Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/xLzA4a9ig7kEcRpjRp6AHc0ntOw.roa
File:                     xLzA4a9ig7kEcRpjRp6AHc0ntOw.roa (raw, json)
Hash identifier:          w78x8yeKnRZiCjVmb/F7TugqAyDPIRMFMvXPM/2NUWU=
Subject key identifier:   C4:BC:C0:E1:AF:62:83:B9:04:71:1A:63:46:9E:80:1D:CD:27:B4:EC
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019D249E2DEA29B5A00DA022D74540DD0B6A
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/xLzA4a9ig7kEcRpjRp6AHc0ntOw.roa
Signing time:             Wed 25 Mar 2026 10:50:39 +0000
ROA not before:           Wed 25 Mar 2026 10:50:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213618
IP address blocks:        2a0f:140::/29 maxlen: 29
                          2a11:efc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:24:9e:2d:ea:29:b5:a0:0d:a0:22:d7:45:40:dd:0b:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Mar 25 10:50:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c4bcc0e1af6283b904711a63469e801dcd27b4ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:aa:5d:96:13:e8:4e:ef:97:bb:88:fd:8b:91:
                    ec:ba:74:13:1b:81:b8:82:97:ef:7d:d0:2b:d6:31:
                    6a:ba:fd:d9:12:3f:48:f3:3d:7e:f0:bd:00:55:32:
                    d7:2c:bc:7d:0a:3c:81:ac:9d:77:66:c4:93:89:5e:
                    75:89:7d:af:f5:7d:4c:ef:f6:83:36:fd:25:16:c0:
                    05:ea:ee:61:2a:a3:b0:b0:2f:d2:36:78:03:84:fc:
                    8e:23:03:7b:2f:c9:4a:17:b0:e1:c7:b1:11:f9:eb:
                    5e:b4:70:5f:c2:a0:62:21:86:ed:a4:9c:d8:91:d1:
                    6d:4e:a7:0c:5b:6b:3d:4f:6a:b2:d9:39:a6:e3:c9:
                    d0:6c:2b:9d:63:8a:24:d8:55:72:4e:95:9f:9f:a4:
                    07:28:a9:eb:64:cd:fb:64:3e:9a:63:9e:c0:59:f9:
                    30:fd:97:08:a6:2f:f8:f5:7d:42:51:9c:fa:04:1f:
                    f4:9c:ae:dd:a9:98:be:c9:64:02:fc:99:b3:51:51:
                    dd:12:ed:7a:71:d8:4b:24:b9:a7:df:9d:31:c1:89:
                    32:d7:b6:44:07:02:45:53:05:1e:99:23:3d:47:a4:
                    00:fb:02:3b:66:27:3b:60:82:a1:7e:65:12:7d:c9:
                    5b:5d:7d:a1:f5:2b:41:46:0b:3d:bf:a9:09:d2:18:
                    78:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:BC:C0:E1:AF:62:83:B9:04:71:1A:63:46:9E:80:1D:CD:27:B4:EC
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/xLzA4a9ig7kEcRpjRp6AHc0ntOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:140::/29
                  2a11:efc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         65:35:f9:b3:db:40:c3:63:71:ac:bb:fa:fc:ad:f8:90:65:db:
         ff:37:a7:2a:d4:b6:a7:28:3b:cb:a1:47:14:c4:2c:70:c9:3e:
         99:9f:35:9a:2a:d8:01:1b:9e:5c:0e:c3:a4:e8:e7:37:04:fb:
         87:fa:3a:c9:14:a6:b7:db:16:20:c6:76:4a:8a:22:a8:4e:f3:
         d1:ab:85:d5:1c:92:93:0d:cd:f4:40:ba:90:3d:29:b9:27:27:
         ac:b3:6a:23:40:13:9e:6a:eb:55:3f:81:8b:d7:32:bc:21:d1:
         80:42:62:e3:b9:2c:9c:da:0b:a1:53:d9:73:6e:df:b4:a2:7f:
         15:07:1c:55:1b:9b:0e:38:b4:04:7d:9c:32:a5:e3:f4:55:27:
         50:c9:73:ec:b4:04:d0:43:8b:9d:ce:b6:54:c8:17:64:05:87:
         1f:4b:c7:f6:d6:43:66:41:08:67:1f:dd:47:da:b4:f6:d7:1f:
         bc:0c:93:1d:46:ba:a8:96:77:f2:89:01:42:66:fe:cb:ea:53:
         14:61:9a:2a:c9:a3:45:aa:5d:02:ed:55:13:bd:63:32:85:f7:
         cc:1f:4a:2a:69:3e:90:26:50:48:1f:97:62:44:51:44:fa:ca:
         82:a3:cf:a9:4b:36:34:72:df:26:15:1f:ab:70:e7:e8:3a:c0:
         b9:99:15:17
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ0kni3qKbWgDaAi10VA3QtqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwMzI1MTA1MDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGJjYzBlMWFmNjI4M2I5MDQ3MTFhNjM0NjllODAxZGNkMjdiNGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqpdlhPoTu+Xu4j9i5HsunQTG4G4
gpfvfdAr1jFquv3ZEj9I8z1+8L0AVTLXLLx9CjyBrJ13ZsSTiV51iX2v9X1M7/aD
Nv0lFsAF6u5hKqOwsC/SNngDhPyOIwN7L8lKF7Dhx7ER+etetHBfwqBiIYbtpJzY
kdFtTqcMW2s9T2qy2Tmm48nQbCudY4ok2FVyTpWfn6QHKKnrZM37ZD6aY57AWfkw
/ZcIpi/49X1CUZz6BB/0nK7dqZi+yWQC/JmzUVHdEu16cdhLJLmn350xwYky17ZE
BwJFUwUemSM9R6QA+wI7Zic7YIKhfmUSfclbXX2h9StBRgs9v6kJ0hh4iQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMS8wOGvYoO5BHEaY0aegB3NJ7TsMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEveEx6QTRhOWlnN2tFY1JwalJwNkFIYzBudE93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKg8BQAMF
AyoR78AwDQYJKoZIhvcNAQELBQADggEBAGU1+bPbQMNjcay7+vyt+JBl2/83pyrU
tqcoO8uhRxTELHDJPpmfNZoq2AEbnlwOw6To5zcE+4f6OskUprfbFiDGdkqKIqhO
89GrhdUckpMNzfRAupA9KbknJ6yzaiNAE55q61U/gYvXMrwh0YBCYuO5LJzaC6FT
2XNu37SifxUHHFUbmw44tAR9nDKl4/RVJ1DJc+y0BNBDi53OtlTIF2QFhx9Lx/bW
Q2ZBCGcf3UfatPbXH7wMkx1GuqiWd/KJAUJm/svqUxRhmirJo0WqXQLtVRO9YzKF
98wfSippPpAmUEgfl2JEUUT6yoKjz6lLNjRy3yYVH6tw5+g6wLmZFRc=
-----END CERTIFICATE-----