Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/rWncnbQN7_C-Uj3GmZvJ50vOgG0.roa
File:                     rWncnbQN7_C-Uj3GmZvJ50vOgG0.roa (raw, json)
Hash identifier:          I8F98o+oGPj0uiRRIcRyLv6N/wuP1bORG3XtMs97FsU=
Subject key identifier:   AD:69:DC:9D:B4:0D:EF:F0:BE:52:3D:C6:99:9B:C9:E7:4B:CE:80:6D
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019D881F863580C83100C9BF01B78834E564
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/rWncnbQN7_C-Uj3GmZvJ50vOgG0.roa
Signing time:             Mon 13 Apr 2026 18:34:20 +0000
ROA not before:           Mon 13 Apr 2026 18:34:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210699
IP address blocks:        2a0c:7886:9c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 15:32:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:88:1f:86:35:80:c8:31:00:c9:bf:01:b7:88:34:e5:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Apr 13 18:34:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ad69dc9db40deff0be523dc6999bc9e74bce806d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:0e:36:64:c5:6a:1e:e5:61:6d:0a:8b:f6:13:
                    49:d9:f8:2c:da:1f:e3:56:3f:6d:7c:13:e2:14:c8:
                    fe:00:91:f0:01:6e:55:57:e5:46:02:5e:d1:e2:86:
                    fd:83:34:c0:9c:59:e7:8d:f8:27:14:21:96:a0:33:
                    4a:1a:02:9d:cf:2d:db:20:5a:35:e2:83:5d:bf:9d:
                    59:4e:82:cf:46:59:ea:97:c2:b2:61:04:0f:e4:3d:
                    bf:db:bd:c2:1d:1c:de:76:00:71:86:4b:83:2a:17:
                    a9:7f:c5:e8:73:4e:0d:78:a0:88:aa:9f:b9:ce:eb:
                    42:00:27:ff:20:1c:ab:df:9f:de:59:69:b6:a7:74:
                    34:67:9e:22:f1:a3:fc:11:44:82:5e:f7:f5:ed:12:
                    f5:c7:66:89:06:6a:0f:39:80:d3:da:22:54:52:38:
                    0d:5e:df:1b:9a:ad:b0:e6:a7:53:1c:85:f7:b2:d0:
                    ca:dd:11:16:0c:f9:31:bd:55:5d:41:a7:c8:30:c1:
                    22:3f:97:3d:01:e6:75:a4:9d:62:a8:cd:df:b0:be:
                    d3:35:16:ad:00:38:30:bd:03:1f:10:e7:ce:3b:c3:
                    7a:42:ef:1f:40:25:0b:c3:c2:20:85:1c:49:1b:cc:
                    5a:9e:ee:e1:ab:79:62:71:55:20:84:cf:34:c3:a4:
                    eb:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:69:DC:9D:B4:0D:EF:F0:BE:52:3D:C6:99:9B:C9:E7:4B:CE:80:6D
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/rWncnbQN7_C-Uj3GmZvJ50vOgG0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:7886:9c::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:30:ae:b0:4d:ee:d0:dd:17:18:1a:cb:23:21:db:fc:ae:2e:
         28:93:66:a3:64:e5:dc:88:a0:9c:3c:be:26:f5:98:f3:4c:51:
         c6:c0:bc:7f:9d:85:1d:65:6d:ff:dc:a8:36:ec:c3:c8:36:9f:
         71:84:62:70:94:2b:13:ba:fb:96:97:82:57:8d:76:fb:57:c2:
         db:90:95:72:e3:e3:8e:8b:a0:48:27:ee:a1:78:2d:3a:f7:41:
         77:9d:7d:d3:dd:8d:c7:99:88:ce:f0:97:2a:9d:35:97:2f:ff:
         de:f9:23:97:a1:52:f6:0e:db:49:c8:c0:97:64:60:12:28:a3:
         3d:8d:e7:12:45:27:4b:a5:aa:b7:b3:96:b7:0d:ae:0e:26:d9:
         b9:79:39:3c:02:d5:85:00:36:bc:9d:c3:16:ad:c2:f5:d5:f6:
         c4:ab:47:08:d4:bc:e0:ae:50:92:3c:cb:b8:8d:5b:47:d0:14:
         80:63:fb:8b:18:5f:24:fe:0f:c0:aa:0f:e2:53:70:d4:bc:33:
         a7:79:dc:ca:7d:e7:35:6c:20:f1:4c:cf:cf:37:61:cb:30:81:
         dd:75:0d:6d:e6:cc:31:ec:89:5e:39:1d:c9:76:5f:58:c3:92:
         b6:7a:67:e9:37:d6:7b:3f:97:04:df:d1:2c:f6:18:20:f3:e1:
         b9:c1:24:de
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ2IH4Y1gMgxAMm/AbeINOVkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwNDEzMTgzNDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDY5ZGM5ZGI0MGRlZmYwYmU1MjNkYzY5OTliYzllNzRiY2U4MDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Q42ZMVqHuVhbQqL9hNJ2fgs2h/j
Vj9tfBPiFMj+AJHwAW5VV+VGAl7R4ob9gzTAnFnnjfgnFCGWoDNKGgKdzy3bIFo1
4oNdv51ZToLPRlnql8KyYQQP5D2/273CHRzedgBxhkuDKhepf8Xoc04NeKCIqp+5
zutCACf/IByr35/eWWm2p3Q0Z54i8aP8EUSCXvf17RL1x2aJBmoPOYDT2iJUUjgN
Xt8bmq2w5qdTHIX3stDK3REWDPkxvVVdQafIMMEiP5c9AeZ1pJ1iqM3fsL7TNRat
ADgwvQMfEOfOO8N6Qu8fQCULw8IghRxJG8xanu7hq3licVUghM80w6TrWQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK1p3J20De/wvlI9xpmbyedLzoBtMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvclduY25iUU43X0MtVWozR21adko1MHZPZ0cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgx4hgCc
MA0GCSqGSIb3DQEBCwUAA4IBAQBgMK6wTe7Q3RcYGssjIdv8ri4ok2ajZOXciKCc
PL4m9ZjzTFHGwLx/nYUdZW3/3Kg27MPINp9xhGJwlCsTuvuWl4JXjXb7V8LbkJVy
4+OOi6BIJ+6heC0690F3nX3T3Y3HmYjO8JcqnTWXL//e+SOXoVL2DttJyMCXZGAS
KKM9jecSRSdLpaq3s5a3Da4OJtm5eTk8AtWFADa8ncMWrcL11fbEq0cI1LzgrlCS
PMu4jVtH0BSAY/uLGF8k/g/Aqg/iU3DUvDOnedzKfec1bCDxTM/PN2HLMIHddQ1t
5swx7IleOR3Jdl9Yw5K2emfpN9Z7P5cE39Es9hgg8+G5wSTe
-----END CERTIFICATE-----