Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/hy9UaNC4tmYKXBnLMXpRWHYDXBg.roa
File:                     hy9UaNC4tmYKXBnLMXpRWHYDXBg.roa (raw, json)
Hash identifier:          ohxjI5Q1w4Yo6XzxC2JHu6E77UobcSMb7cMvMgsXoD0=
Subject key identifier:   87:2F:54:68:D0:B8:B6:66:0A:5C:19:CB:31:7A:51:58:76:03:5C:18
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019C8F8DE84B43B022D5A5B7FEE9ED10AF53
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/hy9UaNC4tmYKXBnLMXpRWHYDXBg.roa
Signing time:             Tue 24 Feb 2026 12:09:27 +0000
ROA not before:           Tue 24 Feb 2026 12:09:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     139791
IP address blocks:        2a06:3600::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8f:8d:e8:4b:43:b0:22:d5:a5:b7:fe:e9:ed:10:af:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Feb 24 12:09:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=872f5468d0b8b6660a5c19cb317a515876035c18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:65:11:e9:03:ec:27:7a:f5:b7:f3:bf:c1:ae:
                    91:8d:62:9f:80:a4:0d:f7:fb:d7:d7:6d:fc:3b:a0:
                    e0:fe:3d:1d:8e:fb:52:b8:2e:5b:a8:a5:ea:65:98:
                    58:d2:85:91:e9:da:46:dc:05:72:a7:c7:0f:fe:d2:
                    c4:ad:71:60:49:71:61:c1:3e:f1:8d:7e:d6:ea:f2:
                    c4:e2:f9:a3:0b:cc:02:e2:04:56:f4:8f:92:4b:a7:
                    eb:7d:e2:33:3f:11:b1:b3:06:5b:f5:da:18:5a:5a:
                    03:d7:3a:f2:23:1d:b1:49:ee:ee:db:79:eb:b9:0e:
                    b4:28:f7:df:ff:4f:67:dc:7a:15:f2:cd:92:c3:2e:
                    41:15:b1:80:1f:af:dd:7c:bf:eb:b3:54:80:e7:c2:
                    87:87:eb:8c:1d:a1:30:2b:46:ab:1f:91:52:f5:af:
                    a2:ef:fc:55:59:21:fb:9d:93:42:c3:1d:01:d6:54:
                    01:80:23:f9:a3:04:06:6e:56:1a:b6:cf:cf:1b:66:
                    b2:80:80:fd:d4:dc:db:5b:6a:00:06:4f:56:8c:bc:
                    84:8a:c6:e5:3f:ad:49:5c:0a:a0:a3:37:c5:4d:1c:
                    14:f6:91:5f:30:37:31:51:dc:cf:50:1e:31:92:6e:
                    64:8e:c8:d6:5e:86:77:95:e2:87:fe:b0:ab:b9:79:
                    05:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:2F:54:68:D0:B8:B6:66:0A:5C:19:CB:31:7A:51:58:76:03:5C:18
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/hy9UaNC4tmYKXBnLMXpRWHYDXBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:3600::/29

    Signature Algorithm: sha256WithRSAEncryption
         ce:f8:62:4d:d5:5b:0f:93:f0:4f:16:78:a0:a7:f0:81:20:b2:
         8e:75:05:f0:6f:de:f8:ac:01:36:26:85:91:ba:bb:fd:b6:3d:
         ce:2d:c7:f5:d0:cf:e6:fc:eb:ca:9c:51:3b:52:85:1f:bd:b7:
         03:c5:88:f3:a1:94:14:54:09:e8:79:aa:7c:cf:cd:64:d0:a3:
         1c:21:f2:05:18:6f:d6:ff:15:b6:e9:03:bc:bf:fe:a1:c8:4f:
         bf:18:66:64:95:10:ff:a0:84:e4:03:93:98:6e:2b:94:d5:4c:
         3b:64:c7:8b:a8:aa:00:b2:04:6f:a4:70:5c:af:59:9f:a2:d0:
         c4:af:d5:d1:99:d9:52:f4:26:ec:09:35:76:93:30:70:26:d5:
         43:60:c6:36:84:cc:d2:32:1f:8a:33:d9:73:84:ca:35:59:43:
         fc:62:91:4f:a9:32:e2:71:be:f9:8e:48:e7:dd:96:63:0b:39:
         db:a9:65:dc:06:80:1c:8d:f1:e5:45:95:af:2c:32:da:4d:6f:
         cd:d3:01:b6:b6:40:cc:9a:3b:7a:bd:59:43:7b:4e:5f:d7:2a:
         d3:4d:08:b8:8b:5a:07:d8:8b:d4:fd:e7:82:a2:42:4d:35:55:
         59:fa:9b:c4:2d:47:b8:85:69:4c:35:7e:d5:61:6c:82:4c:86:
         0d:e0:a5:b4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZyPjehLQ7Ai1aW3/untEK9TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwMjI0MTIwOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzJmNTQ2OGQwYjhiNjY2MGE1YzE5Y2IzMTdhNTE1ODc2MDM1YzE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0WUR6QPsJ3r1t/O/wa6RjWKfgKQN
9/vX1238O6Dg/j0djvtSuC5bqKXqZZhY0oWR6dpG3AVyp8cP/tLErXFgSXFhwT7x
jX7W6vLE4vmjC8wC4gRW9I+SS6frfeIzPxGxswZb9doYWloD1zryIx2xSe7u23nr
uQ60KPff/09n3HoV8s2Swy5BFbGAH6/dfL/rs1SA58KHh+uMHaEwK0arH5FS9a+i
7/xVWSH7nZNCwx0B1lQBgCP5owQGblYats/PG2aygID91NzbW2oABk9WjLyEisbl
P61JXAqgozfFTRwU9pFfMDcxUdzPUB4xkm5kjsjWXoZ3leKH/rCruXkFAQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIcvVGjQuLZmClwZyzF6UVh2A1wYMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvaHk5VWFOQzR0bVlLWEJuTE1YcFJXSFlEWEJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgY2ADAN
BgkqhkiG9w0BAQsFAAOCAQEAzvhiTdVbD5PwTxZ4oKfwgSCyjnUF8G/e+KwBNiaF
kbq7/bY9zi3H9dDP5vzrypxRO1KFH723A8WI86GUFFQJ6HmqfM/NZNCjHCHyBRhv
1v8VtukDvL/+ochPvxhmZJUQ/6CE5AOTmG4rlNVMO2THi6iqALIEb6RwXK9Zn6LQ
xK/V0ZnZUvQm7Ak1dpMwcCbVQ2DGNoTM0jIfijPZc4TKNVlD/GKRT6ky4nG++Y5I
592WYws526ll3AaAHI3x5UWVrywy2k1vzdMBtrZAzJo7er1ZQ3tOX9cq000IuIta
B9iL1P3ngqJCTTVVWfqbxC1HuIVpTDV+1WFsgkyGDeCltA==
-----END CERTIFICATE-----