Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/rkwS5J-iMLzRvI1Z0X3uvbANkO0.roa
File:                     rkwS5J-iMLzRvI1Z0X3uvbANkO0.roa (raw, json)
Hash identifier:          AAYTkrFAObV36j0rL0lv5xHzpVQG1Hw5oxxO44fIsz0=
Subject key identifier:   AE:4C:12:E4:9F:A2:30:BC:D1:BC:8D:59:D1:7D:EE:BD:B0:0D:90:ED
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01975B6C0FB7F168F2AE8B79C95328DF227E
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/rkwS5J-iMLzRvI1Z0X3uvbANkO0.roa
Signing time:             Tue 10 Jun 2025 19:58:17 +0000
ROA not before:           Tue 10 Jun 2025 19:58:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398465
IP address blocks:        2a0e:1a85::/32 maxlen: 32
                          2a0e:f500::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 14:38:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:5b:6c:0f:b7:f1:68:f2:ae:8b:79:c9:53:28:df:22:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jun 10 19:58:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ae4c12e49fa230bcd1bc8d59d17deebdb00d90ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:e7:bb:67:91:0c:e9:4e:0a:2f:4b:32:64:1c:
                    52:fb:1c:9a:c9:ec:f0:7e:41:af:c6:8f:22:40:a9:
                    a8:0a:3f:51:78:10:dd:65:98:c0:13:e4:ee:21:9b:
                    ca:8c:2b:02:d7:f0:99:4b:62:ee:f0:e3:3c:ce:74:
                    35:aa:6b:e3:ea:79:29:b6:87:3a:81:7b:55:df:9d:
                    57:52:b0:07:63:b1:f2:f7:04:8c:fc:5b:3d:1a:2d:
                    a5:74:ec:02:fa:f7:d2:df:60:73:6f:c3:49:a9:4d:
                    55:c6:f5:ae:10:99:31:40:2e:4e:ed:36:62:cb:5f:
                    7a:00:60:e6:b6:d9:6c:a8:57:29:3b:9c:30:57:10:
                    20:a9:d4:61:00:ee:5f:9a:a7:32:fe:3c:44:60:8d:
                    74:34:0b:47:ce:40:82:f6:ca:0d:60:b1:3e:d1:6b:
                    6f:61:85:a3:67:eb:d3:98:af:03:4e:00:5c:cf:f6:
                    44:65:56:5a:21:20:16:b5:08:4c:1c:95:4c:8c:c8:
                    0c:30:d4:89:3a:cb:af:55:c7:1a:0e:e6:74:15:bd:
                    54:ea:3a:a5:cc:6e:e2:ab:67:8a:14:28:12:80:ae:
                    be:c5:ab:6d:b6:b0:a3:5e:4b:79:48:1a:73:d5:df:
                    f7:c6:e6:a0:70:32:39:cf:23:65:9b:16:b2:77:f6:
                    3f:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:4C:12:E4:9F:A2:30:BC:D1:BC:8D:59:D1:7D:EE:BD:B0:0D:90:ED
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/rkwS5J-iMLzRvI1Z0X3uvbANkO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:1a85::/32
                  2a0e:f500::/29

    Signature Algorithm: sha256WithRSAEncryption
         8b:36:aa:5d:3b:89:87:2f:80:d3:84:e8:dc:54:14:79:00:2e:
         91:0b:a1:d0:39:b9:12:e4:a8:6d:15:cf:95:62:e5:a9:c0:25:
         30:d0:cd:ed:1f:0c:38:12:f0:da:93:1a:4e:7a:42:7a:99:64:
         b9:68:f0:fb:fd:5c:cf:40:d7:2f:9a:d4:0c:e5:bc:58:96:42:
         d1:96:82:28:e5:ed:0d:d2:a7:4b:64:e8:00:d1:5b:ca:3e:fe:
         91:0d:55:15:34:e7:a6:cf:db:46:e1:e6:3f:56:af:23:82:1d:
         7a:64:4d:ed:f5:24:b1:1e:45:61:ca:9f:1f:12:11:16:0a:5f:
         c8:06:b3:7e:d1:d8:b1:89:93:c0:ac:30:8f:ba:ef:90:d9:cf:
         e8:b9:01:65:08:14:94:cb:fa:07:b3:51:9c:99:18:85:d0:15:
         74:54:ca:16:fe:c0:bd:14:0d:41:a7:09:33:7d:19:cb:7e:7a:
         ab:23:13:58:b2:62:fb:11:f7:35:72:0b:b6:5e:3c:ca:75:f9:
         aa:56:69:e2:ae:e0:05:8c:8d:e8:00:27:2b:46:3b:40:93:c2:
         bd:26:f1:a6:4b:8c:5a:3e:31:b6:9f:11:5e:d3:28:c0:55:8a:
         62:f4:26:44:dd:b1:28:f7:8a:1a:d2:65:f9:0c:39:48:4c:d7:
         3d:c5:56:52
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZdbbA+38Wjyrot5yVMo3yJ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNjEwMTk1ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTRjMTJlNDlmYTIzMGJjZDFiYzhkNTlkMTdkZWViZGIwMGQ5MGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkOe7Z5EM6U4KL0syZBxS+xyayezw
fkGvxo8iQKmoCj9ReBDdZZjAE+TuIZvKjCsC1/CZS2Lu8OM8znQ1qmvj6nkptoc6
gXtV351XUrAHY7Hy9wSM/Fs9Gi2ldOwC+vfS32Bzb8NJqU1VxvWuEJkxQC5O7TZi
y196AGDmttlsqFcpO5wwVxAgqdRhAO5fmqcy/jxEYI10NAtHzkCC9soNYLE+0Wtv
YYWjZ+vTmK8DTgBcz/ZEZVZaISAWtQhMHJVMjMgMMNSJOsuvVccaDuZ0Fb1U6jql
zG7iq2eKFCgSgK6+xatttrCjXkt5SBpz1d/3xuagcDI5zyNlmxayd/Y/MQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFK5MEuSfojC80byNWdF97r2wDZDtMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvcmt3UzVKLWlNTHpSdkkxWjBYM3V2YkFOa08wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKg4ahQMF
AyoO9QAwDQYJKoZIhvcNAQELBQADggEBAIs2ql07iYcvgNOE6NxUFHkALpELodA5
uRLkqG0Vz5Vi5anAJTDQze0fDDgS8NqTGk56QnqZZLlo8Pv9XM9A1y+a1AzlvFiW
QtGWgijl7Q3Sp0tk6ADRW8o+/pENVRU056bP20bh5j9WryOCHXpkTe31JLEeRWHK
nx8SERYKX8gGs37R2LGJk8CsMI+675DZz+i5AWUIFJTL+gezUZyZGIXQFXRUyhb+
wL0UDUGnCTN9Gct+eqsjE1iyYvsR9zVyC7ZePMp1+apWaeKu4AWMjegAJytGO0CT
wr0m8aZLjFo+MbafEV7TKMBVimL0JkTdsSj3ihrSZfkMOUhM1z3FVlI=
-----END CERTIFICATE-----