Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/8rNwihckunwaTS1O9sjwBajXbfc.roa
File:                     8rNwihckunwaTS1O9sjwBajXbfc.roa (raw, json)
Hash identifier:          +goszWRXnrNQaOTkHwIp87tzyxcx6HGvSszfpahMAZ0=
Subject key identifier:   F2:B3:70:8A:17:24:BA:7C:1A:4D:2D:4E:F6:C8:F0:05:A8:D7:6D:F7
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01984640EA9A9A3B8C1C4143F81E0C81B405
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/8rNwihckunwaTS1O9sjwBajXbfc.roa
Signing time:             Sat 26 Jul 2025 10:21:56 +0000
ROA not before:           Sat 26 Jul 2025 10:21:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204958
IP address blocks:        2.56.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 19:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:46:40:ea:9a:9a:3b:8c:1c:41:43:f8:1e:0c:81:b4:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jul 26 10:21:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f2b3708a1724ba7c1a4d2d4ef6c8f005a8d76df7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:35:ea:66:c1:5c:9e:06:15:dc:6b:a6:a2:40:
                    ca:b6:30:28:65:7f:1e:0a:4d:f0:51:e3:57:0d:05:
                    48:a6:47:2e:db:9b:88:87:cd:b1:9d:e9:cf:ea:cd:
                    53:82:ca:71:c7:f8:53:a0:d0:4e:77:4d:17:36:7a:
                    1c:95:b9:76:70:8c:58:a3:86:6e:ed:56:d7:33:66:
                    5f:5c:88:15:ac:14:99:be:45:63:c2:a6:db:9f:ac:
                    1e:19:b9:e4:0d:d7:5c:67:45:b8:cd:77:60:8c:8a:
                    b7:ab:ac:90:13:09:58:9e:7b:60:5b:43:d7:8c:e9:
                    b4:d7:83:db:1f:55:58:ea:1a:e4:85:87:0e:5c:94:
                    a7:44:42:97:a5:a0:45:f8:49:72:80:12:fa:64:f7:
                    88:04:98:ec:c7:9f:40:eb:d7:54:5d:93:a6:11:73:
                    47:7b:6d:cc:a2:69:a5:66:64:97:62:ca:98:27:75:
                    13:21:19:be:9c:e8:10:05:89:7c:6e:e0:d9:62:73:
                    39:b5:9d:14:e6:bb:f2:fb:8d:d4:b0:52:cd:4a:7d:
                    06:eb:87:bb:18:20:cc:75:28:6f:3c:b1:36:be:c6:
                    e7:10:d9:32:56:ee:c5:2e:9d:f5:c5:ab:bd:34:83:
                    66:b9:9d:b5:0d:ef:e3:04:63:92:97:3b:4a:de:8a:
                    9f:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:B3:70:8A:17:24:BA:7C:1A:4D:2D:4E:F6:C8:F0:05:A8:D7:6D:F7
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/8rNwihckunwaTS1O9sjwBajXbfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:2c:9a:22:6b:52:a0:c8:ff:e9:1a:b7:57:0f:56:3c:d1:ae:
         56:62:ed:bf:37:8e:6d:a8:f6:eb:ec:1d:76:f9:45:f3:80:27:
         02:a1:2e:a9:46:46:94:c2:94:3d:22:ae:b3:f4:8e:17:37:44:
         6b:71:95:a5:df:0d:4c:06:4e:cf:b4:df:6e:90:64:6e:9f:19:
         5b:27:9f:ec:c3:19:03:a6:bc:e3:79:a7:31:6c:c1:0b:fc:91:
         ad:f8:1d:5e:1a:61:39:60:80:4c:8a:2e:a9:17:e4:fd:ea:1c:
         78:d7:68:91:bc:a3:0a:0d:7f:47:43:52:ae:d5:78:02:d8:f8:
         1b:6a:32:8f:fd:6e:23:37:0b:c3:00:a0:2a:e2:aa:97:a6:e3:
         73:12:42:67:48:3d:0d:1f:91:83:22:75:a6:96:fd:e3:90:96:
         44:a2:4b:83:88:3d:d1:78:0e:81:82:8e:aa:3c:0a:f3:3b:49:
         70:41:47:7c:ca:d0:99:42:01:fd:a9:5d:2d:07:b6:dd:5e:91:
         74:1a:6f:d2:88:3c:98:d3:d7:13:e1:3e:c4:3f:d4:d1:f8:8d:
         53:2b:19:5a:76:e1:54:4f:83:69:f6:49:65:4a:ca:14:f8:de:
         99:7e:53:49:78:b5:cf:28:df:80:53:34:d4:46:87:38:38:2e:
         bc:1f:90:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhGQOqamjuMHEFD+B4MgbQFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNzI2MTAyMTU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmIzNzA4YTE3MjRiYTdjMWE0ZDJkNGVmNmM4ZjAwNWE4ZDc2ZGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0TXqZsFcngYV3GumokDKtjAoZX8e
Ck3wUeNXDQVIpkcu25uIh82xnenP6s1Tgspxx/hToNBOd00XNnoclbl2cIxYo4Zu
7VbXM2ZfXIgVrBSZvkVjwqbbn6weGbnkDddcZ0W4zXdgjIq3q6yQEwlYnntgW0PX
jOm014PbH1VY6hrkhYcOXJSnREKXpaBF+ElygBL6ZPeIBJjsx59A69dUXZOmEXNH
e23MommlZmSXYsqYJ3UTIRm+nOgQBYl8buDZYnM5tZ0U5rvy+43UsFLNSn0G64e7
GCDMdShvPLE2vsbnENkyVu7FLp31xau9NINmuZ21De/jBGOSlztK3oqfxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPKzcIoXJLp8Gk0tTvbI8AWo1233MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvOHJOd2loY2t1bndhVFMxTzlzandCYWpYYmZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAjhnMA0G
CSqGSIb3DQEBCwUAA4IBAQCPLJoia1KgyP/pGrdXD1Y80a5WYu2/N45tqPbr7B12
+UXzgCcCoS6pRkaUwpQ9Iq6z9I4XN0RrcZWl3w1MBk7PtN9ukGRunxlbJ5/swxkD
przjeacxbMEL/JGt+B1eGmE5YIBMii6pF+T96hx412iRvKMKDX9HQ1Ku1XgC2Pgb
ajKP/W4jNwvDAKAq4qqXpuNzEkJnSD0NH5GDInWmlv3jkJZEokuDiD3ReA6Bgo6q
PArzO0lwQUd8ytCZQgH9qV0tB7bdXpF0Gm/SiDyY09cT4T7EP9TR+I1TKxladuFU
T4Np9kllSsoU+N6ZflNJeLXPKN+AUzTURoc4OC68H5DR
-----END CERTIFICATE-----