Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/4PGxB51YWGPS2HYlexXJi7KxyMQ.roa
File:                     4PGxB51YWGPS2HYlexXJi7KxyMQ.roa (raw, json)
Hash identifier:          3v1TS5uG+6ByaIF4OzQtjDQfZbYqOWlr7HEkbZcIPcs=
Subject key identifier:   E0:F1:B1:07:9D:58:58:63:D2:D8:76:25:7B:15:C9:8B:B2:B1:C8:C4
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0197C01FDC5D51E76CC2D28D8B41B989013A
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/4PGxB51YWGPS2HYlexXJi7KxyMQ.roa
Signing time:             Mon 30 Jun 2025 09:16:42 +0000
ROA not before:           Mon 30 Jun 2025 09:16:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53667
IP address blocks:        2a09:7500::/29 maxlen: 29
                          2a0f:3044::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c0:1f:dc:5d:51:e7:6c:c2:d2:8d:8b:41:b9:89:01:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jun 30 09:16:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e0f1b1079d585863d2d876257b15c98bb2b1c8c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:fd:38:9e:78:a6:80:97:e2:03:7b:35:b5:a6:
                    cb:8f:65:57:b7:f4:0e:c0:e4:29:ca:74:e5:81:5e:
                    f6:b8:72:94:96:f1:13:2c:54:d9:c4:70:d0:c9:9f:
                    9f:0f:30:8d:58:c9:dc:eb:cc:9e:2d:ea:96:d4:7e:
                    19:83:be:7c:7d:53:6d:5e:34:5b:fb:6d:64:49:20:
                    7d:6e:d6:45:17:ec:89:13:aa:74:a9:bb:6e:56:a3:
                    38:10:4c:52:5d:85:bf:86:63:34:a3:4c:2c:b8:82:
                    78:37:fe:58:f3:9e:e9:ef:df:62:00:06:4a:43:79:
                    15:89:f5:6a:01:ea:92:81:f1:0e:f4:4d:1d:8a:2a:
                    30:eb:78:8a:1e:5b:9e:ba:7d:92:08:47:11:03:a2:
                    b6:6d:b7:b4:e3:a3:1d:d5:82:dc:1b:d8:23:20:ae:
                    74:81:fd:02:0d:ee:92:90:b9:c7:9f:38:6b:5c:a0:
                    cc:f7:af:ad:e9:02:8c:64:cb:ce:13:29:ed:e2:e0:
                    7f:dc:eb:b0:5b:f9:92:2e:7e:61:21:4e:85:e2:27:
                    e8:0c:7f:8a:4c:c1:08:02:d1:2c:9f:ed:8d:b4:2d:
                    0c:7c:2e:70:e5:0e:fa:9d:80:9c:f3:d9:fd:68:7e:
                    57:44:3f:95:37:4e:43:f5:8e:9f:f9:27:53:ec:88:
                    02:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:F1:B1:07:9D:58:58:63:D2:D8:76:25:7B:15:C9:8B:B2:B1:C8:C4
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/4PGxB51YWGPS2HYlexXJi7KxyMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:7500::/29
                  2a0f:3044::/32

    Signature Algorithm: sha256WithRSAEncryption
         2d:d1:2f:90:b0:89:37:fb:bf:26:8c:3d:65:8c:1e:ae:cf:ae:
         62:3f:6d:8b:e9:25:cb:18:1c:a9:59:d0:60:5d:91:e7:3e:4d:
         23:9e:c7:07:07:af:05:71:18:18:94:e7:17:06:02:31:b5:eb:
         f9:40:b6:76:bd:48:b3:6e:da:fb:83:32:49:d1:4d:39:46:15:
         ee:54:33:4f:86:40:f5:2b:13:f9:6e:ba:e3:bc:78:3e:b4:e3:
         27:9c:9b:6f:0a:0b:18:15:3d:59:f2:39:ff:c2:69:24:11:31:
         36:f3:46:e1:07:17:fd:2c:08:d3:c6:9e:f7:b9:1a:d4:a2:9b:
         f0:74:8e:8c:7c:ae:d7:35:59:81:8b:bb:64:4b:0b:58:9d:0b:
         c1:91:ed:39:a1:ca:49:b7:ce:39:e2:cc:a6:cb:70:06:e8:19:
         5e:58:35:04:85:78:19:45:e7:ab:fe:3f:48:0f:bd:1d:e6:bf:
         27:ed:3d:6e:81:34:05:8e:a6:0e:e5:8b:03:8a:07:d5:e6:aa:
         64:fd:9f:ff:d0:73:35:58:73:72:38:a5:60:64:67:78:04:12:
         82:dd:78:f1:7b:ae:9e:1c:49:d5:70:7a:f1:d6:c4:8e:cd:5a:
         11:38:49:ad:f6:c4:3c:7b:94:8e:0a:9b:be:90:b4:eb:c3:c3:
         a7:7f:6d:89
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZfAH9xdUedswtKNi0G5iQE6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNjMwMDkxNjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGYxYjEwNzlkNTg1ODYzZDJkODc2MjU3YjE1Yzk4YmIyYjFjOGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApv04nnimgJfiA3s1tabLj2VXt/QO
wOQpynTlgV72uHKUlvETLFTZxHDQyZ+fDzCNWMnc68yeLeqW1H4Zg758fVNtXjRb
+21kSSB9btZFF+yJE6p0qbtuVqM4EExSXYW/hmM0o0wsuIJ4N/5Y857p799iAAZK
Q3kVifVqAeqSgfEO9E0diiow63iKHlueun2SCEcRA6K2bbe046Md1YLcG9gjIK50
gf0CDe6SkLnHnzhrXKDM96+t6QKMZMvOEynt4uB/3OuwW/mSLn5hIU6F4ifoDH+K
TMEIAtEsn+2NtC0MfC5w5Q76nYCc89n9aH5XRD+VN05D9Y6f+SdT7IgCjwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFODxsQedWFhj0th2JXsVyYuyscjEMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvNFBHeEI1MVlXR1BTMkhZbGV4WEppN0t4eU1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKgl1AAMF
ACoPMEQwDQYJKoZIhvcNAQELBQADggEBAC3RL5CwiTf7vyaMPWWMHq7PrmI/bYvp
JcsYHKlZ0GBdkec+TSOexwcHrwVxGBiU5xcGAjG16/lAtna9SLNu2vuDMknRTTlG
Fe5UM0+GQPUrE/luuuO8eD604yecm28KCxgVPVnyOf/CaSQRMTbzRuEHF/0sCNPG
nve5GtSim/B0jox8rtc1WYGLu2RLC1idC8GR7Tmhykm3zjnizKbLcAboGV5YNQSF
eBlF56v+P0gPvR3mvyftPW6BNAWOpg7liwOKB9XmqmT9n//QczVYc3I4pWBkZ3gE
EoLdePF7rp4cSdVwevHWxI7NWhE4Sa32xDx7lI4Km76QtOvDw6d/bYk=
-----END CERTIFICATE-----