Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/PMhloxd7APeRvuR9yj8cOzlXvt0.roa
File:                     PMhloxd7APeRvuR9yj8cOzlXvt0.roa (raw, json)
Hash identifier:          LfjX/8U9O48l0O4ZIRucgLzA/nj3HSqdlHvw/Fxfzs0=
Subject key identifier:   3C:C8:65:A3:17:7B:00:F7:91:BE:E4:7D:CA:3F:1C:3B:39:57:BE:DD
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019E849DB23FE57DF5573BEBEB7FE7A04FA7
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/PMhloxd7APeRvuR9yj8cOzlXvt0.roa
Signing time:             Mon 01 Jun 2026 19:16:27 +0000
ROA not before:           Mon 01 Jun 2026 19:16:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213734
IP address blocks:        2a0f:b400::/29 maxlen: 29
                          2a10:3340::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 17:49:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:84:9d:b2:3f:e5:7d:f5:57:3b:eb:eb:7f:e7:a0:4f:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jun  1 19:16:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3cc865a3177b00f791bee47dca3f1c3b3957bedd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:7b:dc:55:26:bc:3b:88:9c:3d:1e:35:0d:84:
                    4f:1c:00:46:0d:73:7d:12:c6:4c:9d:61:7c:ab:f5:
                    be:e0:6d:df:72:30:b7:5d:68:84:01:d4:9e:ec:76:
                    f7:10:64:1d:81:72:54:5d:b1:a0:40:24:3f:e9:0f:
                    3d:05:f3:37:5d:5d:aa:77:37:a0:28:4f:22:df:9a:
                    48:3e:a3:07:a2:0a:30:8c:38:50:74:c0:1e:4d:2b:
                    8a:a3:c7:b3:0f:e8:04:76:42:69:92:4b:bf:9d:c0:
                    a3:d1:17:0e:97:27:9c:7c:7f:fd:fe:68:99:27:0f:
                    56:cf:79:53:aa:f7:d4:bc:4a:b9:74:c0:34:6f:4f:
                    73:cd:fb:f8:af:1d:58:b1:e1:9b:4d:2f:41:94:bf:
                    e9:f3:4f:20:c8:ec:18:f8:54:32:59:bf:73:52:a8:
                    fd:05:a8:75:a8:8f:e7:d3:0c:c6:43:91:e4:31:d0:
                    7e:63:eb:ed:12:45:ff:c4:d0:c1:29:77:f5:2d:e4:
                    95:05:fd:f3:25:a4:a1:1a:e8:c0:85:cd:6c:47:cf:
                    cd:c9:82:a0:7e:2a:80:eb:3c:55:f8:b1:c1:a5:4f:
                    15:60:e3:92:34:ea:4f:05:7d:2d:fe:93:ad:be:e6:
                    74:4d:79:d6:99:55:78:d8:da:51:25:90:35:79:04:
                    19:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:C8:65:A3:17:7B:00:F7:91:BE:E4:7D:CA:3F:1C:3B:39:57:BE:DD
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/PMhloxd7APeRvuR9yj8cOzlXvt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b400::/29
                  2a10:3340::/29

    Signature Algorithm: sha256WithRSAEncryption
         56:db:ba:c5:22:2d:a0:9c:b8:3e:e5:d0:92:c9:2b:1b:24:42:
         09:07:dc:5c:a6:ff:f6:87:39:b7:1a:c6:31:ef:f7:66:ac:49:
         85:7b:f2:bc:9e:cc:47:f5:3e:8c:65:4a:71:64:9b:c4:70:dd:
         7d:ea:7c:4b:31:9d:8c:3e:40:20:6e:3b:4c:4e:f2:29:0a:cd:
         6f:4d:ff:da:26:cf:81:4c:0a:3f:0f:ac:cf:7c:a0:71:73:1f:
         f3:a3:6c:d5:a7:be:f7:e3:89:3e:71:b4:08:85:b0:b4:39:68:
         65:a9:ff:a0:3f:51:32:d5:ae:ac:55:f2:fc:3a:4a:ca:a6:c3:
         8b:5f:89:7d:69:af:4e:6e:37:b0:dd:de:89:80:cd:cd:94:3f:
         8f:30:bf:26:2e:d4:45:6b:6f:0f:87:a2:60:76:c4:00:43:b2:
         71:b1:2e:11:1c:c3:1f:ae:81:09:17:48:c0:da:1c:e2:30:c6:
         6a:3c:a9:86:04:12:87:c6:a3:84:76:aa:ce:c3:1f:c6:26:d8:
         d3:73:69:25:b3:45:da:ce:9c:5a:e8:f5:2c:4f:75:9c:b1:21:
         7d:24:d7:b3:d2:06:2e:d8:4e:b0:17:43:1d:e6:ac:b2:62:53:
         c6:92:05:59:2f:d7:91:31:7f:d3:58:b0:47:ed:fe:59:4c:52:
         5b:81:ba:e2
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ6EnbI/5X31Vzvr63/noE+nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwNjAxMTkxNjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2M4NjVhMzE3N2IwMGY3OTFiZWU0N2RjYTNmMWMzYjM5NTdiZWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxHvcVSa8O4icPR41DYRPHABGDXN9
EsZMnWF8q/W+4G3fcjC3XWiEAdSe7Hb3EGQdgXJUXbGgQCQ/6Q89BfM3XV2qdzeg
KE8i35pIPqMHogowjDhQdMAeTSuKo8ezD+gEdkJpkku/ncCj0RcOlyecfH/9/miZ
Jw9Wz3lTqvfUvEq5dMA0b09zzfv4rx1YseGbTS9BlL/p808gyOwY+FQyWb9zUqj9
Bah1qI/n0wzGQ5HkMdB+Y+vtEkX/xNDBKXf1LeSVBf3zJaShGujAhc1sR8/NyYKg
fiqA6zxV+LHBpU8VYOOSNOpPBX0t/pOtvuZ0TXnWmVV42NpRJZA1eQQZ3QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDzIZaMXewD3kb7kfco/HDs5V77dMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvUE1obG94ZDdBUGVSdnVSOXlqOGNPemxYdnQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKg+0AAMF
AyoQM0AwDQYJKoZIhvcNAQELBQADggEBAFbbusUiLaCcuD7l0JLJKxskQgkH3Fym
//aHObcaxjHv92asSYV78ryezEf1PoxlSnFkm8Rw3X3qfEsxnYw+QCBuO0xO8ikK
zW9N/9omz4FMCj8PrM98oHFzH/OjbNWnvvfjiT5xtAiFsLQ5aGWp/6A/UTLVrqxV
8vw6Ssqmw4tfiX1pr05uN7Dd3omAzc2UP48wvyYu1EVrbw+HomB2xABDsnGxLhEc
wx+ugQkXSMDaHOIwxmo8qYYEEofGo4R2qs7DH8Ym2NNzaSWzRdrOnFro9SxPdZyx
IX0k17PSBi7YTrAXQx3mrLJiU8aSBVkv15Exf9NYsEft/llMUluBuuI=
-----END CERTIFICATE-----