Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/FRmN9y1dofbu9uV2SVKBscRJPaE.roa
File:                     FRmN9y1dofbu9uV2SVKBscRJPaE.roa (raw, json)
Hash identifier:          i5wkEtLisJLRoDPvr2hbcmTwVSpTnh1YO4vvVA91jV4=
Subject key identifier:   15:19:8D:F7:2D:5D:A1:F6:EE:F6:E5:76:49:52:81:B1:C4:49:3D:A1
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019CBAB93BC499EA531ADA400BA43AFA927C
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/FRmN9y1dofbu9uV2SVKBscRJPaE.roa
Signing time:             Wed 04 Mar 2026 21:20:27 +0000
ROA not before:           Wed 04 Mar 2026 21:20:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     400328
IP address blocks:        2a0a:2d02::/32 maxlen: 32
                          2a0f:1e06::/32 maxlen: 32
                          2a10:7b00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Mar 2026 10:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ba:b9:3b:c4:99:ea:53:1a:da:40:0b:a4:3a:fa:92:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Mar  4 21:20:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=15198df72d5da1f6eef6e576495281b1c4493da1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:c1:37:20:3c:14:85:23:f6:03:cc:87:a4:10:
                    87:5e:50:85:cc:c4:42:41:77:fa:33:95:aa:4f:69:
                    a7:82:a1:f2:f6:5a:ea:8c:19:65:56:77:a9:fe:51:
                    ab:6a:69:99:43:69:d7:8c:09:21:c0:c5:c3:c0:c7:
                    5f:cc:c6:f3:e6:79:b9:ed:33:3b:ee:90:59:1a:d5:
                    f2:b5:bc:53:f3:ff:6b:cb:2a:d7:cd:e5:01:ea:77:
                    0b:e6:5b:68:0d:88:8e:15:f9:84:71:08:0d:5c:35:
                    fe:7f:4f:52:3e:35:23:8b:12:03:a1:e9:41:6e:a7:
                    0e:24:82:99:f2:23:37:97:b7:59:a3:0e:4f:16:b5:
                    b0:41:47:3f:6c:89:50:80:e8:01:cb:b4:a5:f5:74:
                    53:38:4e:1f:b3:32:69:d8:bc:36:24:9c:a3:b7:4b:
                    4b:ab:df:77:b5:c7:4a:08:71:ee:7e:3d:e1:91:8f:
                    f0:12:c2:3f:b4:c8:a4:b9:62:43:19:a6:50:0c:a7:
                    55:1d:7e:ae:49:70:44:80:b5:3f:9c:5f:97:93:65:
                    96:1b:c9:78:17:f5:39:54:7c:b7:d2:24:2c:bd:34:
                    54:a5:52:8b:c3:ca:4e:2a:ef:78:e3:65:53:ad:57:
                    d2:2f:1f:d9:bf:ee:df:f6:6a:6b:46:21:91:b3:2a:
                    2d:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:19:8D:F7:2D:5D:A1:F6:EE:F6:E5:76:49:52:81:B1:C4:49:3D:A1
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/FRmN9y1dofbu9uV2SVKBscRJPaE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:2d02::/32
                  2a0f:1e06::/32
                  2a10:7b00::/29

    Signature Algorithm: sha256WithRSAEncryption
         78:7b:62:3f:16:4e:1c:b5:3f:48:cf:0a:fd:0b:ab:e7:53:bd:
         4e:6e:ee:da:46:5f:75:89:ca:7c:d2:ca:76:04:63:2d:79:7a:
         8c:d5:12:9d:ba:d4:8b:4a:d8:7d:51:ce:41:90:73:68:11:0b:
         d5:dd:56:8e:51:b4:fb:8a:11:50:9e:c1:45:11:eb:be:fb:7f:
         3e:b8:a2:67:a7:57:29:7a:89:a5:47:d2:b3:b2:a3:94:43:d6:
         f8:a7:cb:a2:6f:6b:a1:d4:b3:cc:7b:75:93:0e:7e:82:e7:ff:
         78:ce:36:7c:dd:2a:78:65:c5:29:bb:c9:ec:61:60:dc:39:81:
         84:39:83:a9:c1:2d:a4:a0:32:16:69:9f:c0:80:70:a2:9f:65:
         ec:04:a9:b1:68:be:9a:7b:87:69:56:f0:ed:c0:c9:f5:8d:0c:
         b2:52:cb:96:b9:90:f2:0e:35:bf:29:2d:24:b3:18:38:07:4e:
         a5:2c:a6:a4:c6:67:8d:42:7d:04:23:fc:32:7e:13:c1:bf:f2:
         dd:4e:b8:de:fa:c6:9b:4c:3d:5a:fa:e6:98:35:e2:26:2c:d9:
         eb:13:1b:1d:8e:e6:c7:32:d2:11:ec:06:ac:ce:0c:04:a9:5c:
         06:e0:11:0a:26:1b:49:7d:8b:d8:17:07:7c:b1:d9:ea:54:9c:
         d0:9e:3c:45
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZy6uTvEmepTGtpAC6Q6+pJ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwMzA0MjEyMDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTE5OGRmNzJkNWRhMWY2ZWVmNmU1NzY0OTUyODFiMWM0NDkzZGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8E3IDwUhSP2A8yHpBCHXlCFzMRC
QXf6M5WqT2mngqHy9lrqjBllVnep/lGrammZQ2nXjAkhwMXDwMdfzMbz5nm57TM7
7pBZGtXytbxT8/9ryyrXzeUB6ncL5ltoDYiOFfmEcQgNXDX+f09SPjUjixIDoelB
bqcOJIKZ8iM3l7dZow5PFrWwQUc/bIlQgOgBy7Sl9XRTOE4fszJp2Lw2JJyjt0tL
q993tcdKCHHufj3hkY/wEsI/tMikuWJDGaZQDKdVHX6uSXBEgLU/nF+Xk2WWG8l4
F/U5VHy30iQsvTRUpVKLw8pOKu9442VTrVfSLx/Zv+7f9mprRiGRsyotOwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBUZjfctXaH27vbldklSgbHEST2hMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvRlJtTjl5MWRvZmJ1OXVWMlNWS0JzY1JKUGFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKgotAgMF
ACoPHgYDBQMqEHsAMA0GCSqGSIb3DQEBCwUAA4IBAQB4e2I/Fk4ctT9Izwr9C6vn
U71Obu7aRl91icp80sp2BGMteXqM1RKdutSLSth9Uc5BkHNoEQvV3VaOUbT7ihFQ
nsFFEeu++38+uKJnp1cpeomlR9KzsqOUQ9b4p8uib2uh1LPMe3WTDn6C5/94zjZ8
3Sp4ZcUpu8nsYWDcOYGEOYOpwS2koDIWaZ/AgHCin2XsBKmxaL6ae4dpVvDtwMn1
jQyyUsuWuZDyDjW/KS0ksxg4B06lLKakxmeNQn0EI/wyfhPBv/LdTrje+sabTD1a
+uaYNeImLNnrExsdjubHMtIR7AaszgwEqVwG4BEKJhtJfYvYFwd8sdnqVJzQnjxF
-----END CERTIFICATE-----