Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/G9oDJdsSOVDXmH2ufVN1i7FaaRc.roa
File:                     G9oDJdsSOVDXmH2ufVN1i7FaaRc.roa (raw, json)
Hash identifier:          YxTt2sBJDU2f8FmOavpt8H/gZ3lWnuiNjgr66Ai7d2g=
Subject key identifier:   1B:DA:03:25:DB:12:39:50:D7:98:7D:AE:7D:53:75:8B:B1:5A:69:17
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019DCE4DF0F253A0D238632162B377BE4A1B
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/G9oDJdsSOVDXmH2ufVN1i7FaaRc.roa
Signing time:             Mon 27 Apr 2026 09:38:27 +0000
ROA not before:           Mon 27 Apr 2026 09:38:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198831
IP address blocks:        2a0a:2d06:101::/48 maxlen: 48
                          2a0e:f600:2c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 04 May 2026 11:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ce:4d:f0:f2:53:a0:d2:38:63:21:62:b3:77:be:4a:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Apr 27 09:38:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1bda0325db123950d7987dae7d53758bb15a6917
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:1a:97:68:ea:81:30:69:68:5b:ee:06:eb:96:
                    cd:f0:ab:3e:fb:30:3e:06:9d:ae:ec:5f:0e:8e:0e:
                    9c:fe:19:90:08:64:32:7b:74:84:24:87:e5:66:ef:
                    f5:cd:70:0d:18:f6:c1:51:db:2d:1c:6a:1c:b4:f7:
                    e5:ce:76:4e:85:18:0f:3c:43:c2:f4:8d:6b:46:2d:
                    ea:2a:94:a8:0f:ff:05:4b:dc:e7:a8:2d:59:0a:4f:
                    3b:66:6a:bb:b4:8a:ec:dd:c5:f0:63:26:b1:5e:5e:
                    1c:86:04:ab:02:84:5a:83:00:12:79:32:0e:dc:fc:
                    6e:7e:48:86:66:ba:cd:47:23:d0:00:f7:7c:30:dc:
                    0d:9e:34:ad:26:ef:1d:d4:95:1f:e6:2d:00:50:8b:
                    f8:3c:d8:b9:09:0b:f1:81:bd:e6:be:23:5e:6d:b0:
                    27:d4:02:58:94:1f:da:77:b4:dd:fe:a9:71:51:0a:
                    95:91:d6:5c:70:d4:e4:ca:10:8a:fb:ed:b6:2f:4c:
                    87:c7:da:63:4a:7d:34:6d:d4:65:00:d8:5b:f3:85:
                    17:01:05:ea:90:13:d5:57:61:2f:98:57:c0:ac:a2:
                    4b:ed:f7:d2:8d:50:c0:91:d7:c2:c7:34:ee:48:01:
                    6d:f6:85:78:b1:24:b7:64:fe:5e:f4:ea:c4:0f:e4:
                    83:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:DA:03:25:DB:12:39:50:D7:98:7D:AE:7D:53:75:8B:B1:5A:69:17
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/G9oDJdsSOVDXmH2ufVN1i7FaaRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:2d06:101::/48
                  2a0e:f600:2c::/48

    Signature Algorithm: sha256WithRSAEncryption
         93:12:f7:7c:f2:8a:88:94:94:fc:32:17:01:97:dd:ab:7b:fa:
         4c:d4:90:fd:19:58:ed:32:f0:ec:66:15:cd:7b:c3:28:06:cb:
         37:5a:99:ad:7e:51:6a:05:cb:3d:15:dd:bb:1a:aa:26:79:f9:
         5e:ca:4e:28:68:fc:98:a2:4b:0d:87:25:cb:55:44:ea:ee:95:
         ea:3c:10:68:99:99:a1:e1:03:9f:8e:9a:50:b1:27:9f:66:9c:
         58:35:1d:a9:65:7d:0f:c6:4e:96:37:f5:36:f0:59:70:7e:52:
         ad:30:28:86:30:87:58:8c:ec:57:80:df:ee:0c:58:49:d4:ed:
         22:bf:4a:72:e1:4c:6c:fa:4b:38:a3:7c:b2:06:4f:ff:16:c3:
         19:9a:8c:45:21:29:27:fb:69:11:63:76:5d:31:a3:46:9c:32:
         34:8d:af:a1:b1:7f:f4:b9:da:36:12:4d:2e:57:0a:ef:a7:d6:
         f2:72:b9:b1:d9:a8:f8:30:e9:09:cc:f9:6d:4b:55:c3:4e:e7:
         0a:90:8d:e4:9a:1b:6e:96:47:bf:24:91:bc:2d:0f:80:d0:24:
         25:c9:8a:08:3b:02:9a:28:5b:1d:6d:c4:ec:f7:40:31:95:02:
         16:88:df:64:ab:b1:79:5d:23:95:52:79:7d:9f:6c:ae:b0:6c:
         44:15:0b:b0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ3OTfDyU6DSOGMhYrN3vkobMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwNDI3MDkzODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmRhMDMyNWRiMTIzOTUwZDc5ODdkYWU3ZDUzNzU4YmIxNWE2OTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7BqXaOqBMGloW+4G65bN8Ks++zA+
Bp2u7F8Ojg6c/hmQCGQye3SEJIflZu/1zXANGPbBUdstHGoctPflznZOhRgPPEPC
9I1rRi3qKpSoD/8FS9znqC1ZCk87Zmq7tIrs3cXwYyaxXl4chgSrAoRagwASeTIO
3PxufkiGZrrNRyPQAPd8MNwNnjStJu8d1JUf5i0AUIv4PNi5CQvxgb3mviNebbAn
1AJYlB/ad7Td/qlxUQqVkdZccNTkyhCK++22L0yHx9pjSn00bdRlANhb84UXAQXq
kBPVV2EvmFfArKJL7ffSjVDAkdfCxzTuSAFt9oV4sSS3ZP5e9OrED+SD7wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBvaAyXbEjlQ15h9rn1TdYuxWmkXMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvRzlvREpkc1NPVkRYbUgydWZWTjFpN0ZhYVJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgotBgEB
AwcAKg72AAAsMA0GCSqGSIb3DQEBCwUAA4IBAQCTEvd88oqIlJT8MhcBl92re/pM
1JD9GVjtMvDsZhXNe8MoBss3WpmtflFqBcs9Fd27Gqomefleyk4oaPyYoksNhyXL
VUTq7pXqPBBomZmh4QOfjppQsSefZpxYNR2pZX0Pxk6WN/U28FlwflKtMCiGMIdY
jOxXgN/uDFhJ1O0iv0py4Uxs+ks4o3yyBk//FsMZmoxFISkn+2kRY3ZdMaNGnDI0
ja+hsX/0udo2Ek0uVwrvp9bycrmx2aj4MOkJzPltS1XDTucKkI3kmhtulke/JJG8
LQ+A0CQlyYoIOwKaKFsdbcTs90AxlQIWiN9kq7F5XSOVUnl9n2yusGxEFQuw
-----END CERTIFICATE-----