Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/18hjirLEsj_gq9vJ8ViwbYDBuNU.roa
File:                     18hjirLEsj_gq9vJ8ViwbYDBuNU.roa (raw, json)
Hash identifier:          nWdyIcRwpdZyvDvc+YIcKXhKIK2LBy3SLVlhGVLfMKg=
Subject key identifier:   D7:C8:63:8A:B2:C4:B2:3F:E0:AB:DB:C9:F1:58:B0:6D:80:C1:B8:D5
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01999E9E0F7EF59CA976F5D4985173F2F8B5
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/18hjirLEsj_gq9vJ8ViwbYDBuNU.roa
Signing time:             Wed 01 Oct 2025 07:13:02 +0000
ROA not before:           Wed 01 Oct 2025 07:13:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     154049
IP address blocks:        2a12:ac46:22::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 22:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9e:9e:0f:7e:f5:9c:a9:76:f5:d4:98:51:73:f2:f8:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Oct  1 07:13:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d7c8638ab2c4b23fe0abdbc9f158b06d80c1b8d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:52:d3:34:4d:65:be:0b:2d:40:e0:d0:89:d3:
                    3a:46:4a:6d:6f:10:9b:dd:d5:c0:27:83:8a:59:f3:
                    c6:a2:49:bc:c5:e8:86:fa:28:6c:4f:bd:86:2c:2d:
                    09:f1:20:a7:6d:2e:3f:d6:c5:37:25:a8:e5:be:a3:
                    c4:03:60:2a:43:a5:8b:63:9b:0e:ab:4d:7f:8d:c8:
                    31:5f:48:95:89:e6:48:b3:2a:4b:a9:3f:77:3d:f9:
                    93:09:6e:42:a9:20:d5:19:cc:90:9c:ed:89:e5:37:
                    b4:84:7e:c8:7a:a0:c2:9e:0b:c5:bd:83:39:5c:ef:
                    95:53:48:fb:7d:8a:a2:34:9f:b1:29:48:70:1e:dd:
                    e0:6b:cd:f8:04:5b:7f:61:94:bd:c4:12:16:77:b5:
                    81:5e:6e:c0:15:c3:8b:97:bb:56:3a:21:ad:83:40:
                    d9:73:16:76:8f:2e:f5:c2:12:b2:26:ec:f9:54:ae:
                    5b:27:ce:42:4b:80:09:2a:5e:48:5f:dd:13:a6:33:
                    f1:47:b8:5b:69:d8:67:50:b7:6a:47:08:fb:87:94:
                    ef:9f:0f:25:1d:1d:a8:48:a6:e9:05:2f:97:6f:f3:
                    66:18:fb:96:b9:0d:35:c0:19:b6:09:aa:c5:16:d6:
                    a2:9c:4c:59:11:43:82:c0:52:ac:92:33:44:08:9c:
                    cf:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:C8:63:8A:B2:C4:B2:3F:E0:AB:DB:C9:F1:58:B0:6D:80:C1:B8:D5
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/18hjirLEsj_gq9vJ8ViwbYDBuNU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:ac46:22::/48

    Signature Algorithm: sha256WithRSAEncryption
         5e:76:ea:ec:1f:a4:89:88:e7:7e:f3:c6:6f:6f:b4:d7:85:f4:
         69:62:51:d4:b1:74:05:ca:5a:aa:08:55:63:2d:91:04:2d:6c:
         f8:5c:83:7c:ad:eb:f3:44:a8:58:a8:e7:36:37:2e:70:79:8f:
         af:f5:a3:a1:d7:e6:64:35:73:63:c5:79:8e:3b:74:26:90:0f:
         17:f5:89:c5:9b:02:de:3c:88:a5:02:73:8e:3f:21:f7:ef:44:
         be:8f:13:76:72:cc:04:7f:b7:4d:23:64:5a:4b:b3:bc:f6:a1:
         d7:66:25:02:2e:9d:15:88:c7:21:5a:04:bc:11:b6:1f:10:32:
         28:a3:25:5a:9f:3c:8b:f2:0e:58:b8:fc:4a:7a:d9:c3:ed:95:
         34:a7:31:6b:f3:46:67:51:40:58:0c:be:66:df:6b:ac:af:16:
         b5:94:d2:04:cb:1b:de:ff:c8:73:27:42:00:44:81:ab:8a:b8:
         88:03:ae:b8:2c:e7:3d:33:df:09:6a:34:7d:d2:d4:5e:e1:98:
         dd:25:b2:78:dd:ed:50:36:37:75:34:68:db:80:1b:96:b5:9c:
         21:26:c2:b6:88:38:5b:77:d0:d5:86:05:07:73:2f:20:4a:d4:
         a5:2e:4e:49:31:64:db:72:1f:df:37:dd:8c:5c:8d:f0:3a:1a:
         92:67:5a:7d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZmeng9+9ZypdvXUmFFz8vi1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUxMDAxMDcxMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2M4NjM4YWIyYzRiMjNmZTBhYmRiYzlmMTU4YjA2ZDgwYzFiOGQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt1LTNE1lvgstQODQidM6RkptbxCb
3dXAJ4OKWfPGokm8xeiG+ihsT72GLC0J8SCnbS4/1sU3JajlvqPEA2AqQ6WLY5sO
q01/jcgxX0iVieZIsypLqT93PfmTCW5CqSDVGcyQnO2J5Te0hH7IeqDCngvFvYM5
XO+VU0j7fYqiNJ+xKUhwHt3ga834BFt/YZS9xBIWd7WBXm7AFcOLl7tWOiGtg0DZ
cxZ2jy71whKyJuz5VK5bJ85CS4AJKl5IX90TpjPxR7hbadhnULdqRwj7h5Tvnw8l
HR2oSKbpBS+Xb/NmGPuWuQ01wBm2CarFFtainExZEUOCwFKskjNECJzP6QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNfIY4qyxLI/4KvbyfFYsG2AwbjVMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvMThoamlyTEVzal9ncTl2SjhWaXdiWURCdU5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhKsRgAi
MA0GCSqGSIb3DQEBCwUAA4IBAQBedursH6SJiOd+88Zvb7TXhfRpYlHUsXQFylqq
CFVjLZEELWz4XIN8revzRKhYqOc2Ny5weY+v9aOh1+ZkNXNjxXmOO3QmkA8X9YnF
mwLePIilAnOOPyH370S+jxN2cswEf7dNI2RaS7O89qHXZiUCLp0ViMchWgS8EbYf
EDIooyVanzyL8g5YuPxKetnD7ZU0pzFr80ZnUUBYDL5m32usrxa1lNIEyxve/8hz
J0IARIGririIA664LOc9M98JajR90tRe4ZjdJbJ43e1QNjd1NGjbgBuWtZwhJsK2
iDhbd9DVhgUHcy8gStSlLk5JMWTbch/fN92MXI3wOhqSZ1p9
-----END CERTIFICATE-----