Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/M67jzuRAufzIGnfnKFVYYpdOt7s.roa
File:                     M67jzuRAufzIGnfnKFVYYpdOt7s.roa (raw, json)
Hash identifier:          sFWS/JmexCHkJc07pW23sUxUrcOZLuuJZNpXknZ2a8E=
Subject key identifier:   33:AE:E3:CE:E4:40:B9:FC:C8:1A:77:E7:28:55:58:62:97:4E:B7:BB
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019EAB246ED857209F7E7CEEE75DA8155CA4
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/M67jzuRAufzIGnfnKFVYYpdOt7s.roa
Signing time:             Tue 09 Jun 2026 06:49:12 +0000
ROA not before:           Tue 09 Jun 2026 06:49:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402604
IP address blocks:        2a12:f540::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ab:24:6e:d8:57:20:9f:7e:7c:ee:e7:5d:a8:15:5c:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jun  9 06:49:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=33aee3cee440b9fcc81a77e728555862974eb7bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:66:f4:65:07:dc:d0:b4:26:36:ce:6e:81:61:
                    62:b5:37:04:63:c3:21:2b:88:fc:2b:9f:6a:30:b4:
                    ae:81:ac:39:dd:00:c8:d9:14:01:b7:f3:7e:a7:5e:
                    1b:32:49:6f:53:47:4c:63:07:a6:05:ba:97:8e:37:
                    bf:7b:72:21:13:e1:fb:36:12:84:c5:fe:2b:91:fa:
                    04:49:3d:e4:b5:1f:40:53:ab:d2:9c:36:f9:ae:6b:
                    91:d9:4c:90:ec:73:1c:55:36:2d:c8:44:98:29:4e:
                    db:0d:b7:e6:50:b9:21:99:70:44:10:4d:65:31:64:
                    76:f6:63:bd:bc:d6:2b:9c:cd:49:84:6b:7c:3f:eb:
                    db:af:07:ae:5c:03:d2:76:f3:0a:a5:64:cc:4f:a8:
                    b7:bd:27:b3:fe:15:f6:1b:0b:9c:7b:1a:18:c6:f6:
                    fd:56:99:16:2c:be:78:dd:e1:0e:5c:bd:e1:6b:b5:
                    60:a0:a0:1a:c0:21:79:41:a6:53:94:d9:95:0f:53:
                    95:41:06:cc:ff:23:21:90:0f:71:2b:b6:d5:e6:2f:
                    51:c1:76:11:16:20:6f:9b:8e:6c:e6:fc:31:29:c1:
                    fe:8b:b7:20:41:f2:fb:cc:b8:3c:65:f2:80:f3:0b:
                    69:4a:e0:e4:27:08:d3:a3:36:c5:31:d8:6a:2f:fd:
                    f7:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:AE:E3:CE:E4:40:B9:FC:C8:1A:77:E7:28:55:58:62:97:4E:B7:BB
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/M67jzuRAufzIGnfnKFVYYpdOt7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:f540::/29

    Signature Algorithm: sha256WithRSAEncryption
         95:df:91:1a:29:df:60:74:c0:44:fc:96:12:e9:ac:cb:5a:b1:
         87:63:25:9f:84:d9:7d:9c:7b:97:6d:4e:86:56:c4:13:90:a9:
         e4:f2:62:4d:6a:cf:11:9e:b9:ca:01:dd:6b:1d:d5:6e:cb:64:
         24:b1:60:9a:df:9b:6a:c9:7e:09:49:86:9e:6c:23:73:38:26:
         00:30:43:00:b8:74:71:18:ac:2a:88:01:7d:fa:62:25:4d:57:
         fb:83:d9:5e:7d:7d:71:82:e0:a4:d5:77:db:3d:8d:4d:d6:93:
         1b:f0:28:c7:01:e1:75:bc:d4:01:18:12:01:31:40:ec:74:fd:
         54:db:23:70:fa:e7:04:64:73:26:16:ff:f4:5e:2c:02:8a:73:
         67:15:98:d9:07:92:2e:bc:d8:e5:67:92:ec:2f:67:1b:5d:2e:
         a2:70:5e:a6:e2:85:d9:30:03:d4:02:d4:7b:58:97:9d:3f:b4:
         b7:40:7e:97:64:e8:03:a9:d2:49:ae:02:d7:f9:0c:28:0a:4f:
         d8:27:b7:20:d4:da:72:5f:5a:5b:40:00:fc:cf:f3:d1:48:68:
         96:7a:e9:9c:ac:b7:15:c6:3e:95:6b:54:0e:0e:a5:04:64:1d:
         0d:44:f4:80:2e:1e:0d:91:38:bd:89:dd:a5:c1:b5:d3:1a:4e:
         a3:4f:3e:87
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ6rJG7YVyCffnzu512oFVykMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwNjA5MDY0OTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2FlZTNjZWU0NDBiOWZjYzgxYTc3ZTcyODU1NTg2Mjk3NGViN2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2b0ZQfc0LQmNs5ugWFitTcEY8Mh
K4j8K59qMLSugaw53QDI2RQBt/N+p14bMklvU0dMYwemBbqXjje/e3IhE+H7NhKE
xf4rkfoEST3ktR9AU6vSnDb5rmuR2UyQ7HMcVTYtyESYKU7bDbfmULkhmXBEEE1l
MWR29mO9vNYrnM1JhGt8P+vbrweuXAPSdvMKpWTMT6i3vSez/hX2GwucexoYxvb9
VpkWLL543eEOXL3ha7VgoKAawCF5QaZTlNmVD1OVQQbM/yMhkA9xK7bV5i9RwXYR
FiBvm45s5vwxKcH+i7cgQfL7zLg8ZfKA8wtpSuDkJwjTozbFMdhqL/33jwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDOu487kQLn8yBp35yhVWGKXTre7MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvTTY3anp1UkF1ZnpJR25mbktGVllZcGRPdDdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhL1QDAN
BgkqhkiG9w0BAQsFAAOCAQEAld+RGinfYHTARPyWEumsy1qxh2Mln4TZfZx7l21O
hlbEE5Cp5PJiTWrPEZ65ygHdax3VbstkJLFgmt+basl+CUmGnmwjczgmADBDALh0
cRisKogBffpiJU1X+4PZXn19cYLgpNV32z2NTdaTG/AoxwHhdbzUARgSATFA7HT9
VNsjcPrnBGRzJhb/9F4sAopzZxWY2QeSLrzY5WeS7C9nG10uonBepuKF2TAD1ALU
e1iXnT+0t0B+l2ToA6nSSa4C1/kMKApP2Ce3INTacl9aW0AA/M/z0UholnrpnKy3
FcY+lWtUDg6lBGQdDUT0gC4eDZE4vYndpcG10xpOo08+hw==
-----END CERTIFICATE-----