Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/p7LYh7cadMs9kVtpJUT_VPiG1Uc.roa
File:                     p7LYh7cadMs9kVtpJUT_VPiG1Uc.roa (raw, json)
Hash identifier:          xkOLL0RNxIh1imIod5LpJAOJUTMFfpUPUke56GH9MoY=
Subject key identifier:   A7:B2:D8:87:B7:1A:74:CB:3D:91:5B:69:25:44:FF:54:F8:86:D5:47
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019D249E2E6948E5E394B8F8EC0510A056DD
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/p7LYh7cadMs9kVtpJUT_VPiG1Uc.roa
Signing time:             Wed 25 Mar 2026 10:50:39 +0000
ROA not before:           Wed 25 Mar 2026 10:50:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215152
IP address blocks:        2a0f:3240::/29 maxlen: 29
                          2a0f:8300::/29 maxlen: 29
                          2a10:7900::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:24:9e:2e:69:48:e5:e3:94:b8:f8:ec:05:10:a0:56:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Mar 25 10:50:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a7b2d887b71a74cb3d915b692544ff54f886d547
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:19:fa:10:0e:41:14:f9:d2:a7:4e:0f:08:5d:
                    1b:31:55:86:64:e2:5c:87:b6:cb:1e:8d:2d:7f:53:
                    ec:ce:00:83:68:bd:d1:62:22:f4:25:da:e9:76:59:
                    85:d8:62:b5:bf:b8:19:19:76:a0:05:e8:a7:5c:51:
                    45:7f:3a:07:fc:61:7f:71:09:d9:57:c9:ed:c3:28:
                    41:fc:8b:18:53:1c:0a:3c:7a:e2:24:54:46:8d:a9:
                    39:05:0e:28:22:e0:9c:25:01:c9:af:c7:cd:16:cf:
                    53:ee:47:11:6c:f3:69:02:d1:00:4c:45:09:9a:53:
                    56:f3:c2:7c:e5:4a:5c:a7:96:28:ec:30:c2:c9:be:
                    e1:42:15:58:ac:25:98:e5:99:13:1f:a8:8b:bc:5f:
                    48:b8:2f:87:0d:e6:40:e0:03:30:80:6d:02:b4:56:
                    26:0c:d1:ea:08:2c:ce:64:c6:93:9e:d9:95:3a:3c:
                    26:f3:95:f2:f9:53:ce:f9:a8:3c:69:98:0a:e5:7b:
                    88:96:9f:2f:19:8d:44:b7:96:6f:9a:28:0c:6b:09:
                    de:6d:c5:c5:a0:fa:85:75:aa:7e:41:63:28:a6:15:
                    53:62:bb:03:7f:60:12:ec:3a:fc:0a:b9:ee:9a:90:
                    d8:1d:9d:55:5e:92:16:93:25:0e:ff:d2:76:b1:b9:
                    ad:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:B2:D8:87:B7:1A:74:CB:3D:91:5B:69:25:44:FF:54:F8:86:D5:47
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/p7LYh7cadMs9kVtpJUT_VPiG1Uc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:3240::/29
                  2a0f:8300::/29
                  2a10:7900::/29

    Signature Algorithm: sha256WithRSAEncryption
         77:f4:b7:46:d2:8b:47:67:5c:bf:61:89:06:f2:2a:29:46:d9:
         0d:a2:58:e5:cf:84:ed:fc:65:c3:72:c8:4e:01:a8:2e:3a:32:
         14:d1:cd:a5:89:86:4d:de:65:c8:c4:8d:ef:76:cc:ca:fb:22:
         3f:4a:08:2e:f7:27:df:9c:d3:46:02:7a:1b:47:fc:72:8c:3d:
         37:4c:b8:c1:03:e9:77:e6:25:89:14:51:34:0a:48:d2:4b:ed:
         8d:12:67:56:8a:16:bc:87:a8:a1:5f:de:9f:3a:82:5e:fb:62:
         70:76:47:2d:93:6a:2f:0c:2e:56:9b:69:06:65:c3:d6:d9:39:
         ad:91:cd:b1:0e:08:2f:d2:25:f8:14:a6:df:53:43:96:c5:4c:
         85:74:e3:f4:35:29:0c:a5:4c:0b:a0:44:a3:b8:01:11:bb:fe:
         98:3c:91:bd:27:2f:9f:4b:21:c8:6f:55:17:76:12:ed:f5:6b:
         c0:87:86:fc:50:30:c6:f8:74:32:71:13:94:4b:64:42:3f:ab:
         f0:a8:9d:d4:a0:c9:f8:43:f8:17:67:12:de:de:65:07:6e:7f:
         65:ef:27:6d:bb:7d:0d:d0:32:b1:ce:2a:d7:9d:a3:db:90:ea:
         55:74:14:e1:5b:a9:ed:a0:6a:e2:30:2c:aa:6a:8d:f4:1e:96:
         d0:6b:d6:7f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ0kni5pSOXjlLj47AUQoFbdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwMzI1MTA1MDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2IyZDg4N2I3MWE3NGNiM2Q5MTViNjkyNTQ0ZmY1NGY4ODZkNTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohn6EA5BFPnSp04PCF0bMVWGZOJc
h7bLHo0tf1PszgCDaL3RYiL0JdrpdlmF2GK1v7gZGXagBeinXFFFfzoH/GF/cQnZ
V8ntwyhB/IsYUxwKPHriJFRGjak5BQ4oIuCcJQHJr8fNFs9T7kcRbPNpAtEATEUJ
mlNW88J85Upcp5Yo7DDCyb7hQhVYrCWY5ZkTH6iLvF9IuC+HDeZA4AMwgG0CtFYm
DNHqCCzOZMaTntmVOjwm85Xy+VPO+ag8aZgK5XuIlp8vGY1Et5ZvmigMawnebcXF
oPqFdap+QWMophVTYrsDf2AS7Dr8CrnumpDYHZ1VXpIWkyUO/9J2sbmt8QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKey2Ie3GnTLPZFbaSVE/1T4htVHMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvcDdMWWg3Y2FkTXM5a1Z0cEpVVF9WUGlHMVVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKg8yQAMF
AyoPgwADBQMqEHkAMA0GCSqGSIb3DQEBCwUAA4IBAQB39LdG0otHZ1y/YYkG8iop
RtkNoljlz4Tt/GXDcshOAaguOjIU0c2liYZN3mXIxI3vdszK+yI/Sggu9yffnNNG
AnobR/xyjD03TLjBA+l35iWJFFE0CkjSS+2NEmdWiha8h6ihX96fOoJe+2Jwdkct
k2ovDC5Wm2kGZcPW2Tmtkc2xDggv0iX4FKbfU0OWxUyFdOP0NSkMpUwLoESjuAER
u/6YPJG9Jy+fSyHIb1UXdhLt9WvAh4b8UDDG+HQycROUS2RCP6vwqJ3UoMn4Q/gX
ZxLe3mUHbn9l7ydtu30N0DKxzirXnaPbkOpVdBThW6ntoGriMCyqao30HpbQa9Z/
-----END CERTIFICATE-----