Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/TXQdumXvMwOZpGOXVLiyKsblNks.roa
File:                     TXQdumXvMwOZpGOXVLiyKsblNks.roa (raw, json)
Hash identifier:          Y7Si9u0zl9+QLpjTrnm4mvW3+izQiUniSKZ9QsEHO5E=
Subject key identifier:   4D:74:1D:BA:65:EF:33:03:99:A4:63:97:54:B8:B2:2A:C6:E5:36:4B
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019D309BA062C84DB35F0D417CBB4BB8E2E3
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/TXQdumXvMwOZpGOXVLiyKsblNks.roa
Signing time:             Fri 27 Mar 2026 18:43:18 +0000
ROA not before:           Fri 27 Mar 2026 18:43:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     51396
IP address blocks:        2a0e:c784::/32 maxlen: 32
                          2a12:f440::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 02:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:30:9b:a0:62:c8:4d:b3:5f:0d:41:7c:bb:4b:b8:e2:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Mar 27 18:43:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4d741dba65ef330399a4639754b8b22ac6e5364b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:af:cf:22:3b:8d:40:15:a9:52:8b:44:f6:56:
                    9f:35:99:aa:f5:32:bf:23:a4:9b:bc:83:c5:24:c3:
                    04:47:d2:5b:e5:9e:2b:88:f3:bc:6b:f6:2a:e9:a3:
                    67:a5:66:7c:3e:19:26:b1:97:f9:a9:27:a2:02:8f:
                    5c:91:c0:83:c9:03:93:7b:72:6f:75:d1:56:0f:59:
                    a7:8e:2e:ea:fc:d6:3c:42:fc:11:59:9c:f9:a5:41:
                    a5:09:fd:43:68:87:56:a2:12:ca:a3:ae:95:b1:cb:
                    f3:ae:95:e5:1b:32:87:73:61:7c:20:39:3c:4c:43:
                    d0:09:84:00:1c:bb:85:7d:6c:d2:6f:7b:5c:6c:bd:
                    7e:f0:73:b9:ff:29:1f:60:9b:8b:9d:8e:02:c5:4d:
                    45:b5:b6:01:7f:14:4b:9f:17:f0:1c:a9:9c:a4:38:
                    a1:7e:c0:76:90:56:db:ce:84:46:b9:f6:8e:e9:58:
                    71:ef:b5:8f:bb:08:95:c7:87:53:93:d3:82:e8:65:
                    f8:e8:76:f4:1f:0f:98:08:63:5f:c8:31:e2:be:69:
                    4c:22:6c:b7:a0:76:94:cf:1d:02:2b:56:c9:11:c6:
                    bb:e3:3d:c4:88:cf:98:86:b8:bc:3f:d3:45:ed:27:
                    85:13:cd:4c:74:94:93:9a:83:dc:88:36:17:45:80:
                    31:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:74:1D:BA:65:EF:33:03:99:A4:63:97:54:B8:B2:2A:C6:E5:36:4B
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/TXQdumXvMwOZpGOXVLiyKsblNks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:c784::/32
                  2a12:f440::/29

    Signature Algorithm: sha256WithRSAEncryption
         23:14:b3:23:64:a6:63:f9:47:6c:f8:03:11:b2:bf:11:f3:1a:
         7c:61:34:53:9a:a5:d6:39:15:08:eb:56:e6:0f:2f:b0:ce:5c:
         f5:64:44:52:57:1f:ce:8f:46:0b:54:d1:4b:96:7a:51:7d:af:
         35:d1:f4:d9:02:b3:7d:0a:50:9e:fa:d0:b0:ac:4d:0b:3e:1a:
         5b:fc:d3:52:e5:bd:09:00:5d:6e:c0:4f:ae:dc:2a:cb:c6:05:
         c4:60:11:a4:13:00:96:14:10:b7:03:ce:89:1f:ce:27:5e:f1:
         3f:22:b5:f4:e1:fc:55:c2:6d:0f:37:0c:58:06:af:5e:4b:3d:
         e0:2d:62:52:53:b2:9f:7b:b0:05:11:10:3e:0e:7e:cc:34:7b:
         1a:8d:a6:f4:35:9b:e8:1d:24:6a:c9:47:e7:bd:ba:e3:6a:a7:
         b0:78:bd:7a:b7:41:e9:90:26:c1:f9:96:6f:84:20:7c:14:b1:
         9c:e8:09:35:7d:90:e8:cb:fb:5d:a9:e8:f6:82:93:4b:e6:10:
         c2:fd:58:5d:e8:70:3a:10:6f:79:ac:ea:f9:6a:a4:8c:27:36:
         ff:d6:27:e2:d9:24:3f:9b:0f:ee:c6:9f:41:54:1a:0c:a7:94:
         ad:58:b7:22:31:e4:5f:43:bf:a7:83:8b:82:41:e2:60:f8:76:
         dc:dc:96:1a
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ0wm6BiyE2zXw1BfLtLuOLjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwMzI3MTg0MzE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDc0MWRiYTY1ZWYzMzAzOTlhNDYzOTc1NGI4YjIyYWM2ZTUzNjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxa/PIjuNQBWpUotE9lafNZmq9TK/
I6SbvIPFJMMER9Jb5Z4riPO8a/Yq6aNnpWZ8PhkmsZf5qSeiAo9ckcCDyQOTe3Jv
ddFWD1mnji7q/NY8QvwRWZz5pUGlCf1DaIdWohLKo66VscvzrpXlGzKHc2F8IDk8
TEPQCYQAHLuFfWzSb3tcbL1+8HO5/ykfYJuLnY4CxU1FtbYBfxRLnxfwHKmcpDih
fsB2kFbbzoRGufaO6Vhx77WPuwiVx4dTk9OC6GX46Hb0Hw+YCGNfyDHivmlMImy3
oHaUzx0CK1bJEca74z3EiM+Yhri8P9NF7SeFE81MdJSTmoPciDYXRYAx4QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFE10Hbpl7zMDmaRjl1S4sirG5TZLMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvVFhRZHVtWHZNd09acEdPWFZMaXlLc2JsTmtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKg7HhAMF
AyoS9EAwDQYJKoZIhvcNAQELBQADggEBACMUsyNkpmP5R2z4AxGyvxHzGnxhNFOa
pdY5FQjrVuYPL7DOXPVkRFJXH86PRgtU0UuWelF9rzXR9NkCs30KUJ760LCsTQs+
Glv801LlvQkAXW7AT67cKsvGBcRgEaQTAJYUELcDzokfzide8T8itfTh/FXCbQ83
DFgGr15LPeAtYlJTsp97sAURED4Ofsw0exqNpvQ1m+gdJGrJR+e9uuNqp7B4vXq3
QemQJsH5lm+EIHwUsZzoCTV9kOjL+12p6PaCk0vmEML9WF3ocDoQb3ms6vlqpIwn
Nv/WJ+LZJD+bD+7Gn0FUGgynlK1YtyIx5F9Dv6eDi4JB4mD4dtzclho=
-----END CERTIFICATE-----