Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/V14HZ5Ca-HbzNdjyajmNHUlU1ZY.roa
File:                     V14HZ5Ca-HbzNdjyajmNHUlU1ZY.roa (raw, json)
Hash identifier:          7RRQWGLFLNmqqhdTX1l6W5S+w27GIE7YVNjkx1h34lY=
Subject key identifier:   57:5E:07:67:90:9A:F8:76:F3:35:D8:F2:6A:39:8D:1D:49:54:D5:96
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019D881489E24D431C03CB73FD2F1BAFA0F0
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/V14HZ5Ca-HbzNdjyajmNHUlU1ZY.roa
Signing time:             Mon 13 Apr 2026 18:22:20 +0000
ROA not before:           Mon 13 Apr 2026 18:22:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62563
IP address blocks:        2a0f:1740::/29 maxlen: 29
                          2a13:d47::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 02:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:88:14:89:e2:4d:43:1c:03:cb:73:fd:2f:1b:af:a0:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Apr 13 18:22:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=575e0767909af876f335d8f26a398d1d4954d596
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:96:99:97:91:df:25:d8:b1:c0:dd:e9:49:ba:
                    c6:bc:bc:77:40:22:6d:24:c4:c4:82:29:00:27:da:
                    ac:89:63:e1:d2:ce:c3:31:aa:7e:50:c4:f7:26:42:
                    64:55:a4:6d:a7:7a:79:b4:75:0a:df:af:2d:90:60:
                    19:ec:c0:94:30:18:af:ff:4f:f2:3d:00:38:6e:2c:
                    d1:d6:3e:8d:f8:69:c4:c2:f6:05:32:10:50:79:41:
                    b3:27:da:62:e5:9e:88:9e:ab:6b:e5:e1:e2:5b:f4:
                    1c:a2:a3:f6:93:c6:7e:79:8c:08:9c:20:b4:d0:0b:
                    aa:bb:20:bd:8a:5e:f1:2c:c5:a3:5d:8b:03:be:aa:
                    5f:7c:b3:09:42:62:f0:f0:be:b0:0a:85:29:d6:87:
                    39:d1:81:5b:88:89:b8:2a:04:72:52:52:55:45:f0:
                    db:0a:d1:e2:ec:26:a7:f0:2f:ca:c2:6b:ac:98:8a:
                    1c:8d:84:57:e0:db:89:a6:ce:b3:94:09:4d:5a:17:
                    fc:0a:55:3f:1d:3b:57:ad:78:07:06:32:85:73:c9:
                    5b:3d:c6:46:a3:66:f2:9a:9c:0e:c5:1d:d4:d9:f0:
                    93:9f:f3:14:58:e6:4b:93:b1:d5:5b:30:7f:dd:1b:
                    1d:ff:47:1e:bf:0b:71:df:61:cc:d5:0b:1f:fa:84:
                    e1:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:5E:07:67:90:9A:F8:76:F3:35:D8:F2:6A:39:8D:1D:49:54:D5:96
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/V14HZ5Ca-HbzNdjyajmNHUlU1ZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:1740::/29
                  2a13:d47::/32

    Signature Algorithm: sha256WithRSAEncryption
         2a:f3:7c:84:7d:01:b7:3d:1f:f9:2f:fb:96:31:ac:7d:db:37:
         2d:b2:a8:f9:e1:d7:6b:cd:92:6c:6a:6b:c3:8e:a6:60:6b:9b:
         24:a2:03:f8:4f:0e:9a:e1:fd:bc:7c:28:03:5e:90:ad:9b:64:
         07:61:ac:75:64:2f:53:14:7a:c9:b9:c6:fe:3d:39:b5:f9:2a:
         e6:60:f8:a1:fa:4a:29:e7:f1:22:d8:e2:2d:15:85:23:cb:cf:
         ed:61:75:8f:ac:33:83:75:b6:11:0b:c1:18:0a:26:c6:d6:95:
         5f:02:47:b8:ac:80:29:4d:c8:26:d8:2c:0e:22:d6:ba:5c:04:
         0f:3d:1c:cf:c9:ca:67:bf:57:38:3d:99:ba:c6:30:3c:d5:e6:
         cb:24:e4:29:15:f3:3b:4e:19:33:04:f8:4f:15:21:7f:e8:05:
         61:38:c4:7a:85:48:71:7a:db:a6:88:93:0b:0a:39:0f:26:82:
         3a:79:00:a0:4d:f0:0c:50:0b:1e:90:8c:8f:1a:cd:fb:ec:ef:
         0c:b4:d8:a2:27:70:a7:de:aa:e2:17:26:45:07:9b:6f:63:8d:
         a3:aa:7c:23:84:11:13:10:bc:8c:7b:57:f0:2f:89:d1:8d:5e:
         eb:9d:e0:f4:9e:26:7e:eb:3c:30:2b:d2:78:07:85:26:5d:94:
         64:88:b7:73
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ2IFIniTUMcA8tz/S8br6DwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwNDEzMTgyMjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzVlMDc2NzkwOWFmODc2ZjMzNWQ4ZjI2YTM5OGQxZDQ5NTRkNTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsJaZl5HfJdixwN3pSbrGvLx3QCJt
JMTEgikAJ9qsiWPh0s7DMap+UMT3JkJkVaRtp3p5tHUK368tkGAZ7MCUMBiv/0/y
PQA4bizR1j6N+GnEwvYFMhBQeUGzJ9pi5Z6Inqtr5eHiW/QcoqP2k8Z+eYwInCC0
0AuquyC9il7xLMWjXYsDvqpffLMJQmLw8L6wCoUp1oc50YFbiIm4KgRyUlJVRfDb
CtHi7Can8C/KwmusmIocjYRX4NuJps6zlAlNWhf8ClU/HTtXrXgHBjKFc8lbPcZG
o2bympwOxR3U2fCTn/MUWOZLk7HVWzB/3Rsd/0cevwtx32HM1Qsf+oTh/wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFdeB2eQmvh28zXY8mo5jR1JVNWWMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvVjE0SFo1Q2EtSGJ6TmRqeWFqbU5IVWxVMVpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKg8XQAMF
ACoTDUcwDQYJKoZIhvcNAQELBQADggEBACrzfIR9Abc9H/kv+5YxrH3bNy2yqPnh
12vNkmxqa8OOpmBrmySiA/hPDprh/bx8KANekK2bZAdhrHVkL1MUesm5xv49ObX5
KuZg+KH6Sinn8SLY4i0VhSPLz+1hdY+sM4N1thELwRgKJsbWlV8CR7isgClNyCbY
LA4i1rpcBA89HM/Jyme/Vzg9mbrGMDzV5ssk5CkV8ztOGTME+E8VIX/oBWE4xHqF
SHF626aIkwsKOQ8mgjp5AKBN8AxQCx6QjI8azfvs7wy02KIncKfequIXJkUHm29j
jaOqfCOEERMQvIx7V/AvidGNXuud4PSeJn7rPDAr0ngHhSZdlGSIt3M=
-----END CERTIFICATE-----