Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/ODt3fNJgks4i9UEMWI_Z5dCyPYI.roa
File:                     ODt3fNJgks4i9UEMWI_Z5dCyPYI.roa (raw, json)
Hash identifier:          /DkOj8JlvXaktLz40H3ltj8B11+0rlQZyvYGTPxUrw8=
Subject key identifier:   38:3B:77:7C:D2:60:92:CE:22:F5:41:0C:58:8F:D9:E5:D0:B2:3D:82
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0198D1113DFC5F260A1A4A2479954CBC3A18
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/ODt3fNJgks4i9UEMWI_Z5dCyPYI.roa
Signing time:             Fri 22 Aug 2025 09:17:04 +0000
ROA not before:           Fri 22 Aug 2025 09:17:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213505
IP address blocks:        2a0c:d380::/29 maxlen: 29
                          2a0f:28c0::/29 maxlen: 29
                          2a12:4ac0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d1:11:3d:fc:5f:26:0a:1a:4a:24:79:95:4c:bc:3a:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Aug 22 09:17:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=383b777cd26092ce22f5410c588fd9e5d0b23d82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:90:02:b8:2d:a2:1f:4f:77:38:0c:ab:a6:a0:
                    c2:c1:47:7d:b2:33:39:4f:a3:c5:49:8e:02:90:35:
                    e8:55:cd:f9:53:5c:4c:e9:77:c9:8a:a6:b8:3d:30:
                    6c:ff:9e:22:e5:84:dc:6a:91:b1:e7:3a:80:97:b6:
                    1e:9b:b0:89:62:64:77:cd:28:4a:1a:d4:6b:e4:89:
                    e5:5b:57:a9:91:d7:60:ea:6c:13:73:10:d9:c9:28:
                    ba:c6:d9:58:14:d1:ed:ae:c7:51:4f:6e:c0:30:2e:
                    72:80:1d:c8:da:f0:89:30:40:a7:87:95:82:ac:9e:
                    58:31:d7:e3:1a:32:4b:8a:6a:6a:e2:5c:49:c3:51:
                    d6:33:a5:d6:27:f7:95:91:2a:ff:6a:50:ed:5b:8f:
                    aa:15:bb:c6:a2:38:ba:ed:3b:f4:9d:f9:d4:58:1e:
                    1f:0f:27:4a:66:b1:5a:25:37:d9:f3:3e:81:e1:77:
                    8a:9f:40:b9:ed:55:ab:df:e7:19:22:b0:19:ec:65:
                    0d:d8:e7:7d:4d:64:ff:cc:22:c9:ed:14:29:41:2f:
                    ed:24:2f:58:78:9c:88:62:a0:3b:22:a4:78:d7:a7:
                    1f:ef:17:b2:61:24:69:fb:c9:be:91:3d:3d:67:63:
                    ba:b9:25:c9:ef:89:14:12:e0:28:ed:c9:c2:1a:da:
                    a2:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:3B:77:7C:D2:60:92:CE:22:F5:41:0C:58:8F:D9:E5:D0:B2:3D:82
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/ODt3fNJgks4i9UEMWI_Z5dCyPYI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:d380::/29
                  2a0f:28c0::/29
                  2a12:4ac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         19:f6:94:c0:3e:4d:b6:73:a2:6b:d8:f4:8d:94:21:23:4b:3c:
         7f:e1:29:53:6d:cb:33:65:60:55:20:51:60:4f:67:05:29:41:
         48:b5:be:28:98:0b:a4:c1:72:89:6b:47:c7:e2:6c:cb:1c:ce:
         fd:17:2d:9d:a2:5a:85:41:a1:2c:f5:0c:b5:a8:4f:d2:f6:93:
         e5:12:4f:1a:86:b3:05:1b:7d:f1:76:46:72:45:88:24:0e:2b:
         0b:65:b1:86:66:97:b8:ce:82:db:b6:c6:f4:5a:68:ec:c0:73:
         fb:cc:89:6a:65:ef:73:bc:4f:b3:fb:b8:30:78:f5:87:1e:e3:
         00:1e:51:99:14:0c:1f:b7:53:0c:af:56:50:e0:2c:75:a5:dd:
         f0:1d:12:8d:3d:f3:b1:5a:90:7f:c6:f1:3a:c6:35:1c:48:a3:
         1a:de:bf:db:d4:ef:58:ba:83:a9:7a:97:f1:16:08:08:79:9c:
         ad:2f:71:68:3f:20:66:15:81:30:a4:06:5f:1f:67:99:81:ef:
         74:08:2a:ed:f4:50:65:e2:b8:e5:5a:4f:e1:52:d1:58:f8:fe:
         c3:e4:ec:cd:4d:be:27:cf:a4:e1:a1:2e:e9:17:3a:31:85:53:
         51:14:b1:79:55:63:86:7f:65:d6:52:a1:24:64:ce:d2:d8:8b:
         ed:87:e3:34
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZjRET38XyYKGkokeZVMvDoYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwODIyMDkxNzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODNiNzc3Y2QyNjA5MmNlMjJmNTQxMGM1ODhmZDllNWQwYjIzZDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx5ACuC2iH093OAyrpqDCwUd9sjM5
T6PFSY4CkDXoVc35U1xM6XfJiqa4PTBs/54i5YTcapGx5zqAl7Yem7CJYmR3zShK
GtRr5InlW1epkddg6mwTcxDZySi6xtlYFNHtrsdRT27AMC5ygB3I2vCJMECnh5WC
rJ5YMdfjGjJLimpq4lxJw1HWM6XWJ/eVkSr/alDtW4+qFbvGoji67Tv0nfnUWB4f
DydKZrFaJTfZ8z6B4XeKn0C57VWr3+cZIrAZ7GUN2Od9TWT/zCLJ7RQpQS/tJC9Y
eJyIYqA7IqR416cf7xeyYSRp+8m+kT09Z2O6uSXJ74kUEuAo7cnCGtqigwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDg7d3zSYJLOIvVBDFiP2eXQsj2CMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvT0R0M2ZOSmdrczRpOVVFTVdJX1o1ZEN5UFlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKgzTgAMF
AyoPKMADBQMqEkrAMA0GCSqGSIb3DQEBCwUAA4IBAQAZ9pTAPk22c6Jr2PSNlCEj
Szx/4SlTbcszZWBVIFFgT2cFKUFItb4omAukwXKJa0fH4mzLHM79Fy2dolqFQaEs
9Qy1qE/S9pPlEk8ahrMFG33xdkZyRYgkDisLZbGGZpe4zoLbtsb0WmjswHP7zIlq
Ze9zvE+z+7gwePWHHuMAHlGZFAwft1MMr1ZQ4Cx1pd3wHRKNPfOxWpB/xvE6xjUc
SKMa3r/b1O9YuoOpepfxFggIeZytL3FoPyBmFYEwpAZfH2eZge90CCrt9FBl4rjl
Wk/hUtFY+P7D5OzNTb4nz6ThoS7pFzoxhVNRFLF5VWOGf2XWUqEkZM7S2Ivth+M0
-----END CERTIFICATE-----