Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/cCtPPsTaFducm8KMIvRZItOBCYc.roa
File:                     cCtPPsTaFducm8KMIvRZItOBCYc.roa (raw, json)
Hash identifier:          IubkU/k6u80i1we+eqD7DOyoGs/Mg8TvrpdtlcaYZTM=
Subject key identifier:   70:2B:4F:3E:C4:DA:15:DB:9C:9B:C2:8C:22:F4:59:22:D3:81:09:87
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0198D15068BEB69927A78B219B7E8690544F
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/cCtPPsTaFducm8KMIvRZItOBCYc.roa
Signing time:             Fri 22 Aug 2025 10:26:04 +0000
ROA not before:           Fri 22 Aug 2025 10:26:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53667
IP address blocks:        2a09:7500::/29 maxlen: 29
                          2a0f:3044::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 04:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d1:50:68:be:b6:99:27:a7:8b:21:9b:7e:86:90:54:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Aug 22 10:26:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=702b4f3ec4da15db9c9bc28c22f45922d3810987
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:08:3f:09:88:66:5a:33:76:a3:50:b0:c6:1a:
                    77:d7:4c:2b:a1:62:1e:a8:72:b4:82:be:65:b1:de:
                    fc:32:b3:5a:fb:71:dc:41:2a:28:56:86:24:39:45:
                    de:bc:e2:2d:87:38:2f:38:21:28:35:0b:cb:98:4b:
                    81:7b:6d:1d:cc:10:db:09:44:45:c6:c0:d2:a7:b3:
                    e6:26:4e:1b:e3:9c:79:f8:34:86:d7:fc:8d:13:49:
                    54:bd:5f:c3:1c:54:82:e4:ff:69:4c:e9:19:3b:b1:
                    14:94:66:d0:51:19:10:8e:44:34:4f:75:c1:23:06:
                    9f:f2:c6:c3:b4:42:d8:1f:e4:3c:55:08:da:8f:4a:
                    ae:7f:1e:09:cc:60:a8:ad:35:4a:b5:0c:f3:47:48:
                    ff:03:40:4a:2e:5b:83:b0:32:52:42:22:6e:a9:c6:
                    2a:be:ee:5b:fa:90:1f:3e:fe:3d:82:f0:4d:bb:33:
                    81:7c:10:46:d8:8d:a6:20:a0:4b:d3:f3:69:82:2f:
                    f9:4d:b9:18:e6:d7:13:1c:bc:e1:d5:45:35:e7:04:
                    df:27:21:50:de:52:1e:fb:ea:e4:3e:57:54:10:e8:
                    dd:31:8b:eb:b4:86:31:0a:82:89:50:d3:98:66:eb:
                    60:72:1e:96:86:ca:58:45:b8:a1:e2:29:f6:d2:b8:
                    b6:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:2B:4F:3E:C4:DA:15:DB:9C:9B:C2:8C:22:F4:59:22:D3:81:09:87
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/cCtPPsTaFducm8KMIvRZItOBCYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:7500::/29
                  2a0f:3044::/32

    Signature Algorithm: sha256WithRSAEncryption
         34:1f:f5:6a:13:2c:33:26:f5:63:e6:d5:a2:32:5f:b1:42:1f:
         94:28:42:af:07:fe:5d:2b:6e:26:e1:2a:7b:34:ba:39:df:36:
         85:c5:83:8b:25:13:32:c7:ac:c2:67:25:fe:7e:33:17:ca:07:
         a0:67:40:0b:d4:c9:c6:c1:d8:f9:59:56:e2:88:f0:ad:d3:74:
         c2:eb:61:01:ce:1b:e5:a2:1a:2a:6a:96:ca:f3:9c:b7:c1:de:
         da:e8:3d:17:fd:68:1c:ea:02:72:04:b2:4a:10:0f:ee:5e:e5:
         75:61:59:15:9d:5a:6b:d6:4e:13:b0:f2:02:b6:cb:cb:53:9c:
         62:5b:d3:ce:29:91:8b:41:d2:55:0f:01:3b:d7:85:a7:a5:4c:
         dd:ef:fc:41:28:41:79:85:85:3d:0f:e9:2f:d2:fb:5b:39:dd:
         d3:29:f1:30:a2:d3:71:a4:6b:80:62:ef:56:b8:a8:8e:02:96:
         af:f4:0c:7a:39:4f:61:24:2d:a7:6c:dc:58:43:18:c7:c1:c4:
         f4:c5:35:2a:46:97:8b:93:5e:84:b8:56:ec:d6:c3:bc:3f:40:
         1b:b3:5a:df:6d:52:68:14:82:23:ae:6c:80:e5:27:24:80:8c:
         06:48:b0:41:82:e1:6d:e8:d2:c7:5a:a6:a7:5e:47:74:11:3f:
         73:b8:c8:89
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZjRUGi+tpknp4shm36GkFRPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwODIyMTAyNjA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDJiNGYzZWM0ZGExNWRiOWM5YmMyOGMyMmY0NTkyMmQzODEwOTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Qg/CYhmWjN2o1Cwxhp310wroWIe
qHK0gr5lsd78MrNa+3HcQSooVoYkOUXevOIthzgvOCEoNQvLmEuBe20dzBDbCURF
xsDSp7PmJk4b45x5+DSG1/yNE0lUvV/DHFSC5P9pTOkZO7EUlGbQURkQjkQ0T3XB
Iwaf8sbDtELYH+Q8VQjaj0qufx4JzGCorTVKtQzzR0j/A0BKLluDsDJSQiJuqcYq
vu5b+pAfPv49gvBNuzOBfBBG2I2mIKBL0/Npgi/5TbkY5tcTHLzh1UU15wTfJyFQ
3lIe++rkPldUEOjdMYvrtIYxCoKJUNOYZutgch6WhspYRbih4in20ri2LwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHArTz7E2hXbnJvCjCL0WSLTgQmHMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvY0N0UFBzVGFGZHVjbThLTUl2UlpJdE9CQ1ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKgl1AAMF
ACoPMEQwDQYJKoZIhvcNAQELBQADggEBADQf9WoTLDMm9WPm1aIyX7FCH5QoQq8H
/l0rbibhKns0ujnfNoXFg4slEzLHrMJnJf5+MxfKB6BnQAvUycbB2PlZVuKI8K3T
dMLrYQHOG+WiGipqlsrznLfB3troPRf9aBzqAnIEskoQD+5e5XVhWRWdWmvWThOw
8gK2y8tTnGJb084pkYtB0lUPATvXhaelTN3v/EEoQXmFhT0P6S/S+1s53dMp8TCi
03Gka4Bi71a4qI4Clq/0DHo5T2EkLads3FhDGMfBxPTFNSpGl4uTXoS4VuzWw7w/
QBuzWt9tUmgUgiOubIDlJySAjAZIsEGC4W3o0sdapqdeR3QRP3O4yIk=
-----END CERTIFICATE-----