Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/ZoV_fdBG9e62WXnLE_aqCIJseMA.roa
File:                     ZoV_fdBG9e62WXnLE_aqCIJseMA.roa (raw, json)
Hash identifier:          dPhVzLecVQC1XAtyG7mb7pTB700OqLtD+SRPidtU3ZQ=
Subject key identifier:   66:85:7F:7D:D0:46:F5:EE:B6:59:79:CB:13:F6:AA:08:82:6C:78:C0
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0197C0AB045BDDCDB83593DF796E33B1A96E
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/ZoV_fdBG9e62WXnLE_aqCIJseMA.roa
Signing time:             Mon 30 Jun 2025 11:48:42 +0000
ROA not before:           Mon 30 Jun 2025 11:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54852
IP address blocks:        2a09:4500::/29 maxlen: 29
                          2a13:f40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 06:20:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c0:ab:04:5b:dd:cd:b8:35:93:df:79:6e:33:b1:a9:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jun 30 11:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=66857f7dd046f5eeb65979cb13f6aa08826c78c0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:7c:a6:c5:f1:ee:fa:6f:64:be:64:1c:78:56:
                    a9:b1:3b:ec:e8:b6:a3:3b:c9:8d:69:af:56:ac:82:
                    43:02:cb:e4:35:b0:cf:f5:a3:8a:b9:71:05:f9:99:
                    a7:f1:ff:97:81:d5:76:73:24:a3:0d:aa:bf:de:75:
                    c9:4a:9c:a6:c1:85:14:b0:68:3e:8b:5c:e0:20:8f:
                    8f:71:f7:9c:df:61:46:6f:35:5e:85:5d:4a:7b:ee:
                    19:dd:b5:4c:67:a3:5c:c8:63:34:7d:48:ff:72:e2:
                    72:9b:ae:f3:59:c8:9b:67:dc:41:71:2c:18:34:e4:
                    94:16:dc:91:62:ad:34:35:48:52:b0:41:97:96:2c:
                    cf:92:42:e7:d4:9d:ee:cd:f8:f0:ae:00:da:87:be:
                    a0:c2:31:d9:61:04:a7:88:40:8a:0a:00:4e:24:8d:
                    dd:43:06:ed:f1:6d:ee:0f:0b:8f:f4:00:70:43:9e:
                    36:14:5f:6f:5f:ae:9d:47:86:de:68:3e:bc:83:f2:
                    b4:66:11:af:0a:58:e2:6f:64:59:ed:db:7e:25:ce:
                    be:c9:dd:a3:bd:ff:1c:7b:5c:0d:57:c7:d2:80:a2:
                    60:a5:fa:d0:f6:d7:55:ea:51:3a:92:a7:5f:34:52:
                    79:57:62:e6:b8:c6:8a:d2:ea:d8:ba:37:d8:ad:c2:
                    70:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:85:7F:7D:D0:46:F5:EE:B6:59:79:CB:13:F6:AA:08:82:6C:78:C0
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/ZoV_fdBG9e62WXnLE_aqCIJseMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:4500::/29
                  2a13:f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         22:83:97:35:88:98:5e:13:bd:37:97:88:f6:74:8b:aa:a4:68:
         25:64:d3:32:a0:9c:5b:47:2e:cf:92:77:b0:fa:1c:fb:19:39:
         20:4d:79:00:f3:c1:a7:6d:df:ec:e9:b7:1f:da:62:84:49:c1:
         64:22:ef:4d:fd:0e:c1:c8:65:4c:f9:a5:66:16:b9:c6:9f:24:
         e7:31:00:cd:a5:cd:1a:b1:fa:b5:39:77:07:7b:98:a8:87:be:
         db:19:7e:0e:6b:a2:fd:2b:70:30:86:23:48:8f:75:7a:48:ec:
         46:c5:47:74:46:b3:d6:f8:65:ee:88:61:ed:28:7d:e0:22:cd:
         47:c2:53:61:66:24:6d:81:48:21:2a:2f:37:39:48:4d:e6:2e:
         04:31:87:40:c7:d8:49:ea:0e:5d:92:f6:91:d6:d4:c5:1c:62:
         e7:dc:4a:c0:31:17:f2:24:9f:cc:56:2b:0f:4d:0f:0c:67:3b:
         82:a3:81:4f:ee:c3:16:5e:ad:47:50:74:0f:66:41:6b:25:b2:
         9d:57:47:2b:d4:19:c0:b3:bb:11:fb:8e:11:9c:51:68:bb:3d:
         33:f9:a3:12:a9:a7:7f:cd:3f:a2:be:7b:b6:c2:70:82:1a:d5:
         57:d2:6b:33:14:50:aa:e3:9d:3d:a5:69:7e:50:61:b2:e9:8d:
         3f:a1:56:a1
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZfAqwRb3c24NZPfeW4zsaluMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNjMwMTE0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Njg1N2Y3ZGQwNDZmNWVlYjY1OTc5Y2IxM2Y2YWEwODgyNmM3OGMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXymxfHu+m9kvmQceFapsTvs6Laj
O8mNaa9WrIJDAsvkNbDP9aOKuXEF+Zmn8f+XgdV2cySjDaq/3nXJSpymwYUUsGg+
i1zgII+Pcfec32FGbzVehV1Ke+4Z3bVMZ6NcyGM0fUj/cuJym67zWcibZ9xBcSwY
NOSUFtyRYq00NUhSsEGXlizPkkLn1J3uzfjwrgDah76gwjHZYQSniECKCgBOJI3d
Qwbt8W3uDwuP9ABwQ542FF9vX66dR4beaD68g/K0ZhGvCljib2RZ7dt+Jc6+yd2j
vf8ce1wNV8fSgKJgpfrQ9tdV6lE6kqdfNFJ5V2LmuMaK0urYujfYrcJw9wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGaFf33QRvXutll5yxP2qgiCbHjAMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvWm9WX2ZkQkc5ZTYyV1huTEVfYXFDSUpzZU1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKglFAAMF
AyoTD0AwDQYJKoZIhvcNAQELBQADggEBACKDlzWImF4TvTeXiPZ0i6qkaCVk0zKg
nFtHLs+Sd7D6HPsZOSBNeQDzwadt3+zptx/aYoRJwWQi7039DsHIZUz5pWYWucaf
JOcxAM2lzRqx+rU5dwd7mKiHvtsZfg5rov0rcDCGI0iPdXpI7EbFR3RGs9b4Ze6I
Ye0ofeAizUfCU2FmJG2BSCEqLzc5SE3mLgQxh0DH2EnqDl2S9pHW1MUcYufcSsAx
F/Ikn8xWKw9NDwxnO4KjgU/uwxZerUdQdA9mQWslsp1XRyvUGcCzuxH7jhGcUWi7
PTP5oxKpp3/NP6K+e7bCcIIa1VfSazMUUKrjnT2laX5QYbLpjT+hVqE=
-----END CERTIFICATE-----