMDhiNTE0NjVlYWE5ODk4YmNhZDZiODg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpHkfQDiZWzAGyv9lTS7U3OCzlwB
IiGJYcSyctDo+pmlutO8yV/qL4IQnYKQIBsTZNoz7gcbcjkpQkv0cwCi47/lHWPY
NfUSyL+v3eXt+at3JLfQEw4PpDE4f/B3liaCZ4bUItfAM3kjoY4Vho99qjTi3K1C
eNJl0zcZd1HwlPUzrAVTeFaewScIW+tqVUI5w6Rtmp03OKgBIh4hKYu2cKiHtoSV
zEtFr0nEd3G9Xa1TKQesUwezBfOfHCm1RBYusHbX/fNfeMD/Sy3BzffI0mM+uH2h
7mWQmaNMyfYxHqPpUk5j/qkOfo1rh49txuRy2+SpqkD7IWPDEhYV2vAR7QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGBNNpKAde/qCLUUZeqpiYvK1riFMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvWUUwMmtvQjE3LW9JdFJSbDZxbUppOHJXdUlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgYRgDav
MA0GCSqGSIb3DQEBCwUAA4IBAQB6EhOPh/CdjldMLLa2+7OVRB7QopEvuC5A2+pj
hQP/kCF5DoKL8nTH2xhgqTxCypNHIbd5fKpkNaBbxuWh5EbBIibSaMUxzHfOffyo
QygNgoeXVAhWjNRqVkf2R5+iH1MnknGXAYGvgYReTXYwAwAN577WRhBXniAr8mIh
WujmVZ0ZAPvfridaSeLtzJLInKe+qUXuSmfVh55oL4esd+Ux8yYPoiifR/3eqjv/
Sz+MESV+0cUL0tnpLrA2QL39WaaTlaXba/TBrKj+68FSvpTyriDRQLWyB1ZtstUL
nYwpT0nLpdXH/jvxQxYDfBpn1jLz3b+nar8amZAMdwnTOvWb
-----END CERTIFICATE-----