Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Q6OyjLe4SYjWG9AYRV6l1nYMPLQ.roa
File:                     Q6OyjLe4SYjWG9AYRV6l1nYMPLQ.roa (raw, json)
Hash identifier:          1R3cVYw+pNCqmXeop2qfS6VAzKE2D18+dSWQkKz8+ko=
Subject key identifier:   43:A3:B2:8C:B7:B8:49:88:D6:1B:D0:18:45:5E:A5:D6:76:0C:3C:B4
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01999A8EF0E58ABB90BA77FFCC1FC2CC1972
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Q6OyjLe4SYjWG9AYRV6l1nYMPLQ.roa
Signing time:             Tue 30 Sep 2025 12:18:03 +0000
ROA not before:           Tue 30 Sep 2025 12:18:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213505
IP address blocks:        2a0f:27c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9a:8e:f0:e5:8a:bb:90:ba:77:ff:cc:1f:c2:cc:19:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Sep 30 12:18:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43a3b28cb7b84988d61bd018455ea5d6760c3cb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:7c:35:a6:f3:74:ff:3a:46:fb:69:b1:0f:0b:
                    78:22:7a:04:b0:46:8e:6d:4f:eb:46:9d:36:0e:6f:
                    8e:8f:f0:f1:90:c7:9c:05:3a:e0:6d:ca:d5:d1:3c:
                    58:47:f5:bf:54:52:1e:23:23:07:a9:3f:cf:e8:fc:
                    4f:cb:8d:da:16:35:f2:9a:60:b3:aa:a7:54:96:3b:
                    c9:7f:54:c9:f2:4b:35:76:37:4f:ad:dd:01:98:db:
                    62:cb:ca:1c:17:2b:55:b6:5e:c2:09:a8:75:7a:1d:
                    02:f0:3b:d4:0f:10:b7:3e:31:85:01:23:a7:ec:c1:
                    92:ae:37:da:9f:47:44:c3:ca:4f:4b:ba:2c:96:59:
                    e6:0a:77:96:cd:5b:02:f3:79:37:58:e2:19:9c:13:
                    4b:09:ca:e6:11:dd:98:70:1f:70:eb:3e:cd:e3:b0:
                    39:b7:19:d7:a5:d7:24:bf:ed:ed:39:dc:36:72:a7:
                    cc:a8:9b:75:cd:35:6a:31:6f:27:d4:97:2f:69:80:
                    9a:44:46:0a:87:39:2d:2b:c5:d0:9d:23:6f:7c:9a:
                    18:f8:36:32:a5:44:de:c0:6c:97:ad:b5:39:aa:8c:
                    5e:ce:b6:73:b7:a7:38:7d:c7:05:78:da:49:09:9c:
                    b5:cc:84:0f:7e:47:fa:55:f5:eb:73:db:04:41:64:
                    7e:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:A3:B2:8C:B7:B8:49:88:D6:1B:D0:18:45:5E:A5:D6:76:0C:3C:B4
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Q6OyjLe4SYjWG9AYRV6l1nYMPLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:27c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7c:41:81:b0:fa:13:cc:fe:ec:3a:32:4d:22:bc:ce:5b:7b:d4:
         e7:9b:da:5b:ff:3c:c5:44:e9:3a:b2:1d:fe:f7:7a:ff:f7:6a:
         23:1f:d0:3e:a6:0f:8a:7b:8c:30:c8:51:35:15:75:45:7b:0a:
         8f:4c:3e:c3:e7:cf:72:a5:4e:14:5b:62:c4:bf:ee:9b:34:39:
         62:d5:16:b3:f6:cd:9b:5e:a5:5a:5b:79:4e:9e:4c:06:6a:40:
         e5:c1:78:16:bc:c4:83:c4:39:11:f8:47:60:9e:be:14:7f:2d:
         ab:d1:66:21:db:66:02:fd:fb:19:6f:97:04:6d:cb:11:ca:65:
         d9:d4:8b:eb:6c:a6:a8:31:e5:c1:35:26:50:c3:0a:92:bc:69:
         2c:75:b0:a3:70:b1:1d:98:15:2c:fb:2e:84:f1:0c:df:67:f0:
         4e:b1:6e:16:bc:60:ba:91:f0:b5:36:dd:78:ee:8a:ec:9f:7a:
         04:89:88:13:fd:68:a8:35:7f:93:fa:89:fa:35:4d:be:87:3c:
         93:f5:3d:a4:d8:5e:1c:67:81:64:8b:f1:b4:74:57:3a:f0:61:
         95:e5:a7:e6:0f:19:e5:91:02:27:c3:ab:d7:d5:ff:50:b7:c4:
         8b:18:d5:0d:be:32:11:5a:76:bc:8a:b3:b0:de:f1:7f:c8:ef:
         4c:00:12:94
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZmajvDliruQunf/zB/CzBlyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwOTMwMTIxODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2EzYjI4Y2I3Yjg0OTg4ZDYxYmQwMTg0NTVlYTVkNjc2MGMzY2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Xw1pvN0/zpG+2mxDwt4InoEsEaO
bU/rRp02Dm+Oj/DxkMecBTrgbcrV0TxYR/W/VFIeIyMHqT/P6PxPy43aFjXymmCz
qqdUljvJf1TJ8ks1djdPrd0BmNtiy8ocFytVtl7CCah1eh0C8DvUDxC3PjGFASOn
7MGSrjfan0dEw8pPS7osllnmCneWzVsC83k3WOIZnBNLCcrmEd2YcB9w6z7N47A5
txnXpdckv+3tOdw2cqfMqJt1zTVqMW8n1JcvaYCaREYKhzktK8XQnSNvfJoY+DYy
pUTewGyXrbU5qoxezrZzt6c4fccFeNpJCZy1zIQPfkf6VfXrc9sEQWR+JQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEOjsoy3uEmI1hvQGEVepdZ2DDy0MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvUTZPeWpMZTRTWWpXRzlBWVJWNmwxbllNUExRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg8nwDAN
BgkqhkiG9w0BAQsFAAOCAQEAfEGBsPoTzP7sOjJNIrzOW3vU55vaW/88xUTpOrId
/vd6//dqIx/QPqYPinuMMMhRNRV1RXsKj0w+w+fPcqVOFFtixL/umzQ5YtUWs/bN
m16lWlt5Tp5MBmpA5cF4FrzEg8Q5EfhHYJ6+FH8tq9FmIdtmAv37GW+XBG3LEcpl
2dSL62ymqDHlwTUmUMMKkrxpLHWwo3CxHZgVLPsuhPEM32fwTrFuFrxgupHwtTbd
eO6K7J96BImIE/1oqDV/k/qJ+jVNvoc8k/U9pNheHGeBZIvxtHRXOvBhleWn5g8Z
5ZECJ8Or19X/ULfEixjVDb4yEVp2vIqzsN7xf8jvTAASlA==
-----END CERTIFICATE-----