Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/b711fb-e584-4f35-a0ec-115d68d9b81b/1/1HqQBJhpRaROMHOezXr8-gOHJ-E.roa
File:                     1HqQBJhpRaROMHOezXr8-gOHJ-E.roa (raw, json)
Hash identifier:          qIvuj3HHmRwp3qhT9RCCOv4MPrrW/PDxkYPz1nz2Hdc=
Subject key identifier:   D4:7A:90:04:98:69:45:A4:4E:30:73:9E:CD:7A:FC:FA:03:87:27:E1
Certificate issuer:       /CN=29766d1ae6eb21849bc3a3b2d18e863d273d2404
Certificate serial:       019836C4185660269439D732A4BF4B0936F8
Authority key identifier: 29:76:6D:1A:E6:EB:21:84:9B:C3:A3:B2:D1:8E:86:3D:27:3D:24:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KXZtGubrIYSbw6Oy0Y6GPSc9JAQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/b711fb-e584-4f35-a0ec-115d68d9b81b/1/1HqQBJhpRaROMHOezXr8-gOHJ-E.roa
Signing time:             Wed 23 Jul 2025 10:11:17 +0000
ROA not before:           Wed 23 Jul 2025 10:11:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213305
IP address blocks:        2a04:1a00::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/b711fb-e584-4f35-a0ec-115d68d9b81b/1/KXZtGubrIYSbw6Oy0Y6GPSc9JAQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/b711fb-e584-4f35-a0ec-115d68d9b81b/1/KXZtGubrIYSbw6Oy0Y6GPSc9JAQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KXZtGubrIYSbw6Oy0Y6GPSc9JAQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Jul 2025 19:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:36:c4:18:56:60:26:94:39:d7:32:a4:bf:4b:09:36:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29766d1ae6eb21849bc3a3b2d18e863d273d2404
        Validity
            Not Before: Jul 23 10:11:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d47a9004986945a44e30739ecd7afcfa038727e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:ec:c7:ec:2f:3e:bd:08:cd:c6:9a:41:0d:87:
                    47:1c:69:e8:e3:9f:80:a3:b2:92:05:b2:eb:fd:b0:
                    42:6b:22:4c:e9:e1:44:ac:c3:d2:c3:6a:0a:53:6d:
                    d3:65:b0:06:d0:a1:69:81:00:3e:5b:b8:05:b3:c1:
                    a4:91:6d:bd:85:9d:43:08:17:51:ff:38:a9:ee:40:
                    00:54:e8:be:03:68:f2:ab:3a:da:d1:13:9b:a9:da:
                    51:fe:cb:18:e1:a2:61:3c:02:72:f2:94:d6:76:24:
                    10:43:15:87:bd:5b:3a:e2:f3:e1:30:e3:3d:23:bb:
                    e6:2c:17:7a:82:5a:e0:68:fa:07:e3:50:79:bb:85:
                    19:23:ad:ec:79:7e:3d:be:f7:6f:23:15:98:9e:52:
                    b1:3c:00:c4:8f:27:ff:77:be:65:9b:3c:6a:98:10:
                    e0:91:6b:47:ce:a4:08:b0:7b:10:86:84:2f:16:84:
                    03:06:6a:8b:a0:85:2a:7d:27:b9:a5:e4:69:23:9d:
                    58:d5:1e:cc:63:13:93:5f:bb:c6:5e:b3:77:62:ca:
                    f8:c3:b6:92:4e:74:df:30:1a:99:24:bf:db:78:bd:
                    fe:bf:64:e4:ab:7d:79:78:34:1a:ee:81:62:fd:4a:
                    af:2a:bc:66:ea:f5:71:e5:b8:cb:e8:b4:95:60:1e:
                    01:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:7A:90:04:98:69:45:A4:4E:30:73:9E:CD:7A:FC:FA:03:87:27:E1
            X509v3 Authority Key Identifier:
                keyid:29:76:6D:1A:E6:EB:21:84:9B:C3:A3:B2:D1:8E:86:3D:27:3D:24:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KXZtGubrIYSbw6Oy0Y6GPSc9JAQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/b711fb-e584-4f35-a0ec-115d68d9b81b/1/1HqQBJhpRaROMHOezXr8-gOHJ-E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/b711fb-e584-4f35-a0ec-115d68d9b81b/1/KXZtGubrIYSbw6Oy0Y6GPSc9JAQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a04:1a00::/29

    Signature Algorithm: sha256WithRSAEncryption
         62:59:f1:a1:94:99:e5:e7:6f:5d:8f:cb:ff:3c:aa:b6:0e:49:
         7a:4f:e4:59:aa:f2:36:20:d0:37:d6:35:d1:bd:6a:c2:36:a4:
         f5:62:a5:f5:05:e8:56:1d:09:54:7f:ac:b0:90:bd:13:7e:d1:
         aa:87:69:9e:ba:1d:d2:a9:9b:2d:8e:f0:6d:86:4f:70:5c:ad:
         b7:ce:03:7e:0b:11:1c:72:ed:83:c5:da:e7:db:1e:9b:c0:6f:
         b5:75:e7:f8:e1:4b:b9:db:9a:e3:26:81:4c:32:3c:97:3d:7e:
         d8:b5:83:4f:18:22:f7:69:7e:54:b2:93:85:0d:72:48:ce:31:
         66:95:9f:b0:18:1b:ca:d2:ee:89:9e:fc:d3:cb:e4:50:5a:9d:
         9b:1a:c9:85:eb:f6:26:e7:39:e4:1f:6d:c4:0d:b1:33:12:d4:
         0f:7b:57:27:13:fb:32:fc:9b:3b:4a:ef:4f:a1:22:a7:15:c2:
         e6:b8:72:28:44:9e:d3:6e:c2:a4:0e:2a:44:12:be:02:a5:a1:
         80:b8:91:c5:ad:2a:2f:d8:80:ef:8d:f8:b3:fe:f5:38:71:bf:
         ee:3c:13:82:71:88:e3:59:a7:90:88:69:24:9e:a4:c5:f8:e2:
         0c:fb:2a:2d:21:7f:ca:b3:e0:29:60:54:d1:0e:fe:42:8c:0b:
         1b:4c:1c:ba
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZg2xBhWYCaUOdcypL9LCTb4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NzY2ZDFhZTZlYjIxODQ5YmMzYTNiMmQxOGU4NjNkMjcz
ZDI0MDQwHhcNMjUwNzIzMTAxMTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDdhOTAwNDk4Njk0NWE0NGUzMDczOWVjZDdhZmNmYTAzODcyN2UxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOzH7C8+vQjNxppBDYdHHGno45+A
o7KSBbLr/bBCayJM6eFErMPSw2oKU23TZbAG0KFpgQA+W7gFs8GkkW29hZ1DCBdR
/zip7kAAVOi+A2jyqzra0RObqdpR/ssY4aJhPAJy8pTWdiQQQxWHvVs64vPhMOM9
I7vmLBd6glrgaPoH41B5u4UZI63seX49vvdvIxWYnlKxPADEjyf/d75lmzxqmBDg
kWtHzqQIsHsQhoQvFoQDBmqLoIUqfSe5peRpI51Y1R7MYxOTX7vGXrN3Ysr4w7aS
TnTfMBqZJL/beL3+v2Tkq315eDQa7oFi/UqvKrxm6vVx5bjL6LSVYB4BMwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNR6kASYaUWkTjBzns16/PoDhyfhMB8GA1UdIwQY
MBaAFCl2bRrm6yGEm8OjstGOhj0nPSQEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1hadEd1YnJJWVNidzZPeTBZNkdQU2M5SkFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9iNzExZmItZTU4NC00ZjM1LWEwZWMt
MTE1ZDY4ZDliODFiLzEvMUhxUUJKaHBSYVJPTUhPZXpYcjgtZ09ISi1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9iNzExZmItZTU4NC00ZjM1LWEwZWMtMTE1ZDY4ZDliODFi
LzEvS1hadEd1YnJJWVNidzZPeTBZNkdQU2M5SkFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgQaADAN
BgkqhkiG9w0BAQsFAAOCAQEAYlnxoZSZ5edvXY/L/zyqtg5Jek/kWaryNiDQN9Y1
0b1qwjak9WKl9QXoVh0JVH+ssJC9E37Rqodpnrod0qmbLY7wbYZPcFytt84DfgsR
HHLtg8Xa59sem8BvtXXn+OFLudua4yaBTDI8lz1+2LWDTxgi92l+VLKThQ1ySM4x
ZpWfsBgbytLuiZ7808vkUFqdmxrJhev2Juc55B9txA2xMxLUD3tXJxP7MvybO0rv
T6EipxXC5rhyKESe027CpA4qRBK+AqWhgLiRxa0qL9iA7434s/71OHG/7jwTgnGI
41mnkIhpJJ6kxfjiDPsqLSF/yrPgKWBU0Q7+QowLG0wcug==
-----END CERTIFICATE-----