Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/STI34j7bK0t7zI6O4FmY3BwMbXQ.roa
File:                     STI34j7bK0t7zI6O4FmY3BwMbXQ.roa (raw, json)
Hash identifier:          MjKqsNQHUTCZbncZnbivJWQfyqbhsdxKKyDogLDYXOY=
Subject key identifier:   49:32:37:E2:3E:DB:2B:4B:7B:CC:8E:8E:E0:59:98:DC:1C:0C:6D:74
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01984B62D5FF4987CC2A2506AD3EB385A7FB
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/STI34j7bK0t7zI6O4FmY3BwMbXQ.roa
Signing time:             Sun 27 Jul 2025 10:17:05 +0000
ROA not before:           Sun 27 Jul 2025 10:17:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34665
IP address blocks:        2a0f:16c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 18:26:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:4b:62:d5:ff:49:87:cc:2a:25:06:ad:3e:b3:85:a7:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jul 27 10:17:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=493237e23edb2b4b7bcc8e8ee05998dc1c0c6d74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:94:8d:bf:56:a3:ce:2e:a4:06:50:4f:f9:a7:
                    0c:fb:a2:2f:7b:1d:d4:84:d7:c8:2b:aa:21:a2:1d:
                    0f:b4:75:33:79:d1:42:28:4e:65:9f:3e:90:7b:d6:
                    aa:28:a6:19:6f:e9:75:f1:7f:96:1f:6e:4b:4a:5d:
                    78:b9:74:94:5a:4e:4c:d5:59:d3:6d:8e:35:b2:47:
                    ae:09:c5:95:6c:af:74:31:b0:e9:b9:ce:3a:97:01:
                    89:1c:fe:a6:70:d7:40:fb:b5:3e:ee:ee:00:45:d7:
                    62:83:c7:e2:bb:bb:cd:73:5b:a0:38:6e:ef:1d:7b:
                    34:11:32:44:71:27:0b:8b:fa:e9:80:6a:7f:83:84:
                    cc:ee:06:20:71:dc:84:1a:23:eb:1c:3d:70:b5:6f:
                    93:68:aa:11:f8:f6:2f:ea:8e:f5:fa:67:c0:24:90:
                    80:21:1e:77:4d:e6:d4:7f:46:3f:16:93:d4:81:c7:
                    a7:52:66:8c:d3:fc:2b:da:20:5a:aa:51:3a:d8:34:
                    b8:53:fa:72:c6:d8:a1:6f:89:43:c3:a7:94:f3:e2:
                    cf:8b:2b:9a:92:22:8f:06:9a:67:b5:11:8b:67:6d:
                    38:c5:39:ac:52:b5:fb:bd:cc:91:f4:c0:a9:21:9f:
                    ae:ce:1d:28:5a:21:0e:c0:98:c4:2e:f0:5c:a1:a8:
                    41:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:32:37:E2:3E:DB:2B:4B:7B:CC:8E:8E:E0:59:98:DC:1C:0C:6D:74
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/STI34j7bK0t7zI6O4FmY3BwMbXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:16c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         4e:58:c9:38:48:df:08:26:49:06:d5:6b:ab:fb:ad:30:81:72:
         ec:af:58:43:5f:81:9e:52:30:b7:ff:b2:65:14:50:79:47:ff:
         0c:69:f0:77:e4:bf:1c:fb:f0:9f:62:4b:de:a5:2e:8b:30:7e:
         6a:2f:fa:07:5b:fc:05:5d:0a:14:4c:5c:d5:0b:1c:d5:31:32:
         cf:6b:2e:c7:8b:cd:b7:f0:15:4f:8b:83:70:92:f1:cf:8f:27:
         0a:0e:31:af:1f:ce:70:a5:94:1c:3d:7f:c6:c0:01:4a:98:a0:
         21:65:0e:9f:d2:d5:73:c8:d9:50:7f:37:3b:f0:6d:05:c4:61:
         8f:e3:e5:f9:b0:e4:9e:6b:b7:22:5a:31:95:34:84:91:3f:6e:
         f4:27:c3:40:a5:e8:7b:90:f8:cb:74:78:59:7a:af:63:37:05:
         78:06:e3:5a:e8:df:5f:77:15:ae:f6:7a:00:9d:a2:27:43:24:
         c3:37:8a:62:f6:32:64:d4:67:90:59:e6:58:9a:bd:94:99:73:
         67:98:ea:5b:4f:40:56:8b:10:4f:a7:91:e5:66:fb:fd:dc:f4:
         e4:48:88:12:b2:7e:fd:7d:a1:ee:24:a3:5d:5e:79:2f:cb:b0:
         c1:a6:dc:02:15:8c:0b:56:b4:eb:40:05:cf:ed:ae:31:da:97:
         6f:92:99:c2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZhLYtX/SYfMKiUGrT6zhaf7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNzI3MTAxNzA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTMyMzdlMjNlZGIyYjRiN2JjYzhlOGVlMDU5OThkYzFjMGM2ZDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn5SNv1ajzi6kBlBP+acM+6Ivex3U
hNfIK6ohoh0PtHUzedFCKE5lnz6Qe9aqKKYZb+l18X+WH25LSl14uXSUWk5M1VnT
bY41skeuCcWVbK90MbDpuc46lwGJHP6mcNdA+7U+7u4ARddig8fiu7vNc1ugOG7v
HXs0ETJEcScLi/rpgGp/g4TM7gYgcdyEGiPrHD1wtW+TaKoR+PYv6o71+mfAJJCA
IR53TebUf0Y/FpPUgcenUmaM0/wr2iBaqlE62DS4U/pyxtihb4lDw6eU8+LPiyua
kiKPBppntRGLZ204xTmsUrX7vcyR9MCpIZ+uzh0oWiEOwJjELvBcoahBBQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEkyN+I+2ytLe8yOjuBZmNwcDG10MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvU1RJMzRqN2JLMHQ3ekk2TzRGbVkzQndNYlhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg8WwDAN
BgkqhkiG9w0BAQsFAAOCAQEATljJOEjfCCZJBtVrq/utMIFy7K9YQ1+BnlIwt/+y
ZRRQeUf/DGnwd+S/HPvwn2JL3qUuizB+ai/6B1v8BV0KFExc1Qsc1TEyz2sux4vN
t/AVT4uDcJLxz48nCg4xrx/OcKWUHD1/xsABSpigIWUOn9LVc8jZUH83O/BtBcRh
j+Pl+bDknmu3IloxlTSEkT9u9CfDQKXoe5D4y3R4WXqvYzcFeAbjWujfX3cVrvZ6
AJ2iJ0MkwzeKYvYyZNRnkFnmWJq9lJlzZ5jqW09AVosQT6eR5Wb7/dz05EiIErJ+
/X2h7iSjXV55L8uwwabcAhWMC1a060AFz+2uMdqXb5KZwg==
-----END CERTIFICATE-----