Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/f_4u8o2-sQFnsN4hVfdU09YaQdw.roa
File:                     f_4u8o2-sQFnsN4hVfdU09YaQdw.roa (raw, json)
Hash identifier:          Qej73tF2pCB9D2gX74q1ype1+d9iNlg9Gufi0ewShWs=
Subject key identifier:   7F:FE:2E:F2:8D:BE:B1:01:67:B0:DE:21:55:F7:54:D3:D6:1A:41:DC
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019C1F100ACB826493D2BC7C41048CBC69D8
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/f_4u8o2-sQFnsN4hVfdU09YaQdw.roa
Signing time:             Mon 02 Feb 2026 15:54:30 +0000
ROA not before:           Mon 02 Feb 2026 15:54:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215310
IP address blocks:        2a13:e103::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 17:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:1f:10:0a:cb:82:64:93:d2:bc:7c:41:04:8c:bc:69:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Feb  2 15:54:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7ffe2ef28dbeb10167b0de2155f754d3d61a41dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:70:78:65:11:30:6e:4a:54:f4:de:39:c1:c4:
                    f0:4b:9a:a8:fa:80:a4:16:77:ee:e7:81:67:cd:33:
                    40:c9:dd:fc:07:95:3f:fa:97:b3:1d:33:0f:fd:93:
                    a8:a8:3c:5e:e8:f9:91:a0:cb:92:7a:ad:53:c8:4e:
                    bc:e9:c0:0a:a1:a4:df:95:a5:77:83:c1:0a:3f:e9:
                    b4:03:3e:db:01:45:38:b7:1b:44:70:ca:93:95:66:
                    bd:1b:d0:54:62:ff:b5:46:3d:4c:03:6e:1a:26:ae:
                    23:80:87:c1:72:fe:f3:63:d9:41:a3:42:a1:fe:96:
                    59:f1:f5:af:c4:5b:1b:b7:90:67:9f:24:12:c5:6a:
                    54:f3:11:4b:8b:66:34:2b:6c:28:91:68:5a:19:13:
                    f0:90:a2:4a:bd:6a:e1:3c:75:12:99:bd:1d:1d:77:
                    72:97:c8:18:5c:b9:58:9c:82:62:0b:18:c4:0c:3c:
                    2e:6b:08:e6:0f:76:c6:90:00:51:d2:9c:5a:ff:7a:
                    bd:90:40:03:bd:31:1c:44:bb:ef:77:6c:3b:d3:8a:
                    af:75:cb:ca:1f:36:8f:72:a5:ce:69:4d:1b:48:ec:
                    f6:19:62:1b:73:74:a9:b9:1e:86:63:2e:b5:28:2e:
                    91:ca:71:e6:25:04:6e:c0:d5:f5:82:da:bc:64:e8:
                    1a:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:FE:2E:F2:8D:BE:B1:01:67:B0:DE:21:55:F7:54:D3:D6:1A:41:DC
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/f_4u8o2-sQFnsN4hVfdU09YaQdw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:e103::/32

    Signature Algorithm: sha256WithRSAEncryption
         23:33:c0:6a:81:90:b4:9f:36:de:55:9a:34:a9:63:83:4b:4f:
         b4:88:04:96:f3:b8:4a:ae:88:91:5c:a9:cc:67:ab:5a:f5:4b:
         22:56:eb:15:2d:23:c4:83:8c:02:13:4d:25:4b:9b:85:a1:54:
         d9:2f:a9:06:6c:e5:1e:f8:94:48:2f:85:52:d4:81:ab:8d:aa:
         11:ae:2b:ac:d7:65:fb:48:23:7f:a4:86:ab:dd:1d:02:a6:be:
         a9:8f:70:35:48:4b:00:50:a7:eb:71:e5:da:03:4a:4e:9c:b2:
         d8:52:41:9f:af:66:7d:96:5e:1f:75:93:04:d2:c3:14:95:e9:
         da:eb:ce:0d:2a:1e:4b:26:e3:f7:d6:be:59:60:0e:cb:9d:67:
         34:74:fe:e7:b5:83:45:96:41:0a:a0:56:94:e1:67:df:66:c2:
         c6:e7:0f:97:9c:7f:61:c5:bf:fb:df:1c:cf:86:ce:eb:f3:77:
         fb:5c:c1:d3:1c:a3:03:e9:a1:7c:4c:fb:7d:b4:00:80:ad:cc:
         a1:b3:eb:2e:84:96:5a:b5:b9:45:bf:84:44:b9:e4:8c:d1:2c:
         b7:96:bf:4e:2a:f9:6a:8a:c8:4e:3c:83:4f:e3:a2:7d:8a:17:
         ae:82:f3:9c:a9:7c:14:36:b3:ab:87:32:f6:dd:76:8c:2d:2b:
         97:18:96:2c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZwfEArLgmST0rx8QQSMvGnYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwMjAyMTU1NDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmZlMmVmMjhkYmViMTAxNjdiMGRlMjE1NWY3NTRkM2Q2MWE0MWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2HB4ZREwbkpU9N45wcTwS5qo+oCk
Fnfu54FnzTNAyd38B5U/+pezHTMP/ZOoqDxe6PmRoMuSeq1TyE686cAKoaTflaV3
g8EKP+m0Az7bAUU4txtEcMqTlWa9G9BUYv+1Rj1MA24aJq4jgIfBcv7zY9lBo0Kh
/pZZ8fWvxFsbt5BnnyQSxWpU8xFLi2Y0K2wokWhaGRPwkKJKvWrhPHUSmb0dHXdy
l8gYXLlYnIJiCxjEDDwuawjmD3bGkABR0pxa/3q9kEADvTEcRLvvd2w704qvdcvK
HzaPcqXOaU0bSOz2GWIbc3SpuR6GYy61KC6RynHmJQRuwNX1gtq8ZOgaZQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFH/+LvKNvrEBZ7DeIVX3VNPWGkHcMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvZl80dThvMi1zUUZuc040aFZmZFUwOVlhUWR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhPhAzAN
BgkqhkiG9w0BAQsFAAOCAQEAIzPAaoGQtJ823lWaNKljg0tPtIgElvO4Sq6IkVyp
zGerWvVLIlbrFS0jxIOMAhNNJUubhaFU2S+pBmzlHviUSC+FUtSBq42qEa4rrNdl
+0gjf6SGq90dAqa+qY9wNUhLAFCn63Hl2gNKTpyy2FJBn69mfZZeH3WTBNLDFJXp
2uvODSoeSybj99a+WWAOy51nNHT+57WDRZZBCqBWlOFn32bCxucPl5x/YcW/+98c
z4bO6/N3+1zB0xyjA+mhfEz7fbQAgK3MobPrLoSWWrW5Rb+ERLnkjNEst5a/Tir5
aorITjyDT+OifYoXroLznKl8FDazq4cy9t12jC0rlxiWLA==
-----END CERTIFICATE-----