Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/XsGy1_v5fQ1Okhzkb8KvzVnOgsQ.roa
File:                     XsGy1_v5fQ1Okhzkb8KvzVnOgsQ.roa (raw, json)
Hash identifier:          G631qXXZn5nfM/o1axKaDj4q/rSNY3TppFkrozxSo/E=
Subject key identifier:   5E:C1:B2:D7:FB:F9:7D:0D:4E:92:1C:E4:6F:C2:AF:CD:59:CE:82:C4
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019D8B3A30BBCAFBE4E0155968A8EC49C8CA
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/XsGy1_v5fQ1Okhzkb8KvzVnOgsQ.roa
Signing time:             Tue 14 Apr 2026 09:02:19 +0000
ROA not before:           Tue 14 Apr 2026 09:02:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213200
IP address blocks:        2a0f:2705::/32 maxlen: 32
                          2a10:4a00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 15:32:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8b:3a:30:bb:ca:fb:e4:e0:15:59:68:a8:ec:49:c8:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Apr 14 09:02:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5ec1b2d7fbf97d0d4e921ce46fc2afcd59ce82c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:7a:5d:5e:57:23:5d:b8:e0:7f:c4:0c:a3:95:
                    96:64:6f:91:f5:c3:35:ba:02:da:98:2f:bb:94:16:
                    1c:e8:78:d1:a5:c5:6b:67:b9:3c:7a:41:8c:02:f8:
                    51:44:31:74:c6:67:a2:56:fd:43:48:f4:34:17:0a:
                    5d:49:c5:e1:3a:14:ab:ce:07:5d:e0:f5:23:39:2e:
                    0f:86:59:cd:c1:2a:6a:1a:13:52:d3:ed:70:15:58:
                    d1:cd:25:ff:df:22:09:02:95:4f:aa:d9:8a:92:2b:
                    17:88:7c:58:2d:cc:32:4a:01:c8:aa:3f:3e:8f:82:
                    6e:d0:f7:f2:69:22:f3:64:18:02:40:e6:78:3d:0a:
                    15:48:f6:ed:2d:86:ed:96:74:82:16:78:49:33:ef:
                    a9:64:27:f1:5a:73:07:52:db:be:9b:cc:9f:8a:e9:
                    64:fc:a3:51:c8:50:4b:af:b5:04:c5:50:d9:9e:00:
                    bb:40:1b:80:04:b4:52:01:05:cd:2b:aa:2b:17:fa:
                    08:14:90:9d:74:5e:6b:7f:f3:e8:45:84:9c:be:bf:
                    e1:5f:c9:a5:08:05:08:88:38:25:b0:7e:a2:74:20:
                    82:2a:b1:22:aa:21:bb:31:8e:3f:2b:90:59:b2:8e:
                    44:19:95:6b:09:3f:e9:6c:8d:1d:c5:5a:cd:d2:fb:
                    a1:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:C1:B2:D7:FB:F9:7D:0D:4E:92:1C:E4:6F:C2:AF:CD:59:CE:82:C4
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/XsGy1_v5fQ1Okhzkb8KvzVnOgsQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:2705::/32
                  2a10:4a00::/29

    Signature Algorithm: sha256WithRSAEncryption
         66:dd:94:81:02:fa:9c:ba:d1:fc:a7:cc:47:9c:83:4f:3a:dd:
         d2:ec:e9:27:bb:37:d5:e5:11:e1:d0:8d:a8:ae:0d:8d:51:05:
         19:5c:70:84:26:89:27:9e:23:33:a2:0c:79:fe:f4:74:ae:d0:
         dd:86:38:e9:63:53:a7:f0:c0:b0:92:07:b3:1d:11:43:62:a5:
         62:f8:81:41:89:fa:4d:c6:94:46:aa:26:e2:7f:0f:20:6b:8c:
         b2:b7:26:1e:87:f8:8a:1f:09:9b:81:86:40:05:fb:6c:4c:ba:
         5c:16:e5:31:db:3e:52:86:97:11:d1:c1:1b:36:fe:8d:59:f6:
         c0:71:6f:e3:80:72:03:0f:a3:2d:aa:8e:58:c0:7d:ba:2d:da:
         8e:fa:74:37:60:b8:6f:ec:86:0f:29:56:91:ea:a0:01:57:38:
         0a:0f:eb:56:b3:89:a0:db:7e:46:c4:bb:75:e4:df:b2:af:3a:
         64:71:7c:91:f0:2b:29:d7:f7:ec:9d:b6:c0:b9:ca:5d:8a:ec:
         d1:5f:5a:21:ec:20:e8:e6:fb:68:cb:df:c2:30:59:80:60:36:
         50:d2:fe:74:96:f2:66:5e:f3:8c:9d:2c:7e:bc:c6:e5:1d:cc:
         5d:3e:0b:60:8f:df:cc:cc:94:c4:f0:22:bb:b5:b6:a2:7e:bf:
         67:64:60:2c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ2LOjC7yvvk4BVZaKjsScjKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwNDE0MDkwMjE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWMxYjJkN2ZiZjk3ZDBkNGU5MjFjZTQ2ZmMyYWZjZDU5Y2U4MmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXpdXlcjXbjgf8QMo5WWZG+R9cM1
ugLamC+7lBYc6HjRpcVrZ7k8ekGMAvhRRDF0xmeiVv1DSPQ0FwpdScXhOhSrzgdd
4PUjOS4PhlnNwSpqGhNS0+1wFVjRzSX/3yIJApVPqtmKkisXiHxYLcwySgHIqj8+
j4Ju0PfyaSLzZBgCQOZ4PQoVSPbtLYbtlnSCFnhJM++pZCfxWnMHUtu+m8yfiulk
/KNRyFBLr7UExVDZngC7QBuABLRSAQXNK6orF/oIFJCddF5rf/PoRYScvr/hX8ml
CAUIiDglsH6idCCCKrEiqiG7MY4/K5BZso5EGZVrCT/pbI0dxVrN0vuhTQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFF7Bstf7+X0NTpIc5G/Cr81ZzoLEMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvWHNHeTFfdjVmUTFPa2h6a2I4S3Z6Vm5PZ3NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKg8nBQMF
AyoQSgAwDQYJKoZIhvcNAQELBQADggEBAGbdlIEC+py60fynzEecg0863dLs6Se7
N9XlEeHQjaiuDY1RBRlccIQmiSeeIzOiDHn+9HSu0N2GOOljU6fwwLCSB7MdEUNi
pWL4gUGJ+k3GlEaqJuJ/DyBrjLK3Jh6H+IofCZuBhkAF+2xMulwW5THbPlKGlxHR
wRs2/o1Z9sBxb+OAcgMPoy2qjljAfbot2o76dDdguG/shg8pVpHqoAFXOAoP61az
iaDbfkbEu3Xk37KvOmRxfJHwKynX9+ydtsC5yl2K7NFfWiHsIOjm+2jL38IwWYBg
NlDS/nSW8mZe84ydLH68xuUdzF0+C2CP38zMlMTwIru1tqJ+v2dkYCw=
-----END CERTIFICATE-----