Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/S2_Wbc7fbPJ_NvmCY0P1gWLwU3s.roa
File:                     S2_Wbc7fbPJ_NvmCY0P1gWLwU3s.roa (raw, json)
Hash identifier:          c3gqFQTSTiBMpR3ySTzome8dgodjiOkvkUuIz6BMMHg=
Subject key identifier:   4B:6F:D6:6D:CE:DF:6C:F2:7F:36:F9:82:63:43:F5:81:62:F0:53:7B
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0199AABE9D98C19C75E4C613F2E5162BD91E
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/S2_Wbc7fbPJ_NvmCY0P1gWLwU3s.roa
Signing time:             Fri 03 Oct 2025 15:44:02 +0000
ROA not before:           Fri 03 Oct 2025 15:44:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215059
IP address blocks:        2a10:3540::/29 maxlen: 29
                          2a10:3840::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:aa:be:9d:98:c1:9c:75:e4:c6:13:f2:e5:16:2b:d9:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Oct  3 15:44:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b6fd66dcedf6cf27f36f9826343f58162f0537b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:c0:51:83:c0:5d:10:f9:33:8e:9a:5d:cb:5a:
                    a7:95:33:2d:54:b4:13:21:40:6a:2b:65:84:30:07:
                    3c:38:71:d1:d4:9d:1b:95:23:f4:e7:d4:39:65:c5:
                    59:9b:b9:ad:3f:93:b4:47:5d:ef:b3:22:ee:d6:cf:
                    f0:7b:8a:07:21:e7:e1:9b:81:76:ee:a0:76:10:1f:
                    cb:00:1b:53:72:21:72:58:f7:85:e0:4c:35:f4:9b:
                    46:9b:a2:aa:58:f4:70:63:a3:7a:76:14:8d:39:24:
                    c4:cb:dc:31:80:26:7a:c7:97:07:cb:d6:61:9f:3b:
                    84:e5:18:5f:65:65:06:70:3e:ac:2d:09:c0:ba:ae:
                    a0:f2:98:07:b4:98:70:c6:b2:90:de:7d:d3:e2:1a:
                    53:0a:3d:35:a8:d9:6d:f5:f1:12:50:0c:0c:91:c4:
                    f6:e4:31:87:70:fb:df:47:35:c9:0a:38:b1:f0:3e:
                    68:1a:95:51:87:dd:04:cb:48:72:09:6c:b1:97:8c:
                    42:cf:0a:1b:46:0e:bc:cd:c8:a5:f4:25:b8:a9:f3:
                    3d:08:b8:fe:ae:33:39:2d:7e:31:aa:aa:b5:34:49:
                    c4:82:66:c1:e8:b9:ed:0d:79:ef:c8:9b:df:bb:27:
                    08:7b:c3:65:4d:62:15:67:56:e8:c3:86:72:f9:a1:
                    73:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:6F:D6:6D:CE:DF:6C:F2:7F:36:F9:82:63:43:F5:81:62:F0:53:7B
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/S2_Wbc7fbPJ_NvmCY0P1gWLwU3s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:3540::/29
                  2a10:3840::/29

    Signature Algorithm: sha256WithRSAEncryption
         9c:85:ad:72:2b:ea:90:07:9f:d1:87:3e:55:cb:ce:9f:b3:be:
         43:22:0d:f6:26:70:b6:16:0d:de:8e:33:f7:67:aa:67:a7:ad:
         aa:21:43:38:f4:f3:bd:8f:37:81:21:ba:4e:27:ac:1e:38:63:
         fa:88:34:22:08:32:f2:85:c0:98:c0:75:1a:71:ee:7d:24:4e:
         f8:70:cf:89:09:a1:c9:dc:db:a3:c3:fe:8c:e6:29:6e:56:41:
         53:47:da:d3:72:8e:c1:6c:45:e0:6a:e9:c5:a8:4c:51:53:f2:
         99:38:d6:4d:e9:ad:04:00:d0:bb:f7:3d:fd:a3:32:72:93:90:
         4d:c9:79:5d:bb:a5:75:20:3c:d6:fa:bf:96:1d:71:56:c1:d0:
         13:7b:ff:b0:1b:1b:a8:20:78:91:1b:a0:47:61:43:d3:44:ec:
         8a:b3:d8:98:90:d2:b7:92:a8:da:94:db:47:cc:89:2c:f3:2d:
         52:df:cf:3c:00:11:02:94:5e:03:ae:51:41:b0:05:04:71:89:
         5e:50:54:61:03:a7:a7:7b:2c:30:3d:7a:00:61:f3:65:6a:ca:
         e5:5d:4d:f6:f3:d2:11:ee:e7:bb:68:23:b1:fa:9b:1a:58:98:
         98:bc:c5:3f:13:44:3e:69:41:ca:57:d6:bb:c3:3c:99:1c:2e:
         3d:22:83:d2
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZmqvp2YwZx15MYT8uUWK9keMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUxMDAzMTU0NDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjZmZDY2ZGNlZGY2Y2YyN2YzNmY5ODI2MzQzZjU4MTYyZjA1MzdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhsBRg8BdEPkzjppdy1qnlTMtVLQT
IUBqK2WEMAc8OHHR1J0blSP059Q5ZcVZm7mtP5O0R13vsyLu1s/we4oHIefhm4F2
7qB2EB/LABtTciFyWPeF4Ew19JtGm6KqWPRwY6N6dhSNOSTEy9wxgCZ6x5cHy9Zh
nzuE5RhfZWUGcD6sLQnAuq6g8pgHtJhwxrKQ3n3T4hpTCj01qNlt9fESUAwMkcT2
5DGHcPvfRzXJCjix8D5oGpVRh90Ey0hyCWyxl4xCzwobRg68zcil9CW4qfM9CLj+
rjM5LX4xqqq1NEnEgmbB6LntDXnvyJvfuycIe8NlTWIVZ1bow4Zy+aFzPwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEtv1m3O32zyfzb5gmND9YFi8FN7MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvUzJfV2JjN2ZiUEpfTnZtQ1kwUDFnV0x3VTNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhA1QAMF
AyoQOEAwDQYJKoZIhvcNAQELBQADggEBAJyFrXIr6pAHn9GHPlXLzp+zvkMiDfYm
cLYWDd6OM/dnqmenraohQzj0872PN4Ehuk4nrB44Y/qINCIIMvKFwJjAdRpx7n0k
Tvhwz4kJocnc26PD/ozmKW5WQVNH2tNyjsFsReBq6cWoTFFT8pk41k3prQQA0Lv3
Pf2jMnKTkE3JeV27pXUgPNb6v5YdcVbB0BN7/7AbG6ggeJEboEdhQ9NE7Iqz2JiQ
0reSqNqU20fMiSzzLVLfzzwAEQKUXgOuUUGwBQRxiV5QVGEDp6d7LDA9egBh82Vq
yuVdTfbz0hHu57toI7H6mxpYmJi8xT8TRD5pQcpX1rvDPJkcLj0ig9I=
-----END CERTIFICATE-----