Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/1uty6Xr2pbIzhrjE4FXDJlx6mII.roa
File:                     1uty6Xr2pbIzhrjE4FXDJlx6mII.roa (raw, json)
Hash identifier:          aNGfVKPAcFDWoV1ogO1brRWA9l1SaNgLAXMPfiXAKgE=
Subject key identifier:   D6:EB:72:E9:7A:F6:A5:B2:33:86:B8:C4:E0:55:C3:26:5C:7A:98:82
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0198671E33E2FA6DD87DE4FA60EF04130C9B
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/1uty6Xr2pbIzhrjE4FXDJlx6mII.roa
Signing time:             Fri 01 Aug 2025 19:31:29 +0000
ROA not before:           Fri 01 Aug 2025 19:31:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30058
IP address blocks:        2a0a:2d06:104::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 08:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:67:1e:33:e2:fa:6d:d8:7d:e4:fa:60:ef:04:13:0c:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Aug  1 19:31:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d6eb72e97af6a5b23386b8c4e055c3265c7a9882
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:71:e4:c4:4c:98:62:77:eb:a4:01:0c:83:3c:
                    97:6c:df:13:ee:21:bf:c1:f9:2a:8a:6a:61:b6:79:
                    af:dd:d2:1a:81:af:18:39:2c:71:7f:0f:b1:44:21:
                    73:ec:71:16:1c:45:a1:f1:a9:e8:95:b3:75:24:98:
                    f6:a1:ae:3b:b1:f9:fd:a0:45:81:e8:d1:16:4b:ef:
                    e3:27:1a:c1:7b:b9:d7:f6:fd:1c:55:b6:32:ed:9b:
                    71:dc:42:67:2a:99:dd:2b:b4:f1:69:99:17:25:58:
                    d8:f9:ec:20:99:a0:54:bc:10:0e:87:76:32:a4:70:
                    21:0d:0c:1a:28:5c:c6:6f:d2:eb:a9:a2:b1:7b:26:
                    20:b5:41:4d:6a:91:57:6d:8d:dd:4e:eb:37:45:4f:
                    34:1b:fc:56:fc:93:6b:52:c7:20:fc:81:eb:00:73:
                    5b:d6:62:f9:c5:5d:c4:fd:a8:ce:0f:1b:a2:79:42:
                    8c:6c:ce:3f:87:3f:c7:6b:d2:77:39:7d:cb:07:da:
                    c0:60:0b:ee:b8:99:4d:c6:01:34:e5:1b:db:8c:5e:
                    84:be:5d:58:38:38:03:df:7d:71:1c:81:22:aa:3f:
                    cc:bf:54:4f:f1:95:4c:9b:60:f9:4d:39:30:5b:10:
                    fb:fb:dd:54:95:c7:c5:55:d4:ee:ca:d7:35:29:70:
                    6d:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:EB:72:E9:7A:F6:A5:B2:33:86:B8:C4:E0:55:C3:26:5C:7A:98:82
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/1uty6Xr2pbIzhrjE4FXDJlx6mII.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:2d06:104::/48

    Signature Algorithm: sha256WithRSAEncryption
         bc:42:4c:fe:7c:3b:47:31:fb:24:b6:f7:7a:ff:52:70:29:5d:
         89:05:c8:62:71:d3:c3:de:c3:c4:25:0f:81:c3:56:58:44:cc:
         a2:35:0d:9d:7b:3d:9f:ac:6a:31:11:0b:e7:15:c4:94:45:e5:
         aa:5e:ec:23:4e:04:20:bd:c2:64:18:e5:22:58:a1:1d:19:f6:
         a1:f3:db:96:f4:68:14:de:c4:b5:65:63:b5:56:b1:32:85:74:
         9f:ae:7f:82:56:06:16:a1:e3:39:de:5b:2e:7b:5b:96:cb:cf:
         3c:3f:98:cd:b9:54:47:75:90:0f:55:91:89:65:ad:8c:5b:e5:
         d5:27:f0:ea:16:c6:a9:d2:be:76:87:90:8a:b3:b6:17:c1:4d:
         b9:4b:af:d7:88:bd:16:15:d3:e6:11:0d:14:ac:2b:cf:8f:be:
         ad:55:14:1e:15:fb:f1:f7:60:bb:73:02:99:32:80:26:08:6a:
         11:8c:a3:b8:1d:d8:04:73:ac:73:5d:a5:bd:a8:a4:a3:57:db:
         c7:da:1c:c8:8a:6e:0a:79:b9:b5:5e:4e:ea:f1:0b:81:c1:2e:
         15:07:71:94:7a:be:a8:6b:86:25:ee:b3:ba:f0:0e:39:38:31:
         61:cd:49:8a:37:5e:20:14:17:3a:3b:f9:ca:4a:88:ed:b8:4e:
         f6:f3:e4:fa
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZhnHjPi+m3YfeT6YO8EEwybMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwODAxMTkzMTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmViNzJlOTdhZjZhNWIyMzM4NmI4YzRlMDU1YzMyNjVjN2E5ODgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlHHkxEyYYnfrpAEMgzyXbN8T7iG/
wfkqimphtnmv3dIaga8YOSxxfw+xRCFz7HEWHEWh8anolbN1JJj2oa47sfn9oEWB
6NEWS+/jJxrBe7nX9v0cVbYy7Ztx3EJnKpndK7TxaZkXJVjY+ewgmaBUvBAOh3Yy
pHAhDQwaKFzGb9LrqaKxeyYgtUFNapFXbY3dTus3RU80G/xW/JNrUscg/IHrAHNb
1mL5xV3E/ajODxuieUKMbM4/hz/Ha9J3OX3LB9rAYAvuuJlNxgE05RvbjF6Evl1Y
ODgD331xHIEiqj/Mv1RP8ZVMm2D5TTkwWxD7+91UlcfFVdTuytc1KXBthwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNbrcul69qWyM4a4xOBVwyZcepiCMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvMXV0eTZYcjJwYkl6aHJqRTRGWERKbHg2bUlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgotBgEE
MA0GCSqGSIb3DQEBCwUAA4IBAQC8Qkz+fDtHMfsktvd6/1JwKV2JBchicdPD3sPE
JQ+Bw1ZYRMyiNQ2dez2frGoxEQvnFcSUReWqXuwjTgQgvcJkGOUiWKEdGfah89uW
9GgU3sS1ZWO1VrEyhXSfrn+CVgYWoeM53lsue1uWy888P5jNuVRHdZAPVZGJZa2M
W+XVJ/DqFsap0r52h5CKs7YXwU25S6/XiL0WFdPmEQ0UrCvPj76tVRQeFfvx92C7
cwKZMoAmCGoRjKO4HdgEc6xzXaW9qKSjV9vH2hzIim4Kebm1Xk7q8QuBwS4VB3GU
er6oa4Yl7rO68A45ODFhzUmKN14gFBc6O/nKSojtuE728+T6
-----END CERTIFICATE-----