Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/kdpodkDoClDeOBHUy3f1ocXh3Gc.roa
File:                     kdpodkDoClDeOBHUy3f1ocXh3Gc.roa (raw, json)
Hash identifier:          1RWNL4B0oTabStCA/AuS6/hwmFlo9ZOg6Y5IfHFBD/0=
Subject key identifier:   91:DA:68:76:40:E8:0A:50:DE:38:11:D4:CB:77:F5:A1:C5:E1:DC:67
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019E849DB2FA555771D0115E1DC7A4E90641
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/kdpodkDoClDeOBHUy3f1ocXh3Gc.roa
Signing time:             Mon 01 Jun 2026 19:16:27 +0000
ROA not before:           Mon 01 Jun 2026 19:16:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214266
IP address blocks:        2a12:ef00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 17:49:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:84:9d:b2:fa:55:57:71:d0:11:5e:1d:c7:a4:e9:06:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jun  1 19:16:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=91da687640e80a50de3811d4cb77f5a1c5e1dc67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:b4:98:82:48:14:0c:4c:f9:a7:9f:aa:86:60:
                    dd:70:60:43:79:e2:ed:1d:25:2c:7c:9d:6e:93:f4:
                    fb:04:2f:7f:61:e3:cc:ff:ac:5e:6d:8f:ff:16:40:
                    6e:ea:5c:62:04:bd:ad:5d:fa:9f:a1:02:d0:39:03:
                    d8:28:07:72:eb:bc:30:ea:03:37:ae:10:a4:da:ea:
                    39:2f:04:13:f8:4e:a7:28:25:93:b8:6b:b5:a6:5b:
                    8f:65:ed:3f:70:1a:25:73:61:93:1d:18:75:6a:87:
                    d1:08:af:8c:35:2a:c2:7b:b0:52:95:36:f5:5d:26:
                    45:8c:c1:98:f5:98:8f:37:6b:44:9f:4a:f3:24:cb:
                    42:f6:65:b3:62:fa:a9:04:f2:74:e9:91:ba:2d:08:
                    d8:fa:0f:f5:59:2c:7b:78:ea:e7:af:8e:00:35:b9:
                    6e:d7:a2:16:9a:4f:d9:17:ef:f0:94:ff:8e:9b:45:
                    f1:4f:e8:36:fe:7c:4a:0f:ab:8d:31:4e:af:22:72:
                    c4:02:28:71:1d:0e:69:0b:3b:6a:17:2e:0a:50:16:
                    14:16:e4:ef:22:be:10:f9:7d:67:dc:f5:cd:bc:87:
                    32:42:d2:b4:60:df:f6:52:df:01:f6:44:ca:82:d7:
                    9f:ee:f4:be:18:ef:1b:e9:9e:5f:2e:85:cb:5d:75:
                    69:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:DA:68:76:40:E8:0A:50:DE:38:11:D4:CB:77:F5:A1:C5:E1:DC:67
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/kdpodkDoClDeOBHUy3f1ocXh3Gc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:ef00::/29

    Signature Algorithm: sha256WithRSAEncryption
         a8:5c:3b:b9:38:48:49:11:47:d7:71:ed:49:96:05:70:c8:1d:
         56:56:cb:2f:ae:28:c1:c6:8c:72:bf:fb:8c:47:b0:d5:fb:67:
         97:e5:60:1c:5f:8e:24:c3:2d:d4:e6:ab:06:e6:7c:a9:da:02:
         83:e0:ca:1f:85:dc:f8:95:60:38:db:bb:f3:3c:eb:2f:24:d2:
         39:40:a3:ca:21:98:49:83:81:14:7a:ea:5d:62:aa:53:66:5e:
         59:4c:ad:25:c9:44:32:c3:c3:47:d8:6b:43:b2:9c:99:8a:9d:
         15:26:15:71:ef:f5:55:22:29:55:49:c4:d4:85:03:ab:3f:b9:
         63:d2:21:42:12:f9:f0:2d:e5:07:20:6f:93:1c:1e:df:c8:2c:
         b4:34:55:d0:f9:d4:08:bc:7a:87:65:2c:eb:10:e6:63:9b:90:
         18:8a:9f:52:a8:2f:83:bc:e3:8b:5a:35:76:be:fc:9a:61:42:
         b3:5d:1c:3c:43:0f:9c:63:ae:d8:b3:63:c9:73:13:08:3e:2b:
         83:a0:80:11:e3:11:8a:f9:26:68:36:8c:53:96:4f:00:93:a3:
         55:54:70:37:1b:12:2d:10:14:28:11:97:bd:6c:0d:8a:83:4f:
         27:1e:d9:b4:94:56:bd:42:67:f8:e7:da:18:f9:01:7d:50:1b:
         f4:7e:3b:f0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ6EnbL6VVdx0BFeHcek6QZBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwNjAxMTkxNjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWRhNjg3NjQwZTgwYTUwZGUzODExZDRjYjc3ZjVhMWM1ZTFkYzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw7SYgkgUDEz5p5+qhmDdcGBDeeLt
HSUsfJ1uk/T7BC9/YePM/6xebY//FkBu6lxiBL2tXfqfoQLQOQPYKAdy67ww6gM3
rhCk2uo5LwQT+E6nKCWTuGu1pluPZe0/cBolc2GTHRh1aofRCK+MNSrCe7BSlTb1
XSZFjMGY9ZiPN2tEn0rzJMtC9mWzYvqpBPJ06ZG6LQjY+g/1WSx7eOrnr44ANblu
16IWmk/ZF+/wlP+Om0XxT+g2/nxKD6uNMU6vInLEAihxHQ5pCztqFy4KUBYUFuTv
Ir4Q+X1n3PXNvIcyQtK0YN/2Ut8B9kTKgtef7vS+GO8b6Z5fLoXLXXVpvwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJHaaHZA6ApQ3jgR1Mt39aHF4dxnMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEva2Rwb2RrRG9DbERlT0JIVXkzZjFvY1hoM0djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhLvADAN
BgkqhkiG9w0BAQsFAAOCAQEAqFw7uThISRFH13HtSZYFcMgdVlbLL64owcaMcr/7
jEew1ftnl+VgHF+OJMMt1OarBuZ8qdoCg+DKH4Xc+JVgONu78zzrLyTSOUCjyiGY
SYOBFHrqXWKqU2ZeWUytJclEMsPDR9hrQ7KcmYqdFSYVce/1VSIpVUnE1IUDqz+5
Y9IhQhL58C3lByBvkxwe38gstDRV0PnUCLx6h2Us6xDmY5uQGIqfUqgvg7zji1o1
dr78mmFCs10cPEMPnGOu2LNjyXMTCD4rg6CAEeMRivkmaDaMU5ZPAJOjVVRwNxsS
LRAUKBGXvWwNioNPJx7ZtJRWvUJn+OfaGPkBfVAb9H478A==
-----END CERTIFICATE-----