Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/1zJCRgCz98QstX_XhE2lzorimcU.roa
File:                     1zJCRgCz98QstX_XhE2lzorimcU.roa (raw, json)
Hash identifier:          vhaI3cowuIsayESCQiQxZyevsi39U9T0rsEMy0h7fKI=
Subject key identifier:   D7:32:42:46:00:B3:F7:C4:2C:B5:7F:D7:84:4D:A5:CE:8A:E2:99:C5
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019A06327E17B742A30C38BEAEF363AA06A2
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/1zJCRgCz98QstX_XhE2lzorimcU.roa
Signing time:             Tue 21 Oct 2025 09:56:03 +0000
ROA not before:           Tue 21 Oct 2025 09:56:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61400
IP address blocks:        2a12:d5c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Oct 2025 23:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:06:32:7e:17:b7:42:a3:0c:38:be:ae:f3:63:aa:06:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Oct 21 09:56:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d732424600b3f7c42cb57fd7844da5ce8ae299c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:73:87:23:2f:eb:95:b6:8e:d4:59:71:70:9e:
                    67:83:93:60:df:80:20:af:45:0a:1c:57:2e:91:24:
                    d6:b6:5d:44:ac:e2:43:93:ec:44:06:58:8d:40:4e:
                    70:06:07:01:91:f3:f2:9c:6c:89:69:c3:37:67:17:
                    fd:7d:ce:a5:ad:d3:e2:74:07:25:14:da:77:be:57:
                    e0:ba:f5:98:eb:f0:0d:de:28:5a:6d:6d:88:dd:cb:
                    41:e4:63:98:43:76:c4:2f:bb:42:b5:7d:9a:45:93:
                    be:54:ed:bb:df:f0:cd:56:3e:70:95:58:39:4a:7c:
                    25:d5:e1:65:b0:b0:3d:f8:60:dd:09:de:8a:0c:72:
                    88:aa:a1:79:b6:2f:64:a9:db:d1:2b:cf:6e:5f:bb:
                    13:a2:16:73:55:dd:b7:41:9f:2a:15:1a:c3:7b:f6:
                    dd:82:09:21:50:58:72:51:2a:3a:f4:27:2b:ce:24:
                    f8:98:43:97:7b:09:60:19:53:cb:e2:3c:09:51:b6:
                    f9:07:2c:96:ee:02:7e:29:5d:0c:3f:87:25:72:08:
                    23:45:13:15:8f:71:77:5e:91:15:d1:ab:9e:a1:31:
                    4b:3e:7f:6e:08:a1:64:ae:cf:dc:18:36:91:91:6a:
                    77:44:b9:62:c5:11:30:ae:f6:7d:03:7c:86:ac:76:
                    b6:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:32:42:46:00:B3:F7:C4:2C:B5:7F:D7:84:4D:A5:CE:8A:E2:99:C5
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/1zJCRgCz98QstX_XhE2lzorimcU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:d5c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         35:6a:bb:a3:c2:81:5a:14:0f:1d:df:20:a7:18:8c:50:23:d8:
         fd:95:a8:d3:2a:ef:db:87:f3:c3:49:37:ef:a7:6f:4b:e8:02:
         e8:a7:e6:8b:af:10:4a:d0:35:b0:f6:08:34:1a:ec:2a:70:03:
         c7:5f:13:fc:01:28:89:e8:bb:d3:f2:d9:e5:63:e9:a6:ae:84:
         38:37:0e:e6:0a:15:f9:1e:9d:bd:91:c4:1d:5f:3c:f9:29:58:
         59:ce:aa:f9:a9:cc:1c:54:47:d9:a7:ac:e2:d0:8c:e5:37:27:
         b3:40:a9:7b:e6:cc:8b:61:29:af:8a:2a:91:17:43:50:1b:0d:
         9f:6d:38:97:39:0e:e9:41:24:09:20:3c:46:0c:69:33:07:ec:
         6e:b9:94:81:f9:1e:54:4f:7a:e8:fa:c8:e6:f8:e6:a7:ca:4a:
         2d:d8:dd:b4:7b:c1:80:39:64:2e:75:4a:09:a5:76:10:22:b7:
         98:49:61:79:aa:21:8f:d9:b3:01:4c:62:c5:88:df:d9:cd:f0:
         a0:8d:bf:4d:8c:10:ab:ad:43:73:7b:ef:7c:33:e7:c9:13:c1:
         40:d2:3f:7c:1d:ff:32:b9:63:92:ae:cf:a5:c8:da:b9:d2:d9:
         92:33:72:bf:10:31:56:cf:45:de:69:cf:18:d9:77:c3:8a:c7:
         92:4b:32:78
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZoGMn4Xt0KjDDi+rvNjqgaiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUxMDIxMDk1NjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzMyNDI0NjAwYjNmN2M0MmNiNTdmZDc4NDRkYTVjZThhZTI5OWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1XOHIy/rlbaO1FlxcJ5ng5Ng34Ag
r0UKHFcukSTWtl1ErOJDk+xEBliNQE5wBgcBkfPynGyJacM3Zxf9fc6lrdPidAcl
FNp3vlfguvWY6/AN3ihabW2I3ctB5GOYQ3bEL7tCtX2aRZO+VO273/DNVj5wlVg5
Snwl1eFlsLA9+GDdCd6KDHKIqqF5ti9kqdvRK89uX7sTohZzVd23QZ8qFRrDe/bd
ggkhUFhyUSo69CcrziT4mEOXewlgGVPL4jwJUbb5ByyW7gJ+KV0MP4clcggjRRMV
j3F3XpEV0aueoTFLPn9uCKFkrs/cGDaRkWp3RLlixREwrvZ9A3yGrHa2OwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNcyQkYAs/fELLV/14RNpc6K4pnFMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvMXpKQ1JnQ3o5OFFzdFhfWGhFMmx6b3JpbWNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhLVwDAN
BgkqhkiG9w0BAQsFAAOCAQEANWq7o8KBWhQPHd8gpxiMUCPY/ZWo0yrv24fzw0k3
76dvS+gC6Kfmi68QStA1sPYINBrsKnADx18T/AEoiei70/LZ5WPppq6EODcO5goV
+R6dvZHEHV88+SlYWc6q+anMHFRH2aes4tCM5Tcns0Cpe+bMi2Epr4oqkRdDUBsN
n204lzkO6UEkCSA8RgxpMwfsbrmUgfkeVE966PrI5vjmp8pKLdjdtHvBgDlkLnVK
CaV2ECK3mElheaohj9mzAUxixYjf2c3woI2/TYwQq61Dc3vvfDPnyRPBQNI/fB3/
Mrljkq7PpcjaudLZkjNyvxAxVs9F3mnPGNl3w4rHkksyeA==
-----END CERTIFICATE-----