Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/v4U3q4Ae4EMDAtcY29uWMT-kqrI.roa
File:                     v4U3q4Ae4EMDAtcY29uWMT-kqrI.roa (raw, json)
Hash identifier:          2GBljpulQqgB+urL7YNAz1I6SIpQr2f9gmBhYhILB7c=
Subject key identifier:   BF:85:37:AB:80:1E:E0:43:03:02:D7:18:DB:DB:96:31:3F:A4:AA:B2
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019D2018F4410D94CF30C203D7C3D03AB313
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/v4U3q4Ae4EMDAtcY29uWMT-kqrI.roa
Signing time:             Tue 24 Mar 2026 13:46:39 +0000
ROA not before:           Tue 24 Mar 2026 13:46:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51396
IP address blocks:        2a0e:c784::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:20:18:f4:41:0d:94:cf:30:c2:03:d7:c3:d0:3a:b3:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Mar 24 13:46:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bf8537ab801ee0430302d718dbdb96313fa4aab2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:b5:af:0c:84:c8:10:ee:08:c5:b6:59:30:05:
                    b4:c9:61:0b:da:d4:73:7a:d9:66:86:6a:36:dd:60:
                    e5:8e:33:ee:3e:c0:ff:c5:60:6b:c0:f1:9c:53:48:
                    9e:4b:b5:ee:ad:0e:1f:df:ea:95:34:ef:c2:59:8a:
                    d3:29:61:54:22:f8:09:ec:d6:c1:e4:d6:ea:66:76:
                    54:6b:95:a2:28:8a:2d:11:a6:67:e0:02:e1:c4:7b:
                    42:f9:33:3d:c7:65:30:81:e3:0a:13:0e:46:18:65:
                    ad:b0:ac:64:93:e7:c9:4d:8f:fb:57:b1:a9:c7:ef:
                    4f:14:f9:e8:67:75:0d:a1:57:25:f8:22:bc:61:f0:
                    51:cb:b4:de:b1:0d:d9:2a:94:b3:45:c1:60:fa:5e:
                    cc:86:5a:80:56:64:7b:40:48:e3:42:06:1b:52:82:
                    85:17:64:b1:5f:bb:3b:6b:63:39:db:3c:7d:c3:16:
                    07:3d:38:af:4c:b2:ea:4d:41:b6:d9:61:a6:26:68:
                    d5:08:70:51:13:99:33:1c:ac:95:95:84:0d:10:c2:
                    de:7a:f7:a2:c7:6c:96:1a:54:ca:f3:1a:d4:3d:b3:
                    a3:b4:ce:0c:12:a9:40:97:c3:3f:23:dc:47:9f:1a:
                    59:87:23:9c:7e:6b:8a:0e:7d:8f:46:b5:a1:b6:81:
                    59:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:85:37:AB:80:1E:E0:43:03:02:D7:18:DB:DB:96:31:3F:A4:AA:B2
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/v4U3q4Ae4EMDAtcY29uWMT-kqrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:c784::/32

    Signature Algorithm: sha256WithRSAEncryption
         29:2e:71:54:44:e8:44:f6:d8:4a:3c:7d:4a:e1:58:b5:bb:a8:
         3b:1d:42:d3:88:74:53:49:62:e9:05:18:ae:8f:cd:04:8c:a4:
         9d:3e:cb:dc:1c:e0:43:b3:9e:d0:f3:d7:ab:2d:ff:08:fc:0a:
         6c:15:f2:75:8f:20:b1:2b:cb:14:1c:c5:50:3f:9f:6c:99:8d:
         c2:71:98:eb:c1:2c:dd:d0:46:11:c5:c5:a9:a8:c5:e5:be:6b:
         31:37:1e:fa:84:b7:a1:90:21:03:5a:57:46:1d:59:48:e4:14:
         fa:f0:49:ef:64:b9:de:eb:94:52:47:8a:d5:f5:ab:46:c2:85:
         c0:c4:f4:af:12:d4:17:46:f9:52:46:cd:43:5f:fb:cd:2c:a0:
         f4:fa:e5:78:14:24:a9:04:76:4c:18:91:dd:3c:31:52:b9:e9:
         e8:3b:b2:a7:f7:c5:b7:f4:54:5e:1c:dd:6e:af:68:2a:b1:40:
         c5:7b:27:b0:29:20:48:26:1c:1e:bb:15:16:df:e1:bc:56:48:
         23:49:26:d1:10:2a:ef:42:c8:84:5a:8c:3e:3b:09:5c:d0:a7:
         f5:ae:d5:5b:6c:31:15:27:ed:c8:64:47:f4:cb:a0:af:a5:fe:
         76:9a:44:93:44:bc:23:46:6e:0a:4b:5b:1e:25:67:87:77:d1:
         2b:e2:fe:08
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ0gGPRBDZTPMMID18PQOrMTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwMzI0MTM0NjM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjg1MzdhYjgwMWVlMDQzMDMwMmQ3MThkYmRiOTYzMTNmYTRhYWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw7WvDITIEO4IxbZZMAW0yWEL2tRz
etlmhmo23WDljjPuPsD/xWBrwPGcU0ieS7XurQ4f3+qVNO/CWYrTKWFUIvgJ7NbB
5NbqZnZUa5WiKIotEaZn4ALhxHtC+TM9x2UwgeMKEw5GGGWtsKxkk+fJTY/7V7Gp
x+9PFPnoZ3UNoVcl+CK8YfBRy7TesQ3ZKpSzRcFg+l7MhlqAVmR7QEjjQgYbUoKF
F2SxX7s7a2M52zx9wxYHPTivTLLqTUG22WGmJmjVCHBRE5kzHKyVlYQNEMLeevei
x2yWGlTK8xrUPbOjtM4MEqlAl8M/I9xHnxpZhyOcfmuKDn2PRrWhtoFZlQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFL+FN6uAHuBDAwLXGNvbljE/pKqyMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvdjRVM3E0QWU0RU1EQXRjWTI5dVdNVC1rcXJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg7HhDAN
BgkqhkiG9w0BAQsFAAOCAQEAKS5xVEToRPbYSjx9SuFYtbuoOx1C04h0U0li6QUY
ro/NBIyknT7L3BzgQ7Oe0PPXqy3/CPwKbBXydY8gsSvLFBzFUD+fbJmNwnGY68Es
3dBGEcXFqajF5b5rMTce+oS3oZAhA1pXRh1ZSOQU+vBJ72S53uuUUkeK1fWrRsKF
wMT0rxLUF0b5UkbNQ1/7zSyg9PrleBQkqQR2TBiR3TwxUrnp6Duyp/fFt/RUXhzd
bq9oKrFAxXsnsCkgSCYcHrsVFt/hvFZII0km0RAq70LIhFqMPjsJXNCn9a7VW2wx
FSftyGRH9Mugr6X+dppEk0S8I0ZuCktbHiVnh3fRK+L+CA==
-----END CERTIFICATE-----