Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/5lwa8--soq0RiLSGFUkhJ3hTldo.roa
File:                     5lwa8--soq0RiLSGFUkhJ3hTldo.roa (raw, json)
Hash identifier:          t05rqQH5tV1YFSOCfjyLcY6Q9avfNEDsBs58hWEx098=
Subject key identifier:   E6:5C:1A:F3:EF:AC:A2:AD:11:88:B4:86:15:49:21:27:78:53:95:DA
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0197550AC28764060F7D68EE6FF959A37BC9
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/5lwa8--soq0RiLSGFUkhJ3hTldo.roa
Signing time:             Mon 09 Jun 2025 14:14:17 +0000
ROA not before:           Mon 09 Jun 2025 14:14:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16276
IP address blocks:        80.253.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 20:59:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:55:0a:c2:87:64:06:0f:7d:68:ee:6f:f9:59:a3:7b:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jun  9 14:14:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e65c1af3efaca2ad1188b48615492127785395da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:9a:c3:6e:38:ee:c4:75:fb:15:be:99:d7:8a:
                    38:72:aa:4d:f3:15:5d:07:dc:17:40:34:8f:ab:f5:
                    60:ef:1a:28:31:0d:2c:c1:d0:3d:3f:5a:90:f9:fc:
                    d7:c0:5f:1c:57:c3:f7:e9:97:f7:59:b3:c7:09:93:
                    21:96:98:84:60:a5:37:6f:98:31:c4:73:08:bd:d5:
                    c7:08:04:1f:7f:e4:21:4e:a9:55:5e:3a:39:e7:0c:
                    4e:f0:a1:f5:4d:ca:d8:4d:10:64:6d:b6:d2:cc:b5:
                    4a:d6:fc:6e:07:28:9b:e5:b8:3d:e4:24:06:53:65:
                    34:6d:2f:c6:16:65:4e:43:5b:a4:f8:bd:6c:cb:3f:
                    4b:8c:a3:b1:50:13:79:ba:51:83:fc:d5:e7:02:00:
                    99:7b:28:68:2e:c5:61:c2:10:a9:e4:a9:24:88:d3:
                    13:bc:84:fe:ab:d2:7e:95:d3:76:d6:b6:a2:77:47:
                    77:38:4b:57:1c:98:5b:8b:48:ca:12:2d:0a:7c:e4:
                    0f:97:cd:bd:61:88:a9:8e:48:9b:bc:f1:f2:cc:97:
                    c2:2a:2d:e2:78:0f:1b:5c:a4:74:2a:79:24:3b:a9:
                    26:e6:83:38:4f:24:ed:83:d3:15:ea:21:84:11:f1:
                    06:c7:ae:7f:9a:d9:51:52:29:60:0e:e0:4f:be:cf:
                    51:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:5C:1A:F3:EF:AC:A2:AD:11:88:B4:86:15:49:21:27:78:53:95:DA
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/5lwa8--soq0RiLSGFUkhJ3hTldo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.253.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cb:2c:9f:07:20:65:53:bb:a8:c4:8e:e0:5c:12:a1:3f:ee:36:
         a7:5e:d4:4c:cb:3a:c8:47:8f:ff:6f:d9:68:f5:96:18:28:66:
         31:9a:48:99:76:23:07:08:8f:16:45:bc:8f:c8:fa:9a:05:be:
         48:c6:56:90:55:d0:7b:cc:d6:3f:10:32:69:e8:74:2a:f5:7f:
         6c:b5:1f:c9:0f:54:bd:0b:67:03:fb:d1:d6:c4:f0:ce:43:79:
         d7:e1:5a:48:d3:d4:3a:8e:d4:68:55:7e:ae:ce:bb:51:b4:ad:
         77:48:d6:0e:e7:36:83:cb:e0:f1:bb:f5:c7:34:80:0c:50:18:
         7b:0b:95:d3:23:ad:7b:c9:3f:72:bc:c4:97:99:59:29:98:2e:
         0e:11:4b:0e:46:c2:f1:97:47:50:87:a9:5b:3f:2e:04:7b:33:
         7b:7e:cc:97:d3:31:54:8f:76:58:40:aa:7e:66:df:61:24:3b:
         f0:42:76:7b:7b:57:7c:80:4b:c3:a1:29:7c:fe:12:af:3f:ab:
         7d:be:24:63:99:a7:c0:49:b3:56:f4:c3:75:af:a9:d4:c2:f1:
         e9:80:b5:2d:c3:89:06:31:ea:63:5d:ae:c7:d1:26:46:af:51:
         c9:64:26:33:b1:31:91:60:93:a6:3c:30:98:24:91:93:e4:9b:
         63:35:d8:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdVCsKHZAYPfWjub/lZo3vJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNjA5MTQxNDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjVjMWFmM2VmYWNhMmFkMTE4OGI0ODYxNTQ5MjEyNzc4NTM5NWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA15rDbjjuxHX7Fb6Z14o4cqpN8xVd
B9wXQDSPq/Vg7xooMQ0swdA9P1qQ+fzXwF8cV8P36Zf3WbPHCZMhlpiEYKU3b5gx
xHMIvdXHCAQff+QhTqlVXjo55wxO8KH1TcrYTRBkbbbSzLVK1vxuByib5bg95CQG
U2U0bS/GFmVOQ1uk+L1syz9LjKOxUBN5ulGD/NXnAgCZeyhoLsVhwhCp5KkkiNMT
vIT+q9J+ldN21raid0d3OEtXHJhbi0jKEi0KfOQPl829YYipjkibvPHyzJfCKi3i
eA8bXKR0KnkkO6km5oM4TyTtg9MV6iGEEfEGx65/mtlRUilgDuBPvs9RfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOZcGvPvrKKtEYi0hhVJISd4U5XaMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvNWx3YTgtLXNvcTBSaUxTR0ZVa2hKM2hUbGRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUP35MA0G
CSqGSIb3DQEBCwUAA4IBAQDLLJ8HIGVTu6jEjuBcEqE/7janXtRMyzrIR4//b9lo
9ZYYKGYxmkiZdiMHCI8WRbyPyPqaBb5IxlaQVdB7zNY/EDJp6HQq9X9stR/JD1S9
C2cD+9HWxPDOQ3nX4VpI09Q6jtRoVX6uzrtRtK13SNYO5zaDy+Dxu/XHNIAMUBh7
C5XTI617yT9yvMSXmVkpmC4OEUsORsLxl0dQh6lbPy4EezN7fsyX0zFUj3ZYQKp+
Zt9hJDvwQnZ7e1d8gEvDoSl8/hKvP6t9viRjmafASbNW9MN1r6nUwvHpgLUtw4kG
MepjXa7H0SZGr1HJZCYzsTGRYJOmPDCYJJGT5JtjNdjb
-----END CERTIFICATE-----