Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Z_rwRgKkatin4vswngKdkbuD5Kc.roa
File:                     Z_rwRgKkatin4vswngKdkbuD5Kc.roa (raw, json)
Hash identifier:          Fe53rAg4Mj64hEoJaufpVwISdE6ewwBAeocx2BWWx8w=
Subject key identifier:   67:FA:F0:46:02:A4:6A:D8:A7:E2:FB:30:9E:02:9D:91:BB:83:E4:A7
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019A491683061163FCC7BC67D0513D622B35
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Z_rwRgKkatin4vswngKdkbuD5Kc.roa
Signing time:             Mon 03 Nov 2025 09:40:03 +0000
ROA not before:           Mon 03 Nov 2025 09:40:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215059
IP address blocks:        2a0c:7884::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 16:48:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:49:16:83:06:11:63:fc:c7:bc:67:d0:51:3d:62:2b:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Nov  3 09:40:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=67faf04602a46ad8a7e2fb309e029d91bb83e4a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ee:2b:41:0d:e8:8a:20:b3:82:f8:46:7b:12:
                    3b:c4:37:59:f0:79:eb:f8:1f:bb:da:80:58:3c:ae:
                    95:31:dc:61:61:58:bc:f1:35:88:06:01:c4:45:51:
                    5f:7d:ff:bc:ee:43:d4:58:69:b1:b5:9e:f7:07:87:
                    24:df:41:2b:5f:fc:f5:a1:5e:88:6a:05:b5:84:73:
                    df:e3:ab:fd:7a:2c:89:b7:50:a6:c9:73:0f:64:a0:
                    6b:da:e3:4f:85:dd:e9:83:a9:55:7a:61:f8:71:d0:
                    bf:06:88:e1:61:27:28:2a:c5:95:48:6b:b4:af:a5:
                    cd:6e:3b:24:18:40:21:27:29:b8:f6:a7:7f:e5:e4:
                    e3:3c:42:2a:24:c3:d9:17:ad:0f:2c:a1:12:b3:f1:
                    f2:f7:8c:d5:50:9e:04:4a:b3:a7:d2:06:dc:e9:32:
                    85:b5:ef:a8:61:6d:d3:85:e2:b2:81:2a:f6:ac:d0:
                    af:28:36:32:c0:c0:29:d4:03:41:05:42:13:f7:56:
                    1b:67:26:cf:bf:a0:a5:68:f5:d7:48:e0:4a:50:de:
                    61:18:94:4e:39:8c:27:21:35:1c:f0:d4:4b:4b:9e:
                    cc:89:31:89:11:c9:b1:6d:ae:36:87:61:0d:dd:42:
                    4e:6a:f4:47:ea:7a:93:6e:c4:16:a3:46:7a:76:d0:
                    86:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:FA:F0:46:02:A4:6A:D8:A7:E2:FB:30:9E:02:9D:91:BB:83:E4:A7
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Z_rwRgKkatin4vswngKdkbuD5Kc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:7884::/32

    Signature Algorithm: sha256WithRSAEncryption
         45:13:79:28:f7:52:74:ce:cd:3c:76:e5:91:4e:c9:17:5d:ef:
         d6:32:50:fe:cc:dd:2d:f1:6b:c0:58:ef:72:99:ec:a5:a5:74:
         03:61:36:a6:fa:45:42:f3:2b:ea:87:79:ab:ad:a7:80:bd:44:
         02:c9:2c:d6:35:b2:bc:92:3b:54:2e:81:61:2b:80:62:cf:2d:
         e7:79:55:78:55:52:4b:7b:39:dd:0f:f1:62:01:4c:04:e5:04:
         84:ad:11:b6:d6:2a:72:f3:0f:66:1d:d8:05:9f:21:76:32:46:
         07:13:76:83:70:b1:46:87:03:d1:a3:88:70:0d:74:f1:ff:cc:
         13:07:22:3b:1a:fe:6d:42:28:94:ea:1a:87:5d:79:a6:e1:bd:
         95:e7:52:9e:03:0b:77:67:88:27:03:67:fe:8a:46:c5:9a:97:
         7a:9f:c6:7e:6a:8d:93:21:72:bc:03:6b:c1:f6:74:37:f5:51:
         e5:d6:73:82:7e:f3:ab:9b:9e:e8:1a:88:fe:70:ba:f7:bb:1e:
         9e:9f:4d:77:7a:43:8f:d3:f5:65:2b:28:67:f8:61:a4:a3:28:
         5b:a4:e2:c5:0d:6f:23:b1:ca:65:cf:25:6e:a8:d2:c6:35:e2:
         23:82:10:44:e4:82:9d:1c:36:07:87:4b:98:23:93:6f:9a:b9:
         e2:a6:e1:cc
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZpJFoMGEWP8x7xn0FE9Yis1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUxMTAzMDk0MDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2ZhZjA0NjAyYTQ2YWQ4YTdlMmZiMzA5ZTAyOWQ5MWJiODNlNGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtu4rQQ3oiiCzgvhGexI7xDdZ8Hnr
+B+72oBYPK6VMdxhYVi88TWIBgHERVFfff+87kPUWGmxtZ73B4ck30ErX/z1oV6I
agW1hHPf46v9eiyJt1CmyXMPZKBr2uNPhd3pg6lVemH4cdC/BojhYScoKsWVSGu0
r6XNbjskGEAhJym49qd/5eTjPEIqJMPZF60PLKESs/Hy94zVUJ4ESrOn0gbc6TKF
te+oYW3TheKygSr2rNCvKDYywMAp1ANBBUIT91YbZybPv6ClaPXXSOBKUN5hGJRO
OYwnITUc8NRLS57MiTGJEcmxba42h2EN3UJOavRH6nqTbsQWo0Z6dtCGvQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGf68EYCpGrYp+L7MJ4CnZG7g+SnMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvWl9yd1JnS2thdGluNHZzd25nS2RrYnVENUtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgx4hDAN
BgkqhkiG9w0BAQsFAAOCAQEARRN5KPdSdM7NPHblkU7JF13v1jJQ/szdLfFrwFjv
cpnspaV0A2E2pvpFQvMr6od5q62ngL1EAsks1jWyvJI7VC6BYSuAYs8t53lVeFVS
S3s53Q/xYgFMBOUEhK0RttYqcvMPZh3YBZ8hdjJGBxN2g3CxRocD0aOIcA108f/M
EwciOxr+bUIolOoah115puG9ledSngMLd2eIJwNn/opGxZqXep/GfmqNkyFyvANr
wfZ0N/VR5dZzgn7zq5ue6BqI/nC697senp9Nd3pDj9P1ZSsoZ/hhpKMoW6TixQ1v
I7HKZc8lbqjSxjXiI4IQROSCnRw2B4dLmCOTb5q54qbhzA==
-----END CERTIFICATE-----