Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/G1Ov5T-tiZOsOVPTaztXZeBMIzc.roa
File:                     G1Ov5T-tiZOsOVPTaztXZeBMIzc.roa (raw, json)
Hash identifier:          8i+4ZU4sfCMK5I01IQTYVuCJEJ92x5Amg62BRSyjN6o=
Subject key identifier:   1B:53:AF:E5:3F:AD:89:93:AC:39:53:D3:6B:3B:57:65:E0:4C:23:37
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019A39A62D87359570621220BFDEF11F0216
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/G1Ov5T-tiZOsOVPTaztXZeBMIzc.roa
Signing time:             Fri 31 Oct 2025 09:43:03 +0000
ROA not before:           Fri 31 Oct 2025 09:43:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396362
IP address blocks:        2a0f:1e80:1::/48 maxlen: 48
                          2a0f:3d87::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:39:a6:2d:87:35:95:70:62:12:20:bf:de:f1:1f:02:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Oct 31 09:43:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1b53afe53fad8993ac3953d36b3b5765e04c2337
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:8f:8b:9b:9c:f9:3b:73:b6:e5:19:b6:47:d6:
                    ef:2e:af:1e:79:e9:ba:72:6e:f5:e3:9c:cc:a7:12:
                    2b:e7:04:45:c4:21:e3:94:22:08:63:a7:6d:a1:d3:
                    e4:0f:1d:d3:b8:3a:64:99:a5:4b:87:4c:9d:db:be:
                    f8:85:41:16:d5:72:79:5f:2c:cc:25:86:e4:be:7f:
                    be:3d:88:1d:d2:67:dd:cc:44:8c:57:97:c0:5b:2d:
                    80:a7:85:87:ce:dc:8d:34:74:8a:63:c4:a0:51:65:
                    cf:ee:d8:f4:64:de:b0:cf:d5:ea:1e:a7:ef:00:d3:
                    c9:6a:8c:66:71:01:62:52:d5:3c:67:c8:e8:45:e8:
                    1a:27:e3:50:43:d4:4e:69:16:7f:81:57:f2:9b:42:
                    97:63:d2:68:58:4d:36:f6:60:3c:69:6d:5d:d9:0c:
                    13:24:48:7e:84:50:e9:cb:13:3a:24:a7:5d:36:17:
                    ad:a9:fd:cd:4e:e5:5f:c3:aa:9d:31:e3:c8:88:9b:
                    f3:81:83:05:9c:f7:05:f4:9f:d3:f9:60:b8:a5:d1:
                    06:71:38:f1:eb:3a:8c:7c:f7:02:52:e3:ac:01:ff:
                    e6:89:73:04:35:4e:d9:bb:b0:72:e6:fb:a8:c9:7e:
                    df:4d:12:53:72:a7:74:da:c1:d4:ea:93:76:fe:62:
                    44:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:53:AF:E5:3F:AD:89:93:AC:39:53:D3:6B:3B:57:65:E0:4C:23:37
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/G1Ov5T-tiZOsOVPTaztXZeBMIzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:1e80:1::/48
                  2a0f:3d87::/32

    Signature Algorithm: sha256WithRSAEncryption
         86:7e:b7:b2:86:10:32:35:ab:4c:6c:45:a9:16:e0:22:ae:cf:
         e2:6e:8b:94:5b:33:a5:52:14:b1:d4:59:fc:3a:39:ed:76:13:
         6d:7c:ad:63:c0:a0:55:28:66:ad:ed:c6:22:49:b2:2b:c7:ea:
         ff:06:93:8b:13:6f:a0:b0:83:0a:cf:3e:a6:78:1b:3c:f1:9c:
         a8:de:17:0a:9e:17:1c:89:c8:9f:11:1c:ed:ff:37:25:75:6c:
         8f:44:9c:c3:95:38:91:63:d2:06:66:2f:c8:8c:09:de:c5:34:
         81:ba:a3:29:ec:e0:5c:7d:01:08:db:11:d4:b4:62:6a:f9:29:
         15:61:07:ad:80:95:ce:16:d8:51:c8:99:71:78:6a:06:29:d1:
         88:bf:e8:b7:48:7b:2f:ec:79:77:86:54:95:d3:0b:7e:6a:0e:
         03:6e:fc:2d:56:4b:b8:df:cb:9f:23:46:01:a8:ad:39:2e:d4:
         5b:45:29:5d:16:b0:d9:5a:ed:11:37:27:1a:94:4f:40:55:08:
         9f:2a:4c:e9:ca:d3:4f:dd:d0:d9:49:7f:2f:47:80:48:e8:8b:
         1d:23:4c:0a:15:30:09:e8:68:0c:cb:81:64:3a:7e:96:46:3b:
         49:4b:98:24:6b:9d:38:8b:0d:f8:dc:25:1d:e1:c0:a9:6c:44:
         67:20:cd:97
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZo5pi2HNZVwYhIgv97xHwIWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUxMDMxMDk0MzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjUzYWZlNTNmYWQ4OTkzYWMzOTUzZDM2YjNiNTc2NWUwNGMyMzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAso+Lm5z5O3O25Rm2R9bvLq8eeem6
cm7145zMpxIr5wRFxCHjlCIIY6dtodPkDx3TuDpkmaVLh0yd2774hUEW1XJ5XyzM
JYbkvn++PYgd0mfdzESMV5fAWy2Ap4WHztyNNHSKY8SgUWXP7tj0ZN6wz9XqHqfv
ANPJaoxmcQFiUtU8Z8joRegaJ+NQQ9ROaRZ/gVfym0KXY9JoWE029mA8aW1d2QwT
JEh+hFDpyxM6JKddNhetqf3NTuVfw6qdMePIiJvzgYMFnPcF9J/T+WC4pdEGcTjx
6zqMfPcCUuOsAf/miXMENU7Zu7By5vuoyX7fTRJTcqd02sHU6pN2/mJENQIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFBtTr+U/rYmTrDlT02s7V2XgTCM3MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvRzFPdjVULXRpWk9zT1ZQVGF6dFhaZUJNSXpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwcAKg8egAAB
AwUAKg89hzANBgkqhkiG9w0BAQsFAAOCAQEAhn63soYQMjWrTGxFqRbgIq7P4m6L
lFszpVIUsdRZ/Do57XYTbXytY8CgVShmre3GIkmyK8fq/waTixNvoLCDCs8+pngb
PPGcqN4XCp4XHInInxEc7f83JXVsj0Scw5U4kWPSBmYvyIwJ3sU0gbqjKezgXH0B
CNsR1LRiavkpFWEHrYCVzhbYUciZcXhqBinRiL/ot0h7L+x5d4ZUldMLfmoOA278
LVZLuN/LnyNGAaitOS7UW0UpXRaw2VrtETcnGpRPQFUInypM6crTT93Q2Ul/L0eA
SOiLHSNMChUwCehoDMuBZDp+lkY7SUuYJGudOIsN+NwlHeHAqWxEZyDNlw==
-----END CERTIFICATE-----