Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Nf1xrRyBV46bEWk4A7DuTYT5Ywo.roa
File:                     Nf1xrRyBV46bEWk4A7DuTYT5Ywo.roa (raw, json)
Hash identifier:          qrX7Ky8pzY5BbRn1fWiFJ17mnl/nUfeLTbzS+8AIOTA=
Subject key identifier:   35:FD:71:AD:1C:81:57:8E:9B:11:69:38:03:B0:EE:4D:84:F9:63:0A
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019E83A856E8CAE3C0E5D333847B56B56570
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Nf1xrRyBV46bEWk4A7DuTYT5Ywo.roa
Signing time:             Mon 01 Jun 2026 14:48:27 +0000
ROA not before:           Mon 01 Jun 2026 14:48:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     142622
IP address blocks:        2a12:f540::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 17:49:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:83:a8:56:e8:ca:e3:c0:e5:d3:33:84:7b:56:b5:65:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jun  1 14:48:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=35fd71ad1c81578e9b11693803b0ee4d84f9630a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a2:70:e7:f8:b5:30:1a:50:69:dc:21:b1:66:
                    eb:14:8c:42:fb:f6:3e:9e:b2:8f:0d:8d:0a:bb:5a:
                    94:f9:42:ac:dd:a9:2d:51:a0:b0:a4:5e:76:6e:d8:
                    50:2e:8e:3d:a6:4a:04:cf:36:b7:da:c5:a5:b7:8b:
                    8b:1b:0e:a6:08:d7:f3:e3:3f:3a:00:3d:1e:78:72:
                    c4:48:1c:f1:0f:d3:6d:ea:25:89:40:79:03:da:67:
                    d3:28:a7:18:37:b6:bb:f7:6e:54:0e:6c:3d:23:3a:
                    00:77:ab:79:ea:e9:8e:9d:72:be:08:12:39:c2:62:
                    24:d2:aa:f1:2a:ab:50:91:e2:ae:36:45:94:6c:1f:
                    d5:d0:79:3b:cc:da:93:19:38:4e:c1:18:29:30:1f:
                    ea:25:02:39:72:85:d3:bc:e0:3c:02:18:a4:e3:cf:
                    c6:64:0b:d4:a0:3f:99:6e:d3:fd:56:03:5c:0a:b7:
                    61:80:b3:62:79:e1:51:7e:82:7b:6e:0a:94:b9:c6:
                    55:13:a1:df:8c:7c:24:18:b1:72:7c:b6:18:ec:ea:
                    60:bb:9f:c9:12:4b:c3:c7:b4:ef:a8:da:73:be:5f:
                    ee:57:f4:52:53:3e:71:b4:34:e9:eb:40:78:f5:5b:
                    66:b7:99:af:b8:0a:40:ec:65:60:e8:af:5e:f9:fe:
                    af:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:FD:71:AD:1C:81:57:8E:9B:11:69:38:03:B0:EE:4D:84:F9:63:0A
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Nf1xrRyBV46bEWk4A7DuTYT5Ywo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:f540::/29

    Signature Algorithm: sha256WithRSAEncryption
         89:3f:34:b0:f5:64:aa:92:8f:d9:26:2d:2d:e9:46:ca:4a:69:
         8d:f7:78:63:7f:1d:36:44:a1:6f:71:56:ae:5f:3e:5f:f2:93:
         2f:ed:bb:a8:8d:ba:66:5b:85:5f:47:57:e9:01:f1:0a:48:94:
         2f:2f:42:8d:88:d3:d8:db:4f:a2:2f:37:31:9b:d3:00:c4:1b:
         9d:b2:67:3f:a7:88:3b:f4:87:e6:0a:a3:cd:0a:f3:07:e1:38:
         ae:07:b9:fb:5b:69:62:09:89:fa:40:71:6d:a5:ab:42:e9:40:
         0b:26:7b:82:5f:90:d6:2f:24:ce:af:af:da:5a:ab:21:f4:b2:
         aa:d8:bf:02:62:05:86:9c:5c:8c:d6:d0:77:a7:52:d3:51:17:
         e9:13:a4:e5:12:b8:d2:96:f7:40:ce:cc:ab:36:fb:0b:e4:de:
         80:41:53:58:73:6a:bf:a3:b9:31:07:e3:6f:59:60:cf:e1:a6:
         a6:f8:03:b4:ae:50:9d:d4:9d:b1:70:e3:8d:68:01:b6:ec:65:
         4d:b3:34:5a:0e:26:9c:94:3f:44:a7:fc:e8:8e:fd:13:ca:cc:
         e3:8a:fe:2d:b8:63:e4:3b:b0:5e:45:27:a3:84:f6:e4:e3:ad:
         e1:be:92:bb:ce:92:a8:c1:2d:c3:7e:f1:1c:2d:56:7e:95:2b:
         b0:ec:85:17
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ6DqFboyuPA5dMzhHtWtWVwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwNjAxMTQ0ODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWZkNzFhZDFjODE1NzhlOWIxMTY5MzgwM2IwZWU0ZDg0Zjk2MzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6Jw5/i1MBpQadwhsWbrFIxC+/Y+
nrKPDY0Ku1qU+UKs3aktUaCwpF52bthQLo49pkoEzza32sWlt4uLGw6mCNfz4z86
AD0eeHLESBzxD9Nt6iWJQHkD2mfTKKcYN7a7925UDmw9IzoAd6t56umOnXK+CBI5
wmIk0qrxKqtQkeKuNkWUbB/V0Hk7zNqTGThOwRgpMB/qJQI5coXTvOA8Ahik48/G
ZAvUoD+ZbtP9VgNcCrdhgLNieeFRfoJ7bgqUucZVE6HfjHwkGLFyfLYY7Opgu5/J
EkvDx7TvqNpzvl/uV/RSUz5xtDTp60B49Vtmt5mvuApA7GVg6K9e+f6v+wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDX9ca0cgVeOmxFpOAOw7k2E+WMKMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvTmYxeHJSeUJWNDZiRVdrNEE3RHVUWVQ1WXdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhL1QDAN
BgkqhkiG9w0BAQsFAAOCAQEAiT80sPVkqpKP2SYtLelGykppjfd4Y38dNkShb3FW
rl8+X/KTL+27qI26ZluFX0dX6QHxCkiULy9CjYjT2NtPoi83MZvTAMQbnbJnP6eI
O/SH5gqjzQrzB+E4rge5+1tpYgmJ+kBxbaWrQulACyZ7gl+Q1i8kzq+v2lqrIfSy
qti/AmIFhpxcjNbQd6dS01EX6ROk5RK40pb3QM7Mqzb7C+TegEFTWHNqv6O5MQfj
b1lgz+GmpvgDtK5QndSdsXDjjWgBtuxlTbM0Wg4mnJQ/RKf86I79E8rM44r+Lbhj
5DuwXkUno4T25OOt4b6Su86SqMEtw37xHC1WfpUrsOyFFw==
-----END CERTIFICATE-----