Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/13zE_E0OzgxZG7moJEFjYXA5-rs.roa
File:                     13zE_E0OzgxZG7moJEFjYXA5-rs.roa (raw, json)
Hash identifier:          7B/vbwtUFUL4c6TDudyE0Aang5F1aIafsncblVmDYPU=
Subject key identifier:   D7:7C:C4:FC:4D:0E:CE:0C:59:1B:B9:A8:24:41:63:61:70:39:FA:BB
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019A021A34BA0EBA65CBC0CEB9102451ED7F
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/13zE_E0OzgxZG7moJEFjYXA5-rs.roa
Signing time:             Mon 20 Oct 2025 14:51:03 +0000
ROA not before:           Mon 20 Oct 2025 14:51:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     150654
IP address blocks:        2a0a:2d07:fc63::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Oct 2025 23:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:02:1a:34:ba:0e:ba:65:cb:c0:ce:b9:10:24:51:ed:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Oct 20 14:51:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d77cc4fc4d0ece0c591bb9a8244163617039fabb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:8b:c8:20:b8:8d:6c:7c:e5:98:c9:83:c9:e9:
                    b4:ed:66:61:c4:4c:53:6c:01:8e:87:5c:af:31:90:
                    64:e0:64:e6:94:a1:2a:5c:c7:81:22:d8:f0:e2:25:
                    8a:5c:95:e3:1f:51:02:62:aa:15:7a:b8:32:48:36:
                    03:51:b5:0e:bb:83:51:af:8a:f6:19:34:54:2d:6c:
                    02:16:1a:38:97:61:1d:c3:e2:12:d1:30:70:a1:f7:
                    d6:59:43:a6:60:97:c6:34:fb:de:38:82:43:87:e4:
                    43:dd:ef:ae:31:25:f3:77:f5:c9:9d:4d:7d:04:b9:
                    e3:48:a3:b6:0c:e0:21:49:7f:ed:fd:cb:2e:35:8b:
                    9e:4f:58:2b:98:0b:13:e7:db:32:d4:f8:1d:e6:49:
                    3d:b8:ea:73:ac:cf:68:77:01:4c:02:88:3f:8e:44:
                    a1:ca:86:c4:c6:9e:e4:f4:6a:60:c8:a3:70:0e:52:
                    2d:ae:c7:f2:ae:9b:e7:82:df:e7:7a:58:22:d2:d0:
                    e0:fd:ac:39:e6:41:d0:b4:b7:9b:c8:bb:a3:71:15:
                    aa:d9:12:f2:44:b9:fc:fd:21:11:0d:62:bd:48:a9:
                    e9:74:80:ad:47:c9:76:0a:e6:a8:19:15:4e:63:ab:
                    29:df:74:ef:34:f5:44:5d:3a:14:cf:f3:71:ad:94:
                    36:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:7C:C4:FC:4D:0E:CE:0C:59:1B:B9:A8:24:41:63:61:70:39:FA:BB
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/13zE_E0OzgxZG7moJEFjYXA5-rs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:2d07:fc63::/48

    Signature Algorithm: sha256WithRSAEncryption
         b5:7d:71:36:ac:eb:a9:c9:31:9c:75:b5:c5:36:e5:61:bd:29:
         c9:23:be:a0:95:1c:0f:19:12:0a:ef:8e:69:53:49:f3:f9:7d:
         61:42:d7:39:66:56:ed:80:36:23:0e:02:cf:bf:e1:4d:da:88:
         34:e7:42:e3:68:69:57:ea:25:a1:9b:92:05:f7:59:2a:6f:32:
         a5:27:52:10:78:68:3d:d3:94:5f:0e:dc:86:59:c4:ee:ed:90:
         1b:05:49:72:2c:3d:86:7d:a5:dc:c2:ae:75:f2:b4:0a:61:f0:
         0d:e3:dd:e6:53:59:ae:92:d6:19:fb:a2:9a:60:ab:d5:fb:4b:
         bb:45:24:ef:ac:52:f0:1a:2d:82:30:2e:6b:c9:73:68:fb:c5:
         ff:35:0f:90:b4:4c:7a:26:97:19:94:e1:00:3f:31:50:73:23:
         99:00:ce:0d:aa:43:84:a1:f7:0b:2b:3f:3b:48:df:e8:e6:6e:
         fa:e6:e3:d1:ac:82:a0:5c:24:cd:db:40:97:2f:c1:10:10:53:
         53:e6:72:9d:18:b0:12:1b:5f:44:71:b1:d8:17:a1:99:1f:99:
         78:ba:10:e0:b4:8a:e6:2b:6c:ff:f8:6b:74:72:82:09:5d:2b:
         3e:e7:56:05:a9:7d:5a:fe:08:81:88:a6:a4:b3:9f:1a:6d:af:
         2c:22:85:7b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZoCGjS6Drply8DOuRAkUe1/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUxMDIwMTQ1MTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzdjYzRmYzRkMGVjZTBjNTkxYmI5YTgyNDQxNjM2MTcwMzlmYWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA84vIILiNbHzlmMmDyem07WZhxExT
bAGOh1yvMZBk4GTmlKEqXMeBItjw4iWKXJXjH1ECYqoVergySDYDUbUOu4NRr4r2
GTRULWwCFho4l2Edw+IS0TBwoffWWUOmYJfGNPveOIJDh+RD3e+uMSXzd/XJnU19
BLnjSKO2DOAhSX/t/csuNYueT1grmAsT59sy1Pgd5kk9uOpzrM9odwFMAog/jkSh
yobExp7k9GpgyKNwDlItrsfyrpvngt/nelgi0tDg/aw55kHQtLebyLujcRWq2RLy
RLn8/SERDWK9SKnpdICtR8l2CuaoGRVOY6sp33TvNPVEXToUz/NxrZQ2RwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNd8xPxNDs4MWRu5qCRBY2FwOfq7MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvMTN6RV9FME96Z3haRzdtb0pFRmpZWEE1LXJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgotB/xj
MA0GCSqGSIb3DQEBCwUAA4IBAQC1fXE2rOupyTGcdbXFNuVhvSnJI76glRwPGRIK
745pU0nz+X1hQtc5ZlbtgDYjDgLPv+FN2og050LjaGlX6iWhm5IF91kqbzKlJ1IQ
eGg905RfDtyGWcTu7ZAbBUlyLD2GfaXcwq518rQKYfAN493mU1muktYZ+6KaYKvV
+0u7RSTvrFLwGi2CMC5ryXNo+8X/NQ+QtEx6JpcZlOEAPzFQcyOZAM4NqkOEofcL
Kz87SN/o5m765uPRrIKgXCTN20CXL8EQEFNT5nKdGLASG19EcbHYF6GZH5l4uhDg
tIrmK2z/+Gt0coIJXSs+51YFqX1a/giBiKaks58aba8sIoV7
-----END CERTIFICATE-----