Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/f-jU5e3qyaBFZ7qhlgKEzJCtVgM.roa
File:                     f-jU5e3qyaBFZ7qhlgKEzJCtVgM.roa (raw, json)
Hash identifier:          3uc0okjACeN11xvHlNhw9B8Yd/WUW5FNTdJYdQ733NA=
Subject key identifier:   7F:E8:D4:E5:ED:EA:C9:A0:45:67:BA:A1:96:02:84:CC:90:AD:56:03
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019A351D4ADF63D4671D723F580DBB34DB06
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/f-jU5e3qyaBFZ7qhlgKEzJCtVgM.roa
Signing time:             Thu 30 Oct 2025 12:35:03 +0000
ROA not before:           Thu 30 Oct 2025 12:35:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34665
IP address blocks:        2a0f:16c0::/29 maxlen: 29
                          2a10:33c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:35:1d:4a:df:63:d4:67:1d:72:3f:58:0d:bb:34:db:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Oct 30 12:35:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7fe8d4e5edeac9a04567baa1960284cc90ad5603
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:1e:50:ce:84:03:d6:12:b5:0a:7e:b1:dc:d6:
                    41:d3:07:5a:72:16:f4:68:ad:a6:b9:25:4c:a1:5f:
                    2f:23:d1:03:8c:31:cf:17:31:4b:15:99:d8:04:d1:
                    c5:11:5d:99:a4:e8:18:4e:aa:05:67:9d:07:ac:22:
                    c4:42:e5:8d:7d:0c:c0:bb:bf:c8:7c:4a:ad:d7:32:
                    52:8b:aa:a4:04:0f:54:4f:33:62:a5:44:5c:21:86:
                    3e:59:ff:ff:89:4c:a8:48:7b:2e:d2:ef:82:ee:09:
                    3e:d4:4f:6c:29:db:e1:f0:27:20:a7:c3:29:85:8d:
                    a9:75:7b:fe:67:90:40:6c:07:83:f9:cc:be:63:95:
                    af:44:83:61:81:6d:5a:86:ae:70:f3:41:a2:6a:83:
                    b3:39:18:e3:20:1f:c5:2e:f0:6f:65:d8:93:88:bb:
                    56:b1:da:69:d7:7d:40:6c:ee:63:4e:31:65:92:17:
                    6b:13:71:42:ee:36:37:27:28:c3:ff:bc:5b:c7:78:
                    db:69:e0:0d:14:25:53:bc:32:69:6c:ce:c1:51:db:
                    e3:19:3a:69:60:22:e5:7c:fd:1a:bd:3d:07:d8:1f:
                    41:1e:e5:d2:c6:45:09:51:be:97:53:99:4b:bc:f7:
                    e0:6f:d3:d9:41:d4:f4:92:00:92:37:f8:4a:1e:95:
                    e7:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:E8:D4:E5:ED:EA:C9:A0:45:67:BA:A1:96:02:84:CC:90:AD:56:03
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/f-jU5e3qyaBFZ7qhlgKEzJCtVgM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:16c0::/29
                  2a10:33c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         98:32:cc:c6:2f:5c:c8:4e:96:f8:c6:c2:63:bf:af:23:d7:cc:
         3d:48:2c:9a:70:48:f1:ef:eb:6a:59:33:6f:d2:00:56:56:32:
         e0:fa:02:19:92:a8:b8:ba:4f:b5:78:2a:77:81:0d:2a:d5:c3:
         f7:9e:8b:e0:9b:7e:df:df:63:18:d2:9a:a8:2d:5d:b6:e7:0e:
         f4:89:0e:b2:28:ed:7e:46:a2:c3:6f:46:29:fc:21:a1:f2:34:
         8f:9a:0b:7f:4b:01:bd:d6:5d:4f:f4:1e:96:f6:33:59:6f:a8:
         36:9f:c0:87:ed:a1:f6:1c:17:e0:a2:5d:38:ec:3d:e1:57:bf:
         71:ee:99:b9:2f:fb:33:5e:5b:9d:fb:ba:53:9e:4f:56:e3:28:
         c1:d8:29:ee:d8:09:db:4b:89:d7:a2:30:a1:c3:67:87:dc:78:
         7e:92:30:29:3e:91:59:c8:1a:ce:51:56:7a:14:df:52:96:60:
         b8:fb:5a:1c:fb:8e:42:c7:c5:8b:9f:90:e5:b0:d5:9a:e1:a7:
         5d:06:c8:62:5c:ac:9a:db:5d:df:ca:95:84:38:ad:e9:62:d5:
         81:f5:f3:54:85:af:48:e1:6f:a2:14:2f:e6:11:4f:91:cb:5a:
         dc:00:e3:3f:a9:b4:11:49:fd:78:6b:ac:e2:2a:ca:f2:51:47:
         e5:1a:25:91
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZo1HUrfY9RnHXI/WA27NNsGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUxMDMwMTIzNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmU4ZDRlNWVkZWFjOWEwNDU2N2JhYTE5NjAyODRjYzkwYWQ1NjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3x5QzoQD1hK1Cn6x3NZB0wdachb0
aK2muSVMoV8vI9EDjDHPFzFLFZnYBNHFEV2ZpOgYTqoFZ50HrCLEQuWNfQzAu7/I
fEqt1zJSi6qkBA9UTzNipURcIYY+Wf//iUyoSHsu0u+C7gk+1E9sKdvh8Ccgp8Mp
hY2pdXv+Z5BAbAeD+cy+Y5WvRINhgW1ahq5w80GiaoOzORjjIB/FLvBvZdiTiLtW
sdpp131AbO5jTjFlkhdrE3FC7jY3JyjD/7xbx3jbaeANFCVTvDJpbM7BUdvjGTpp
YCLlfP0avT0H2B9BHuXSxkUJUb6XU5lLvPfgb9PZQdT0kgCSN/hKHpXnnwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFH/o1OXt6smgRWe6oZYChMyQrVYDMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvZi1qVTVlM3F5YUJGWjdxaGxnS0V6SkN0VmdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKg8WwAMF
AyoQM8AwDQYJKoZIhvcNAQELBQADggEBAJgyzMYvXMhOlvjGwmO/ryPXzD1ILJpw
SPHv62pZM2/SAFZWMuD6AhmSqLi6T7V4KneBDSrVw/eei+Cbft/fYxjSmqgtXbbn
DvSJDrIo7X5GosNvRin8IaHyNI+aC39LAb3WXU/0Hpb2M1lvqDafwIftofYcF+Ci
XTjsPeFXv3Humbkv+zNeW537ulOeT1bjKMHYKe7YCdtLideiMKHDZ4fceH6SMCk+
kVnIGs5RVnoU31KWYLj7Whz7jkLHxYufkOWw1Zrhp10GyGJcrJrbXd/KlYQ4reli
1YH181SFr0jhb6IUL+YRT5HLWtwA4z+ptBFJ/XhrrOIqyvJRR+UaJZE=
-----END CERTIFICATE-----