Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/fYCGMW86HvkokqvOye3BXB7qdn0.roa
File:                     fYCGMW86HvkokqvOye3BXB7qdn0.roa (raw, json)
Hash identifier:          AoWZDQMD3coEMg6j06S65Y7Jgk6AHa8z0l76aoDlKpI=
Subject key identifier:   7D:80:86:31:6F:3A:1E:F9:28:92:AB:CE:C9:ED:C1:5C:1E:EA:76:7D
Certificate issuer:       /CN=5524b2e26dd3afcc5c1eac01f90263d201fbe099
Certificate serial:       019DCE8EEEA0BABBEDDCA49B6C77BBE5FACB
Authority key identifier: 55:24:B2:E2:6D:D3:AF:CC:5C:1E:AC:01:F9:02:63:D2:01:FB:E0:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/fYCGMW86HvkokqvOye3BXB7qdn0.roa
Signing time:             Mon 27 Apr 2026 10:49:26 +0000
ROA not before:           Mon 27 Apr 2026 10:49:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        2a13:4a80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 16:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ce:8e:ee:a0:ba:bb:ed:dc:a4:9b:6c:77:bb:e5:fa:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5524b2e26dd3afcc5c1eac01f90263d201fbe099
        Validity
            Not Before: Apr 27 10:49:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7d8086316f3a1ef92892abcec9edc15c1eea767d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:2e:5b:ee:c9:0a:d5:db:5b:25:91:41:5b:72:
                    22:65:80:b3:df:53:7f:33:06:ec:0c:54:b2:d7:f8:
                    64:ab:d8:dd:35:e6:c8:17:d6:5d:d4:b9:44:b7:2a:
                    ce:a8:da:fc:3f:22:ca:f9:1f:ab:cc:4b:54:b8:b3:
                    5a:fb:1f:d4:25:7c:87:11:1b:b8:11:4d:a6:f8:f1:
                    7e:ab:34:85:91:80:40:85:87:9c:72:8f:2f:5b:85:
                    0e:05:33:a0:6f:eb:bf:c2:5a:f6:09:5c:83:75:4d:
                    31:a4:0f:12:5c:3e:19:13:90:99:a4:91:b3:75:4a:
                    78:af:5b:1a:4f:fc:59:6d:30:de:28:12:78:71:1d:
                    85:e0:76:5a:51:4b:ed:a7:2a:c8:59:1c:5e:3e:6f:
                    9c:bb:7f:2a:d2:ab:40:f9:ef:7e:f0:d0:ad:55:f4:
                    cb:ab:d1:01:52:d9:e7:00:8b:42:22:71:36:06:f0:
                    f2:37:2f:a9:e1:03:b2:65:45:6d:f7:e5:0c:bc:6a:
                    96:19:07:90:3f:33:30:68:67:f0:d5:de:18:f9:41:
                    e0:91:52:e9:7d:cf:df:d6:73:1e:89:67:53:52:a4:
                    29:71:8c:37:bc:05:19:0a:9e:98:ed:b7:7f:be:29:
                    66:c4:88:cf:3b:bb:c2:4e:92:12:82:cb:aa:b6:a7:
                    88:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:80:86:31:6F:3A:1E:F9:28:92:AB:CE:C9:ED:C1:5C:1E:EA:76:7D
            X509v3 Authority Key Identifier:
                keyid:55:24:B2:E2:6D:D3:AF:CC:5C:1E:AC:01:F9:02:63:D2:01:FB:E0:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/fYCGMW86HvkokqvOye3BXB7qdn0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:4a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         1b:69:6b:85:00:81:e2:6e:36:6c:97:8c:1d:3b:56:31:f6:ed:
         aa:b1:1a:6a:5a:f4:b5:9b:78:08:0b:0c:fd:f2:60:5f:e0:00:
         4a:91:b1:28:ae:e7:d8:76:1a:e0:d2:45:0b:ea:2d:77:c0:df:
         e7:ce:48:84:24:fe:3c:dc:a1:d7:eb:64:11:df:5b:52:34:79:
         78:c6:9e:71:40:a1:13:7a:2a:e2:98:a1:d8:84:19:d2:60:15:
         fd:65:8a:b2:1e:8f:3a:ef:5c:14:a9:a6:af:0a:aa:2a:f1:0f:
         d0:22:63:9c:4b:3f:56:0d:85:fa:f7:79:88:6a:29:86:51:7f:
         ba:81:c4:60:3a:3f:6e:34:65:7e:3b:14:43:3b:01:4e:f7:ee:
         32:7c:ce:3e:6c:8b:ed:26:39:ef:0c:a5:d2:5f:d2:cb:9e:2f:
         ce:4c:fc:62:6b:43:f5:8a:b6:0e:e4:3a:0b:78:51:ec:4b:53:
         c3:e5:7e:54:17:38:d4:f4:84:35:6b:f8:23:28:01:36:07:fb:
         9c:9f:56:03:3d:47:93:e0:d3:27:cd:c9:e3:f1:86:5d:11:e3:
         0d:88:94:0b:45:87:63:5f:f4:4f:b3:5b:ce:4e:98:3d:db:47:
         cc:96:2a:17:0a:a7:e6:7b:e6:d5:50:82:7a:0c:92:97:f8:2d:
         f8:2d:ca:e2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ3Oju6gurvt3KSbbHe75frLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1MjRiMmUyNmRkM2FmY2M1YzFlYWMwMWY5MDI2M2QyMDFm
YmUwOTkwHhcNMjYwNDI3MTA0OTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDgwODYzMTZmM2ExZWY5Mjg5MmFiY2VjOWVkYzE1YzFlZWE3NjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsS5b7skK1dtbJZFBW3IiZYCz31N/
MwbsDFSy1/hkq9jdNebIF9Zd1LlEtyrOqNr8PyLK+R+rzEtUuLNa+x/UJXyHERu4
EU2m+PF+qzSFkYBAhYecco8vW4UOBTOgb+u/wlr2CVyDdU0xpA8SXD4ZE5CZpJGz
dUp4r1saT/xZbTDeKBJ4cR2F4HZaUUvtpyrIWRxePm+cu38q0qtA+e9+8NCtVfTL
q9EBUtnnAItCInE2BvDyNy+p4QOyZUVt9+UMvGqWGQeQPzMwaGfw1d4Y+UHgkVLp
fc/f1nMeiWdTUqQpcYw3vAUZCp6Y7bd/vilmxIjPO7vCTpISgsuqtqeIrQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFH2AhjFvOh75KJKrzsntwVwe6nZ9MB8GA1UdIwQY
MBaAFFUksuJt06/MXB6sAfkCY9IB++CZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlNTeTRtM1RyOHhjSHF3Qi1RSmowZ0g3NEprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8xNDMzOTItZDg2OC00YTI2LTg1NDMt
M2FhMjIyN2JhZGZlLzEvZllDR01XODZIdmtva3F2T3llM0JYQjdxZG4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8xNDMzOTItZDg2OC00YTI2LTg1NDMtM2FhMjIyN2JhZGZl
LzEvVlNTeTRtM1RyOHhjSHF3Qi1RSmowZ0g3NEprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhNKgDAN
BgkqhkiG9w0BAQsFAAOCAQEAG2lrhQCB4m42bJeMHTtWMfbtqrEaalr0tZt4CAsM
/fJgX+AASpGxKK7n2HYa4NJFC+otd8Df585IhCT+PNyh1+tkEd9bUjR5eMaecUCh
E3oq4pih2IQZ0mAV/WWKsh6POu9cFKmmrwqqKvEP0CJjnEs/Vg2F+vd5iGophlF/
uoHEYDo/bjRlfjsUQzsBTvfuMnzOPmyL7SY57wyl0l/Sy54vzkz8YmtD9Yq2DuQ6
C3hR7EtTw+V+VBc41PSENWv4IygBNgf7nJ9WAz1Hk+DTJ83J4/GGXRHjDYiUC0WH
Y1/0T7Nbzk6YPdtHzJYqFwqn5nvm1VCCegySl/gt+C3K4g==
-----END CERTIFICATE-----