Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/IliQqjFxw4xu4-liTQr-SsIS9vs.roa
File:                     IliQqjFxw4xu4-liTQr-SsIS9vs.roa (raw, json)
Hash identifier:          Ca12EzEpGHIUh0kixJmIu/qX/DZXKZGdVsCUIQiiK04=
Subject key identifier:   22:58:90:AA:31:71:C3:8C:6E:E3:E9:62:4D:0A:FE:4A:C2:12:F6:FB
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01983B4BE1052FBC2C554D364D08A39D4F66
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/IliQqjFxw4xu4-liTQr-SsIS9vs.roa
Signing time:             Thu 24 Jul 2025 07:18:05 +0000
ROA not before:           Thu 24 Jul 2025 07:18:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51559
IP address blocks:        2a0a:2d07:fc3b::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 20:46:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:3b:4b:e1:05:2f:bc:2c:55:4d:36:4d:08:a3:9d:4f:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jul 24 07:18:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=225890aa3171c38c6ee3e9624d0afe4ac212f6fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:26:27:fe:26:77:f4:d2:fe:54:fa:5c:3d:8c:
                    85:5b:9d:af:1f:3d:a0:d0:06:a4:41:f1:17:b7:e2:
                    e0:3a:35:18:d4:a3:de:6b:a5:89:6d:68:fe:1b:38:
                    f8:8c:65:68:db:ed:c7:c9:ce:86:8d:6f:51:1c:4f:
                    a4:63:d3:5f:11:bc:bc:da:7f:b3:92:73:fa:31:9d:
                    c1:d0:b5:ac:04:02:27:42:18:fc:3a:3e:98:a6:d4:
                    05:2d:b4:88:08:3c:68:54:49:ec:7a:33:90:0b:5f:
                    44:b7:b8:c8:65:e1:c3:8d:68:6e:4f:7b:c1:db:a4:
                    bc:22:97:a2:53:1c:87:b6:8c:98:8b:b6:0e:9f:d5:
                    d5:be:02:68:0e:77:18:25:a1:e8:d0:da:e7:9c:81:
                    6e:65:21:12:6f:0e:78:dc:70:de:6b:17:ea:cd:db:
                    f9:aa:c5:c8:3c:52:58:8b:69:09:da:70:33:d7:12:
                    41:90:ca:03:65:ea:71:71:98:98:81:4f:41:69:98:
                    15:7f:fb:d5:b5:37:c7:0c:25:2f:e7:d8:b6:cf:2a:
                    44:f7:84:f3:4c:48:86:37:48:47:83:a7:9a:c4:29:
                    9b:59:88:27:7c:cb:6e:eb:ba:3c:f9:85:2a:a0:1d:
                    1f:b6:b7:7e:87:89:69:f5:e3:fa:97:cf:ad:25:5c:
                    2e:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:58:90:AA:31:71:C3:8C:6E:E3:E9:62:4D:0A:FE:4A:C2:12:F6:FB
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/IliQqjFxw4xu4-liTQr-SsIS9vs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:2d07:fc3b::/48

    Signature Algorithm: sha256WithRSAEncryption
         b6:61:d3:37:ec:e2:8e:af:ea:7d:e0:97:79:75:12:a6:6a:28:
         cd:45:f2:17:50:64:f1:a7:1c:75:90:56:ad:74:32:cc:3f:32:
         6b:27:70:3a:f2:29:0b:13:0b:53:f3:a3:c2:1c:7e:01:f3:e4:
         1e:25:72:ff:06:e5:ab:64:a9:27:1b:c6:bb:fa:80:c0:51:97:
         34:49:a4:6b:4e:a5:ec:69:2a:3b:75:96:09:b3:22:91:97:e9:
         a4:b9:79:f2:82:b7:fd:ba:0b:77:96:e6:84:f4:ff:ea:da:08:
         90:1c:97:3a:8d:62:1e:22:a9:5a:59:90:1f:83:a8:0e:f3:45:
         25:ab:22:ca:5a:04:a0:db:0f:13:59:4f:83:04:de:e2:e8:4b:
         8a:21:d6:35:6f:ce:bc:e5:b1:ac:6d:ae:54:bc:4f:35:98:41:
         40:1e:cf:64:aa:e6:a4:97:4b:4a:a3:1b:c6:0d:d5:3c:b1:b0:
         bd:9b:d2:4a:0b:48:4a:af:e5:59:f1:8e:bc:c6:2e:fe:8b:c3:
         34:e2:e9:d3:5e:42:bd:12:5d:c5:cb:d7:9d:4f:7f:30:eb:00:
         13:3e:62:ba:ad:23:d9:a9:06:d4:60:e0:3f:48:a4:7e:b9:61:
         5c:cf:da:93:20:2e:0b:94:fc:c6:81:e5:bc:71:b4:9a:b1:a4:
         dc:df:ae:04
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZg7S+EFL7wsVU02TQijnU9mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNzI0MDcxODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjU4OTBhYTMxNzFjMzhjNmVlM2U5NjI0ZDBhZmU0YWMyMTJmNmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApyYn/iZ39NL+VPpcPYyFW52vHz2g
0AakQfEXt+LgOjUY1KPea6WJbWj+Gzj4jGVo2+3Hyc6GjW9RHE+kY9NfEby82n+z
knP6MZ3B0LWsBAInQhj8Oj6YptQFLbSICDxoVEnsejOQC19Et7jIZeHDjWhuT3vB
26S8IpeiUxyHtoyYi7YOn9XVvgJoDncYJaHo0NrnnIFuZSESbw543HDeaxfqzdv5
qsXIPFJYi2kJ2nAz1xJBkMoDZepxcZiYgU9BaZgVf/vVtTfHDCUv59i2zypE94Tz
TEiGN0hHg6eaxCmbWYgnfMtu67o8+YUqoB0ftrd+h4lp9eP6l8+tJVwufQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCJYkKoxccOMbuPpYk0K/krCEvb7MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvSWxpUXFqRnh3NHh1NC1saVRRci1Tc0lTOXZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgotB/w7
MA0GCSqGSIb3DQEBCwUAA4IBAQC2YdM37OKOr+p94Jd5dRKmaijNRfIXUGTxpxx1
kFatdDLMPzJrJ3A68ikLEwtT86PCHH4B8+QeJXL/BuWrZKknG8a7+oDAUZc0SaRr
TqXsaSo7dZYJsyKRl+mkuXnygrf9ugt3luaE9P/q2giQHJc6jWIeIqlaWZAfg6gO
80UlqyLKWgSg2w8TWU+DBN7i6EuKIdY1b8685bGsba5UvE81mEFAHs9kquakl0tK
oxvGDdU8sbC9m9JKC0hKr+VZ8Y68xi7+i8M04unTXkK9El3Fy9edT38w6wATPmK6
rSPZqQbUYOA/SKR+uWFcz9qTIC4LlPzGgeW8cbSasaTc364E
-----END CERTIFICATE-----