Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/k2uRypDwOQ1qmz24Ib7MWhd7r5Q.roa
File:                     k2uRypDwOQ1qmz24Ib7MWhd7r5Q.roa (raw, json)
Hash identifier:          Wxu63hqD5Y+yc6UW9nSW2ncLseL8wUjvboeVRWJvm2g=
Subject key identifier:   93:6B:91:CA:90:F0:39:0D:6A:9B:3D:B8:21:BE:CC:5A:17:7B:AF:94
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01987504DCD128908BD2C5BB50EAA0EE52E2
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/k2uRypDwOQ1qmz24Ib7MWhd7r5Q.roa
Signing time:             Mon 04 Aug 2025 12:18:29 +0000
ROA not before:           Mon 04 Aug 2025 12:18:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     150654
IP address blocks:        2a0f:ea44:1312::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 20:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:75:04:dc:d1:28:90:8b:d2:c5:bb:50:ea:a0:ee:52:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Aug  4 12:18:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=936b91ca90f0390d6a9b3db821becc5a177baf94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:4d:82:fd:8a:a8:79:fb:3b:fb:a1:aa:9b:c6:
                    4d:ba:88:3b:0b:ef:19:98:75:ca:9b:13:24:6f:6f:
                    dd:bd:8e:13:50:36:08:a8:8f:43:b6:b1:8a:29:a5:
                    76:18:eb:0c:17:94:7b:51:db:b9:b9:6f:1f:ea:b6:
                    05:66:3e:a9:7e:1f:9b:95:56:f0:31:3c:94:e8:66:
                    a9:b7:25:97:9d:be:ca:18:a7:47:90:1b:dd:7b:08:
                    4d:6d:ba:84:27:51:21:e7:ee:e6:92:f9:67:b2:a5:
                    28:24:7a:c4:21:a4:69:d7:e3:5e:a0:d4:da:4d:4e:
                    b5:79:d8:c7:49:5f:89:85:d3:90:22:bf:83:14:e9:
                    db:cd:eb:83:96:f2:b6:8d:7e:99:c6:e3:a3:c7:54:
                    c7:ba:23:36:42:8d:3a:51:db:99:0c:da:e1:ac:4a:
                    49:53:bc:79:27:4b:73:5b:55:84:c0:99:51:8c:ed:
                    c4:e5:5e:25:7e:6e:36:2d:29:57:9c:81:a6:db:12:
                    6f:42:c8:ba:38:39:92:69:3d:56:ae:f4:0a:41:ff:
                    64:89:4b:27:c7:8d:24:dd:a2:17:bd:7c:dc:ec:21:
                    bb:af:5d:a2:45:83:34:e1:b3:12:f4:21:6c:3a:b4:
                    7f:60:ca:41:de:71:93:8b:90:db:75:4a:31:8c:6a:
                    e3:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:6B:91:CA:90:F0:39:0D:6A:9B:3D:B8:21:BE:CC:5A:17:7B:AF:94
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/k2uRypDwOQ1qmz24Ib7MWhd7r5Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:ea44:1312::/48

    Signature Algorithm: sha256WithRSAEncryption
         5d:f5:0d:35:47:93:a3:79:43:cd:51:77:17:7f:23:33:97:7a:
         04:3d:a5:bd:5d:d1:a8:a9:fe:f5:64:d1:17:b9:02:17:14:60:
         6d:9a:aa:14:7c:27:c6:18:69:27:e3:43:e9:48:a8:59:b5:ab:
         b3:89:d9:34:35:70:3d:1d:d0:df:76:bb:55:e7:e2:18:ae:8a:
         9e:b7:72:7f:9e:70:8c:76:9a:24:8d:e7:db:9a:09:29:20:9e:
         63:88:54:e3:58:69:64:82:ea:8a:7f:3d:b3:eb:ee:98:08:37:
         cc:58:50:4d:95:28:94:f2:58:87:79:2f:a7:d3:67:fc:cd:da:
         0b:3b:ff:0f:41:4b:ae:9e:f5:db:e9:57:d5:48:6f:ae:6d:fd:
         b5:1b:8a:cf:b2:d2:8b:5c:d4:3b:57:da:1b:6e:cc:15:d4:43:
         40:c7:cb:7c:61:60:93:96:80:05:14:c8:5a:9a:22:18:7b:0e:
         e5:04:0a:32:71:18:85:de:d0:d6:99:ec:af:bd:7b:4b:ec:1e:
         34:6a:0b:5c:0f:84:9e:9c:52:5e:0a:e2:dd:ee:f5:43:f1:bd:
         8e:94:6a:86:d4:0a:4d:2e:09:b8:35:61:f3:f4:37:20:7a:4f:
         5f:71:02:9d:00:74:d4:af:1a:a0:f1:f9:61:55:34:69:e4:b3:
         a5:40:77:6d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZh1BNzRKJCL0sW7UOqg7lLiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwODA0MTIxODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzZiOTFjYTkwZjAzOTBkNmE5YjNkYjgyMWJlY2M1YTE3N2JhZjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwk2C/Yqoefs7+6Gqm8ZNuog7C+8Z
mHXKmxMkb2/dvY4TUDYIqI9DtrGKKaV2GOsMF5R7Udu5uW8f6rYFZj6pfh+blVbw
MTyU6GaptyWXnb7KGKdHkBvdewhNbbqEJ1Eh5+7mkvlnsqUoJHrEIaRp1+NeoNTa
TU61edjHSV+JhdOQIr+DFOnbzeuDlvK2jX6ZxuOjx1THuiM2Qo06UduZDNrhrEpJ
U7x5J0tzW1WEwJlRjO3E5V4lfm42LSlXnIGm2xJvQsi6ODmSaT1WrvQKQf9kiUsn
x40k3aIXvXzc7CG7r12iRYM04bMS9CFsOrR/YMpB3nGTi5DbdUoxjGrj9QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJNrkcqQ8DkNaps9uCG+zFoXe6+UMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvazJ1UnlwRHdPUTFxbXoyNEliN01XaGQ3cjVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg/qRBMS
MA0GCSqGSIb3DQEBCwUAA4IBAQBd9Q01R5OjeUPNUXcXfyMzl3oEPaW9XdGoqf71
ZNEXuQIXFGBtmqoUfCfGGGkn40PpSKhZtauzidk0NXA9HdDfdrtV5+IYroqet3J/
nnCMdpokjefbmgkpIJ5jiFTjWGlkguqKfz2z6+6YCDfMWFBNlSiU8liHeS+n02f8
zdoLO/8PQUuunvXb6VfVSG+ubf21G4rPstKLXNQ7V9obbswV1ENAx8t8YWCTloAF
FMhamiIYew7lBAoycRiF3tDWmeyvvXtL7B40agtcD4SenFJeCuLd7vVD8b2OlGqG
1ApNLgm4NWHz9Dcgek9fcQKdAHTUrxqg8flhVTRp5LOlQHdt
-----END CERTIFICATE-----