Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/t5_HgSIZPQw3gtw1voeFLE9gAJk.roa
File:                     t5_HgSIZPQw3gtw1voeFLE9gAJk.roa (raw, json)
Hash identifier:          gR2Nt35pWCKoGoeDnZSmRfUkxw1QT9b0hbT21nFCf7w=
Subject key identifier:   B7:9F:C7:81:22:19:3D:0C:37:82:DC:35:BE:87:85:2C:4F:60:00:99
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019DCB58CACC14B8036E6335355924CF7D8E
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/t5_HgSIZPQw3gtw1voeFLE9gAJk.roa
Signing time:             Sun 26 Apr 2026 19:51:27 +0000
ROA not before:           Sun 26 Apr 2026 19:51:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51396
IP address blocks:        2a0e:c784::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:cb:58:ca:cc:14:b8:03:6e:63:35:35:59:24:cf:7d:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Apr 26 19:51:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b79fc78122193d0c3782dc35be87852c4f600099
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:78:b2:40:8b:38:38:fd:30:e2:25:e7:b6:15:
                    aa:d6:25:b8:41:3d:eb:05:79:7e:e2:54:cf:d4:81:
                    55:aa:b9:29:d1:41:61:ba:ba:cf:20:58:e4:6c:8f:
                    9b:0f:1c:69:7e:1a:a8:0f:bf:9e:68:dd:eb:ce:d6:
                    de:d8:1b:be:31:b9:fc:46:10:29:85:a7:30:7f:b5:
                    9c:b1:57:40:65:18:44:d7:68:73:06:06:00:de:31:
                    6c:33:d7:c2:ed:c4:67:7b:a0:db:38:5b:10:6a:00:
                    c4:27:65:14:5b:bc:0b:c4:db:e6:58:d7:97:ee:cd:
                    a2:1f:19:9b:52:48:69:ed:89:e4:9c:68:39:78:63:
                    59:db:ce:61:5b:b6:30:f4:35:51:79:c8:1e:4a:1f:
                    29:06:3a:85:9f:26:ac:e0:13:bf:d8:c3:bc:bd:d2:
                    68:64:46:db:50:1d:9c:65:95:f1:80:24:b9:c5:8f:
                    27:9f:dd:a3:4c:6e:6d:56:ad:05:5d:18:5e:32:34:
                    ce:6b:03:86:58:39:73:88:65:79:86:e8:99:19:40:
                    6f:5a:46:8a:30:3c:79:97:31:ca:f3:2a:fc:36:09:
                    c8:68:28:b7:f8:da:9f:90:c6:f4:1a:17:10:cc:77:
                    5c:00:09:aa:0e:aa:5c:76:c6:7b:7a:a7:5e:f4:48:
                    2a:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:9F:C7:81:22:19:3D:0C:37:82:DC:35:BE:87:85:2C:4F:60:00:99
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/t5_HgSIZPQw3gtw1voeFLE9gAJk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:c784::/32

    Signature Algorithm: sha256WithRSAEncryption
         8b:cf:53:18:b5:92:ed:55:c7:41:69:7d:f1:50:20:3a:c0:38:
         c9:96:5a:d4:4e:80:fb:cb:5a:9d:59:43:bd:3b:98:c4:a4:73:
         d3:fd:29:95:5d:fd:c5:86:44:1c:93:cd:da:66:49:5e:a4:75:
         c6:d3:3b:e4:63:eb:37:42:d7:01:ff:05:1d:4a:1a:ad:64:2e:
         d7:f0:1c:4e:60:2f:81:b1:2e:3c:cd:06:3b:0f:51:4e:38:1a:
         0c:41:5b:40:93:3a:2f:69:f7:46:c6:1a:5f:4d:8a:79:0f:63:
         0e:0e:c2:b4:3f:25:9e:12:61:b1:a0:e3:b2:a3:51:70:45:a5:
         2c:10:9c:2f:95:bb:90:26:b6:44:de:57:16:81:d2:f7:8e:5e:
         6d:bf:ab:ce:7b:f9:70:a7:9c:c8:a9:76:5e:e4:bc:5a:d6:b7:
         e9:ab:31:59:68:a5:76:7c:c1:f1:94:50:71:6b:2f:0e:56:4d:
         93:0b:81:b3:a2:5a:c5:6c:a4:e5:ed:79:75:86:d6:57:b0:d4:
         69:05:91:4b:b0:8d:98:68:1e:f9:ea:af:f5:71:96:60:25:68:
         ef:e0:bd:24:94:ba:93:0d:ed:02:aa:b5:75:3f:3f:19:06:97:
         9f:86:a8:a5:14:7b:60:6a:09:7f:1b:ca:8b:46:29:23:7a:81:
         ff:a3:69:2d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ3LWMrMFLgDbmM1NVkkz32OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwNDI2MTk1MTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzlmYzc4MTIyMTkzZDBjMzc4MmRjMzViZTg3ODUyYzRmNjAwMDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHiyQIs4OP0w4iXnthWq1iW4QT3r
BXl+4lTP1IFVqrkp0UFhurrPIFjkbI+bDxxpfhqoD7+eaN3rztbe2Bu+Mbn8RhAp
hacwf7WcsVdAZRhE12hzBgYA3jFsM9fC7cRne6DbOFsQagDEJ2UUW7wLxNvmWNeX
7s2iHxmbUkhp7YnknGg5eGNZ285hW7Yw9DVRecgeSh8pBjqFnyas4BO/2MO8vdJo
ZEbbUB2cZZXxgCS5xY8nn92jTG5tVq0FXRheMjTOawOGWDlziGV5huiZGUBvWkaK
MDx5lzHK8yr8NgnIaCi3+NqfkMb0GhcQzHdcAAmqDqpcdsZ7eqde9EgqQwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLefx4EiGT0MN4LcNb6HhSxPYACZMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvdDVfSGdTSVpQUXczZ3R3MXZvZUZMRTlnQUprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg7HhDAN
BgkqhkiG9w0BAQsFAAOCAQEAi89TGLWS7VXHQWl98VAgOsA4yZZa1E6A+8tanVlD
vTuYxKRz0/0plV39xYZEHJPN2mZJXqR1xtM75GPrN0LXAf8FHUoarWQu1/AcTmAv
gbEuPM0GOw9RTjgaDEFbQJM6L2n3RsYaX02KeQ9jDg7CtD8lnhJhsaDjsqNRcEWl
LBCcL5W7kCa2RN5XFoHS945ebb+rznv5cKecyKl2XuS8Wta36asxWWildnzB8ZRQ
cWsvDlZNkwuBs6JaxWyk5e15dYbWV7DUaQWRS7CNmGge+eqv9XGWYCVo7+C9JJS6
kw3tAqq1dT8/GQaXn4aopRR7YGoJfxvKi0YpI3qB/6NpLQ==
-----END CERTIFICATE-----