Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/WZpZrUx0xXRn5IORD_O4QP3b4yI.roa
File:                     WZpZrUx0xXRn5IORD_O4QP3b4yI.roa (raw, json)
Hash identifier:          CEtd0ViUq6EXs9D2Xrzoq3i56nms3r79QMfCgcAM+bY=
Subject key identifier:   59:9A:59:AD:4C:74:C5:74:67:E4:83:91:0F:F3:B8:40:FD:DB:E3:22
Certificate issuer:       /CN=cfcead390625edba1408108df57cea47160d70e5
Certificate serial:       0197B23933B56723DF3C8FE7ABB1DFDDEBDB
Authority key identifier: CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/WZpZrUx0xXRn5IORD_O4QP3b4yI.roa
Signing time:             Fri 27 Jun 2025 16:29:42 +0000
ROA not before:           Fri 27 Jun 2025 16:29:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     151331
IP address blocks:        2a0f:7802:e000::/39 maxlen: 48
                          2a0f:7802:e000::/40 maxlen: 48
                          2a0f:7802:e100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:b2:39:33:b5:67:23:df:3c:8f:e7:ab:b1:df:dd:eb:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcead390625edba1408108df57cea47160d70e5
        Validity
            Not Before: Jun 27 16:29:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=599a59ad4c74c57467e483910ff3b840fddbe322
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:95:c5:73:f6:e6:88:a4:5b:b5:05:83:17:0a:
                    75:ad:24:e2:cc:36:ec:ee:66:e5:38:ed:a3:2f:a9:
                    fc:81:68:68:47:dd:43:ab:a2:6a:d3:01:60:89:10:
                    fe:b1:0c:17:2b:12:c3:37:a2:64:3b:bc:cd:5b:79:
                    79:04:29:e1:1a:ec:3a:e4:fc:2b:08:25:68:ff:0f:
                    e6:9b:d5:38:d4:f1:da:3f:83:db:ed:d1:c2:27:44:
                    02:f0:72:d4:1b:99:ae:6e:2e:d2:fb:87:b3:1e:0a:
                    67:88:e0:57:cc:b0:bf:d0:83:5e:1e:ed:39:29:8f:
                    c7:c0:88:5e:9a:5a:ea:26:c9:92:57:b9:02:66:69:
                    fe:33:da:af:34:2e:18:b8:ab:4e:c8:1b:d0:58:7e:
                    3b:c7:2b:d4:3a:22:c1:69:bd:4b:d5:22:1e:81:da:
                    bf:d9:7d:3c:66:4a:a3:5b:3a:19:56:5e:3f:3e:e0:
                    3c:a1:e2:df:c7:c1:32:26:ef:dc:44:d8:91:46:95:
                    50:0e:f1:41:cd:b4:85:25:c6:dc:4d:fa:10:7d:3a:
                    93:fe:7a:a2:b5:40:b9:f2:a4:71:b0:95:84:05:8f:
                    0b:10:09:33:4b:3b:23:3a:33:4a:01:6c:81:d6:61:
                    55:15:5d:93:44:54:da:ad:27:7d:05:47:65:82:c2:
                    25:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:9A:59:AD:4C:74:C5:74:67:E4:83:91:0F:F3:B8:40:FD:DB:E3:22
            X509v3 Authority Key Identifier:
                keyid:CF:CE:AD:39:06:25:ED:BA:14:08:10:8D:F5:7C:EA:47:16:0D:70:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z86tOQYl7boUCBCN9XzqRxYNcOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/WZpZrUx0xXRn5IORD_O4QP3b4yI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/c4647a-6042-4fe8-a276-f5b6a718f4b5/1/z86tOQYl7boUCBCN9XzqRxYNcOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:7802:e000::/39

    Signature Algorithm: sha256WithRSAEncryption
         87:81:62:72:61:3f:4b:a5:aa:c0:6c:95:cd:f3:0a:52:99:88:
         2f:ff:05:cd:d4:ad:4f:29:f1:dc:76:ad:b9:5a:cc:ba:4c:e9:
         33:77:eb:21:ef:1f:e4:c3:d3:26:22:ed:a6:89:c0:96:c4:73:
         8f:87:43:4a:20:3b:c5:9e:06:d2:a2:cc:53:74:97:2c:b8:96:
         8d:f9:c1:08:8b:4b:ad:f2:0a:80:b5:08:19:60:e1:c8:7b:c4:
         1c:af:c4:ad:18:f8:dd:d0:14:99:9d:bb:7b:bb:ed:e5:59:1e:
         f1:96:90:12:b5:0f:d6:8d:d3:73:e2:79:3b:cc:64:33:4c:6d:
         3d:d2:6e:8f:54:5b:d5:75:f4:cc:0d:30:33:bc:8d:b2:40:fc:
         49:31:b6:57:90:2e:f6:2b:3b:3f:35:3f:b0:8e:e5:b8:69:64:
         8d:f4:72:46:03:18:b4:4d:dc:ce:94:2c:4b:ff:ce:c8:e0:2f:
         35:08:28:39:a0:f7:c9:97:7f:f5:a2:c1:79:40:97:87:93:2f:
         7f:10:83:2e:a0:06:ed:ef:a7:e6:9d:05:8b:d4:c3:ac:93:5e:
         5c:eb:0f:b3:1c:98:26:30:39:a2:06:25:4d:59:56:fa:e9:a1:
         3d:b2:ae:5e:83:7d:01:7c:4e:58:30:4f:97:68:20:b6:b1:06:
         0b:17:ee:dc
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZeyOTO1ZyPfPI/nq7Hf3evbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2VhZDM5MDYyNWVkYmExNDA4MTA4ZGY1N2NlYTQ3MTYw
ZDcwZTUwHhcNMjUwNjI3MTYyOTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTlhNTlhZDRjNzRjNTc0NjdlNDgzOTEwZmYzYjg0MGZkZGJlMzIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAupXFc/bmiKRbtQWDFwp1rSTizDbs
7mblOO2jL6n8gWhoR91Dq6Jq0wFgiRD+sQwXKxLDN6JkO7zNW3l5BCnhGuw65Pwr
CCVo/w/mm9U41PHaP4Pb7dHCJ0QC8HLUG5mubi7S+4ezHgpniOBXzLC/0INeHu05
KY/HwIhemlrqJsmSV7kCZmn+M9qvNC4YuKtOyBvQWH47xyvUOiLBab1L1SIegdq/
2X08ZkqjWzoZVl4/PuA8oeLfx8EyJu/cRNiRRpVQDvFBzbSFJcbcTfoQfTqT/nqi
tUC58qRxsJWEBY8LEAkzSzsjOjNKAWyB1mFVFV2TRFTarSd9BUdlgsIlYQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFmaWa1MdMV0Z+SDkQ/zuED92+MiMB8GA1UdIwQY
MBaAFM/OrTkGJe26FAgQjfV86kcWDXDlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYt
ZjViNmE3MThmNGI1LzEvV1pwWnJVeDB4WFJuNUlPUkRfTzRRUDNiNHlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9jNDY0N2EtNjA0Mi00ZmU4LWEyNzYtZjViNmE3MThmNGI1
LzEvejg2dE9RWWw3Ym9VQ0JDTjlYenFSeFlOY09VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYBKg94AuAw
DQYJKoZIhvcNAQELBQADggEBAIeBYnJhP0ulqsBslc3zClKZiC//Bc3UrU8p8dx2
rblazLpM6TN36yHvH+TD0yYi7aaJwJbEc4+HQ0ogO8WeBtKizFN0lyy4lo35wQiL
S63yCoC1CBlg4ch7xByvxK0Y+N3QFJmdu3u77eVZHvGWkBK1D9aN03PieTvMZDNM
bT3Sbo9UW9V19MwNMDO8jbJA/EkxtleQLvYrOz81P7CO5bhpZI30ckYDGLRN3M6U
LEv/zsjgLzUIKDmg98mXf/WiwXlAl4eTL38Qgy6gBu3vp+adBYvUw6yTXlzrD7Mc
mCYwOaIGJU1ZVvrpoT2yrl6DfQF8TlgwT5doILaxBgsX7tw=
-----END CERTIFICATE-----