Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/SnnwlHfa4rffTjCqXLPg5Bu6D7c.roa
File:                     SnnwlHfa4rffTjCqXLPg5Bu6D7c.roa (raw, json)
Hash identifier:          zHLjexDJS/tMfDWxosrc1aKV4JGGgEce+s5wj1dW+tc=
Subject key identifier:   4A:79:F0:94:77:DA:E2:B7:DF:4E:30:AA:5C:B3:E0:E4:1B:BA:0F:B7
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019C7C3C3A31405DC5BBBA8E6719E297DA2C
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/SnnwlHfa4rffTjCqXLPg5Bu6D7c.roa
Signing time:             Fri 20 Feb 2026 18:07:27 +0000
ROA not before:           Fri 20 Feb 2026 18:07:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     33042
IP address blocks:        2a0e:c784::/32 maxlen: 32
                          2a13:e103::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 24 Feb 2026 15:38:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7c:3c:3a:31:40:5d:c5:bb:ba:8e:67:19:e2:97:da:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Feb 20 18:07:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4a79f09477dae2b7df4e30aa5cb3e0e41bba0fb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:9e:b2:d1:3d:bd:2d:72:98:a9:9a:09:c4:e2:
                    7f:50:d4:29:c4:e5:e3:0b:95:73:55:2d:a7:8d:51:
                    f8:88:a9:c3:72:29:b1:51:49:ff:2d:58:d2:54:90:
                    4d:80:95:53:7c:d9:bd:c0:72:3a:0c:fc:db:38:bc:
                    4c:57:dd:87:51:33:e7:8c:71:5d:81:a1:89:3d:18:
                    30:06:af:7c:5f:11:ed:cd:8d:ea:a4:6a:e0:a3:2f:
                    65:ec:4f:31:10:1c:60:3c:4b:ec:c1:c5:0e:ae:22:
                    07:20:cd:bb:d4:ab:ea:2d:09:df:dc:ff:b3:39:28:
                    a4:04:f6:4a:53:f1:68:0b:9f:ac:2e:0b:14:7e:d5:
                    a2:32:2a:0a:c8:95:71:83:71:3c:54:68:b1:98:f8:
                    a3:10:a1:36:3e:78:f5:9b:9d:ea:42:50:0c:c3:93:
                    c0:a7:4d:50:9c:cd:2f:c8:30:eb:f2:18:ce:7e:c5:
                    68:6e:8f:2c:71:c6:9d:6e:ff:d2:5c:8c:e1:c1:f8:
                    42:a4:47:2e:c7:b1:96:ab:1e:37:db:91:51:ab:ab:
                    95:38:1d:5b:5b:a1:99:70:83:15:5c:69:db:fa:b4:
                    32:9e:56:32:79:10:e2:60:0c:46:8e:81:b0:6b:57:
                    8c:1a:a2:24:ae:39:0f:b4:35:b4:59:73:20:9f:cf:
                    37:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:79:F0:94:77:DA:E2:B7:DF:4E:30:AA:5C:B3:E0:E4:1B:BA:0F:B7
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/SnnwlHfa4rffTjCqXLPg5Bu6D7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:c784::/32
                  2a13:e103::/32

    Signature Algorithm: sha256WithRSAEncryption
         92:92:65:66:7e:d0:f2:2a:39:f2:a6:97:6b:91:ca:e4:7b:bb:
         05:7a:4f:87:8b:32:10:d6:6f:fb:5f:d2:cc:fd:98:0b:5d:73:
         7e:0d:f8:02:08:54:d7:cb:12:fd:86:11:e5:dc:3b:ab:c6:79:
         fc:53:d1:c8:3b:fa:c3:5f:85:bb:02:7f:33:43:c0:4f:35:66:
         ee:ad:9a:69:87:53:3d:2f:ff:d9:f9:f4:46:92:88:7c:0a:da:
         6f:cf:f4:94:c0:27:be:ff:c5:90:ca:97:70:e0:8d:2d:11:01:
         05:85:32:81:a9:3f:1a:6d:a8:38:93:f3:53:bc:c5:08:d8:8f:
         f9:63:94:ca:c3:20:15:19:76:48:20:19:5a:d1:c6:8b:06:75:
         76:35:86:b6:04:e3:fd:43:b7:eb:fb:1f:a7:9e:96:12:02:47:
         bd:34:68:37:47:4b:d6:e9:7d:23:57:9c:f0:a9:9d:24:a5:f6:
         24:f5:9e:ce:49:26:e5:96:5d:74:03:36:bb:ae:34:fb:8e:79:
         e1:57:7a:d5:5e:c2:e7:ab:be:20:c2:0e:ad:7a:6e:da:7f:ba:
         c1:80:55:a3:46:2d:5b:4a:e5:01:e9:7c:f6:39:1a:f7:ba:30:
         18:30:3c:99:28:36:ed:71:1e:ee:94:e1:dd:38:be:b2:61:ef:
         b4:a4:cd:12
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZx8PDoxQF3Fu7qOZxnil9osMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwMjIwMTgwNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTc5ZjA5NDc3ZGFlMmI3ZGY0ZTMwYWE1Y2IzZTBlNDFiYmEwZmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZ6y0T29LXKYqZoJxOJ/UNQpxOXj
C5VzVS2njVH4iKnDcimxUUn/LVjSVJBNgJVTfNm9wHI6DPzbOLxMV92HUTPnjHFd
gaGJPRgwBq98XxHtzY3qpGrgoy9l7E8xEBxgPEvswcUOriIHIM271KvqLQnf3P+z
OSikBPZKU/FoC5+sLgsUftWiMioKyJVxg3E8VGixmPijEKE2Pnj1m53qQlAMw5PA
p01QnM0vyDDr8hjOfsVobo8sccadbv/SXIzhwfhCpEcux7GWqx4325FRq6uVOB1b
W6GZcIMVXGnb+rQynlYyeRDiYAxGjoGwa1eMGqIkrjkPtDW0WXMgn883vwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEp58JR32uK3304wqlyz4OQbug+3MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvU25ud2xIZmE0cmZmVGpDcVhMUGc1QnU2RDdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKg7HhAMF
ACoT4QMwDQYJKoZIhvcNAQELBQADggEBAJKSZWZ+0PIqOfKml2uRyuR7uwV6T4eL
MhDWb/tf0sz9mAtdc34N+AIIVNfLEv2GEeXcO6vGefxT0cg7+sNfhbsCfzNDwE81
Zu6tmmmHUz0v/9n59EaSiHwK2m/P9JTAJ77/xZDKl3DgjS0RAQWFMoGpPxptqDiT
81O8xQjYj/ljlMrDIBUZdkggGVrRxosGdXY1hrYE4/1Dt+v7H6eelhICR700aDdH
S9bpfSNXnPCpnSSl9iT1ns5JJuWWXXQDNruuNPuOeeFXetVewuerviDCDq16btp/
usGAVaNGLVtK5QHpfPY5Gve6MBgwPJkoNu1xHu6U4d04vrJh77SkzRI=
-----END CERTIFICATE-----