Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/xhS3r_-FeRTaEVx2M5Anu_RUjvk.roa
File:                     xhS3r_-FeRTaEVx2M5Anu_RUjvk.roa (raw, json)
Hash identifier:          2mVyB8q3g3pxfxd67OdKpOdgMn/SmTmXnOi/Y8nOb7I=
Subject key identifier:   C6:14:B7:AF:FF:85:79:14:DA:11:5C:76:33:90:27:BB:F4:54:8E:F9
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019743FF5B33F494D994D890B06918C3EC17
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/xhS3r_-FeRTaEVx2M5Anu_RUjvk.roa
Signing time:             Fri 06 Jun 2025 06:48:17 +0000
ROA not before:           Fri 06 Jun 2025 06:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49505
IP address blocks:        2a05:b300::/29 maxlen: 29
                          2a0e:8880::/29 maxlen: 29
                          2a12:ba00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:43:ff:5b:33:f4:94:d9:94:d8:90:b0:69:18:c3:ec:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jun  6 06:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c614b7afff857914da115c76339027bbf4548ef9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:da:7a:66:a3:50:16:d7:15:ee:67:9c:5b:8c:
                    3b:8b:b5:f8:d4:a9:81:e5:4e:24:a3:b2:a2:98:02:
                    00:3d:9c:ef:22:0f:ef:86:95:90:d4:90:e1:ab:14:
                    fa:22:8a:2b:20:d2:79:7c:f7:ab:b5:14:78:3b:08:
                    5b:9b:b5:52:09:f9:26:0a:c9:cf:ef:6d:e5:94:11:
                    34:e5:5b:7e:29:3b:f6:4f:fb:d4:89:44:29:06:e5:
                    8a:0e:6a:7b:99:1a:4e:4a:5c:4c:88:3a:bd:2f:2a:
                    cb:55:88:ee:64:16:64:2d:7c:58:4c:75:b4:c8:01:
                    4f:34:58:4e:e1:d5:9a:a7:56:71:5d:30:5d:56:7e:
                    de:91:dc:bf:49:7b:d1:aa:81:bc:86:7f:c0:f4:63:
                    83:0e:43:a9:90:c1:39:2a:b0:7c:0f:74:ea:4c:69:
                    20:33:95:d8:d2:19:cb:1c:98:a6:15:2f:6e:3f:ae:
                    5d:9a:ab:a4:fb:6e:f6:03:63:d6:fd:b0:1a:1f:25:
                    db:dc:d7:94:a5:38:60:36:c4:88:75:14:07:b0:17:
                    3f:14:32:de:f5:7e:b7:92:c2:45:31:b4:54:e8:c3:
                    62:6e:00:77:80:97:14:6a:63:bd:8e:8e:0c:30:17:
                    9c:b2:0c:51:9b:5a:41:79:1e:be:87:5c:c9:1a:51:
                    01:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:14:B7:AF:FF:85:79:14:DA:11:5C:76:33:90:27:BB:F4:54:8E:F9
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/xhS3r_-FeRTaEVx2M5Anu_RUjvk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:b300::/29
                  2a0e:8880::/29
                  2a12:ba00::/29

    Signature Algorithm: sha256WithRSAEncryption
         95:a6:67:cc:c1:a0:4f:90:5b:52:1c:59:c3:d9:39:b4:0b:ea:
         1e:2c:6e:6a:e9:5a:26:56:0a:ec:bf:c5:49:01:cc:22:04:d3:
         cc:52:94:4b:bc:ea:dd:2c:eb:ed:45:71:89:fa:63:0d:24:ca:
         55:da:9e:85:d2:85:56:37:89:80:bf:3c:ed:f2:dc:88:78:d3:
         51:8b:3b:f4:b4:d0:14:68:ac:e3:aa:1c:0f:2a:71:22:e3:64:
         6f:39:a6:64:d1:96:cc:d4:b0:da:99:71:47:b2:1a:de:3b:27:
         b3:60:16:f6:ad:fd:47:c7:d6:ac:2b:a0:22:21:89:39:33:89:
         c5:9e:65:9a:46:84:18:e4:08:dc:73:1a:35:2a:b0:54:97:60:
         a9:8e:8a:2a:06:88:ed:bc:c4:e8:24:4a:21:58:d4:61:d2:e1:
         92:d0:35:6a:8f:f0:c2:db:55:7b:4e:9c:f4:e8:95:5a:c6:79:
         a3:3f:b5:1f:75:a8:54:4e:a7:41:f3:65:a2:fe:64:71:cb:11:
         3f:dd:11:51:64:25:91:91:37:b3:83:7c:71:e0:51:a8:b3:9a:
         05:d8:c4:5a:88:9b:73:5f:a0:76:91:22:82:8d:5f:89:a5:b9:
         44:45:63:5f:ee:20:ed:90:f9:49:80:eb:55:c3:61:c2:74:68:
         ad:a6:d3:8b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZdD/1sz9JTZlNiQsGkYw+wXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNjA2MDY0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjE0YjdhZmZmODU3OTE0ZGExMTVjNzYzMzkwMjdiYmY0NTQ4ZWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Np6ZqNQFtcV7mecW4w7i7X41KmB
5U4ko7KimAIAPZzvIg/vhpWQ1JDhqxT6IoorINJ5fPertRR4Owhbm7VSCfkmCsnP
723llBE05Vt+KTv2T/vUiUQpBuWKDmp7mRpOSlxMiDq9LyrLVYjuZBZkLXxYTHW0
yAFPNFhO4dWap1ZxXTBdVn7ekdy/SXvRqoG8hn/A9GODDkOpkME5KrB8D3TqTGkg
M5XY0hnLHJimFS9uP65dmquk+272A2PW/bAaHyXb3NeUpThgNsSIdRQHsBc/FDLe
9X63ksJFMbRU6MNibgB3gJcUamO9jo4MMBecsgxRm1pBeR6+h1zJGlEBBwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMYUt6//hXkU2hFcdjOQJ7v0VI75MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEveGhTM3JfLUZlUlRhRVZ4Mk01QW51X1JVanZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKgWzAAMF
AyoOiIADBQMqEroAMA0GCSqGSIb3DQEBCwUAA4IBAQCVpmfMwaBPkFtSHFnD2Tm0
C+oeLG5q6VomVgrsv8VJAcwiBNPMUpRLvOrdLOvtRXGJ+mMNJMpV2p6F0oVWN4mA
vzzt8tyIeNNRizv0tNAUaKzjqhwPKnEi42RvOaZk0ZbM1LDamXFHshreOyezYBb2
rf1Hx9asK6AiIYk5M4nFnmWaRoQY5Ajccxo1KrBUl2CpjooqBojtvMToJEohWNRh
0uGS0DVqj/DC21V7Tpz06JVaxnmjP7UfdahUTqdB82Wi/mRxyxE/3RFRZCWRkTez
g3xx4FGos5oF2MRaiJtzX6B2kSKCjV+JpblERWNf7iDtkPlJgOtVw2HCdGitptOL
-----END CERTIFICATE-----