Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/RyOSuPp-zPjpr9mgeNyZSxdsJeU.roa
File:                     RyOSuPp-zPjpr9mgeNyZSxdsJeU.roa (raw, json)
Hash identifier:          Y5HcEWbYs5BJqNTMJchl6Z1vK1BbvrO2ATQk29uWgkk=
Subject key identifier:   47:23:92:B8:FA:7E:CC:F8:E9:AF:D9:A0:78:DC:99:4B:17:6C:25:E5
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019D62294A6229F01A0B0AF01986217E1897
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/RyOSuPp-zPjpr9mgeNyZSxdsJeU.roa
Signing time:             Mon 06 Apr 2026 09:39:26 +0000
ROA not before:           Mon 06 Apr 2026 09:39:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     398465
IP address blocks:        2a13:c906::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 Apr 2026 17:02:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:62:29:4a:62:29:f0:1a:0b:0a:f0:19:86:21:7e:18:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Apr  6 09:39:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=472392b8fa7eccf8e9afd9a078dc994b176c25e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:8a:c6:44:e0:d5:43:b2:58:8d:a1:52:d2:7b:
                    2c:3b:fe:4e:d0:30:29:40:28:cd:27:41:c5:70:ab:
                    67:98:f3:76:42:fb:2b:2f:f2:5d:22:91:bf:46:0e:
                    5b:29:93:74:e9:9a:fd:e3:4c:91:87:f0:06:11:e4:
                    3c:41:04:21:8d:6a:58:ac:ec:eb:37:e0:00:f2:68:
                    3e:18:6f:d1:4d:df:91:e0:4d:e4:2b:f2:d3:42:0d:
                    11:b5:6f:1b:1d:b2:b8:52:53:e5:ca:5a:39:9f:e6:
                    e3:8b:f3:5b:52:81:df:bc:24:75:53:82:e4:ce:e8:
                    d2:c8:35:be:ef:a7:b3:d5:50:1a:61:45:35:fe:df:
                    f7:2d:23:33:50:65:d2:ff:83:22:54:90:f9:74:87:
                    cc:3b:53:64:f0:89:67:98:96:af:15:5e:5c:4e:13:
                    b1:36:73:1f:83:03:6d:5f:b9:48:7a:ac:0c:bf:f7:
                    7e:ff:67:d9:d1:15:65:03:82:c2:0a:09:76:c7:6a:
                    e2:ba:e3:79:5c:ed:cf:ce:81:a1:98:08:03:9b:18:
                    e1:36:84:38:8c:94:ab:61:14:ab:7a:d8:8b:74:08:
                    bb:2e:7b:b7:34:7f:d4:35:81:8e:42:db:ba:be:61:
                    bf:82:36:20:01:79:22:d9:a5:6a:4c:87:bf:8d:98:
                    00:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:23:92:B8:FA:7E:CC:F8:E9:AF:D9:A0:78:DC:99:4B:17:6C:25:E5
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/RyOSuPp-zPjpr9mgeNyZSxdsJeU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c906::/32

    Signature Algorithm: sha256WithRSAEncryption
         99:99:eb:cc:45:fd:37:08:d4:44:42:09:40:af:1b:33:f0:1c:
         a3:ab:8e:af:34:8c:38:e7:32:bb:91:da:76:b1:3d:8d:3d:2b:
         ff:88:c9:cf:8c:99:57:82:c5:49:72:05:39:dc:41:d9:20:b2:
         20:56:0c:1e:71:5f:7f:dc:a4:e0:33:2c:ac:f3:6b:50:6b:1d:
         4b:38:00:f4:98:e3:c8:f6:ef:7d:c8:09:ba:d7:28:e7:e3:1a:
         3c:48:35:f2:7b:8d:7f:0a:bb:63:19:f8:39:ed:78:4a:26:c4:
         4f:18:1a:a6:52:5b:46:4c:a4:bf:91:e4:bf:5e:6f:41:1f:33:
         86:c1:b4:a0:54:6f:0e:50:e9:fa:75:a8:7b:56:71:46:9c:07:
         53:87:19:17:f2:3a:b9:57:00:02:b3:85:5c:5c:5f:a2:6a:9f:
         2d:45:86:15:22:6d:38:f3:3f:5b:91:5b:d7:0a:c6:4d:64:7f:
         be:39:84:2a:ad:ba:a3:04:f7:a4:74:3c:28:92:e9:52:e3:e2:
         8c:73:c7:ab:b3:a4:d3:c6:fa:ce:7f:17:dc:19:4c:bd:ca:ac:
         1f:06:66:cc:6f:fb:4c:21:d9:1c:64:bf:df:ce:7b:43:11:44:
         e4:2e:f9:d5:a9:83:1c:fa:ef:82:01:c5:62:80:e3:93:e0:b5:
         0e:61:bd:ae
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ1iKUpiKfAaCwrwGYYhfhiXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwNDA2MDkzOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzIzOTJiOGZhN2VjY2Y4ZTlhZmQ5YTA3OGRjOTk0YjE3NmMyNWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqorGRODVQ7JYjaFS0nssO/5O0DAp
QCjNJ0HFcKtnmPN2QvsrL/JdIpG/Rg5bKZN06Zr940yRh/AGEeQ8QQQhjWpYrOzr
N+AA8mg+GG/RTd+R4E3kK/LTQg0RtW8bHbK4UlPlylo5n+bji/NbUoHfvCR1U4Lk
zujSyDW+76ez1VAaYUU1/t/3LSMzUGXS/4MiVJD5dIfMO1Nk8IlnmJavFV5cThOx
NnMfgwNtX7lIeqwMv/d+/2fZ0RVlA4LCCgl2x2riuuN5XO3PzoGhmAgDmxjhNoQ4
jJSrYRSretiLdAi7Lnu3NH/UNYGOQtu6vmG/gjYgAXki2aVqTIe/jZgANwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEcjkrj6fsz46a/ZoHjcmUsXbCXlMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvUnlPU3VQcC16UGpwcjltZ2VOeVpTeGRzSmVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhPJBjAN
BgkqhkiG9w0BAQsFAAOCAQEAmZnrzEX9NwjUREIJQK8bM/Aco6uOrzSMOOcyu5Ha
drE9jT0r/4jJz4yZV4LFSXIFOdxB2SCyIFYMHnFff9yk4DMsrPNrUGsdSzgA9Jjj
yPbvfcgJutco5+MaPEg18nuNfwq7Yxn4Oe14SibETxgaplJbRkykv5Hkv15vQR8z
hsG0oFRvDlDp+nWoe1ZxRpwHU4cZF/I6uVcAArOFXFxfomqfLUWGFSJtOPM/W5Fb
1wrGTWR/vjmEKq26owT3pHQ8KJLpUuPijHPHq7Ok08b6zn8X3BlMvcqsHwZmzG/7
TCHZHGS/3857QxFE5C751amDHPrvggHFYoDjk+C1DmG9rg==
-----END CERTIFICATE-----