Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/7yGb0AdfhZwn7j7VIysyQRSpeE8.roa
File:                     7yGb0AdfhZwn7j7VIysyQRSpeE8.roa (raw, json)
Hash identifier:          Gd48O41+WtRusOMdNCUU8ENOXfo3BiIv10qhV3bzjSU=
Subject key identifier:   EF:21:9B:D0:07:5F:85:9C:27:EE:3E:D5:23:2B:32:41:14:A9:78:4F
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01999A7F5FFF236686E919AB40C839115608
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/7yGb0AdfhZwn7j7VIysyQRSpeE8.roa
Signing time:             Tue 30 Sep 2025 12:01:02 +0000
ROA not before:           Tue 30 Sep 2025 12:01:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49443
IP address blocks:        2a12:5e00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9a:7f:5f:ff:23:66:86:e9:19:ab:40:c8:39:11:56:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Sep 30 12:01:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ef219bd0075f859c27ee3ed5232b324114a9784f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:f7:31:f5:76:5a:04:55:f7:49:1c:6b:2e:1c:
                    79:4e:81:6e:24:18:b6:d0:97:26:62:59:4d:1d:a5:
                    1d:e8:74:ec:0e:7d:d1:16:ab:da:ef:f6:fb:ed:91:
                    30:be:d0:82:bc:f4:76:d8:9c:10:ce:14:86:f7:bf:
                    ae:a6:0c:c7:02:dd:87:bf:c5:28:43:29:3a:39:1b:
                    06:0f:df:4a:45:7c:e1:c7:69:f5:75:73:cb:1f:36:
                    6c:c4:58:2e:c4:f1:64:7f:ba:8f:89:07:b2:c2:b3:
                    b6:85:36:98:ed:5e:9a:01:40:78:7e:1a:26:45:69:
                    9c:a0:8d:c7:f9:3a:ba:d4:ef:b7:4e:cc:1c:6c:f1:
                    2a:0e:d2:bd:75:55:81:9b:41:84:0a:54:2c:f3:34:
                    3f:ca:ed:58:ac:13:1c:59:9f:f8:53:85:02:52:29:
                    c1:73:e4:a7:8e:8e:d2:08:87:9c:9a:df:07:79:ed:
                    14:06:6c:c5:1e:3d:0d:71:fe:97:07:4b:82:7f:4f:
                    63:74:94:a3:b1:91:99:91:c4:ec:69:8d:46:44:4c:
                    66:46:4f:ae:8f:ea:42:d9:82:90:d8:66:38:8d:4d:
                    dd:63:0f:89:03:2d:b3:ea:7d:51:54:6f:7d:f9:c8:
                    8f:38:f8:43:64:d1:6e:ae:98:b3:ba:ff:36:d5:6f:
                    fc:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:21:9B:D0:07:5F:85:9C:27:EE:3E:D5:23:2B:32:41:14:A9:78:4F
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/7yGb0AdfhZwn7j7VIysyQRSpeE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:5e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         95:9e:19:1f:f7:a7:6e:1d:46:a0:f5:43:43:30:65:c7:30:fd:
         8a:b9:8d:ca:ff:cc:9f:75:02:24:88:0a:ed:cd:95:dd:4a:03:
         93:db:a1:d2:b0:cd:9f:ff:08:36:52:de:79:61:7a:70:46:cd:
         3a:23:34:2f:fd:f2:b7:1e:43:07:ac:eb:0b:07:83:02:52:6b:
         05:a1:f5:aa:03:27:bf:12:b0:ee:0e:f9:db:41:27:91:ef:92:
         a8:8e:02:5c:a4:bb:20:75:f5:84:b3:66:25:84:e5:e7:5b:05:
         19:7a:63:d0:7f:47:78:f3:57:7b:7a:1e:92:c2:26:3e:b5:2b:
         5e:b4:45:1e:9a:a3:a0:a9:26:fa:7d:d1:cf:47:21:c6:3d:12:
         4e:9c:6b:15:cc:33:f9:90:54:fb:d0:35:95:a5:ec:c2:5e:cb:
         33:40:c1:ce:73:22:93:f6:c0:c6:ed:6c:d8:f9:f3:d8:fd:34:
         0d:f4:2a:da:74:02:53:cc:86:cc:c6:13:41:75:70:43:bf:be:
         f1:35:16:4a:da:b5:e1:96:49:01:bd:7b:b4:0e:da:11:25:70:
         57:c5:fa:08:1e:08:6b:96:39:59:38:2d:93:a9:77:7c:70:ef:
         32:cb:89:fa:02:37:74:b1:60:92:fa:2d:3e:5b:3b:3b:3a:46:
         6e:e6:00:01
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZmaf1//I2aG6RmrQMg5EVYIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwOTMwMTIwMTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjIxOWJkMDA3NWY4NTljMjdlZTNlZDUyMzJiMzI0MTE0YTk3ODRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvcx9XZaBFX3SRxrLhx5ToFuJBi2
0JcmYllNHaUd6HTsDn3RFqva7/b77ZEwvtCCvPR22JwQzhSG97+upgzHAt2Hv8Uo
Qyk6ORsGD99KRXzhx2n1dXPLHzZsxFguxPFkf7qPiQeywrO2hTaY7V6aAUB4fhom
RWmcoI3H+Tq61O+3TswcbPEqDtK9dVWBm0GEClQs8zQ/yu1YrBMcWZ/4U4UCUinB
c+Snjo7SCIecmt8Hee0UBmzFHj0Ncf6XB0uCf09jdJSjsZGZkcTsaY1GRExmRk+u
j+pC2YKQ2GY4jU3dYw+JAy2z6n1RVG99+ciPOPhDZNFurpizuv821W/8/QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFO8hm9AHX4WcJ+4+1SMrMkEUqXhPMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvN3lHYjBBZGZoWnduN2o3Vkl5c3lRUlNwZUU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhJeADAN
BgkqhkiG9w0BAQsFAAOCAQEAlZ4ZH/enbh1GoPVDQzBlxzD9irmNyv/Mn3UCJIgK
7c2V3UoDk9uh0rDNn/8INlLeeWF6cEbNOiM0L/3ytx5DB6zrCweDAlJrBaH1qgMn
vxKw7g7520Enke+SqI4CXKS7IHX1hLNmJYTl51sFGXpj0H9HePNXe3oeksImPrUr
XrRFHpqjoKkm+n3Rz0chxj0STpxrFcwz+ZBU+9A1laXswl7LM0DBznMik/bAxu1s
2Pnz2P00DfQq2nQCU8yGzMYTQXVwQ7++8TUWStq14ZZJAb17tA7aESVwV8X6CB4I
a5Y5WTgtk6l3fHDvMsuJ+gI3dLFgkvotPls7OzpGbuYAAQ==
-----END CERTIFICATE-----