Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/ImPSGXQGxBD8CRomnWbqohB8So4.roa
File:                     ImPSGXQGxBD8CRomnWbqohB8So4.roa (raw, json)
Hash identifier:          rmRlXpUDTFeAAYmJH6P5Tb6isp4OnWwvMGkJu1C3UIg=
Subject key identifier:   22:63:D2:19:74:06:C4:10:FC:09:1A:26:9D:66:EA:A2:10:7C:4A:8E
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0198B872C03EF6389066621B8CB04D946128
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/ImPSGXQGxBD8CRomnWbqohB8So4.roa
Signing time:             Sun 17 Aug 2025 14:33:04 +0000
ROA not before:           Sun 17 Aug 2025 14:33:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212831
IP address blocks:        2a0f:e7c6:88::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:b8:72:c0:3e:f6:38:90:66:62:1b:8c:b0:4d:94:61:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Aug 17 14:33:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2263d2197406c410fc091a269d66eaa2107c4a8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:d4:29:33:5d:70:10:b2:84:5f:6b:a9:9f:4a:
                    ef:cd:4c:65:3b:d8:17:9e:4e:71:06:13:db:a9:f3:
                    5e:6a:3d:e5:e2:13:cb:0c:49:a3:fc:47:a6:12:25:
                    b0:e7:0a:b3:19:f2:86:c4:de:30:e1:2d:78:a1:5f:
                    a6:b0:5f:16:e2:99:d7:ac:9a:6e:bb:96:26:20:fd:
                    9e:54:c6:27:cc:62:cc:37:9b:58:82:d9:78:5b:98:
                    3a:60:76:87:01:96:d8:0f:91:bc:74:bb:3a:f5:99:
                    61:50:42:f4:8b:33:e0:57:11:f3:3d:86:55:46:ac:
                    11:65:0c:c4:38:ea:9b:73:8e:49:28:8d:68:3f:f9:
                    c9:54:94:00:c7:9a:9f:01:1d:a0:50:d7:76:f7:26:
                    57:cc:ae:e5:ec:63:7a:45:89:49:19:ec:ff:7a:f3:
                    9f:f1:22:3e:26:fa:7a:9d:be:7e:ca:da:90:32:e2:
                    c2:bc:bd:b9:37:f7:15:a6:94:51:63:cf:b1:28:02:
                    e8:b1:1c:6e:46:71:47:2a:b8:a6:f8:68:ef:72:a3:
                    0e:12:6e:37:95:9d:a4:4d:22:38:f4:47:41:d6:20:
                    2c:92:c3:52:e7:1b:11:f4:af:21:42:24:cb:b3:59:
                    c2:92:15:09:43:35:86:f7:25:47:22:e5:b1:63:9f:
                    ba:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:63:D2:19:74:06:C4:10:FC:09:1A:26:9D:66:EA:A2:10:7C:4A:8E
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/ImPSGXQGxBD8CRomnWbqohB8So4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:e7c6:88::/48

    Signature Algorithm: sha256WithRSAEncryption
         62:7d:f3:24:4e:45:da:ca:6e:b0:f4:41:aa:cb:ec:4a:3d:d7:
         f2:e2:93:9d:e5:d7:0a:2d:31:a6:48:f2:e0:4a:30:00:d8:a4:
         e7:99:71:f7:63:81:0d:30:e6:79:3d:35:a0:e8:f1:9b:d5:33:
         47:77:60:4d:e1:6b:32:23:f8:d1:75:d5:3c:f7:ff:07:b9:61:
         2d:b6:1c:c8:6b:bc:04:98:a9:03:5d:4a:c5:95:04:5b:6c:0b:
         71:bc:12:6b:1a:da:52:c6:e0:b4:05:7c:35:c0:c9:6b:ab:26:
         b3:44:d4:8b:23:3e:12:22:26:e5:41:85:34:d3:ff:91:8a:64:
         4e:e3:16:06:69:93:12:2a:5d:17:da:9f:87:88:0c:97:42:66:
         7d:a5:f0:92:a7:97:ec:2b:87:a3:df:5c:49:fe:03:3d:94:67:
         8e:46:65:fe:6f:06:6a:6b:64:a4:3e:8d:89:c3:8c:81:36:26:
         ad:1a:4a:93:9e:60:69:99:8e:5c:90:f3:d1:89:63:8a:81:35:
         79:d1:9c:bf:6f:e8:26:ce:9d:c1:97:f8:fe:5f:1f:ca:0f:15:
         d4:e7:42:ec:00:d1:8c:ad:b1:94:21:07:d0:91:96:e4:7f:b8:
         9e:6e:59:ca:16:f8:bf:00:1e:3d:55:cf:9f:cf:b6:47:3f:b3:
         6c:4d:00:3f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZi4csA+9jiQZmIbjLBNlGEoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwODE3MTQzMzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjYzZDIxOTc0MDZjNDEwZmMwOTFhMjY5ZDY2ZWFhMjEwN2M0YThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNQpM11wELKEX2upn0rvzUxlO9gX
nk5xBhPbqfNeaj3l4hPLDEmj/EemEiWw5wqzGfKGxN4w4S14oV+msF8W4pnXrJpu
u5YmIP2eVMYnzGLMN5tYgtl4W5g6YHaHAZbYD5G8dLs69ZlhUEL0izPgVxHzPYZV
RqwRZQzEOOqbc45JKI1oP/nJVJQAx5qfAR2gUNd29yZXzK7l7GN6RYlJGez/evOf
8SI+Jvp6nb5+ytqQMuLCvL25N/cVppRRY8+xKALosRxuRnFHKrim+GjvcqMOEm43
lZ2kTSI49EdB1iAsksNS5xsR9K8hQiTLs1nCkhUJQzWG9yVHIuWxY5+6/wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCJj0hl0BsQQ/AkaJp1m6qIQfEqOMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvSW1QU0dYUUd4QkQ4Q1JvbW5XYnFvaEI4U280LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg/nxgCI
MA0GCSqGSIb3DQEBCwUAA4IBAQBiffMkTkXaym6w9EGqy+xKPdfy4pOd5dcKLTGm
SPLgSjAA2KTnmXH3Y4ENMOZ5PTWg6PGb1TNHd2BN4WsyI/jRddU89/8HuWEtthzI
a7wEmKkDXUrFlQRbbAtxvBJrGtpSxuC0BXw1wMlrqyazRNSLIz4SIiblQYU00/+R
imRO4xYGaZMSKl0X2p+HiAyXQmZ9pfCSp5fsK4ej31xJ/gM9lGeORmX+bwZqa2Sk
Po2Jw4yBNiatGkqTnmBpmY5ckPPRiWOKgTV50Zy/b+gmzp3Bl/j+Xx/KDxXU50Ls
ANGMrbGUIQfQkZbkf7ieblnKFvi/AB49Vc+fz7ZHP7NsTQA/
-----END CERTIFICATE-----