Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/ANNWe1QWwoI5okOwoYJFHqmwaE4.roa
File:                     ANNWe1QWwoI5okOwoYJFHqmwaE4.roa (raw, json)
Hash identifier:          27V2EkESUEhHXRyoWkvn8D9wAV5+u90NT+/TyEf0eV4=
Subject key identifier:   00:D3:56:7B:54:16:C2:82:39:A2:43:B0:A1:82:45:1E:A9:B0:68:4E
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01990F9607BCF9191BA32D9E5A4BB6D695B7
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/ANNWe1QWwoI5okOwoYJFHqmwaE4.roa
Signing time:             Wed 03 Sep 2025 12:38:34 +0000
ROA not before:           Wed 03 Sep 2025 12:38:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213505
IP address blocks:        2a0d:1140::/29 maxlen: 29
                          2a0f:27c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 11:14:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0f:96:07:bc:f9:19:1b:a3:2d:9e:5a:4b:b6:d6:95:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Sep  3 12:38:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=00d3567b5416c28239a243b0a182451ea9b0684e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:96:cc:da:20:24:b7:ce:99:0e:66:c3:12:46:
                    b7:ba:95:08:ff:40:70:fa:d5:d3:3c:5e:bb:3d:d5:
                    db:97:4a:4d:be:d9:99:b4:e6:5e:a1:5c:b6:f5:0b:
                    eb:b3:0d:54:76:f1:49:ae:c2:3b:11:32:56:31:f7:
                    06:69:77:84:be:76:8c:0d:64:28:61:78:ef:ae:40:
                    1c:32:c8:3d:c9:11:d6:a0:ad:c2:82:d0:c1:04:02:
                    5a:1e:eb:e1:59:8e:65:12:ed:60:e2:c4:dc:c0:92:
                    74:ec:5f:dc:16:79:e3:17:d4:f7:d1:0b:88:5f:64:
                    05:b9:d5:e1:5c:99:a0:a6:78:7e:86:7b:ab:8f:1c:
                    09:bc:d2:4d:01:95:f9:82:13:6f:f3:e8:3e:33:96:
                    4a:ca:ca:f9:9b:7d:10:5e:3b:b8:c3:8b:66:fe:8d:
                    8b:20:be:2e:a5:2d:3a:28:6c:16:2f:df:8b:0e:c3:
                    ad:59:10:d1:32:3e:66:6f:cd:6e:18:55:0a:58:e1:
                    b5:b7:f5:a7:2e:bc:1d:73:53:13:0a:fa:91:d2:77:
                    a5:2c:81:1a:54:85:90:4c:70:12:ae:7e:32:17:ac:
                    a4:34:f0:aa:8d:76:62:e4:e3:56:a2:9a:46:50:7d:
                    df:ad:34:a3:65:e4:c9:ab:cf:e6:57:af:2a:84:60:
                    7b:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:D3:56:7B:54:16:C2:82:39:A2:43:B0:A1:82:45:1E:A9:B0:68:4E
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/ANNWe1QWwoI5okOwoYJFHqmwaE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:1140::/29
                  2a0f:27c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         24:79:5b:0c:21:1f:9a:31:b9:cb:32:70:5c:25:07:a4:6d:27:
         2c:13:40:21:af:56:bc:25:59:67:28:70:06:8f:12:e3:2a:07:
         f6:81:b9:7c:f6:0b:89:82:da:85:cf:1d:e3:51:25:33:8c:49:
         dc:d0:dd:1b:6c:fc:58:90:12:31:93:0b:2d:31:25:2c:cc:e4:
         22:e8:d7:73:c8:d7:ee:95:60:c5:63:48:78:6c:2a:a6:d9:c0:
         42:16:24:7f:1c:d3:54:83:eb:f0:22:fa:27:42:40:a0:38:57:
         98:41:1d:ca:8c:6f:ba:c0:72:c8:17:7c:b0:70:b3:62:13:52:
         70:0c:01:39:15:dd:05:11:db:1a:fd:83:94:7f:da:a3:a8:88:
         0a:49:8c:39:6e:70:3c:59:3a:fc:09:d6:eb:5b:df:7e:20:05:
         ff:93:d3:81:f3:7f:8c:78:6f:94:be:13:1a:bc:76:f8:0e:65:
         f1:f9:cf:28:e9:c7:1a:30:0b:61:cc:1d:15:ed:a5:28:74:1b:
         5c:32:d4:5f:1b:6a:72:f0:3c:a4:30:ec:46:38:9e:73:93:2c:
         16:2b:ae:6c:98:91:ae:48:2a:60:dd:d6:07:d9:26:bd:c4:5d:
         10:0d:99:fc:8c:d8:0a:be:90:84:e0:43:4a:30:45:3a:9f:02:
         ec:10:2c:52
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZkPlge8+Rkboy2eWku21pW3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwOTAzMTIzODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGQzNTY3YjU0MTZjMjgyMzlhMjQzYjBhMTgyNDUxZWE5YjA2ODRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh5bM2iAkt86ZDmbDEka3upUI/0Bw
+tXTPF67PdXbl0pNvtmZtOZeoVy29Qvrsw1UdvFJrsI7ETJWMfcGaXeEvnaMDWQo
YXjvrkAcMsg9yRHWoK3CgtDBBAJaHuvhWY5lEu1g4sTcwJJ07F/cFnnjF9T30QuI
X2QFudXhXJmgpnh+hnurjxwJvNJNAZX5ghNv8+g+M5ZKysr5m30QXju4w4tm/o2L
IL4upS06KGwWL9+LDsOtWRDRMj5mb81uGFUKWOG1t/WnLrwdc1MTCvqR0nelLIEa
VIWQTHASrn4yF6ykNPCqjXZi5ONWoppGUH3frTSjZeTJq8/mV68qhGB7UwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFADTVntUFsKCOaJDsKGCRR6psGhOMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvQU5OV2UxUVd3b0k1b2tPd29ZSkZIcW13YUU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKg0RQAMF
AyoPJ8AwDQYJKoZIhvcNAQELBQADggEBACR5WwwhH5oxucsycFwlB6RtJywTQCGv
VrwlWWcocAaPEuMqB/aBuXz2C4mC2oXPHeNRJTOMSdzQ3Rts/FiQEjGTCy0xJSzM
5CLo13PI1+6VYMVjSHhsKqbZwEIWJH8c01SD6/Ai+idCQKA4V5hBHcqMb7rAcsgX
fLBws2ITUnAMATkV3QUR2xr9g5R/2qOoiApJjDlucDxZOvwJ1utb334gBf+T04Hz
f4x4b5S+Exq8dvgOZfH5zyjpxxowC2HMHRXtpSh0G1wy1F8banLwPKQw7EY4nnOT
LBYrrmyYka5IKmDd1gfZJr3EXRANmfyM2Aq+kITgQ0owRTqfAuwQLFI=
-----END CERTIFICATE-----