Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/sSkd2GnMkOax1YQCKT-tOUsCth0.roa
File:                     sSkd2GnMkOax1YQCKT-tOUsCth0.roa (raw, json)
Hash identifier:          ZLzRALdIQkyvVN0Ixbh9kF+FugrrorcWqXbvTx1So6E=
Subject key identifier:   B1:29:1D:D8:69:CC:90:E6:B1:D5:84:02:29:3F:AD:39:4B:02:B6:1D
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019DD82310E1077226D3B7099F061E133F09
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/sSkd2GnMkOax1YQCKT-tOUsCth0.roa
Signing time:             Wed 29 Apr 2026 07:27:49 +0000
ROA not before:           Wed 29 Apr 2026 07:27:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     400328
IP address blocks:        2a0a:2d02::/32 maxlen: 32
                          2a0f:1e06::/32 maxlen: 32
                          2a10:7b00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:35:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d8:23:10:e1:07:72:26:d3:b7:09:9f:06:1e:13:3f:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Apr 29 07:27:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b1291dd869cc90e6b1d58402293fad394b02b61d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:4b:44:f1:83:b4:16:c8:94:49:cd:20:d8:06:
                    49:9c:6f:e2:4e:71:bb:99:34:84:84:8e:74:84:d9:
                    2b:10:bd:f8:51:50:fe:b5:ac:0d:f6:a4:a7:ad:c6:
                    f4:c8:59:3d:60:a6:55:32:7f:14:ff:9a:ef:c9:5b:
                    b8:2a:89:40:65:b1:ef:05:d4:7b:16:04:57:88:c2:
                    13:c9:ad:b2:2d:3b:31:e4:a8:e5:4c:d0:a0:67:a3:
                    93:d9:38:39:97:37:f9:8c:74:c1:f4:79:bd:ea:f3:
                    ff:c6:e1:c8:cb:b3:da:2a:c5:48:29:89:33:d9:46:
                    41:e4:9f:0f:71:9a:dd:44:2a:d9:54:fc:11:fb:1e:
                    01:75:a4:45:74:a4:fc:37:ed:c6:01:16:3e:7d:a6:
                    a8:09:77:51:44:7b:50:bc:51:53:c7:fd:47:d3:52:
                    d7:72:db:ca:12:79:8b:b3:f7:af:ef:f8:da:94:b8:
                    b9:42:63:f4:30:ea:ea:6c:8d:93:21:84:f4:0e:c9:
                    d1:1e:84:d3:eb:f6:8a:84:d4:a7:20:0c:2c:16:ab:
                    d1:5c:7e:bf:31:7a:c2:dc:39:af:ef:5a:f3:c4:3f:
                    da:6e:04:e8:de:de:91:7c:29:6c:ca:e9:52:9d:ce:
                    66:c5:b6:85:c0:58:b9:8e:24:c2:94:e3:94:22:dd:
                    63:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:29:1D:D8:69:CC:90:E6:B1:D5:84:02:29:3F:AD:39:4B:02:B6:1D
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/sSkd2GnMkOax1YQCKT-tOUsCth0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:2d02::/32
                  2a0f:1e06::/32
                  2a10:7b00::/29

    Signature Algorithm: sha256WithRSAEncryption
         7d:0b:fe:1f:e3:12:4b:f9:b2:00:0a:cf:7c:4e:c8:7e:78:37:
         96:c0:d7:89:f7:ad:88:95:f7:b7:e4:5b:f8:27:07:a0:29:61:
         fa:e3:a2:ee:a9:80:91:ce:a7:0f:c4:7e:ba:a1:c6:97:1f:4a:
         e1:cd:bb:f4:cb:ae:27:46:ff:22:24:ca:a8:de:5a:0c:01:e3:
         6b:e5:19:f5:0d:38:20:3e:63:97:90:9c:f8:f3:29:18:89:de:
         aa:2b:0e:7b:f2:c4:d0:61:42:e3:45:72:8a:97:45:23:d3:d1:
         02:39:d5:34:c4:99:48:ec:81:fe:74:86:02:4a:97:df:a1:9f:
         47:29:dc:8a:7c:72:32:97:2a:bb:af:a5:d7:ba:3a:62:5a:a6:
         41:52:33:3e:85:41:10:c1:70:78:6b:0a:d6:6e:c7:42:4d:3d:
         29:6c:61:94:0c:7c:2c:14:af:c6:0a:b4:6e:76:40:cd:82:75:
         eb:66:09:da:c1:ee:34:53:44:fc:f1:3a:25:ad:0e:f4:93:c2:
         83:c4:9e:d2:e9:1c:b0:24:d7:72:93:85:17:17:c2:ec:16:fe:
         52:6a:7d:10:a2:dd:53:23:e5:a6:8b:30:fa:72:54:57:33:35:
         b8:51:cb:a0:b4:3e:2b:94:a3:05:b2:07:76:e9:e4:cb:c6:9d:
         64:52:b0:47
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ3YIxDhB3Im07cJnwYeEz8JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwNDI5MDcyNzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTI5MWRkODY5Y2M5MGU2YjFkNTg0MDIyOTNmYWQzOTRiMDJiNjFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuktE8YO0FsiUSc0g2AZJnG/iTnG7
mTSEhI50hNkrEL34UVD+tawN9qSnrcb0yFk9YKZVMn8U/5rvyVu4KolAZbHvBdR7
FgRXiMITya2yLTsx5KjlTNCgZ6OT2Tg5lzf5jHTB9Hm96vP/xuHIy7PaKsVIKYkz
2UZB5J8PcZrdRCrZVPwR+x4BdaRFdKT8N+3GARY+faaoCXdRRHtQvFFTx/1H01LX
ctvKEnmLs/ev7/jalLi5QmP0MOrqbI2TIYT0DsnRHoTT6/aKhNSnIAwsFqvRXH6/
MXrC3Dmv71rzxD/abgTo3t6RfClsyulSnc5mxbaFwFi5jiTClOOUIt1jTwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLEpHdhpzJDmsdWEAik/rTlLArYdMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvc1NrZDJHbk1rT2F4MVlRQ0tULXRPVXNDdGgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKgotAgMF
ACoPHgYDBQMqEHsAMA0GCSqGSIb3DQEBCwUAA4IBAQB9C/4f4xJL+bIACs98Tsh+
eDeWwNeJ962Ilfe35Fv4JwegKWH646LuqYCRzqcPxH66ocaXH0rhzbv0y64nRv8i
JMqo3loMAeNr5Rn1DTggPmOXkJz48ykYid6qKw578sTQYULjRXKKl0Uj09ECOdU0
xJlI7IH+dIYCSpffoZ9HKdyKfHIylyq7r6XXujpiWqZBUjM+hUEQwXB4awrWbsdC
TT0pbGGUDHwsFK/GCrRudkDNgnXrZgnawe40U0T88TolrQ70k8KDxJ7S6RywJNdy
k4UXF8LsFv5San0Qot1TI+WmizD6clRXMzW4UcugtD4rlKMFsgd26eTLxp1kUrBH
-----END CERTIFICATE-----