Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Fgdf9zMyttPhJJv1JUiLmo4qbV8.roa
File:                     Fgdf9zMyttPhJJv1JUiLmo4qbV8.roa (raw, json)
Hash identifier:          62cpCv2IwRcqLRhyO35or2ks8/BR5EBxzVNKVdvCClQ=
Subject key identifier:   16:07:5F:F7:33:32:B6:D3:E1:24:9B:F5:25:48:8B:9A:8E:2A:6D:5F
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019CB7F6722996F73C98FE602380F35B5FA3
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Fgdf9zMyttPhJJv1JUiLmo4qbV8.roa
Signing time:             Wed 04 Mar 2026 08:28:27 +0000
ROA not before:           Wed 04 Mar 2026 08:28:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     34665
IP address blocks:        2a07:a300::/29 maxlen: 29
                          2a0f:31c5::/32 maxlen: 32
                          2a13:d44::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Mar 2026 10:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b7:f6:72:29:96:f7:3c:98:fe:60:23:80:f3:5b:5f:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Mar  4 08:28:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=16075ff73332b6d3e1249bf525488b9a8e2a6d5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ed:db:08:aa:a7:98:21:bb:cd:00:e0:0e:35:
                    fa:12:73:ca:65:84:29:41:69:63:c1:6c:a8:12:98:
                    fb:bb:9b:b2:e9:1d:64:a8:a4:8f:30:96:1c:95:f9:
                    af:4f:f4:fa:af:b3:eb:65:a2:ca:6b:20:56:a8:51:
                    68:5b:d6:db:e6:31:3b:6e:c9:da:f0:ac:c9:3e:e2:
                    a8:29:9e:92:fe:95:d0:84:94:15:02:64:63:7a:5e:
                    8a:0b:61:01:2e:35:74:e4:14:be:32:48:df:39:85:
                    90:d2:eb:ab:3a:b2:d3:97:db:d3:f0:78:f2:f4:8f:
                    30:56:96:1b:6f:97:92:3e:51:52:22:98:1b:0a:9c:
                    de:94:81:88:ec:c9:85:3d:1f:ba:cf:a4:18:ae:13:
                    95:5f:d0:24:5d:bd:1c:c1:b2:bf:0b:38:de:c1:54:
                    1c:b1:fa:0b:db:86:90:6e:33:d6:1e:89:e4:d5:10:
                    78:26:4b:22:3f:b5:81:7a:e8:40:d6:59:73:de:a2:
                    90:25:75:8a:2d:a5:14:18:af:f0:e4:61:34:2f:f4:
                    2f:92:52:ed:7e:2e:3b:38:cf:13:fc:ba:77:0b:f5:
                    77:cc:89:74:c3:c8:1e:8d:d4:70:79:e7:46:01:25:
                    07:d8:92:2a:29:9f:64:14:08:2a:98:60:da:03:63:
                    2d:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:07:5F:F7:33:32:B6:D3:E1:24:9B:F5:25:48:8B:9A:8E:2A:6D:5F
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Fgdf9zMyttPhJJv1JUiLmo4qbV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:a300::/29
                  2a0f:31c5::/32
                  2a13:d44::/32

    Signature Algorithm: sha256WithRSAEncryption
         b7:27:37:b8:92:ba:1e:5a:2f:ba:98:73:d5:e8:ed:a7:b2:1c:
         66:b1:dd:69:f1:23:ed:2a:c7:d4:fe:be:80:49:d9:07:fa:13:
         4b:4a:6e:83:a9:ee:f3:9d:05:45:3b:ea:7d:bc:49:49:3d:91:
         42:76:bc:fe:71:06:39:e1:3f:9e:ba:88:6b:0e:a0:78:46:98:
         f2:46:0a:8e:10:99:74:9a:03:f6:db:ca:f6:12:fa:15:0e:37:
         f9:4a:38:d2:8f:a7:4c:4e:da:7d:b8:d3:2b:bb:6f:48:ca:4a:
         15:cf:f7:91:18:86:a9:b2:44:10:1a:be:ca:47:fe:4d:bd:1a:
         fc:48:f0:6c:b7:9b:a6:9a:af:3b:39:33:f5:81:0d:d5:3b:54:
         a4:01:9b:24:b6:d4:74:45:cb:53:5c:b5:ac:1e:03:ce:a6:c5:
         c0:ec:7b:f5:fa:a0:e8:75:13:bf:2c:28:6f:7d:f1:f3:be:61:
         b3:b0:79:86:49:35:23:38:e6:c7:b0:38:72:64:81:fa:34:9f:
         32:fa:cc:81:da:fa:3a:9b:64:a3:3e:b3:5a:0f:1f:c5:24:38:
         46:cd:7a:7c:ee:87:a0:b9:39:01:03:99:36:55:14:44:a6:4b:
         3b:ce:1c:20:5e:39:b2:6a:9e:fc:18:cb:09:7e:e0:37:ab:e1:
         67:4e:29:61
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZy39nIplvc8mP5gI4DzW1+jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwMzA0MDgyODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjA3NWZmNzMzMzJiNmQzZTEyNDliZjUyNTQ4OGI5YThlMmE2ZDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwe3bCKqnmCG7zQDgDjX6EnPKZYQp
QWljwWyoEpj7u5uy6R1kqKSPMJYclfmvT/T6r7PrZaLKayBWqFFoW9bb5jE7bsna
8KzJPuKoKZ6S/pXQhJQVAmRjel6KC2EBLjV05BS+MkjfOYWQ0uurOrLTl9vT8Hjy
9I8wVpYbb5eSPlFSIpgbCpzelIGI7MmFPR+6z6QYrhOVX9AkXb0cwbK/CzjewVQc
sfoL24aQbjPWHonk1RB4JksiP7WBeuhA1llz3qKQJXWKLaUUGK/w5GE0L/QvklLt
fi47OM8T/Lp3C/V3zIl0w8gejdRweedGASUH2JIqKZ9kFAgqmGDaA2MtjQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBYHX/czMrbT4SSb9SVIi5qOKm1fMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvRmdkZjl6TXl0dFBoSkp2MUpVaUxtbzRxYlY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKgejAAMF
ACoPMcUDBQAqEw1EMA0GCSqGSIb3DQEBCwUAA4IBAQC3Jze4kroeWi+6mHPV6O2n
shxmsd1p8SPtKsfU/r6ASdkH+hNLSm6Dqe7znQVFO+p9vElJPZFCdrz+cQY54T+e
uohrDqB4RpjyRgqOEJl0mgP228r2EvoVDjf5SjjSj6dMTtp9uNMru29IykoVz/eR
GIapskQQGr7KR/5NvRr8SPBst5ummq87OTP1gQ3VO1SkAZskttR0RctTXLWsHgPO
psXA7Hv1+qDodRO/LChvffHzvmGzsHmGSTUjOObHsDhyZIH6NJ8y+syB2vo6m2Sj
PrNaDx/FJDhGzXp87oeguTkBA5k2VRREpks7zhwgXjmyap78GMsJfuA3q+FnTilh
-----END CERTIFICATE-----