Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/prGmfNKqMka-2Jek7wMRODddHJE.roa
File:                     prGmfNKqMka-2Jek7wMRODddHJE.roa (raw, json)
Hash identifier:          PsCrsEKH+kXVRuqMYE6arGWrCkGHUoK3RgSjYWrFLY8=
Subject key identifier:   A6:B1:A6:7C:D2:AA:32:46:BE:D8:97:A4:EF:03:11:38:37:5D:1C:91
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019C8B593DA04755D5CBC839A6EB3C0FE031
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/prGmfNKqMka-2Jek7wMRODddHJE.roa
Signing time:             Mon 23 Feb 2026 16:33:27 +0000
ROA not before:           Mon 23 Feb 2026 16:33:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62563
IP address blocks:        2a0e:5a80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8b:59:3d:a0:47:55:d5:cb:c8:39:a6:eb:3c:0f:e0:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Feb 23 16:33:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a6b1a67cd2aa3246bed897a4ef031138375d1c91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:39:8b:99:dc:0e:a9:3c:1c:ac:fe:9e:b4:31:
                    16:72:4d:3a:f4:d3:30:b5:97:bd:1a:1b:45:05:1a:
                    8d:5a:82:d4:b2:e0:fd:52:91:84:d1:c0:81:93:b2:
                    4a:4d:26:60:39:8d:1d:d2:98:38:50:da:c9:eb:f1:
                    7b:29:90:5f:99:4d:8a:40:b1:c9:c8:a5:e7:17:ef:
                    54:de:82:69:75:fa:82:d3:bc:bb:88:22:3a:0b:cf:
                    34:72:60:7f:08:b6:c1:27:70:f4:d7:45:00:7b:21:
                    06:6f:ae:37:d4:1c:9e:ee:39:10:59:02:27:60:c0:
                    e4:1c:e4:b8:37:bf:7a:2d:5c:2d:b7:96:bf:13:ad:
                    1a:91:2a:1a:7c:ac:9b:ae:07:a4:a6:54:21:2b:87:
                    39:f7:9a:63:c2:6f:e9:20:08:55:db:aa:69:9d:b6:
                    55:62:40:90:2f:1f:4f:6a:ab:9a:bf:85:60:43:a8:
                    d7:33:69:80:7a:b6:83:1b:46:5e:f2:fc:4d:06:88:
                    6e:17:fb:fb:8a:af:c1:de:a4:32:d7:41:b2:eb:ae:
                    ac:5e:79:6a:86:2b:96:aa:b2:37:b2:12:e6:4f:de:
                    43:fd:51:eb:e4:fa:15:ad:4a:95:12:2e:eb:e3:79:
                    3b:15:44:b9:8c:bb:81:7d:c0:06:1c:cd:e3:70:0a:
                    32:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:B1:A6:7C:D2:AA:32:46:BE:D8:97:A4:EF:03:11:38:37:5D:1C:91
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/prGmfNKqMka-2Jek7wMRODddHJE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:5a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         13:3a:29:d0:f8:a5:e1:ad:7d:f7:45:e9:cf:c8:3e:89:07:45:
         2c:d7:e5:d7:1a:07:af:8f:8c:54:d9:ca:5c:d8:46:ca:b0:de:
         1c:12:20:57:65:a6:06:1c:3b:c6:0e:ce:32:de:1e:37:44:bd:
         39:b5:e0:20:29:d0:c8:45:5a:5b:ac:c8:89:06:0c:1a:a9:c1:
         3d:db:fc:f6:57:8c:26:3f:5f:02:79:4e:cd:81:1f:8e:52:19:
         68:98:06:f1:70:0b:26:8e:50:7c:60:c8:b2:48:b4:8d:96:04:
         1c:b3:c3:4f:80:da:02:35:9b:12:25:f3:fe:2f:96:27:37:84:
         e1:35:fa:97:00:fc:4d:e6:ec:e7:c3:7f:84:49:6a:72:59:e6:
         b3:1a:1e:8b:ef:fa:61:63:dc:c7:a5:02:49:91:66:03:a3:66:
         f9:b1:ff:26:2e:ec:40:f1:90:e8:44:fa:e3:0c:64:a7:3f:bb:
         3a:a1:b1:0f:57:da:a1:3b:17:99:2f:d6:78:9e:b2:fa:7d:a1:
         60:74:81:f6:f4:b5:41:85:05:7d:83:8a:ce:04:6e:56:cd:53:
         0a:df:21:8b:ca:f6:15:c8:4d:96:ea:86:d6:07:b2:8b:af:b8:
         cf:44:d8:7c:90:93:74:45:19:b3:ca:52:54:b5:22:b8:64:6b:
         2e:58:fb:8a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZyLWT2gR1XVy8g5pus8D+AxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwMjIzMTYzMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmIxYTY3Y2QyYWEzMjQ2YmVkODk3YTRlZjAzMTEzODM3NWQxYzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvTmLmdwOqTwcrP6etDEWck069NMw
tZe9GhtFBRqNWoLUsuD9UpGE0cCBk7JKTSZgOY0d0pg4UNrJ6/F7KZBfmU2KQLHJ
yKXnF+9U3oJpdfqC07y7iCI6C880cmB/CLbBJ3D010UAeyEGb6431Bye7jkQWQIn
YMDkHOS4N796LVwtt5a/E60akSoafKybrgekplQhK4c595pjwm/pIAhV26ppnbZV
YkCQLx9Paquav4VgQ6jXM2mAeraDG0Ze8vxNBohuF/v7iq/B3qQy10Gy666sXnlq
hiuWqrI3shLmT95D/VHr5PoVrUqVEi7r43k7FUS5jLuBfcAGHM3jcAoyJwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKaxpnzSqjJGvtiXpO8DETg3XRyRMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvcHJHbWZOS3FNa2EtMkplazd3TVJPRGRkSEpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg5agDAN
BgkqhkiG9w0BAQsFAAOCAQEAEzop0Pil4a1990Xpz8g+iQdFLNfl1xoHr4+MVNnK
XNhGyrDeHBIgV2WmBhw7xg7OMt4eN0S9ObXgICnQyEVaW6zIiQYMGqnBPdv89leM
Jj9fAnlOzYEfjlIZaJgG8XALJo5QfGDIski0jZYEHLPDT4DaAjWbEiXz/i+WJzeE
4TX6lwD8Tebs58N/hElqclnmsxoei+/6YWPcx6UCSZFmA6Nm+bH/Ji7sQPGQ6ET6
4wxkpz+7OqGxD1faoTsXmS/WeJ6y+n2hYHSB9vS1QYUFfYOKzgRuVs1TCt8hi8r2
FchNluqG1geyi6+4z0TYfJCTdEUZs8pSVLUiuGRrLlj7ig==
-----END CERTIFICATE-----