Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/NS1FDYISDprT2FwPy7bZdu3ylro.roa
File:                     NS1FDYISDprT2FwPy7bZdu3ylro.roa (raw, json)
Hash identifier:          MfdB0frjZjBohRkMl/msHhrKJdFRicTwDz8EDXw5E7U=
Subject key identifier:   35:2D:45:0D:82:12:0E:9A:D3:D8:5C:0F:CB:B6:D9:76:ED:F2:96:BA
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019884D36DAB734F49553744B1BCBB7BFBC2
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/NS1FDYISDprT2FwPy7bZdu3ylro.roa
Signing time:             Thu 07 Aug 2025 13:58:25 +0000
ROA not before:           Thu 07 Aug 2025 13:58:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29375
IP address blocks:        2a0f:dd40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:84:d3:6d:ab:73:4f:49:55:37:44:b1:bc:bb:7b:fb:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Aug  7 13:58:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=352d450d82120e9ad3d85c0fcbb6d976edf296ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:2e:ad:ed:42:ad:99:f3:ab:af:d6:59:ea:c9:
                    59:51:ce:1b:d2:89:51:f0:ba:8e:c3:ce:93:3c:b5:
                    ff:39:c1:7d:32:cb:9b:06:c1:41:28:a9:0a:dd:a1:
                    35:12:50:2e:f8:71:f5:be:0d:ac:a0:d6:3b:34:4b:
                    30:6f:cc:a8:8b:a1:95:ce:16:ea:9f:f5:ca:70:14:
                    eb:d3:ea:a9:45:cb:db:18:c1:52:3a:ff:57:4c:da:
                    68:5d:b5:6f:2a:62:4c:9c:d1:1b:b9:3b:70:78:e4:
                    02:ec:23:e4:af:78:ed:8c:fe:d5:73:1e:f3:77:dc:
                    47:94:31:81:a8:ef:32:e2:8f:2d:1e:08:52:7e:b9:
                    24:c2:79:65:71:26:5f:ed:45:f9:fc:09:be:d3:7b:
                    91:f1:30:df:42:2a:b3:42:2e:2a:5d:60:a8:a4:cf:
                    cd:98:31:0e:a2:d4:3c:0b:6e:74:70:d5:7d:0f:01:
                    1c:22:a7:05:c2:b3:59:e9:bc:5b:86:69:82:16:27:
                    1a:cc:48:4f:1a:a5:82:53:cd:7f:0a:b4:c2:4a:b0:
                    14:a4:24:67:84:c9:fc:bd:a3:36:f6:56:3e:89:51:
                    49:8f:fc:02:a4:aa:2f:76:79:b7:10:82:41:00:f3:
                    a1:c5:c1:f4:0a:cb:d4:9e:3d:43:98:52:91:f6:86:
                    c5:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:2D:45:0D:82:12:0E:9A:D3:D8:5C:0F:CB:B6:D9:76:ED:F2:96:BA
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/NS1FDYISDprT2FwPy7bZdu3ylro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:dd40::/29

    Signature Algorithm: sha256WithRSAEncryption
         ad:41:df:c9:39:e4:ee:ee:f4:cd:2d:6b:44:97:44:e0:ae:c5:
         60:2f:b8:59:aa:b9:9c:f4:38:cf:5f:46:b5:a8:0e:24:cb:b6:
         c9:8b:68:89:8e:9e:97:29:ea:a8:45:9e:6a:9a:3f:38:2e:57:
         fa:07:ac:7f:6e:3c:10:70:06:b3:47:cc:01:a2:bf:ea:e7:a5:
         b5:d5:13:ba:c3:7c:14:e1:d5:5f:0a:39:c5:80:45:89:4f:2c:
         9f:e7:34:de:17:24:ce:fd:b7:9e:fb:f0:9e:10:b7:4d:ab:26:
         e4:67:20:10:c8:b1:88:f2:f9:1f:f0:a1:97:b7:2d:c3:2a:54:
         cb:e3:39:5c:86:83:83:78:6f:06:65:5f:c5:27:6d:db:ce:cb:
         6c:0e:f0:d2:5f:71:f7:c4:93:d1:51:5a:15:1b:32:4f:ad:b9:
         ac:d4:b5:43:2d:b9:9b:13:55:f7:b6:b1:3e:28:7b:3f:03:e9:
         ca:84:2c:7f:0c:62:5e:f1:55:98:99:97:9e:66:c5:7d:37:fd:
         fd:45:9a:d8:56:e9:15:19:76:a5:cf:d6:d5:e2:66:e1:4f:86:
         ee:b6:e1:5c:ff:5f:07:01:15:0d:04:8c:c0:bc:f6:83:00:a4:
         79:bb:81:ba:b9:6c:bb:9a:87:10:5b:70:ab:f6:c6:e7:25:89:
         61:79:ea:90
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZiE022rc09JVTdEsby7e/vCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwODA3MTM1ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTJkNDUwZDgyMTIwZTlhZDNkODVjMGZjYmI2ZDk3NmVkZjI5NmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyC6t7UKtmfOrr9ZZ6slZUc4b0olR
8LqOw86TPLX/OcF9MsubBsFBKKkK3aE1ElAu+HH1vg2soNY7NEswb8yoi6GVzhbq
n/XKcBTr0+qpRcvbGMFSOv9XTNpoXbVvKmJMnNEbuTtweOQC7CPkr3jtjP7Vcx7z
d9xHlDGBqO8y4o8tHghSfrkkwnllcSZf7UX5/Am+03uR8TDfQiqzQi4qXWCopM/N
mDEOotQ8C250cNV9DwEcIqcFwrNZ6bxbhmmCFicazEhPGqWCU81/CrTCSrAUpCRn
hMn8vaM29lY+iVFJj/wCpKovdnm3EIJBAPOhxcH0CsvUnj1DmFKR9obFnwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDUtRQ2CEg6a09hcD8u22Xbt8pa6MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvTlMxRkRZSVNEcHJUMkZ3UHk3YlpkdTN5bHJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg/dQDAN
BgkqhkiG9w0BAQsFAAOCAQEArUHfyTnk7u70zS1rRJdE4K7FYC+4Waq5nPQ4z19G
tagOJMu2yYtoiY6elynqqEWeapo/OC5X+gesf248EHAGs0fMAaK/6ueltdUTusN8
FOHVXwo5xYBFiU8sn+c03hckzv23nvvwnhC3Tasm5GcgEMixiPL5H/Chl7ctwypU
y+M5XIaDg3hvBmVfxSdt287LbA7w0l9x98ST0VFaFRsyT625rNS1Qy25mxNV97ax
Pih7PwPpyoQsfwxiXvFVmJmXnmbFfTf9/UWa2FbpFRl2pc/W1eJm4U+G7rbhXP9f
BwEVDQSMwLz2gwCkebuBurlsu5qHEFtwq/bG5yWJYXnqkA==
-----END CERTIFICATE-----