Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/rgb1R9ZBvGi3h5E6rGiN6X0skrw.roa
File:                     rgb1R9ZBvGi3h5E6rGiN6X0skrw.roa (raw, json)
Hash identifier:          cLhb32CzL4yHRxOZH0Ri8KJLAl1pDZqAh3lavO/4l58=
Subject key identifier:   AE:06:F5:47:D6:41:BC:68:B7:87:91:3A:AC:68:8D:E9:7D:2C:92:BC
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019C09B6570B7568FA3764E6B94B8641A434
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/rgb1R9ZBvGi3h5E6rGiN6X0skrw.roa
Signing time:             Thu 29 Jan 2026 12:24:30 +0000
ROA not before:           Thu 29 Jan 2026 12:24:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8285
IP address blocks:        2a0f:1585::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:09:b6:57:0b:75:68:fa:37:64:e6:b9:4b:86:41:a4:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jan 29 12:24:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ae06f547d641bc68b787913aac688de97d2c92bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:10:ad:15:73:bc:20:c0:3e:f8:bb:91:ae:03:
                    34:17:6e:f9:51:f7:80:5d:90:52:9f:14:23:1d:8b:
                    af:c1:95:bb:5f:dd:ed:ae:2a:47:38:ff:9c:95:fe:
                    51:74:e6:85:81:4c:32:b3:33:f9:1b:53:07:aa:43:
                    d5:92:e0:57:8f:37:53:81:1a:88:72:52:b9:b2:7d:
                    3b:68:b5:8f:cc:4c:18:54:f7:8e:4e:5d:37:58:31:
                    02:4c:2c:45:07:64:13:8c:9c:b1:c1:3b:6a:b0:3a:
                    63:c5:fe:a7:cb:ab:92:11:b8:d4:18:a6:87:fa:84:
                    2e:b5:f5:2f:81:a4:4d:25:51:5c:ef:0f:7f:c5:0d:
                    6b:63:c5:40:21:98:72:66:5a:e6:6b:12:6e:99:0e:
                    92:da:e0:f0:61:d4:c9:d0:fe:ed:61:96:86:76:64:
                    ba:52:27:fe:2a:d5:7d:ba:43:c1:78:c6:a5:d6:cb:
                    af:b9:24:90:3e:5e:fe:1e:17:b0:57:05:68:fa:8b:
                    00:00:4c:87:f7:00:d7:36:21:29:90:ef:7d:a3:fc:
                    df:7c:6f:49:f6:cc:e0:68:70:75:ce:61:c7:ce:c3:
                    c0:32:27:4c:16:6b:fa:17:60:1b:8a:7d:3f:f7:bc:
                    84:f5:09:7a:9f:d5:1c:f6:27:c5:77:50:23:1b:fd:
                    ed:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:06:F5:47:D6:41:BC:68:B7:87:91:3A:AC:68:8D:E9:7D:2C:92:BC
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/rgb1R9ZBvGi3h5E6rGiN6X0skrw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:1585::/32

    Signature Algorithm: sha256WithRSAEncryption
         c7:78:9d:1e:20:e2:b5:59:aa:bd:29:d6:74:b7:4d:64:b4:b6:
         5a:0c:ce:a9:dc:3d:10:81:36:1b:ec:0a:ea:09:e9:cd:ee:ac:
         f0:df:20:de:65:26:8c:54:3b:86:c5:ba:51:b7:e5:77:93:5e:
         7e:a6:91:c0:00:a7:d0:07:80:8d:0f:d5:d3:1e:8e:c9:ad:2c:
         e1:df:d9:ae:00:65:d7:6c:7f:74:0b:16:ef:90:9c:4e:b2:b6:
         8d:9f:57:27:e9:15:cb:a7:9d:fe:bd:a7:23:0b:db:99:d0:74:
         1e:dc:eb:79:01:7f:f3:b8:74:53:14:31:0e:11:5b:2f:33:62:
         58:d8:f6:d7:5e:36:02:f3:17:83:4c:8c:a4:7a:67:0f:21:7b:
         dc:fd:e2:78:66:85:3c:21:41:17:9e:ad:55:28:08:2d:fb:0a:
         ae:cd:b8:54:70:61:92:53:3c:44:57:1d:14:78:b8:91:2f:c2:
         59:8c:f4:6a:94:46:a3:ac:e8:6d:af:47:b3:4d:d7:2d:98:95:
         92:f3:53:92:86:29:65:0e:c6:d5:69:0a:40:34:df:f9:a4:8c:
         24:5e:1b:8e:8a:64:a6:bb:ef:c6:96:cd:1a:fd:b8:38:c3:b7:
         5f:dc:fc:a9:23:fa:66:b0:55:56:d4:c1:26:64:df:f9:7d:20:
         70:b5:68:af
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZwJtlcLdWj6N2TmuUuGQaQ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwMTI5MTIyNDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTA2ZjU0N2Q2NDFiYzY4Yjc4NzkxM2FhYzY4OGRlOTdkMmM5MmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxhCtFXO8IMA++LuRrgM0F275UfeA
XZBSnxQjHYuvwZW7X93tripHOP+clf5RdOaFgUwyszP5G1MHqkPVkuBXjzdTgRqI
clK5sn07aLWPzEwYVPeOTl03WDECTCxFB2QTjJyxwTtqsDpjxf6ny6uSEbjUGKaH
+oQutfUvgaRNJVFc7w9/xQ1rY8VAIZhyZlrmaxJumQ6S2uDwYdTJ0P7tYZaGdmS6
Uif+KtV9ukPBeMal1suvuSSQPl7+HhewVwVo+osAAEyH9wDXNiEpkO99o/zffG9J
9szgaHB1zmHHzsPAMidMFmv6F2Abin0/97yE9Ql6n9Uc9ifFd1AjG/3tEQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFK4G9UfWQbxot4eROqxojel9LJK8MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvcmdiMVI5WkJ2R2kzaDVFNnJHaU42WDBza3J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg8VhTAN
BgkqhkiG9w0BAQsFAAOCAQEAx3idHiDitVmqvSnWdLdNZLS2WgzOqdw9EIE2G+wK
6gnpze6s8N8g3mUmjFQ7hsW6Ubfld5NefqaRwACn0AeAjQ/V0x6Oya0s4d/ZrgBl
12x/dAsW75CcTrK2jZ9XJ+kVy6ed/r2nIwvbmdB0HtzreQF/87h0UxQxDhFbLzNi
WNj21142AvMXg0yMpHpnDyF73P3ieGaFPCFBF56tVSgILfsKrs24VHBhklM8RFcd
FHi4kS/CWYz0apRGo6zoba9Hs03XLZiVkvNTkoYpZQ7G1WkKQDTf+aSMJF4bjopk
prvvxpbNGv24OMO3X9z8qSP6ZrBVVtTBJmTf+X0gcLVorw==
-----END CERTIFICATE-----