Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/J3Zw1N9YiPhSKFKfgpG7QpT93po.roa
File:                     J3Zw1N9YiPhSKFKfgpG7QpT93po.roa (raw, json)
Hash identifier:          o3waOPePjyf3Mlqd+e8UhO+UI3B28eqIC3SIiTvl+ak=
Subject key identifier:   27:76:70:D4:DF:58:88:F8:52:28:52:9F:82:91:BB:42:94:FD:DE:9A
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0197AC8FECB81F106819FA5650E62389BFDA
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/J3Zw1N9YiPhSKFKfgpG7QpT93po.roa
Signing time:             Thu 26 Jun 2025 14:06:42 +0000
ROA not before:           Thu 26 Jun 2025 14:06:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     398465
IP address blocks:        2a0e:f500::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ac:8f:ec:b8:1f:10:68:19:fa:56:50:e6:23:89:bf:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jun 26 14:06:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=277670d4df5888f85228529f8291bb4294fdde9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:e8:66:3f:97:84:1b:29:82:0f:d2:75:eb:ec:
                    f6:7c:fb:9c:42:4f:49:65:63:78:c6:74:cd:2e:bf:
                    66:15:88:81:f3:18:71:b8:c4:4e:18:34:7e:5c:4d:
                    d7:2d:e5:c8:fc:5a:44:21:f6:08:ea:81:93:17:11:
                    68:1d:12:43:ce:05:cc:0c:16:b5:e1:d3:a2:fb:d8:
                    d2:86:dc:56:1c:fe:ea:85:6a:eb:fc:f4:7c:71:0a:
                    16:bf:4d:ed:28:7e:0e:00:d0:eb:42:9b:82:fc:45:
                    b7:02:08:64:60:c6:02:1f:e6:02:8b:4f:f1:cf:8f:
                    fe:06:b4:9d:6f:90:3b:de:79:b2:d9:04:59:79:20:
                    66:fb:ee:a7:ac:3a:1d:27:41:45:5f:15:54:94:db:
                    d1:c1:e9:f2:42:84:b8:f7:e6:e2:43:80:f2:bd:32:
                    97:e2:87:09:13:b4:a4:3f:9b:98:c8:cb:e7:47:fc:
                    f5:b3:9f:ed:6f:7f:11:91:e7:85:d8:54:a2:58:e7:
                    28:0f:5b:5a:06:43:88:03:e3:d0:b0:02:58:70:a2:
                    a0:4e:04:10:7d:d5:77:d5:63:07:8d:81:e7:eb:f8:
                    bf:db:dd:95:30:cb:f1:ac:50:15:2a:b2:cc:d1:c9:
                    15:28:dc:87:af:2d:c7:89:7e:bf:c9:61:90:93:a5:
                    a0:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:76:70:D4:DF:58:88:F8:52:28:52:9F:82:91:BB:42:94:FD:DE:9A
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/J3Zw1N9YiPhSKFKfgpG7QpT93po.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:f500::/29

    Signature Algorithm: sha256WithRSAEncryption
         8a:5e:69:1e:ac:40:40:1e:c1:13:96:13:e2:ee:e8:87:de:ff:
         b9:58:77:6d:ea:46:a2:41:a3:f8:cf:f1:b4:a5:a5:29:07:63:
         db:7d:05:42:98:d7:a7:db:87:36:ca:43:78:19:ec:ea:11:1b:
         b7:ea:82:5c:0d:61:94:e3:21:27:ce:16:ef:3c:fc:8e:bd:2c:
         97:b5:67:8f:40:08:e7:12:2e:ab:55:8e:b6:74:b7:84:8c:6f:
         aa:fc:7c:66:65:14:63:0d:7b:f4:5c:76:9d:b5:81:c4:20:cf:
         08:0d:aa:48:ce:f7:d0:62:2c:f9:3b:9b:37:1b:d0:f9:9f:c3:
         6f:3f:4c:36:88:cd:76:21:52:6a:49:d8:c7:ed:d6:47:bc:43:
         7b:2e:37:61:52:19:fe:f7:a7:0d:c3:95:65:07:55:df:7d:5f:
         d0:4e:be:59:aa:e9:6c:78:eb:0c:44:3c:2e:cc:85:fa:42:5a:
         a2:1e:35:e8:1e:99:62:11:ca:a9:c5:b4:a9:1a:a5:1f:1a:09:
         ce:d0:ba:50:6e:f4:16:3d:c3:86:9a:b2:aa:31:32:35:ab:28:
         da:42:66:78:80:a4:81:6f:84:f8:f4:b0:d0:f4:37:c6:af:35:
         f8:85:3a:b7:4f:e1:c6:7c:78:9f:9d:bd:ae:17:84:d7:ac:42:
         18:12:97:ba
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZesj+y4HxBoGfpWUOYjib/aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNjI2MTQwNjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzc2NzBkNGRmNTg4OGY4NTIyODUyOWY4MjkxYmI0Mjk0ZmRkZTlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4+hmP5eEGymCD9J16+z2fPucQk9J
ZWN4xnTNLr9mFYiB8xhxuMROGDR+XE3XLeXI/FpEIfYI6oGTFxFoHRJDzgXMDBa1
4dOi+9jShtxWHP7qhWrr/PR8cQoWv03tKH4OANDrQpuC/EW3AghkYMYCH+YCi0/x
z4/+BrSdb5A73nmy2QRZeSBm++6nrDodJ0FFXxVUlNvRwenyQoS49+biQ4DyvTKX
4ocJE7SkP5uYyMvnR/z1s5/tb38RkeeF2FSiWOcoD1taBkOIA+PQsAJYcKKgTgQQ
fdV31WMHjYHn6/i/292VMMvxrFAVKrLM0ckVKNyHry3HiX6/yWGQk6Wg7wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCd2cNTfWIj4UihSn4KRu0KU/d6aMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvSjNadzFOOVlpUGhTS0ZLZmdwRzdRcFQ5M3BvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg71ADAN
BgkqhkiG9w0BAQsFAAOCAQEAil5pHqxAQB7BE5YT4u7oh97/uVh3bepGokGj+M/x
tKWlKQdj230FQpjXp9uHNspDeBns6hEbt+qCXA1hlOMhJ84W7zz8jr0sl7Vnj0AI
5xIuq1WOtnS3hIxvqvx8ZmUUYw179Fx2nbWBxCDPCA2qSM730GIs+TubNxvQ+Z/D
bz9MNojNdiFSaknYx+3WR7xDey43YVIZ/venDcOVZQdV331f0E6+WarpbHjrDEQ8
LsyF+kJaoh416B6ZYhHKqcW0qRqlHxoJztC6UG70Fj3DhpqyqjEyNaso2kJmeICk
gW+E+PSw0PQ3xq81+IU6t0/hxnx4n529rheE16xCGBKXug==
-----END CERTIFICATE-----