Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/WLnAlw8ebGrzfAa0yOtI7d8S40g.roa
File:                     WLnAlw8ebGrzfAa0yOtI7d8S40g.roa (raw, json)
Hash identifier:          7w6CJj0SPWnpMM7V7phJRE0ZPZ8PdCDsK22Vdmj8ybs=
Subject key identifier:   58:B9:C0:97:0F:1E:6C:6A:F3:7C:06:B4:C8:EB:48:ED:DF:12:E3:48
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019D3082E81D8AAA7632A3AE308A90F663EE
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/WLnAlw8ebGrzfAa0yOtI7d8S40g.roa
Signing time:             Fri 27 Mar 2026 18:16:18 +0000
ROA not before:           Fri 27 Mar 2026 18:16:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402270
IP address blocks:        2a06:1184:22::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:30:82:e8:1d:8a:aa:76:32:a3:ae:30:8a:90:f6:63:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Mar 27 18:16:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=58b9c0970f1e6c6af37c06b4c8eb48eddf12e348
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:94:d9:da:95:0c:5c:b9:ea:e0:7c:46:c2:b4:
                    07:a7:1e:80:3e:21:91:04:a8:21:1a:96:12:48:92:
                    5b:f2:0a:2b:3e:07:89:94:12:52:b8:8e:1d:f1:3c:
                    1e:72:a0:5f:56:8e:fe:95:8b:00:79:9b:0c:7d:9b:
                    bf:a7:03:bf:b7:b1:2e:e1:04:59:28:75:94:c0:0a:
                    0c:fa:e0:6a:7e:13:d9:e8:39:26:d0:42:31:1a:18:
                    1a:a0:68:34:2a:ae:9b:47:9e:84:95:3b:96:10:e5:
                    8b:32:6e:89:25:65:ed:88:e2:4f:4f:80:23:7e:39:
                    e4:29:09:c2:82:ef:6d:c6:88:82:fe:ed:2e:f1:4c:
                    c4:21:32:44:50:a8:da:cf:71:83:58:c4:55:4a:ce:
                    90:cd:4d:c9:07:83:87:a3:3c:24:06:cd:24:f0:cc:
                    66:61:ad:cd:7e:0a:7a:28:57:c7:5c:9c:29:f4:09:
                    49:a1:23:d5:82:12:5e:40:36:9c:00:57:99:8d:cc:
                    cc:d0:31:a4:33:7c:c5:9a:a3:28:63:ff:5d:17:35:
                    d1:bb:35:95:6c:a6:4d:2f:1c:c9:de:ba:51:59:90:
                    77:21:ab:6b:f6:95:ea:f7:75:0a:2d:e9:4e:05:b5:
                    69:0e:b4:ac:bd:08:c8:90:52:31:06:f7:20:ec:d2:
                    e0:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:B9:C0:97:0F:1E:6C:6A:F3:7C:06:B4:C8:EB:48:ED:DF:12:E3:48
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/WLnAlw8ebGrzfAa0yOtI7d8S40g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:1184:22::/48

    Signature Algorithm: sha256WithRSAEncryption
         b9:f6:fa:c3:3d:b6:0e:25:02:e8:f4:e0:17:cb:af:97:35:78:
         3b:89:e1:11:ed:65:21:60:9f:5b:ec:b4:5a:78:b6:a8:72:72:
         67:a9:fb:72:24:02:49:77:fe:a7:1d:24:04:7d:2f:6d:4d:44:
         3a:da:27:dc:68:79:1b:ce:44:d7:0b:8a:5c:98:65:e3:16:a8:
         6a:03:a6:fb:ed:42:c1:6a:4b:58:8b:7e:f1:03:8b:b1:62:3d:
         a5:0f:a2:a4:9a:4c:ad:91:26:15:f3:84:7b:d3:8a:e1:d3:4b:
         7a:73:b0:1d:f8:21:c3:31:6c:01:7e:27:6f:dd:c8:0a:2d:9b:
         12:57:a8:18:d0:52:db:d6:ee:b9:51:c9:ba:b4:13:3b:0e:24:
         eb:8e:72:2b:65:b0:73:c1:54:30:e6:73:ab:96:1d:14:a5:30:
         88:e9:2c:1d:b3:08:20:24:8e:32:df:63:42:df:55:3f:b1:db:
         a5:b4:85:37:b9:3d:5e:86:cf:f7:9b:16:53:14:59:70:96:4f:
         ca:70:97:4b:41:6d:8f:20:19:11:3e:58:20:7f:21:e3:a7:ab:
         dc:bd:47:43:4e:1e:f2:07:5d:d4:64:66:ed:3d:41:bc:6f:cb:
         cb:29:fc:f7:33:80:df:6c:8c:bc:da:ad:39:3d:4f:c1:4f:39:
         f7:6e:03:fd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ0wgugdiqp2MqOuMIqQ9mPuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwMzI3MTgxNjE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGI5YzA5NzBmMWU2YzZhZjM3YzA2YjRjOGViNDhlZGRmMTJlMzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAypTZ2pUMXLnq4HxGwrQHpx6APiGR
BKghGpYSSJJb8gorPgeJlBJSuI4d8TwecqBfVo7+lYsAeZsMfZu/pwO/t7Eu4QRZ
KHWUwAoM+uBqfhPZ6Dkm0EIxGhgaoGg0Kq6bR56ElTuWEOWLMm6JJWXtiOJPT4Aj
fjnkKQnCgu9txoiC/u0u8UzEITJEUKjaz3GDWMRVSs6QzU3JB4OHozwkBs0k8Mxm
Ya3Nfgp6KFfHXJwp9AlJoSPVghJeQDacAFeZjczM0DGkM3zFmqMoY/9dFzXRuzWV
bKZNLxzJ3rpRWZB3Iatr9pXq93UKLelOBbVpDrSsvQjIkFIxBvcg7NLg0wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFi5wJcPHmxq83wGtMjrSO3fEuNIMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvV0xuQWx3OGViR3J6ZkFhMHlPdEk3ZDhTNDBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgYRhAAi
MA0GCSqGSIb3DQEBCwUAA4IBAQC59vrDPbYOJQLo9OAXy6+XNXg7ieER7WUhYJ9b
7LRaeLaocnJnqftyJAJJd/6nHSQEfS9tTUQ62ifcaHkbzkTXC4pcmGXjFqhqA6b7
7ULBaktYi37xA4uxYj2lD6KkmkytkSYV84R704rh00t6c7Ad+CHDMWwBfidv3cgK
LZsSV6gY0FLb1u65Ucm6tBM7DiTrjnIrZbBzwVQw5nOrlh0UpTCI6SwdswggJI4y
32NC31U/sdultIU3uT1ehs/3mxZTFFlwlk/KcJdLQW2PIBkRPlggfyHjp6vcvUdD
Th7yB13UZGbtPUG8b8vLKfz3M4DfbIy82q05PU/BTzn3bgP9
-----END CERTIFICATE-----