Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Y6Y_tXOkIggJPjQwp8QEgjRIm1Y.roa
File:                     Y6Y_tXOkIggJPjQwp8QEgjRIm1Y.roa (raw, json)
Hash identifier:          BIV0EDM9uKVn3TUK74YvkhDAlB3WJqVrVyXiCmZXg6k=
Subject key identifier:   63:A6:3F:B5:73:A4:22:08:09:3E:34:30:A7:C4:04:82:34:48:9B:56
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019D8C00E008AD61D42515209D8C104A5C94
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Y6Y_tXOkIggJPjQwp8QEgjRIm1Y.roa
Signing time:             Tue 14 Apr 2026 12:39:20 +0000
ROA not before:           Tue 14 Apr 2026 12:39:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40676
IP address blocks:        2a0f:31c5::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:8c:00:e0:08:ad:61:d4:25:15:20:9d:8c:10:4a:5c:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Apr 14 12:39:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=63a63fb573a42208093e3430a7c4048234489b56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:47:1e:83:a2:40:ad:72:4c:89:13:bb:44:73:
                    43:eb:86:b7:87:2c:cb:24:cc:88:44:4f:b2:3d:03:
                    3f:3c:d7:e1:87:8d:71:15:ea:da:9c:94:8d:d1:03:
                    ce:34:f3:8d:ba:f0:41:c8:e8:97:ec:f4:56:5e:30:
                    04:fa:53:c8:83:ab:75:c8:53:10:15:89:ce:fd:d2:
                    93:64:d7:d6:ad:56:46:94:15:2d:48:77:b9:3c:cf:
                    c4:95:eb:00:c5:c9:5f:2f:74:66:3b:03:d2:b4:5f:
                    e7:a4:dd:60:46:d0:f2:73:58:01:10:8f:a8:28:d5:
                    9a:16:54:fc:02:bf:31:78:e1:98:a3:ff:20:e2:f5:
                    b0:e6:b6:e9:8a:a6:98:3e:ca:1d:e5:df:a8:6b:f8:
                    af:5e:87:b0:e0:10:f2:7c:2f:9c:78:81:c9:8c:8b:
                    5e:75:f7:a9:10:b2:1a:68:d2:77:77:cd:f8:43:56:
                    a0:f6:d3:9d:d5:26:19:77:6f:ed:d3:9e:95:da:3c:
                    02:20:36:40:51:85:f1:de:7b:77:c8:70:3c:a8:d0:
                    0a:48:32:00:26:34:1d:15:9d:35:a0:46:aa:7f:61:
                    5b:52:31:97:be:41:5f:d0:c1:12:cb:11:24:30:77:
                    44:df:a0:48:75:72:5f:44:e0:6d:af:1e:0e:9f:83:
                    da:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:A6:3F:B5:73:A4:22:08:09:3E:34:30:A7:C4:04:82:34:48:9B:56
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Y6Y_tXOkIggJPjQwp8QEgjRIm1Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:31c5::/32

    Signature Algorithm: sha256WithRSAEncryption
         bb:b5:2b:a6:a6:d6:9e:0b:ed:25:8b:74:30:92:8f:dc:25:45:
         0f:04:59:48:0b:e7:39:1a:d2:c2:71:cc:20:91:d8:4c:e1:46:
         13:a4:ff:90:72:7c:f0:0a:f5:f0:d8:21:2e:a5:8a:54:43:41:
         e4:76:1f:a1:51:95:0d:f8:b6:ed:51:28:2c:8c:6b:9d:b8:6b:
         e0:cb:68:b1:fe:9f:60:a4:d9:54:44:1b:a1:d9:f0:5d:f1:10:
         bc:85:1d:97:53:62:ca:70:ca:d3:90:c2:3b:2d:ce:49:f2:7b:
         11:62:f6:71:e0:cd:9d:32:0c:d7:b2:88:75:8f:fd:1a:75:24:
         af:ee:b3:ab:2b:4b:c1:29:bf:cb:e5:2e:86:7c:84:c8:c8:47:
         7e:e0:c9:e5:de:aa:c6:85:77:90:f8:da:84:c9:e7:ca:dc:86:
         d2:2b:b7:c9:a0:7d:11:1a:46:f7:98:52:43:9f:d8:30:09:ab:
         7f:91:d7:ce:6a:54:4e:63:84:7e:b2:04:d5:fd:07:6f:06:50:
         34:a1:80:f7:21:e8:07:42:2d:06:dd:88:e4:8a:ae:2c:d3:09:
         42:b3:a9:d2:8c:9c:5c:a4:d5:7c:eb:c9:96:96:2e:26:31:a5:
         ac:f6:48:4c:fe:3b:e4:7a:12:13:00:a3:95:4f:08:a0:7a:59:
         8b:f2:85:4f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ2MAOAIrWHUJRUgnYwQSlyUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwNDE0MTIzOTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2E2M2ZiNTczYTQyMjA4MDkzZTM0MzBhN2M0MDQ4MjM0NDg5YjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Uceg6JArXJMiRO7RHND64a3hyzL
JMyIRE+yPQM/PNfhh41xFeranJSN0QPONPONuvBByOiX7PRWXjAE+lPIg6t1yFMQ
FYnO/dKTZNfWrVZGlBUtSHe5PM/ElesAxclfL3RmOwPStF/npN1gRtDyc1gBEI+o
KNWaFlT8Ar8xeOGYo/8g4vWw5rbpiqaYPsod5d+oa/ivXoew4BDyfC+ceIHJjIte
dfepELIaaNJ3d834Q1ag9tOd1SYZd2/t056V2jwCIDZAUYXx3nt3yHA8qNAKSDIA
JjQdFZ01oEaqf2FbUjGXvkFf0MESyxEkMHdE36BIdXJfROBtrx4On4PaOQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGOmP7VzpCIICT40MKfEBII0SJtWMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvWTZZX3RYT2tJZ2dKUGpRd3A4UUVnalJJbTFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg8xxTAN
BgkqhkiG9w0BAQsFAAOCAQEAu7UrpqbWngvtJYt0MJKP3CVFDwRZSAvnORrSwnHM
IJHYTOFGE6T/kHJ88Ar18NghLqWKVENB5HYfoVGVDfi27VEoLIxrnbhr4Mtosf6f
YKTZVEQbodnwXfEQvIUdl1NiynDK05DCOy3OSfJ7EWL2ceDNnTIM17KIdY/9GnUk
r+6zqytLwSm/y+UuhnyEyMhHfuDJ5d6qxoV3kPjahMnnytyG0iu3yaB9ERpG95hS
Q5/YMAmrf5HXzmpUTmOEfrIE1f0HbwZQNKGA9yHoB0ItBt2I5IquLNMJQrOp0oyc
XKTVfOvJlpYuJjGlrPZITP475HoSEwCjlU8IoHpZi/KFTw==
-----END CERTIFICATE-----