Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Yf2o3saK71PhzAy4EqfJtT_etl4.roa
File:                     Yf2o3saK71PhzAy4EqfJtT_etl4.roa (raw, json)
Hash identifier:          b+3Z77JMSWUyUfEiqKLvL+wm55RqXYDQsC5Ro7HL9yk=
Subject key identifier:   61:FD:A8:DE:C6:8A:EF:53:E1:CC:0C:B8:12:A7:C9:B5:3F:DE:B6:5E
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019A4914AEA3A967BE6DF91E1E9A3424D74E
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Yf2o3saK71PhzAy4EqfJtT_etl4.roa
Signing time:             Mon 03 Nov 2025 09:38:03 +0000
ROA not before:           Mon 03 Nov 2025 09:38:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205486
IP address blocks:        2a10:3240::/29 maxlen: 29
                          2a10:36c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 22:37:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:49:14:ae:a3:a9:67:be:6d:f9:1e:1e:9a:34:24:d7:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Nov  3 09:38:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=61fda8dec68aef53e1cc0cb812a7c9b53fdeb65e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:47:91:2c:e0:a1:42:9e:50:5a:98:95:da:d5:
                    57:a0:7c:2c:27:ca:b5:33:d3:11:97:f7:36:66:cb:
                    f8:ce:eb:aa:74:f2:8a:ed:3b:1a:85:cb:bd:22:2d:
                    e6:32:2b:4e:a0:38:7b:1f:a3:e3:70:88:10:52:46:
                    09:fb:ca:69:fb:26:6c:fa:86:54:5a:9f:88:64:46:
                    08:4c:f7:5b:db:8e:f0:2c:f3:ef:da:3c:55:f0:74:
                    67:56:2a:92:83:75:2b:d5:cd:c1:be:8e:24:66:b6:
                    fc:47:5d:67:78:92:ec:a7:5a:d1:4a:45:84:d9:d0:
                    1f:75:d5:a8:16:d8:f4:da:ff:9d:dc:55:12:7a:85:
                    05:bf:dc:a1:a7:ca:97:55:61:79:46:48:90:0f:bb:
                    b2:51:66:64:90:2a:27:b5:87:a5:cd:cf:cb:18:0c:
                    6e:ac:ce:a0:95:e3:4b:23:f1:77:a3:0b:28:14:06:
                    28:1f:29:19:d6:a2:1a:d6:4e:28:b7:e4:e4:ec:17:
                    10:d5:ed:02:fe:e8:5a:b0:25:ff:97:44:25:06:c0:
                    83:d0:d3:90:32:88:76:ca:72:c4:a3:e4:cf:b1:49:
                    09:34:04:20:76:a3:d0:f0:eb:1b:73:d1:e9:d6:32:
                    96:2c:7f:53:f3:25:61:5e:55:69:cd:11:df:13:63:
                    a7:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:FD:A8:DE:C6:8A:EF:53:E1:CC:0C:B8:12:A7:C9:B5:3F:DE:B6:5E
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Yf2o3saK71PhzAy4EqfJtT_etl4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:3240::/29
                  2a10:36c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7e:78:a9:b0:ca:d5:8c:03:83:cc:10:62:cf:98:26:0f:1c:53:
         e3:69:4e:62:7d:e4:fb:30:c7:92:c3:4c:5b:82:68:3d:50:97:
         53:b1:c8:6b:fb:d5:82:b9:07:93:b5:af:4a:78:5d:ed:cf:1e:
         09:f1:93:63:fc:85:33:63:0f:71:b3:55:38:b2:5b:e6:80:3c:
         1d:ab:d1:df:16:7a:7a:65:8a:17:d9:92:13:ed:cc:36:d8:62:
         c8:da:31:51:1f:72:16:d2:e7:66:b3:16:d2:e7:d7:91:42:be:
         67:82:22:77:11:4f:f3:98:08:76:c8:a3:b2:75:ba:d9:41:89:
         bf:1b:6b:73:9d:90:46:4d:15:67:50:e1:45:89:2f:38:38:da:
         b5:c1:2e:39:80:f1:ce:63:ae:36:25:60:e1:ac:fb:5c:4f:34:
         b9:a1:77:de:c4:fe:f8:ab:8a:70:72:35:e4:6b:53:a9:6b:cf:
         bb:60:cf:a0:21:3c:16:e8:1f:f5:65:70:a1:ca:a2:6f:53:50:
         26:d3:09:fd:2b:f5:a8:a0:2e:6c:0e:f8:d9:73:6e:3d:c9:8f:
         ce:bf:6e:0c:e7:31:d3:2b:44:da:fb:eb:1d:6d:e1:cd:3a:a1:
         78:ba:d7:10:f4:8e:c3:9c:7d:44:06:b0:03:7d:b7:21:f5:6b:
         c6:63:b7:99
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZpJFK6jqWe+bfkeHpo0JNdOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUxMTAzMDkzODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWZkYThkZWM2OGFlZjUzZTFjYzBjYjgxMmE3YzliNTNmZGViNjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUeRLOChQp5QWpiV2tVXoHwsJ8q1
M9MRl/c2Zsv4zuuqdPKK7Tsahcu9Ii3mMitOoDh7H6PjcIgQUkYJ+8pp+yZs+oZU
Wp+IZEYITPdb247wLPPv2jxV8HRnViqSg3Ur1c3Bvo4kZrb8R11neJLsp1rRSkWE
2dAfddWoFtj02v+d3FUSeoUFv9yhp8qXVWF5RkiQD7uyUWZkkContYelzc/LGAxu
rM6gleNLI/F3owsoFAYoHykZ1qIa1k4ot+Tk7BcQ1e0C/uhasCX/l0QlBsCD0NOQ
Moh2ynLEo+TPsUkJNAQgdqPQ8Osbc9Hp1jKWLH9T8yVhXlVpzRHfE2OnpQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGH9qN7Giu9T4cwMuBKnybU/3rZeMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvWWYybzNzYUs3MVBoekF5NEVxZkp0VF9ldGw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhAyQAMF
AyoQNsAwDQYJKoZIhvcNAQELBQADggEBAH54qbDK1YwDg8wQYs+YJg8cU+NpTmJ9
5Pswx5LDTFuCaD1Ql1OxyGv71YK5B5O1r0p4Xe3PHgnxk2P8hTNjD3GzVTiyW+aA
PB2r0d8WenplihfZkhPtzDbYYsjaMVEfchbS52azFtLn15FCvmeCIncRT/OYCHbI
o7J1utlBib8ba3OdkEZNFWdQ4UWJLzg42rXBLjmA8c5jrjYlYOGs+1xPNLmhd97E
/virinByNeRrU6lrz7tgz6AhPBboH/VlcKHKom9TUCbTCf0r9aigLmwO+Nlzbj3J
j86/bgznMdMrRNr76x1t4c06oXi61xD0jsOcfUQGsAN9tyH1a8Zjt5k=
-----END CERTIFICATE-----