Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/lKRUXJEjNZJ1CgQzBClhylIviCI.roa
File:                     lKRUXJEjNZJ1CgQzBClhylIviCI.roa (raw, json)
Hash identifier:          08lzD6ov+tymObbIHhKFdbHqH6uirvnXIQ5Bql1UJeA=
Subject key identifier:   94:A4:54:5C:91:23:35:92:75:0A:04:33:04:29:61:CA:52:2F:88:22
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019C4179E6628A4AFA422EDCCD07A4646EDF
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/lKRUXJEjNZJ1CgQzBClhylIviCI.roa
Signing time:             Mon 09 Feb 2026 08:17:13 +0000
ROA not before:           Mon 09 Feb 2026 08:17:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214652
IP address blocks:        2a13:c902::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 02:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:41:79:e6:62:8a:4a:fa:42:2e:dc:cd:07:a4:64:6e:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Feb  9 08:17:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=94a4545c91233592750a0433042961ca522f8822
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:dd:43:07:f1:b9:47:c0:87:a7:f3:d8:d3:ad:
                    33:c0:c7:49:1c:da:bb:ee:70:1d:cc:b2:90:f7:ca:
                    96:76:29:83:99:26:90:7a:34:08:db:f0:05:d3:b5:
                    a8:db:49:bb:5e:0d:13:0a:79:e0:49:12:41:85:ee:
                    89:cf:73:f0:44:de:e1:98:4d:f9:cf:c3:7e:71:a6:
                    7c:17:3a:64:85:79:6f:16:49:ba:aa:5f:1b:82:55:
                    a1:e1:70:5e:4e:c2:f9:6d:94:00:fb:df:98:74:67:
                    10:96:07:1e:25:dc:f9:f1:39:c3:e7:8c:e4:eb:f5:
                    3b:4f:3d:15:fe:8f:7b:ca:77:ff:ce:43:7b:e4:aa:
                    73:df:e5:29:6f:99:dd:a3:68:a0:89:a6:4a:0d:31:
                    e7:2f:6e:c1:11:5a:34:b1:6d:b3:f2:0a:4a:20:98:
                    4e:cc:25:d8:f4:a2:5b:2b:12:3a:97:85:f6:09:77:
                    e6:f1:bb:e7:e8:3a:ec:bb:7b:50:ae:33:e3:63:e3:
                    ac:d4:53:53:a9:64:1d:b3:1c:f6:4a:93:d4:97:e8:
                    23:c7:68:06:4d:8e:75:eb:d3:cc:3e:1c:a1:5b:f6:
                    50:38:e1:d5:59:13:80:51:50:4e:f6:06:7c:ad:5b:
                    77:ab:34:23:b4:c1:2d:98:1f:25:f0:3e:f2:95:19:
                    bc:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:A4:54:5C:91:23:35:92:75:0A:04:33:04:29:61:CA:52:2F:88:22
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/lKRUXJEjNZJ1CgQzBClhylIviCI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c902::/32

    Signature Algorithm: sha256WithRSAEncryption
         8f:4f:7b:46:af:52:74:77:68:19:1e:31:f1:0b:7f:1b:c0:c8:
         3e:d3:62:d2:36:38:c0:a5:21:ad:12:66:d1:7a:c0:f7:8e:79:
         c6:27:07:b6:a3:6b:c6:46:74:43:64:03:5d:b2:1b:df:5e:8f:
         87:8a:63:4e:25:db:a4:f2:33:d7:6d:56:6e:7b:71:49:c1:d4:
         73:38:24:30:0d:57:50:4b:d8:a0:91:2d:9f:9a:2a:70:05:7b:
         eb:50:96:b0:7c:90:08:50:3a:6a:69:da:1d:a3:19:39:01:0d:
         e2:62:d4:d7:75:3f:2e:6e:de:ea:59:7c:94:b0:f8:10:a7:55:
         6a:81:00:af:a3:17:a9:e6:ed:ae:a7:b9:b1:79:90:93:bd:36:
         2f:66:84:4f:35:b3:70:c2:eb:94:f7:d2:fc:03:d0:d6:4f:ac:
         72:fb:09:06:2e:d8:72:58:e7:94:53:b6:00:1b:b5:f7:fb:57:
         d0:b5:32:4f:c1:64:76:73:bb:d6:c9:ea:dc:e2:07:6b:ac:86:
         02:ec:30:70:e5:a5:56:24:5f:ef:c2:2c:6c:49:57:12:41:4f:
         fa:ce:b8:4c:cd:f1:0c:30:67:3b:ca:80:3f:51:da:c7:5c:fc:
         e8:9b:a5:30:c6:c5:30:21:ce:0a:2f:e7:1b:27:4b:de:44:9f:
         f9:8e:f7:f2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZxBeeZiikr6Qi7czQekZG7fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwMjA5MDgxNzEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGE0NTQ1YzkxMjMzNTkyNzUwYTA0MzMwNDI5NjFjYTUyMmY4ODIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsN1DB/G5R8CHp/PY060zwMdJHNq7
7nAdzLKQ98qWdimDmSaQejQI2/AF07Wo20m7Xg0TCnngSRJBhe6Jz3PwRN7hmE35
z8N+caZ8FzpkhXlvFkm6ql8bglWh4XBeTsL5bZQA+9+YdGcQlgceJdz58TnD54zk
6/U7Tz0V/o97ynf/zkN75Kpz3+Upb5ndo2igiaZKDTHnL27BEVo0sW2z8gpKIJhO
zCXY9KJbKxI6l4X2CXfm8bvn6Drsu3tQrjPjY+Os1FNTqWQdsxz2SpPUl+gjx2gG
TY5169PMPhyhW/ZQOOHVWROAUVBO9gZ8rVt3qzQjtMEtmB8l8D7ylRm8/wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJSkVFyRIzWSdQoEMwQpYcpSL4giMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvbEtSVVhKRWpOWkoxQ2dRekJDbGh5bEl2aUNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhPJAjAN
BgkqhkiG9w0BAQsFAAOCAQEAj097Rq9SdHdoGR4x8Qt/G8DIPtNi0jY4wKUhrRJm
0XrA9455xicHtqNrxkZ0Q2QDXbIb316Ph4pjTiXbpPIz121WbntxScHUczgkMA1X
UEvYoJEtn5oqcAV761CWsHyQCFA6amnaHaMZOQEN4mLU13U/Lm7e6ll8lLD4EKdV
aoEAr6MXqebtrqe5sXmQk702L2aETzWzcMLrlPfS/APQ1k+scvsJBi7YcljnlFO2
ABu19/tX0LUyT8FkdnO71snq3OIHa6yGAuwwcOWlViRf78IsbElXEkFP+s64TM3x
DDBnO8qAP1Hax1z86JulMMbFMCHOCi/nGydL3kSf+Y738g==
-----END CERTIFICATE-----