Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/91vtL6Q-jsC-Hq4tG6IKsiz8GF8.roa
File:                     91vtL6Q-jsC-Hq4tG6IKsiz8GF8.roa (raw, json)
Hash identifier:          5gynoAyb7s4y4AxVQ/gbKiM+f38v4VMmcmTfTCDKPyA=
Subject key identifier:   F7:5B:ED:2F:A4:3E:8E:C0:BE:1E:AE:2D:1B:A2:0A:B2:2C:FC:18:5F
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0199C47EF53A7D60C1414755E6372940A03C
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/91vtL6Q-jsC-Hq4tG6IKsiz8GF8.roa
Signing time:             Wed 08 Oct 2025 15:44:38 +0000
ROA not before:           Wed 08 Oct 2025 15:44:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209944
IP address blocks:        2a07:7880::/29 maxlen: 29
                          2a09:b700::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c4:7e:f5:3a:7d:60:c1:41:47:55:e6:37:29:40:a0:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Oct  8 15:44:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f75bed2fa43e8ec0be1eae2d1ba20ab22cfc185f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:f7:07:95:12:d7:e9:61:e8:39:67:ce:43:08:
                    7a:be:72:a2:1c:8f:94:8b:9f:96:dc:33:2d:b0:c5:
                    ed:4e:9b:48:13:b2:08:98:ae:03:45:94:50:c5:24:
                    8d:1a:86:0e:7d:16:91:6b:41:6a:8b:9c:a1:c4:24:
                    5d:29:50:d7:78:c6:3c:1d:12:31:a8:72:17:b7:9c:
                    b5:b3:f5:68:b8:4a:67:6d:c9:3c:e6:0d:8f:b8:17:
                    46:2e:49:fb:e3:61:e5:32:b4:0f:f6:dc:2e:c8:d9:
                    ff:f6:5f:29:89:af:37:14:5f:a1:da:f5:57:b6:87:
                    51:e4:79:01:5e:25:02:19:cb:b1:be:9d:9d:96:17:
                    e8:47:5d:38:83:de:47:3c:92:f3:0e:2b:c4:de:22:
                    22:1c:9f:d7:59:7a:8b:89:17:52:0e:61:85:7f:05:
                    ba:7e:27:07:52:38:e3:b0:d0:3e:f9:04:1d:0d:0e:
                    eb:08:62:8d:02:e8:2e:d4:81:b7:e1:fd:73:5e:dd:
                    39:46:a7:23:a4:58:6a:b1:e7:e3:65:5b:41:fe:ba:
                    11:6f:2e:1b:a0:76:5d:bc:c0:d5:30:78:92:d7:30:
                    8a:ac:09:81:bf:ff:ab:99:4a:63:f8:10:d6:28:96:
                    fe:a3:40:56:51:e6:78:dd:50:09:5b:6d:70:61:98:
                    e5:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:5B:ED:2F:A4:3E:8E:C0:BE:1E:AE:2D:1B:A2:0A:B2:2C:FC:18:5F
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/91vtL6Q-jsC-Hq4tG6IKsiz8GF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:7880::/29
                  2a09:b700::/29

    Signature Algorithm: sha256WithRSAEncryption
         73:4c:f5:77:21:05:0e:c2:08:55:b3:fd:c1:da:6d:19:fd:06:
         ca:67:08:84:fb:96:d6:93:4e:3f:19:8e:03:ba:76:59:31:d9:
         a3:c8:c0:a1:fd:b9:33:48:52:1b:ea:9a:b7:64:ac:6b:28:fc:
         56:6e:69:43:be:7e:56:ac:ce:29:30:50:27:8b:39:13:ad:6c:
         e3:3a:8a:03:08:0f:98:45:e3:fb:1e:55:08:81:24:36:f8:12:
         f2:b6:62:64:a2:04:88:bd:f5:68:14:96:7f:b2:b0:7e:82:e2:
         e8:db:43:61:97:dd:b6:0a:b9:f5:67:0e:d2:21:b5:98:ea:b4:
         96:d2:1d:e1:4a:bc:a9:04:4d:75:1b:13:3f:25:a3:71:d3:1c:
         1c:68:97:6d:37:18:9d:90:12:18:40:68:9a:0b:55:7f:f6:1f:
         91:36:8e:32:ea:09:0f:35:5f:aa:a4:46:23:dd:58:7d:b1:ca:
         a4:61:fb:12:86:8b:76:94:43:18:7f:cc:fa:82:2e:d9:a5:87:
         73:51:24:bf:b5:10:2c:47:b3:07:fc:78:b0:c7:a1:89:63:ba:
         96:13:cd:e8:cd:93:f2:f8:42:47:1c:77:df:ad:2a:c2:b5:8b:
         de:a8:8a:5a:55:6d:84:55:d9:f3:33:65:f7:7c:15:65:f0:23:
         9c:72:d3:43
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZnEfvU6fWDBQUdV5jcpQKA8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUxMDA4MTU0NDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzViZWQyZmE0M2U4ZWMwYmUxZWFlMmQxYmEyMGFiMjJjZmMxODVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvcHlRLX6WHoOWfOQwh6vnKiHI+U
i5+W3DMtsMXtTptIE7IImK4DRZRQxSSNGoYOfRaRa0Fqi5yhxCRdKVDXeMY8HRIx
qHIXt5y1s/VouEpnbck85g2PuBdGLkn742HlMrQP9twuyNn/9l8pia83FF+h2vVX
todR5HkBXiUCGcuxvp2dlhfoR104g95HPJLzDivE3iIiHJ/XWXqLiRdSDmGFfwW6
ficHUjjjsNA++QQdDQ7rCGKNAugu1IG34f1zXt05RqcjpFhqsefjZVtB/roRby4b
oHZdvMDVMHiS1zCKrAmBv/+rmUpj+BDWKJb+o0BWUeZ43VAJW21wYZjlKwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFPdb7S+kPo7Avh6uLRuiCrIs/BhfMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvOTF2dEw2US1qc0MtSHE0dEc2SUtzaXo4R0Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKgd4gAMF
AyoJtwAwDQYJKoZIhvcNAQELBQADggEBAHNM9XchBQ7CCFWz/cHabRn9BspnCIT7
ltaTTj8ZjgO6dlkx2aPIwKH9uTNIUhvqmrdkrGso/FZuaUO+flaszikwUCeLOROt
bOM6igMID5hF4/seVQiBJDb4EvK2YmSiBIi99WgUln+ysH6C4ujbQ2GX3bYKufVn
DtIhtZjqtJbSHeFKvKkETXUbEz8lo3HTHBxol203GJ2QEhhAaJoLVX/2H5E2jjLq
CQ81X6qkRiPdWH2xyqRh+xKGi3aUQxh/zPqCLtmlh3NRJL+1ECxHswf8eLDHoYlj
upYTzejNk/L4Qkccd9+tKsK1i96oilpVbYRV2fMzZfd8FWXwI5xy00M=
-----END CERTIFICATE-----