Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/h7tNDWBf7wpXdscfvLwG2Z0403w.roa
File:                     h7tNDWBf7wpXdscfvLwG2Z0403w.roa (raw, json)
Hash identifier:          UX2axTiXGQ/7wgnJMIdW2u0JWiQEm6R5wCuRjN4n9wU=
Subject key identifier:   87:BB:4D:0D:60:5F:EF:0A:57:76:C7:1F:BC:BC:06:D9:9D:38:D3:7C
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019A007A7ED0C40E33389BF0975C69DE6649
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/h7tNDWBf7wpXdscfvLwG2Z0403w.roa
Signing time:             Mon 20 Oct 2025 07:16:59 +0000
ROA not before:           Mon 20 Oct 2025 07:16:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30058
IP address blocks:        185.126.66.0/24 maxlen: 24
                          2a0a:2d06:104::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:00:7a:7e:d0:c4:0e:33:38:9b:f0:97:5c:69:de:66:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Oct 20 07:16:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=87bb4d0d605fef0a5776c71fbcbc06d99d38d37c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:df:d0:31:2e:bf:3f:e2:1d:36:7d:f0:cd:a2:
                    9a:a5:29:20:27:4f:ef:42:82:06:0c:2c:16:ba:f5:
                    33:16:58:b7:4d:66:c5:5b:35:75:7a:89:78:da:c7:
                    24:92:e7:a2:60:28:74:2e:aa:70:53:c0:61:6b:93:
                    1e:37:59:32:9e:dc:07:59:29:cc:18:00:13:97:36:
                    fa:d2:0b:6e:4d:6a:06:86:1e:3d:d8:df:0d:d5:8e:
                    58:72:b3:e0:70:9d:69:4d:75:bc:59:0c:7b:2d:59:
                    aa:9f:66:85:90:86:32:03:69:33:d0:12:c8:2c:16:
                    f4:78:50:10:03:09:a1:4b:10:23:e4:d3:15:7c:61:
                    a3:ff:e8:92:a9:40:a3:66:8c:5c:ce:da:c7:fe:22:
                    b7:10:7e:be:b4:2a:99:22:9c:95:d6:51:8a:e8:76:
                    54:e7:0e:93:b5:db:48:2f:8a:6d:3e:33:ff:03:42:
                    c0:d7:0d:41:f7:8d:2a:12:72:cf:74:c9:d7:86:aa:
                    3f:2f:b4:71:fb:1a:7c:b0:c4:05:e6:f2:66:f2:01:
                    84:66:50:26:2c:c1:78:99:08:32:6c:bd:94:d5:92:
                    2c:9e:90:85:e8:f7:4e:6d:aa:26:b2:c3:ca:5c:cb:
                    d0:09:92:81:cb:cb:7a:3e:5f:c6:eb:78:2e:79:66:
                    c4:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:BB:4D:0D:60:5F:EF:0A:57:76:C7:1F:BC:BC:06:D9:9D:38:D3:7C
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/h7tNDWBf7wpXdscfvLwG2Z0403w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.66.0/24
                IPv6:
                  2a0a:2d06:104::/48

    Signature Algorithm: sha256WithRSAEncryption
         37:56:e1:56:e9:0b:77:6a:72:64:e5:c4:aa:8c:f2:8e:72:0e:
         b2:55:b4:00:0f:5b:91:39:00:b9:2a:e3:28:00:00:d9:8d:d0:
         40:1d:a4:45:cc:30:ce:2f:e8:4f:03:bf:ab:59:83:2d:e5:34:
         e8:df:bd:4a:cd:dd:b2:dd:5a:54:3e:6b:b3:41:f6:74:f7:93:
         49:0e:09:b3:78:e3:f6:a6:ef:93:a1:a5:af:72:a4:19:84:09:
         ba:b6:97:58:11:06:c7:92:05:02:a3:96:98:5f:44:72:df:04:
         20:a8:6c:d8:45:9a:bf:12:3e:bd:b0:74:b4:06:c0:fd:4a:db:
         09:6c:b9:52:7d:06:a6:44:36:3f:98:df:c6:93:c2:1d:c7:b5:
         5f:66:27:b1:90:b8:eb:2a:d6:e1:f1:9c:40:fb:a4:cd:f1:2d:
         6a:24:ac:be:f3:df:c8:72:62:4a:ea:f7:fe:bd:8e:10:2d:8a:
         f2:46:dd:c3:e7:43:f0:25:d5:90:ef:bb:9f:22:12:da:b9:31:
         03:92:ac:40:f1:7e:c2:03:d5:14:40:ea:58:60:64:e9:d5:40:
         6d:49:28:e8:32:61:c2:4d:47:e6:69:0e:51:b6:b6:40:3a:10:
         cf:8d:fb:49:2a:a6:a8:70:fe:1f:08:49:ba:b7:40:a4:09:e1:
         3e:7b:11:46
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZoAen7QxA4zOJvwl1xp3mZJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUxMDIwMDcxNjU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2JiNGQwZDYwNWZlZjBhNTc3NmM3MWZiY2JjMDZkOTlkMzhkMzdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA19/QMS6/P+IdNn3wzaKapSkgJ0/v
QoIGDCwWuvUzFli3TWbFWzV1eol42sckkueiYCh0LqpwU8Bha5MeN1kyntwHWSnM
GAATlzb60gtuTWoGhh492N8N1Y5YcrPgcJ1pTXW8WQx7LVmqn2aFkIYyA2kz0BLI
LBb0eFAQAwmhSxAj5NMVfGGj/+iSqUCjZoxcztrH/iK3EH6+tCqZIpyV1lGK6HZU
5w6TtdtIL4ptPjP/A0LA1w1B940qEnLPdMnXhqo/L7Rx+xp8sMQF5vJm8gGEZlAm
LMF4mQgybL2U1ZIsnpCF6PdObaomssPKXMvQCZKBy8t6Pl/G63gueWbEdwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIe7TQ1gX+8KV3bHH7y8BtmdONN8MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvaDd0TkRXQmY3d3BYZHNjZnZMd0cyWjA0MDN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuX5CMA8E
AgACMAkDBwAqCi0GAQQwDQYJKoZIhvcNAQELBQADggEBADdW4VbpC3dqcmTlxKqM
8o5yDrJVtAAPW5E5ALkq4ygAANmN0EAdpEXMMM4v6E8Dv6tZgy3lNOjfvUrN3bLd
WlQ+a7NB9nT3k0kOCbN44/am75Ohpa9ypBmECbq2l1gRBseSBQKjlphfRHLfBCCo
bNhFmr8SPr2wdLQGwP1K2wlsuVJ9BqZENj+Y38aTwh3HtV9mJ7GQuOsq1uHxnED7
pM3xLWokrL7z38hyYkrq9/69jhAtivJG3cPnQ/Al1ZDvu58iEtq5MQOSrEDxfsID
1RRA6lhgZOnVQG1JKOgyYcJNR+ZpDlG2tkA6EM+N+0kqpqhw/h8ISbq3QKQJ4T57
EUY=
-----END CERTIFICATE-----