Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/2Cp1Cu0oSYaHuqAjAmkrxtS4hGE.roa
File:                     2Cp1Cu0oSYaHuqAjAmkrxtS4hGE.roa (raw, json)
Hash identifier:          Fho8L6a0CGzEVNSAhrhTr//MHJkxLSKi/Fj4LHVIKAs=
Subject key identifier:   D8:2A:75:0A:ED:28:49:86:87:BA:A0:23:02:69:2B:C6:D4:B8:84:61
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0197B231E0E33A4282430161C4C124D46B11
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/2Cp1Cu0oSYaHuqAjAmkrxtS4hGE.roa
Signing time:             Fri 27 Jun 2025 16:21:42 +0000
ROA not before:           Fri 27 Jun 2025 16:21:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     395839
IP address blocks:        193.5.65.0/24 maxlen: 24
                          2a0f:3940::/29 maxlen: 29
                          2a0f:3d86:100::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 15:11:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:b2:31:e0:e3:3a:42:82:43:01:61:c4:c1:24:d4:6b:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jun 27 16:21:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d82a750aed28498687baa02302692bc6d4b88461
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:89:75:54:42:fb:a8:87:6f:ca:c9:bd:d6:68:
                    98:fe:a7:f2:4d:f5:df:eb:f9:8b:75:dc:26:e2:71:
                    3a:b3:84:62:29:0a:3f:4c:5b:21:7e:e2:37:e9:85:
                    e8:4b:d6:88:50:d4:f8:7f:7a:70:c0:bf:e1:46:a6:
                    22:91:7f:60:de:88:60:c0:30:92:73:50:3a:b2:8a:
                    72:7c:e2:b4:9f:ef:f1:15:cb:ff:eb:a5:16:f1:69:
                    17:ee:09:25:f8:30:a9:0e:f3:d9:0d:80:e6:46:c8:
                    c3:b6:d0:52:8b:d4:e9:bf:b8:a6:dd:89:e6:20:30:
                    d3:26:7d:d2:51:dc:42:c9:bc:e4:cc:58:32:40:34:
                    2c:2b:03:a0:cd:9f:9a:0e:86:c4:f8:42:b2:b3:c0:
                    46:2d:32:4e:b8:68:7d:2e:2a:30:f2:d1:32:7b:ce:
                    24:24:91:13:d7:67:09:9c:d5:d3:d4:7a:cf:41:80:
                    ed:da:72:99:3b:96:01:70:ba:ce:c9:14:d4:29:2d:
                    0f:c4:22:3c:d7:94:fa:aa:d1:bd:34:8a:d7:a1:20:
                    cb:43:e8:c9:df:e0:13:af:22:66:89:cc:85:18:97:
                    4d:68:6b:62:ae:6b:2a:bf:5e:0d:d5:bc:0f:65:12:
                    5b:2c:c2:89:51:2e:a8:9d:5b:f0:f8:f3:c5:76:fb:
                    93:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:2A:75:0A:ED:28:49:86:87:BA:A0:23:02:69:2B:C6:D4:B8:84:61
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/2Cp1Cu0oSYaHuqAjAmkrxtS4hGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.5.65.0/24
                IPv6:
                  2a0f:3940::/29
                  2a0f:3d86:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         21:9e:71:25:07:a5:ba:a7:e4:4d:62:8a:a5:34:e8:f3:c1:69:
         25:72:50:5d:1a:61:72:bb:e6:13:88:b3:10:64:18:16:3e:9e:
         b2:c6:1b:50:61:dc:0b:be:5f:da:70:80:07:85:72:1d:f7:05:
         03:01:0d:4d:57:b2:ac:c5:21:f6:44:08:af:cb:3a:40:ac:df:
         0f:7f:ce:6e:8f:73:b0:f2:ea:d9:f3:59:92:68:59:ed:29:6c:
         f5:16:96:7c:98:3d:60:93:bb:1f:16:2f:68:45:5a:c8:8f:35:
         bd:87:ae:de:64:b1:81:6e:f5:07:d4:b3:01:b4:91:5a:fc:a1:
         aa:6f:58:8d:fe:89:b0:9f:fd:ce:29:5a:bf:6f:33:0e:44:97:
         cb:03:7a:6e:96:7c:eb:b3:0e:fe:0c:4f:e0:ae:ef:89:5f:e5:
         6b:c2:ff:dd:73:89:c9:bd:db:c8:28:be:dd:9b:ac:00:02:aa:
         e2:88:05:11:2f:6a:08:3d:24:d0:36:b3:ad:80:83:d6:71:5a:
         1d:2d:1d:32:ec:c5:ae:e6:8d:03:d0:1b:a3:24:66:ce:38:bb:
         55:2c:1c:c8:31:a8:2b:d9:7f:f1:fc:f8:4d:36:c6:ef:23:f4:
         d3:0f:4a:75:c1:2f:d6:74:a4:53:75:ff:6f:42:8f:f8:b9:21:
         13:a7:c9:c9
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZeyMeDjOkKCQwFhxMEk1GsRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNjI3MTYyMTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODJhNzUwYWVkMjg0OTg2ODdiYWEwMjMwMjY5MmJjNmQ0Yjg4NDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4l1VEL7qIdvysm91miY/qfyTfXf
6/mLddwm4nE6s4RiKQo/TFshfuI36YXoS9aIUNT4f3pwwL/hRqYikX9g3ohgwDCS
c1A6sopyfOK0n+/xFcv/66UW8WkX7gkl+DCpDvPZDYDmRsjDttBSi9Tpv7im3Ynm
IDDTJn3SUdxCybzkzFgyQDQsKwOgzZ+aDobE+EKys8BGLTJOuGh9Liow8tEye84k
JJET12cJnNXT1HrPQYDt2nKZO5YBcLrOyRTUKS0PxCI815T6qtG9NIrXoSDLQ+jJ
3+ATryJmicyFGJdNaGtirmsqv14N1bwPZRJbLMKJUS6onVvw+PPFdvuTAQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFNgqdQrtKEmGh7qgIwJpK8bUuIRhMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvMkNwMUN1MG9TWWFIdXFBakFta3J4dFM0aEdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAMBAIAATAGAwQAwQVBMBYE
AgACMBADBQMqDzlAAwcAKg89hgEAMA0GCSqGSIb3DQEBCwUAA4IBAQAhnnElB6W6
p+RNYoqlNOjzwWklclBdGmFyu+YTiLMQZBgWPp6yxhtQYdwLvl/acIAHhXId9wUD
AQ1NV7KsxSH2RAivyzpArN8Pf85uj3Ow8urZ81mSaFntKWz1FpZ8mD1gk7sfFi9o
RVrIjzW9h67eZLGBbvUH1LMBtJFa/KGqb1iN/omwn/3OKVq/bzMORJfLA3pulnzr
sw7+DE/gru+JX+Vrwv/dc4nJvdvIKL7dm6wAAqriiAURL2oIPSTQNrOtgIPWcVod
LR0y7MWu5o0D0BujJGbOOLtVLBzIMagr2X/x/PhNNsbvI/TTD0p1wS/WdKRTdf9v
Qo/4uSETp8nJ
-----END CERTIFICATE-----