Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/wfT5o-ZeyZXV3sS8aYlNkQfeNfg.roa
File:                     wfT5o-ZeyZXV3sS8aYlNkQfeNfg.roa (raw, json)
Hash identifier:          d1qkqgu2g4th1TQQWJuF0Ts5C19IPy4nkXkLFPUEg/c=
Subject key identifier:   C1:F4:F9:A3:E6:5E:C9:95:D5:DE:C4:BC:69:89:4D:91:07:DE:35:F8
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019D87E89834DFF1766827E0F57DD8D353FA
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/wfT5o-ZeyZXV3sS8aYlNkQfeNfg.roa
Signing time:             Mon 13 Apr 2026 17:34:20 +0000
ROA not before:           Mon 13 Apr 2026 17:34:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402405
IP address blocks:        2a13:c900:44::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 02:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:87:e8:98:34:df:f1:76:68:27:e0:f5:7d:d8:d3:53:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Apr 13 17:34:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c1f4f9a3e65ec995d5dec4bc69894d9107de35f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:f6:14:6f:41:65:92:0c:7b:98:50:43:27:72:
                    04:61:7f:bc:be:8e:a0:8d:e5:45:d9:14:84:3b:f8:
                    c4:62:05:c3:77:f4:e9:85:bc:33:0c:44:a0:c7:a7:
                    a7:35:84:5d:a8:d8:46:63:80:ce:6c:b5:fb:e7:03:
                    c9:de:e7:18:64:27:d0:9c:56:d5:5d:e4:07:77:67:
                    e9:35:eb:4a:fd:7c:65:7a:05:59:c5:49:c8:83:ab:
                    7e:b2:4a:48:e5:b7:b2:13:da:1d:b9:52:e2:f8:8d:
                    5c:fc:c9:ee:c1:ce:d5:58:64:92:29:ae:c5:56:f9:
                    6a:40:5f:2b:33:37:c4:ee:b3:96:62:e6:05:f7:ce:
                    d7:ca:ee:ae:60:f6:6e:32:06:a1:72:53:0e:42:8c:
                    7e:98:5b:75:7d:e7:8b:79:d2:cb:8c:bf:6a:f5:13:
                    d3:f6:db:9b:a9:fc:0e:13:c9:ad:a8:87:38:a0:38:
                    d8:98:c5:cb:37:2f:dd:8f:ac:49:44:85:9a:50:e4:
                    cd:b2:5e:2d:ba:b2:56:b8:c7:4d:7c:09:86:c1:eb:
                    b2:c3:92:e2:24:6b:c6:74:2f:b7:bf:d8:c6:c4:44:
                    c2:62:79:71:cb:5a:49:d4:9a:58:ab:7e:d5:18:70:
                    ff:7a:18:0f:53:c8:a0:4b:0a:81:d2:84:2a:67:da:
                    7e:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:F4:F9:A3:E6:5E:C9:95:D5:DE:C4:BC:69:89:4D:91:07:DE:35:F8
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/wfT5o-ZeyZXV3sS8aYlNkQfeNfg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c900:44::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:87:de:94:03:a3:18:0b:fc:b0:d3:6e:5f:ea:b8:59:ca:f3:
         5e:ef:52:2c:3a:a1:39:2d:81:66:59:d6:b0:ee:6c:6c:11:f3:
         fc:32:16:2e:07:f6:05:ac:6f:63:a3:dc:d6:12:7f:f6:48:4c:
         4b:a7:8a:9c:1e:d9:a9:47:2b:fe:36:15:50:c3:94:c3:ef:1a:
         44:33:b8:56:70:76:9d:bc:01:5a:82:19:74:70:9b:bf:fa:c7:
         3c:31:64:45:c2:63:a2:2c:47:36:e2:33:06:2b:20:5c:12:dc:
         47:22:92:fa:1f:39:c3:16:e2:17:6c:fd:4d:c3:0c:e5:51:70:
         d9:7b:e3:f3:56:b9:01:47:16:09:c3:71:ce:ce:83:92:61:ca:
         76:5f:81:08:8b:fe:05:79:a4:7f:e4:9a:ef:9c:c3:5d:59:0a:
         8e:b0:9b:a2:6e:6b:60:ce:f2:db:15:1a:b3:33:f5:18:fd:73:
         95:fd:9d:f7:b8:fc:50:04:65:e5:30:cf:ef:56:12:d1:0f:e9:
         97:09:c7:2a:f1:fb:e5:dd:a0:4e:51:e5:8c:e7:79:c2:f6:64:
         43:77:a4:45:86:cb:13:aa:aa:2b:d9:12:bf:39:7f:d8:ad:4b:
         72:2d:41:17:7a:c0:3a:ec:8e:a8:6c:f3:45:a0:fa:69:d3:a0:
         11:53:23:ce
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ2H6Jg03/F2aCfg9X3Y01P6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjYwNDEzMTczNDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMWY0ZjlhM2U2NWVjOTk1ZDVkZWM0YmM2OTg5NGQ5MTA3ZGUzNWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnvYUb0Flkgx7mFBDJ3IEYX+8vo6g
jeVF2RSEO/jEYgXDd/TphbwzDESgx6enNYRdqNhGY4DObLX75wPJ3ucYZCfQnFbV
XeQHd2fpNetK/XxlegVZxUnIg6t+skpI5beyE9oduVLi+I1c/Mnuwc7VWGSSKa7F
VvlqQF8rMzfE7rOWYuYF987Xyu6uYPZuMgahclMOQox+mFt1feeLedLLjL9q9RPT
9tubqfwOE8mtqIc4oDjYmMXLNy/dj6xJRIWaUOTNsl4turJWuMdNfAmGweuyw5Li
JGvGdC+3v9jGxETCYnlxy1pJ1JpYq37VGHD/ehgPU8igSwqB0oQqZ9p+ewIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMH0+aPmXsmV1d7EvGmJTZEH3jX4MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvd2ZUNW8tWmV5WlhWM3NTOGFZbE5rUWZlTmZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhPJAABE
MA0GCSqGSIb3DQEBCwUAA4IBAQAyh96UA6MYC/yw025f6rhZyvNe71IsOqE5LYFm
Wdaw7mxsEfP8MhYuB/YFrG9jo9zWEn/2SExLp4qcHtmpRyv+NhVQw5TD7xpEM7hW
cHadvAFaghl0cJu/+sc8MWRFwmOiLEc24jMGKyBcEtxHIpL6HznDFuIXbP1Nwwzl
UXDZe+PzVrkBRxYJw3HOzoOSYcp2X4EIi/4FeaR/5JrvnMNdWQqOsJuibmtgzvLb
FRqzM/UY/XOV/Z33uPxQBGXlMM/vVhLRD+mXCccq8fvl3aBOUeWM53nC9mRDd6RF
hssTqqor2RK/OX/YrUtyLUEXesA67I6obPNFoPpp06ARUyPO
-----END CERTIFICATE-----