Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/t-24rH7-JcWRQl10GG2TwvUWpfw.roa
File:                     t-24rH7-JcWRQl10GG2TwvUWpfw.roa (raw, json)
Hash identifier:          Q+PFhb4BxvMEH8mNwldbOzxcrgHXdHD5grZaE0hgfdU=
Subject key identifier:   B7:ED:B8:AC:7E:FE:25:C5:91:42:5D:74:18:6D:93:C2:F5:16:A5:FC
Certificate issuer:       /CN=8aab4c0cf21c1a3d6ea41068cbe908be388e450a
Certificate serial:       0199A5C8C77D9537F921381E34CCA21A3B58
Authority key identifier: 8A:AB:4C:0C:F2:1C:1A:3D:6E:A4:10:68:CB:E9:08:BE:38:8E:45:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iqtMDPIcGj1upBBoy-kIvjiORQo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/t-24rH7-JcWRQl10GG2TwvUWpfw.roa
Signing time:             Thu 02 Oct 2025 16:37:02 +0000
ROA not before:           Thu 02 Oct 2025 16:37:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201078
IP address blocks:        2a07:7940:49::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/iqtMDPIcGj1upBBoy-kIvjiORQo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/iqtMDPIcGj1upBBoy-kIvjiORQo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iqtMDPIcGj1upBBoy-kIvjiORQo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a5:c8:c7:7d:95:37:f9:21:38:1e:34:cc:a2:1a:3b:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8aab4c0cf21c1a3d6ea41068cbe908be388e450a
        Validity
            Not Before: Oct  2 16:37:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b7edb8ac7efe25c591425d74186d93c2f516a5fc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:97:f4:c9:87:bc:3d:17:71:d5:d6:d3:15:3b:
                    31:c4:a4:60:3a:d2:27:e1:75:54:22:ad:e7:86:9d:
                    71:83:f5:d8:78:42:4c:47:d4:0d:91:56:01:d0:b0:
                    99:85:04:fc:ef:47:86:41:92:36:5a:64:e7:70:43:
                    46:d6:03:25:72:a7:62:63:ad:46:41:65:5b:85:c7:
                    f8:09:f5:f0:43:d5:ea:96:84:32:77:40:66:95:ae:
                    f8:14:c3:f0:ad:72:97:e0:ff:8a:3c:bb:f1:a8:11:
                    6c:5f:a0:15:bb:88:9c:4b:69:41:26:4d:b7:9f:e4:
                    ad:23:17:fe:6c:2c:0c:d9:ed:74:ea:35:b5:13:f5:
                    cc:f3:1d:64:a1:09:c8:19:f7:d4:d1:46:91:64:05:
                    21:4d:3c:dc:d3:70:76:f9:13:27:39:1e:de:e0:88:
                    83:2b:f6:5a:cc:32:4a:e3:ae:75:c9:b8:c4:33:0e:
                    a7:1a:65:6a:c5:89:e1:a3:d6:e5:22:5a:19:00:d4:
                    04:34:67:75:ea:02:85:2e:96:a6:fc:47:12:86:9e:
                    81:7f:6d:6b:af:c1:f8:df:6a:ff:42:af:8a:bc:a0:
                    82:ce:31:82:e8:b5:d9:3b:ef:31:ad:9d:7e:22:3d:
                    1c:59:b7:f1:9e:e7:9d:65:f0:6a:73:25:fa:9d:d0:
                    de:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:ED:B8:AC:7E:FE:25:C5:91:42:5D:74:18:6D:93:C2:F5:16:A5:FC
            X509v3 Authority Key Identifier:
                keyid:8A:AB:4C:0C:F2:1C:1A:3D:6E:A4:10:68:CB:E9:08:BE:38:8E:45:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iqtMDPIcGj1upBBoy-kIvjiORQo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/t-24rH7-JcWRQl10GG2TwvUWpfw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/740c1e-1a4c-4ca2-bd53-537b1b49dfe7/1/iqtMDPIcGj1upBBoy-kIvjiORQo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:7940:49::/48

    Signature Algorithm: sha256WithRSAEncryption
         c0:ec:fc:ce:93:61:42:72:e1:5f:a2:f4:c6:84:f5:44:32:78:
         fb:5a:4d:7c:5b:c3:d4:9c:09:dc:0d:5a:07:a3:b9:a7:30:5f:
         c3:fe:89:f4:49:9e:fc:8e:92:ff:4f:4e:90:86:95:0f:50:4c:
         04:94:71:4b:a9:53:20:e6:a9:a9:14:83:30:78:98:d5:c2:f8:
         ee:81:06:db:d6:d0:96:67:59:75:e9:74:5c:35:cb:13:f1:53:
         96:6f:6c:bd:ab:b2:25:72:54:74:12:50:c7:8d:06:21:fe:53:
         8e:bb:8d:b0:07:ba:57:88:b5:fe:8b:62:8d:25:9c:e7:0b:2c:
         14:e9:e5:99:3e:0d:f0:0c:93:d1:21:37:dd:d7:29:c7:5e:05:
         31:36:c8:8f:9d:96:41:46:50:c5:52:89:77:e0:5c:4c:97:39:
         b5:f9:20:83:a1:16:e6:b1:51:bf:21:00:45:a6:ad:5a:14:53:
         a0:19:77:ef:09:97:0b:83:3d:6d:bd:9a:fa:f3:e3:22:b8:bb:
         e9:f7:0f:dc:d6:40:78:9f:7f:92:c1:cf:46:3a:f8:b0:30:8b:
         34:50:68:99:9b:03:fe:bc:d4:e5:ca:de:23:6c:de:6b:98:1c:
         f0:64:37:94:4a:ab:c4:d2:fb:ee:d2:ff:e7:af:1c:32:56:ff:
         66:77:8e:3b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZmlyMd9lTf5ITgeNMyiGjtYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhYWI0YzBjZjIxYzFhM2Q2ZWE0MTA2OGNiZTkwOGJlMzg4
ZTQ1MGEwHhcNMjUxMDAyMTYzNzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2VkYjhhYzdlZmUyNWM1OTE0MjVkNzQxODZkOTNjMmY1MTZhNWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA25f0yYe8PRdx1dbTFTsxxKRgOtIn
4XVUIq3nhp1xg/XYeEJMR9QNkVYB0LCZhQT870eGQZI2WmTncENG1gMlcqdiY61G
QWVbhcf4CfXwQ9XqloQyd0Bmla74FMPwrXKX4P+KPLvxqBFsX6AVu4icS2lBJk23
n+StIxf+bCwM2e106jW1E/XM8x1koQnIGffU0UaRZAUhTTzc03B2+RMnOR7e4IiD
K/ZazDJK4651ybjEMw6nGmVqxYnho9blIloZANQENGd16gKFLpam/EcShp6Bf21r
r8H432r/Qq+KvKCCzjGC6LXZO+8xrZ1+Ij0cWbfxnuedZfBqcyX6ndDepQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLftuKx+/iXFkUJddBhtk8L1FqX8MB8GA1UdIwQY
MBaAFIqrTAzyHBo9bqQQaMvpCL44jkUKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaXF0TURQSWNHajF1cEJCb3kta0l2amlPUlFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83NDBjMWUtMWE0Yy00Y2EyLWJkNTMt
NTM3YjFiNDlkZmU3LzEvdC0yNHJINy1KY1dSUWwxMEdHMlR3dlVXcGZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83NDBjMWUtMWE0Yy00Y2EyLWJkNTMtNTM3YjFiNDlkZmU3
LzEvaXF0TURQSWNHajF1cEJCb3kta0l2amlPUlFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgd5QABJ
MA0GCSqGSIb3DQEBCwUAA4IBAQDA7PzOk2FCcuFfovTGhPVEMnj7Wk18W8PUnAnc
DVoHo7mnMF/D/on0SZ78jpL/T06QhpUPUEwElHFLqVMg5qmpFIMweJjVwvjugQbb
1tCWZ1l16XRcNcsT8VOWb2y9q7IlclR0ElDHjQYh/lOOu42wB7pXiLX+i2KNJZzn
CywU6eWZPg3wDJPRITfd1ynHXgUxNsiPnZZBRlDFUol34FxMlzm1+SCDoRbmsVG/
IQBFpq1aFFOgGXfvCZcLgz1tvZr68+MiuLvp9w/c1kB4n3+Swc9GOviwMIs0UGiZ
mwP+vNTlyt4jbN5rmBzwZDeUSqvE0vvu0v/nrxwyVv9md447
-----END CERTIFICATE-----