Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/7cfhXO7iqxL21iOmbt8SZdt03J8.roa
File:                     7cfhXO7iqxL21iOmbt8SZdt03J8.roa (raw, json)
Hash identifier:          XOP+pz5fLA1+H2S8AXgAlUSrubeeYzWHiX11wOVEGUE=
Subject key identifier:   ED:C7:E1:5C:EE:E2:AB:12:F6:D6:23:A6:6E:DF:12:65:DB:74:DC:9F
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       0198413BA66D6968AEF98FF55C57C27C7720
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/7cfhXO7iqxL21iOmbt8SZdt03J8.roa
Signing time:             Fri 25 Jul 2025 10:58:05 +0000
ROA not before:           Fri 25 Jul 2025 10:58:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200250
IP address blocks:        2a0e:a942::/32 maxlen: 48
                          2a0e:cbc3::/33 maxlen: 48
                          2a0e:cbc3:8000::/33 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:41:3b:a6:6d:69:68:ae:f9:8f:f5:5c:57:c2:7c:77:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Jul 25 10:58:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=edc7e15ceee2ab12f6d623a66edf1265db74dc9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:98:56:f6:e6:11:9c:d8:66:04:2a:c3:d1:6c:
                    93:24:d1:bf:d1:96:7b:ed:7e:5c:fd:27:9b:b4:23:
                    64:88:65:89:75:f1:7f:ba:1f:f9:77:df:60:4e:a8:
                    d5:86:70:77:a3:d6:fb:d9:4f:8b:75:57:52:a6:c4:
                    aa:52:97:2b:53:51:e4:af:b1:91:d7:ce:1c:85:93:
                    a2:8c:90:95:77:3d:f8:22:97:62:18:17:d7:c8:ed:
                    f2:4a:65:d9:2a:aa:43:35:94:52:a1:69:ef:68:b0:
                    e1:5d:54:24:e4:cf:69:a0:68:8b:7d:de:4e:25:a0:
                    bb:4a:8a:98:64:4c:74:5f:80:c1:d0:df:1f:19:df:
                    21:b8:f9:43:60:a1:cc:61:9e:4e:d6:29:91:54:d4:
                    81:cb:5b:fb:57:4c:c4:0f:d2:99:72:74:68:15:95:
                    db:de:de:dd:c5:fe:72:8c:ff:15:9b:2c:22:fe:59:
                    98:d2:af:38:50:66:18:cc:e1:ad:08:07:8f:97:95:
                    9c:e0:24:f2:0b:3f:7d:68:f5:f2:14:9d:dc:1b:e4:
                    75:d2:02:0c:1f:dc:79:ef:d9:6e:cc:80:87:0b:66:
                    53:ce:2c:4a:d4:6b:e8:13:12:33:aa:65:03:f8:9f:
                    fa:d2:c7:73:00:0f:2b:d3:c6:0a:b9:da:f6:2b:16:
                    bf:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:C7:E1:5C:EE:E2:AB:12:F6:D6:23:A6:6E:DF:12:65:DB:74:DC:9F
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/7cfhXO7iqxL21iOmbt8SZdt03J8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:a942::/32
                  2a0e:cbc3::/32

    Signature Algorithm: sha256WithRSAEncryption
         b8:a7:bd:dc:1f:7b:cd:53:b1:97:92:62:e3:35:12:78:a8:e3:
         0d:14:5a:17:b8:01:2b:67:0c:70:aa:2c:a5:8d:ff:54:53:67:
         4e:fe:81:8d:41:78:de:7c:e4:05:7a:04:cb:25:15:2c:0a:8c:
         b8:f2:08:d9:60:ae:fa:32:d1:c7:07:5d:61:89:59:a3:a2:c6:
         fa:ab:aa:1d:68:5d:7a:b5:8f:26:02:3e:ec:d0:70:4f:75:05:
         7e:c0:bd:ff:bd:19:bc:75:b2:a3:06:9c:1e:01:cb:0e:19:b9:
         46:c0:dd:60:82:a1:a9:f6:17:78:f6:f9:e5:c3:e3:cf:45:22:
         93:ca:77:2b:aa:01:14:76:3d:b6:54:a0:7d:86:ad:5c:fa:44:
         83:b3:7c:47:2a:9d:55:32:f2:ad:db:70:ef:c7:87:f7:81:43:
         ba:44:dc:f9:a9:52:c4:0b:f4:ba:94:38:de:76:b0:1c:b8:0a:
         67:8d:fa:10:b3:a4:35:c9:97:45:7c:0f:66:ca:04:a0:98:15:
         49:2b:24:26:d1:f8:ca:ea:ad:82:c1:c1:b2:45:5f:70:95:ae:
         33:78:63:88:7b:79:3e:ba:f3:42:24:cb:1f:0d:01:f6:c4:ad:
         e5:84:64:f3:fb:af:cb:0d:7e:85:51:06:d4:5d:33:bb:8e:74:
         9d:b4:40:d1
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZhBO6ZtaWiu+Y/1XFfCfHcgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjUwNzI1MTA1ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGM3ZTE1Y2VlZTJhYjEyZjZkNjIzYTY2ZWRmMTI2NWRiNzRkYzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi5hW9uYRnNhmBCrD0WyTJNG/0ZZ7
7X5c/SebtCNkiGWJdfF/uh/5d99gTqjVhnB3o9b72U+LdVdSpsSqUpcrU1Hkr7GR
184chZOijJCVdz34IpdiGBfXyO3ySmXZKqpDNZRSoWnvaLDhXVQk5M9poGiLfd5O
JaC7SoqYZEx0X4DB0N8fGd8huPlDYKHMYZ5O1imRVNSBy1v7V0zED9KZcnRoFZXb
3t7dxf5yjP8Vmywi/lmY0q84UGYYzOGtCAePl5Wc4CTyCz99aPXyFJ3cG+R10gIM
H9x579luzICHC2ZTzixK1GvoExIzqmUD+J/60sdzAA8r08YKudr2Kxa/jwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFO3H4Vzu4qsS9tYjpm7fEmXbdNyfMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvN2NmaFhPN2lxeEwyMWlPbWJ0OFNaZHQwM0o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKg6pQgMF
ACoOy8MwDQYJKoZIhvcNAQELBQADggEBALinvdwfe81TsZeSYuM1Enio4w0UWhe4
AStnDHCqLKWN/1RTZ07+gY1BeN585AV6BMslFSwKjLjyCNlgrvoy0ccHXWGJWaOi
xvqrqh1oXXq1jyYCPuzQcE91BX7Avf+9Gbx1sqMGnB4Byw4ZuUbA3WCCoan2F3j2
+eXD489FIpPKdyuqARR2PbZUoH2GrVz6RIOzfEcqnVUy8q3bcO/Hh/eBQ7pE3Pmp
UsQL9LqUON52sBy4CmeN+hCzpDXJl0V8D2bKBKCYFUkrJCbR+MrqrYLBwbJFX3CV
rjN4Y4h7eT6680Ikyx8NAfbEreWEZPP7r8sNfoVRBtRdM7uOdJ20QNE=
-----END CERTIFICATE-----