Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/4llv0f2-1Gmt3e5VdI_BCgG9cJU.roa
File:                     4llv0f2-1Gmt3e5VdI_BCgG9cJU.roa (raw, json)
Hash identifier:          w0dWpRSqwmbNmuq5UzeiAacBxKUlPzkxpcAfXSKCcYk=
Subject key identifier:   E2:59:6F:D1:FD:BE:D4:69:AD:DD:EE:55:74:8F:C1:0A:01:BD:70:95
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019EF9151A1C3839CE6DDC8BBADA2516978D
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/4llv0f2-1Gmt3e5VdI_BCgG9cJU.roa
Signing time:             Wed 24 Jun 2026 10:02:50 +0000
ROA not before:           Wed 24 Jun 2026 10:02:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     400328
IP address blocks:        2a0a:2d02::/32 maxlen: 32
                          2a0f:e841::/32 maxlen: 32
                          2a10:7b00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:f9:15:1a:1c:38:39:ce:6d:dc:8b:ba:da:25:16:97:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jun 24 10:02:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e2596fd1fdbed469adddee55748fc10a01bd7095
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:81:72:fa:e2:4a:19:2c:77:13:05:35:a9:25:
                    d7:46:77:f2:de:6a:ca:ff:29:13:c7:47:45:58:2d:
                    b5:62:eb:99:69:7e:f9:06:35:6d:40:54:17:7f:ca:
                    77:09:83:07:28:9e:00:32:e7:5f:04:fb:f9:ec:c7:
                    b1:c8:5b:81:20:df:f3:a7:e2:65:bf:90:9f:73:6b:
                    5a:41:34:d6:40:04:bb:b1:78:58:2f:df:63:bc:fb:
                    88:be:e7:ca:30:1a:92:89:17:90:cc:44:33:6b:b0:
                    41:71:b1:f2:c0:97:60:35:c3:47:7c:31:84:01:b3:
                    7b:0f:0e:01:a8:05:2c:47:1c:8d:8c:a9:4f:23:b5:
                    25:42:f3:b3:05:10:d3:44:2a:d1:63:b7:f1:73:ac:
                    40:ed:75:86:5d:7e:ee:53:1a:22:fb:00:81:60:c6:
                    76:99:39:c5:b6:51:f1:15:fd:7f:31:49:bc:76:b7:
                    96:b2:44:e6:24:9f:f9:03:42:5e:c9:9c:73:d2:be:
                    05:ac:fc:c6:ca:5d:9f:55:2d:58:55:28:74:28:40:
                    29:ce:49:ae:3e:c5:ec:73:94:e7:95:12:24:65:a3:
                    c4:86:ea:b8:c0:f7:67:1e:e6:74:5a:42:22:d9:3a:
                    7e:57:2d:27:51:3d:2f:d9:70:f5:d8:d4:f8:01:aa:
                    74:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:59:6F:D1:FD:BE:D4:69:AD:DD:EE:55:74:8F:C1:0A:01:BD:70:95
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/4llv0f2-1Gmt3e5VdI_BCgG9cJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:2d02::/32
                  2a0f:e841::/32
                  2a10:7b00::/29

    Signature Algorithm: sha256WithRSAEncryption
         53:96:c4:5e:f7:e2:b6:33:4f:cd:4e:d5:83:82:d5:46:33:db:
         7e:99:30:d9:fd:5a:41:a7:ae:2d:fb:a5:1b:7f:88:91:db:15:
         a3:6a:51:d8:da:59:65:d4:49:26:10:1a:1e:02:94:8c:d7:22:
         dd:dd:ba:b8:2a:0e:8d:d1:70:41:2a:b3:ef:2a:e6:04:bf:37:
         85:9c:69:ad:72:30:82:2c:f7:a4:22:fb:d3:c9:28:be:35:1f:
         4a:8d:3e:f2:56:d2:44:eb:9b:dd:71:02:53:da:d2:12:f7:91:
         6b:9b:c8:a9:4d:5e:3f:bd:ba:02:0f:02:ea:99:0f:e7:24:9b:
         f4:8f:6d:1f:4e:e0:42:3e:ca:c2:e2:fa:00:21:a5:dd:77:53:
         49:e5:7e:06:39:6f:42:05:03:38:83:84:e3:7f:13:d4:da:cd:
         5f:34:00:c7:5d:10:42:87:f9:d4:a4:68:07:bb:9c:09:ca:cb:
         bd:4a:8c:f6:cc:8a:b9:4b:e6:12:d7:af:ea:5e:6d:9c:3a:a4:
         52:89:22:42:b3:b9:6e:71:33:43:ff:40:54:be:93:de:af:cd:
         ec:cf:b8:05:94:0a:30:a2:16:f1:1e:c5:ad:c3:50:d7:f0:41:
         6f:b7:c7:06:3b:c1:08:e1:57:c6:a5:f3:87:6e:a5:b0:09:46:
         63:70:6e:a3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ75FRocODnObdyLutolFpeNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwNjI0MTAwMjUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjU5NmZkMWZkYmVkNDY5YWRkZGVlNTU3NDhmYzEwYTAxYmQ3MDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwIFy+uJKGSx3EwU1qSXXRnfy3mrK
/ykTx0dFWC21YuuZaX75BjVtQFQXf8p3CYMHKJ4AMudfBPv57MexyFuBIN/zp+Jl
v5Cfc2taQTTWQAS7sXhYL99jvPuIvufKMBqSiReQzEQza7BBcbHywJdgNcNHfDGE
AbN7Dw4BqAUsRxyNjKlPI7UlQvOzBRDTRCrRY7fxc6xA7XWGXX7uUxoi+wCBYMZ2
mTnFtlHxFf1/MUm8dreWskTmJJ/5A0JeyZxz0r4FrPzGyl2fVS1YVSh0KEApzkmu
PsXsc5TnlRIkZaPEhuq4wPdnHuZ0WkIi2Tp+Vy0nUT0v2XD12NT4Aap0UQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOJZb9H9vtRprd3uVXSPwQoBvXCVMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvNGxsdjBmMi0xR210M2U1VmRJX0JDZ0c5Y0pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKgotAgMF
ACoP6EEDBQMqEHsAMA0GCSqGSIb3DQEBCwUAA4IBAQBTlsRe9+K2M0/NTtWDgtVG
M9t+mTDZ/VpBp64t+6Ubf4iR2xWjalHY2lll1EkmEBoeApSM1yLd3bq4Kg6N0XBB
KrPvKuYEvzeFnGmtcjCCLPekIvvTySi+NR9KjT7yVtJE65vdcQJT2tIS95Frm8ip
TV4/vboCDwLqmQ/nJJv0j20fTuBCPsrC4voAIaXdd1NJ5X4GOW9CBQM4g4TjfxPU
2s1fNADHXRBCh/nUpGgHu5wJysu9Soz2zIq5S+YS16/qXm2cOqRSiSJCs7lucTND
/0BUvpPer83sz7gFlAowohbxHsWtw1DX8EFvt8cGO8EI4VfGpfOHbqWwCUZjcG6j
-----END CERTIFICATE-----