Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/49AtseKwgF1TYNJ7YUIzOjEVKQQ.roa
File:                     49AtseKwgF1TYNJ7YUIzOjEVKQQ.roa (raw, json)
Hash identifier:          oDbQjDzQ2W8I/Ksa6ElvgTUMBjB1apXXhJi+nN+/QlQ=
Subject key identifier:   E3:D0:2D:B1:E2:B0:80:5D:53:60:D2:7B:61:42:33:3A:31:15:29:04
Certificate issuer:       /CN=42239fb9af128428f84fed9f358686717ed97601
Certificate serial:       019EB16A423988C626008C217365A5A2E20F
Authority key identifier: 42:23:9F:B9:AF:12:84:28:F8:4F:ED:9F:35:86:86:71:7E:D9:76:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QiOfua8ShCj4T-2fNYaGcX7ZdgE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/49AtseKwgF1TYNJ7YUIzOjEVKQQ.roa
Signing time:             Wed 10 Jun 2026 12:03:11 +0000
ROA not before:           Wed 10 Jun 2026 12:03:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200566
IP address blocks:        2a07:4680::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/QiOfua8ShCj4T-2fNYaGcX7ZdgE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/QiOfua8ShCj4T-2fNYaGcX7ZdgE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QiOfua8ShCj4T-2fNYaGcX7ZdgE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 22:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b1:6a:42:39:88:c6:26:00:8c:21:73:65:a5:a2:e2:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42239fb9af128428f84fed9f358686717ed97601
        Validity
            Not Before: Jun 10 12:03:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e3d02db1e2b0805d5360d27b6142333a31152904
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:9c:0c:a0:b1:d4:c9:5e:5a:e2:fc:f5:27:d4:
                    84:fd:f2:f6:d1:d2:7e:2a:05:9e:aa:02:ad:5d:50:
                    ae:49:f8:24:41:b1:36:60:ee:a1:c5:e1:a7:9f:b9:
                    96:17:d4:42:03:9b:97:35:d8:e3:b2:fa:3c:a0:7e:
                    35:dc:bc:d2:15:16:b5:dc:64:2c:d8:8c:9a:9f:0f:
                    20:68:33:cb:5d:d2:fa:82:6c:f7:71:14:2e:3e:fc:
                    a6:e7:77:1e:04:4d:ad:d7:79:f7:e0:4f:8d:8c:e1:
                    26:9a:3e:72:ae:03:32:15:31:d3:6a:b8:c5:2a:06:
                    ff:83:99:92:d4:df:36:bf:e4:af:16:e5:c9:b2:99:
                    8e:ee:cc:74:38:48:8c:d2:af:32:90:66:c2:61:d0:
                    45:b3:17:f6:fd:51:2b:c0:62:e9:fc:d7:40:14:65:
                    9c:3d:db:bb:28:1e:73:33:30:a5:38:80:90:2f:44:
                    b8:f0:0a:fe:ac:b3:86:3d:e4:42:c6:50:f3:d7:91:
                    12:2d:80:09:23:aa:8f:e3:66:a2:2f:e4:41:2c:20:
                    84:38:d6:4a:f4:96:5b:13:58:d5:2e:67:7f:77:ef:
                    2d:9c:5a:75:1e:01:7b:52:21:84:76:14:37:9c:7c:
                    33:45:aa:3b:8b:14:4a:15:5f:4d:89:7d:76:72:9b:
                    4b:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:D0:2D:B1:E2:B0:80:5D:53:60:D2:7B:61:42:33:3A:31:15:29:04
            X509v3 Authority Key Identifier:
                keyid:42:23:9F:B9:AF:12:84:28:F8:4F:ED:9F:35:86:86:71:7E:D9:76:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QiOfua8ShCj4T-2fNYaGcX7ZdgE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/49AtseKwgF1TYNJ7YUIzOjEVKQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/3e3d40-2ae4-43f3-ae7c-bc5403ac2a95/1/QiOfua8ShCj4T-2fNYaGcX7ZdgE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:4680::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:ab:4f:dc:65:64:b5:3e:40:1b:67:03:08:b5:cb:ca:d8:eb:
         1a:95:17:80:fe:f0:0b:ab:90:9f:32:1e:94:2b:f8:2b:c3:22:
         03:92:88:f1:29:d7:8d:16:6e:89:d0:2d:10:3b:b6:9e:d7:f5:
         4d:f1:c2:ec:01:e5:01:9d:d9:94:f8:c9:f8:49:0f:3e:4a:11:
         3d:6f:0f:b2:d2:73:b4:99:34:1c:43:c6:4a:21:e4:2b:c3:a2:
         1b:88:bd:fb:d7:31:a9:3f:42:8f:ac:8d:81:10:1e:1d:0c:8a:
         d7:c7:97:5d:a0:86:39:83:8f:93:2d:f6:dc:75:cd:16:e8:45:
         dc:b7:57:bb:26:03:65:73:be:bc:e9:7b:52:4c:e1:fd:01:4a:
         02:51:b4:2e:a1:39:e6:ea:74:6d:c1:aa:cf:34:b3:46:09:30:
         03:96:73:a6:ad:79:04:1a:ce:4e:2b:4f:81:c5:da:57:c6:68:
         9f:69:02:bf:74:f2:5e:cf:fb:97:09:0d:41:b3:e9:8c:b1:54:
         67:c7:e5:47:a6:39:75:1c:89:b2:b8:ae:89:1d:47:26:35:09:
         b1:6b:25:23:a7:29:45:23:52:3f:09:67:55:7d:6f:ff:bf:79:
         36:0d:bc:38:db:f9:e9:a9:e7:87:bb:80:a2:9d:71:f4:0e:48:
         1d:ec:92:26
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ6xakI5iMYmAIwhc2WlouIPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyMjM5ZmI5YWYxMjg0MjhmODRmZWQ5ZjM1ODY4NjcxN2Vk
OTc2MDEwHhcNMjYwNjEwMTIwMzExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2QwMmRiMWUyYjA4MDVkNTM2MGQyN2I2MTQyMzMzYTMxMTUyOTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2pwMoLHUyV5a4vz1J9SE/fL20dJ+
KgWeqgKtXVCuSfgkQbE2YO6hxeGnn7mWF9RCA5uXNdjjsvo8oH413LzSFRa13GQs
2Iyanw8gaDPLXdL6gmz3cRQuPvym53ceBE2t13n34E+NjOEmmj5yrgMyFTHTarjF
Kgb/g5mS1N82v+SvFuXJspmO7sx0OEiM0q8ykGbCYdBFsxf2/VErwGLp/NdAFGWc
Pdu7KB5zMzClOICQL0S48Ar+rLOGPeRCxlDz15ESLYAJI6qP42aiL+RBLCCEONZK
9JZbE1jVLmd/d+8tnFp1HgF7UiGEdhQ3nHwzRao7ixRKFV9NiX12cptLwQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOPQLbHisIBdU2DSe2FCMzoxFSkEMB8GA1UdIwQY
MBaAFEIjn7mvEoQo+E/tnzWGhnF+2XYBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWlPZnVhOFNoQ2o0VC0yZk5ZYUdjWDdaZGdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8zZTNkNDAtMmFlNC00M2YzLWFlN2Mt
YmM1NDAzYWMyYTk1LzEvNDlBdHNlS3dnRjFUWU5KN1lVSXpPakVWS1FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8zZTNkNDAtMmFlNC00M2YzLWFlN2MtYmM1NDAzYWMyYTk1
LzEvUWlPZnVhOFNoQ2o0VC0yZk5ZYUdjWDdaZGdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgdGgAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQB8q0/cZWS1PkAbZwMItcvK2OsalReA/vALq5Cf
Mh6UK/grwyIDkojxKdeNFm6J0C0QO7ae1/VN8cLsAeUBndmU+Mn4SQ8+ShE9bw+y
0nO0mTQcQ8ZKIeQrw6IbiL371zGpP0KPrI2BEB4dDIrXx5ddoIY5g4+TLfbcdc0W
6EXct1e7JgNlc7686XtSTOH9AUoCUbQuoTnm6nRtwarPNLNGCTADlnOmrXkEGs5O
K0+BxdpXxmifaQK/dPJez/uXCQ1Bs+mMsVRnx+VHpjl1HImyuK6JHUcmNQmxayUj
pylFI1I/CWdVfW//v3k2Dbw42/npqeeHu4CinXH0Dkgd7JIm
-----END CERTIFICATE-----