Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/SCt4p3nT-AgCBMrsITqa9Vii0i0.roa
File:                     SCt4p3nT-AgCBMrsITqa9Vii0i0.roa (raw, json)
Hash identifier:          bPkt4axLzRoJQwHLMqZ8EX5hyz732cT77jHqpGvlsDM=
Subject key identifier:   48:2B:78:A7:79:D3:F8:08:02:04:CA:EC:21:3A:9A:F5:58:A2:D2:2D
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01990F951E51782B6B922D48B4CDF8C94554
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/SCt4p3nT-AgCBMrsITqa9Vii0i0.roa
Signing time:             Wed 03 Sep 2025 12:37:34 +0000
ROA not before:           Wed 03 Sep 2025 12:37:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205486
IP address blocks:        2a10:3240::/29 maxlen: 29
                          2a10:3640::/29 maxlen: 29
                          2a13:9f00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 11:14:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0f:95:1e:51:78:2b:6b:92:2d:48:b4:cd:f8:c9:45:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Sep  3 12:37:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=482b78a779d3f8080204caec213a9af558a2d22d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:6d:51:94:78:d0:0f:30:2e:ec:9c:7c:0e:00:
                    ec:03:99:71:8a:bf:2d:c7:1e:53:c4:8f:1b:2c:6d:
                    fa:f1:d3:30:ca:ac:f8:e0:30:34:26:70:a0:f0:b4:
                    a3:56:94:06:5a:55:f7:19:26:c8:5a:a0:68:4d:01:
                    6b:2d:14:c9:2b:1a:ee:e4:4d:d3:2b:2c:c1:0b:b5:
                    5a:e1:fa:43:46:11:09:61:0b:73:a9:1f:ea:ad:a0:
                    53:28:b3:4b:ea:05:75:b3:3a:ab:25:ea:9e:74:99:
                    dc:a6:18:98:3e:00:8f:0f:74:07:44:84:1b:f6:86:
                    af:c6:58:51:f6:28:b6:11:4b:af:01:a2:4e:c1:4e:
                    1b:13:eb:cf:e8:0a:dd:6b:20:a6:04:be:12:4c:a7:
                    12:0c:5f:43:2c:66:51:60:b2:3c:dd:a5:5b:5b:5a:
                    63:4c:08:e9:86:1b:5d:04:fe:b3:b0:b2:54:60:b0:
                    13:fd:26:e2:ae:3a:71:1e:45:9a:39:03:a8:b5:e2:
                    ad:bd:73:d7:12:c5:b5:75:5a:0b:61:5b:ed:c6:1d:
                    2f:81:b9:d0:f4:63:09:94:8d:8c:c1:39:c5:06:f3:
                    cc:a8:ae:46:6a:52:0a:b2:65:d3:47:09:ab:7a:37:
                    44:44:04:6c:55:7f:cc:b2:3c:9e:60:cf:b2:9b:8d:
                    27:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:2B:78:A7:79:D3:F8:08:02:04:CA:EC:21:3A:9A:F5:58:A2:D2:2D
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/SCt4p3nT-AgCBMrsITqa9Vii0i0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:3240::/29
                  2a10:3640::/29
                  2a13:9f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         79:6b:38:6e:d9:54:5b:56:df:ad:df:f4:35:43:28:0b:7f:43:
         b2:d8:f7:2d:5d:f7:4b:7d:40:86:45:08:36:57:21:5b:75:46:
         78:fb:e6:f7:40:1f:d0:0a:ef:11:86:1f:a6:a6:1f:de:21:17:
         f3:88:79:50:69:bb:7f:21:ad:49:d2:09:e1:fa:3e:a1:63:0c:
         ac:b6:15:e6:84:96:91:36:d3:09:db:3a:5d:1d:fb:7b:c8:38:
         e1:4d:b4:22:dd:0e:f8:5f:5f:1f:dc:d3:72:fd:85:5a:75:4c:
         72:b3:20:90:ed:d6:35:06:72:28:70:95:3e:d3:85:45:14:c1:
         d4:7b:8e:1f:c7:6d:a1:ef:01:e5:ca:a6:22:c5:84:e6:ba:3e:
         57:89:c1:28:92:9f:3a:6d:21:17:35:7a:5e:79:f8:42:ac:9d:
         75:c1:24:77:8b:0e:f8:95:aa:4f:f0:ac:58:75:ad:a3:64:26:
         9e:39:94:d6:f2:57:8c:ba:fd:a8:4b:87:c7:ae:aa:ca:5e:8c:
         32:1f:21:01:9b:02:17:4e:78:4b:49:40:ee:5c:37:84:89:fb:
         89:ec:90:9f:5a:78:31:d8:2b:3d:e5:af:11:72:1f:84:f4:82:
         0b:12:f1:22:cb:a2:00:42:12:d5:16:6f:f3:b5:ef:fa:04:8e:
         7d:a1:89:e4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZkPlR5ReCtrki1ItM34yUVUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwOTAzMTIzNzM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODJiNzhhNzc5ZDNmODA4MDIwNGNhZWMyMTNhOWFmNTU4YTJkMjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArW1RlHjQDzAu7Jx8DgDsA5lxir8t
xx5TxI8bLG368dMwyqz44DA0JnCg8LSjVpQGWlX3GSbIWqBoTQFrLRTJKxru5E3T
KyzBC7Va4fpDRhEJYQtzqR/qraBTKLNL6gV1szqrJeqedJncphiYPgCPD3QHRIQb
9oavxlhR9ii2EUuvAaJOwU4bE+vP6ArdayCmBL4STKcSDF9DLGZRYLI83aVbW1pj
TAjphhtdBP6zsLJUYLAT/SbirjpxHkWaOQOoteKtvXPXEsW1dVoLYVvtxh0vgbnQ
9GMJlI2MwTnFBvPMqK5GalIKsmXTRwmrejdERARsVX/MsjyeYM+ym40nxwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEgreKd50/gIAgTK7CE6mvVYotItMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvU0N0NHAzblQtQWdDQk1yc0lUcWE5VmlpMGkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKhAyQAMF
AyoQNkADBQMqE58AMA0GCSqGSIb3DQEBCwUAA4IBAQB5azhu2VRbVt+t3/Q1QygL
f0Oy2PctXfdLfUCGRQg2VyFbdUZ4++b3QB/QCu8Rhh+mph/eIRfziHlQabt/Ia1J
0gnh+j6hYwysthXmhJaRNtMJ2zpdHft7yDjhTbQi3Q74X18f3NNy/YVadUxysyCQ
7dY1BnIocJU+04VFFMHUe44fx22h7wHlyqYixYTmuj5XicEokp86bSEXNXpeefhC
rJ11wSR3iw74lapP8KxYda2jZCaeOZTW8leMuv2oS4fHrqrKXowyHyEBmwIXTnhL
SUDuXDeEifuJ7JCfWngx2Cs95a8Rch+E9IILEvEiy6IAQhLVFm/zte/6BI59oYnk
-----END CERTIFICATE-----