Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/1-ers7MQT4d4nRRGN-iX4oQW0b30.roa
File:                     1-ers7MQT4d4nRRGN-iX4oQW0b30.roa (raw, json)
Hash identifier:          nDPcqu96RmCGoqCErR2DT0YximFlatlEKZeeMbMGfxA=
Subject key identifier:   F9:EA:EC:EC:C4:13:E1:DE:27:45:11:8D:FA:25:F8:A1:05:B4:6F:7D
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0196A9F1128C0651A47E7909F5EA1CEF3663
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/1-ers7MQT4d4nRRGN-iX4oQW0b30.roa
Signing time:             Wed 07 May 2025 08:51:10 +0000
ROA not before:           Wed 07 May 2025 08:51:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13335
IP address blocks:        2a0a:2d07:fc42::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a9:f1:12:8c:06:51:a4:7e:79:09:f5:ea:1c:ef:36:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: May  7 08:51:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f9eaececc413e1de2745118dfa25f8a105b46f7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:ba:d9:e1:e5:39:e0:40:4a:08:65:9c:41:e9:
                    f2:3f:59:f1:5e:0e:ed:71:69:a9:c7:04:08:66:6a:
                    ef:7f:1f:48:1b:3b:e9:82:86:88:9c:8c:35:10:ef:
                    02:93:d4:67:1b:f6:0f:20:1d:35:12:ae:45:f8:d4:
                    ec:73:f9:b7:b4:db:3f:3b:6c:92:db:31:50:21:f8:
                    b0:f7:b2:b2:e6:4e:e8:67:c3:a7:85:47:88:22:c8:
                    e7:6e:3c:3d:44:2f:4e:b2:83:47:11:65:45:ec:a4:
                    20:d8:81:44:d5:b4:e3:8f:8b:2a:88:19:91:77:21:
                    d6:14:2d:5d:40:51:95:05:f2:5c:d6:fc:c7:fc:b8:
                    3e:f3:47:30:37:b1:93:62:b3:d0:22:ab:06:ab:5a:
                    23:91:5b:28:95:69:59:cb:14:65:6d:4b:65:3e:65:
                    3b:5c:05:8a:b0:fb:06:44:ca:10:cc:ca:52:26:19:
                    aa:d8:76:eb:0f:87:58:e9:85:61:8e:d0:34:c8:06:
                    07:57:03:f6:0e:90:1c:f9:0f:b5:64:a9:dd:5f:6e:
                    aa:c5:be:17:11:41:4c:c8:d4:8d:f2:0c:84:f7:9e:
                    77:7f:e3:eb:3b:ca:07:2a:28:df:da:24:15:14:99:
                    0f:7a:72:a0:08:da:00:e2:bb:da:5a:19:de:22:3d:
                    78:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:EA:EC:EC:C4:13:E1:DE:27:45:11:8D:FA:25:F8:A1:05:B4:6F:7D
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/1-ers7MQT4d4nRRGN-iX4oQW0b30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:2d07:fc42::/48

    Signature Algorithm: sha256WithRSAEncryption
         a4:48:2a:0b:d4:54:be:52:ee:58:fc:b8:04:39:53:91:23:ac:
         de:b6:c6:c8:53:71:a9:ba:76:9e:df:fa:d8:5d:04:45:d6:52:
         02:b5:4b:2c:6e:38:0a:61:5e:e2:87:4c:00:90:9a:53:ff:20:
         4c:fa:a4:64:5c:c8:3f:52:5c:d9:4e:9f:25:4e:7a:cf:cf:24:
         c7:a4:98:c6:2a:0a:0c:3c:0a:33:5b:22:32:d3:8f:be:02:35:
         37:e8:46:60:7c:4c:ab:96:01:42:98:8b:e9:af:55:f1:71:c2:
         b9:fe:0a:8a:a3:e7:64:1b:d6:48:33:7b:bb:3a:a7:fc:49:19:
         3d:a0:b4:3c:08:cb:51:dd:3a:42:74:cc:de:b0:cd:9a:7b:b3:
         cb:28:f1:76:97:e1:80:8a:32:20:9b:83:98:49:8a:8f:01:34:
         73:25:eb:f4:8f:4c:ff:43:64:32:bb:b4:aa:51:8c:bc:2f:31:
         91:f2:63:b0:54:37:40:7f:d2:9d:22:ca:1f:9e:3c:1c:e8:73:
         af:2a:71:de:62:35:67:bc:7d:0e:50:50:d1:0a:6b:59:19:44:
         13:65:80:2e:96:4c:b8:8c:c2:91:3b:3c:b3:9f:f9:fa:9f:6a:
         e0:88:1f:9a:c7:47:da:c4:d6:fd:40:7e:62:22:a8:f6:c0:c3:
         3b:4c:a8:81
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgISAZap8RKMBlGkfnkJ9eoc7zZjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNTA3MDg1MTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWVhZWNlY2M0MTNlMWRlMjc0NTExOGRmYTI1ZjhhMTA1YjQ2ZjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy7rZ4eU54EBKCGWcQenyP1nxXg7t
cWmpxwQIZmrvfx9IGzvpgoaInIw1EO8Ck9RnG/YPIB01Eq5F+NTsc/m3tNs/O2yS
2zFQIfiw97Ky5k7oZ8OnhUeIIsjnbjw9RC9OsoNHEWVF7KQg2IFE1bTjj4sqiBmR
dyHWFC1dQFGVBfJc1vzH/Lg+80cwN7GTYrPQIqsGq1ojkVsolWlZyxRlbUtlPmU7
XAWKsPsGRMoQzMpSJhmq2HbrD4dY6YVhjtA0yAYHVwP2DpAc+Q+1ZKndX26qxb4X
EUFMyNSN8gyE9553f+PrO8oHKijf2iQVFJkPenKgCNoA4rvaWhneIj14ZwIDAQAB
o4ICDTCCAgkwHQYDVR0OBBYEFPnq7OzEE+HeJ0URjfol+KEFtG99MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvMS1lcnM3TVFUNGQ0blJSR04taVg0b1FXMGIzMC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzAvNDlhZGM2LWJhODktNDAzZi1hZGE5LThjNTAwN2MyYTRi
Ni8xL2ZWV2FyN19Ba3hKQzRkWTNLWXp4M1NJLVRDWS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAiBggrBgEFBQcBBwEB/wQTMBEwDwQCAAIwCQMHACoKLQf8
QjANBgkqhkiG9w0BAQsFAAOCAQEApEgqC9RUvlLuWPy4BDlTkSOs3rbGyFNxqbp2
nt/62F0ERdZSArVLLG44CmFe4odMAJCaU/8gTPqkZFzIP1Jc2U6fJU56z88kx6SY
xioKDDwKM1siMtOPvgI1N+hGYHxMq5YBQpiL6a9V8XHCuf4KiqPnZBvWSDN7uzqn
/EkZPaC0PAjLUd06QnTM3rDNmnuzyyjxdpfhgIoyIJuDmEmKjwE0cyXr9I9M/0Nk
Mru0qlGMvC8xkfJjsFQ3QH/SnSLKH548HOhzrypx3mI1Z7x9DlBQ0QprWRlEE2WA
LpZMuIzCkTs8s5/5+p9q4IgfmsdH2sTW/UB+YiKo9sDDO0yogQ==
-----END CERTIFICATE-----