Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/bWF0SaWVD0LcZAuWkuIxAZaZ-dQ.roa
File:                     bWF0SaWVD0LcZAuWkuIxAZaZ-dQ.roa (raw, json)
Hash identifier:          cBjsOh9ZcsixXqniPq7YI/hyc3F/luJ+Mo9caifOK6E=
Subject key identifier:   6D:61:74:49:A5:95:0F:42:DC:64:0B:96:92:E2:31:01:96:99:F9:D4
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0197EE923574B93D0FFFBA4A6C6E791E0EC5
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/bWF0SaWVD0LcZAuWkuIxAZaZ-dQ.roa
Signing time:             Wed 09 Jul 2025 09:44:08 +0000
ROA not before:           Wed 09 Jul 2025 09:44:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212831
IP address blocks:        2a0e:15c1::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 14:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ee:92:35:74:b9:3d:0f:ff:ba:4a:6c:6e:79:1e:0e:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jul  9 09:44:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6d617449a5950f42dc640b9692e231019699f9d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:bb:84:60:b5:9c:83:9b:05:84:41:17:aa:0a:
                    33:81:5a:12:39:33:0f:20:76:f0:ce:5f:65:dc:4a:
                    8c:5f:1a:01:3f:57:3f:a1:1f:55:97:69:63:4b:73:
                    6d:3f:28:bd:93:76:73:b3:e4:a5:64:50:ee:37:60:
                    dc:74:af:9a:4a:15:4d:23:0a:a3:83:f0:02:a8:9b:
                    7a:a5:6e:85:2e:73:0b:83:14:94:6a:d6:ad:d2:a5:
                    0c:1e:44:35:0c:de:1c:8d:92:5d:02:64:a6:63:a6:
                    46:6e:bf:9a:8d:9b:a6:0b:c9:46:22:e1:d6:e3:65:
                    0c:cc:82:c1:fc:dc:02:f2:1b:06:0d:44:40:19:46:
                    79:a5:f7:f6:89:64:1f:af:93:bc:74:8f:ab:4f:bf:
                    85:4e:98:8b:25:d8:c1:71:e5:2e:47:db:1b:24:38:
                    17:6a:38:8f:39:63:9e:85:d7:dc:e7:be:4e:bc:b0:
                    99:46:c3:b6:de:02:2f:24:6b:d8:d9:ee:9d:55:d9:
                    61:2b:66:97:ba:69:46:7e:48:53:fe:f7:bc:bd:ca:
                    8b:33:66:1a:fe:a0:ff:1b:4b:c5:e0:a1:0b:79:42:
                    ec:b6:1e:73:02:c7:24:e2:c5:da:61:53:d5:f3:3d:
                    3b:70:10:58:ff:a3:8d:86:fe:6f:a5:ab:63:48:9d:
                    1b:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:61:74:49:A5:95:0F:42:DC:64:0B:96:92:E2:31:01:96:99:F9:D4
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/bWF0SaWVD0LcZAuWkuIxAZaZ-dQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:15c1::/32

    Signature Algorithm: sha256WithRSAEncryption
         66:14:aa:24:de:be:b9:f3:71:53:37:a2:5b:34:f1:61:af:9f:
         66:34:bb:bf:b4:ab:fa:79:34:eb:cc:5c:60:d2:59:98:c5:2a:
         10:fb:77:3c:b4:ae:0b:d2:de:b7:2d:8a:07:b3:58:48:04:51:
         3a:67:7b:7b:1c:c0:b1:0d:4d:de:50:f6:4d:e1:d1:7e:80:73:
         f1:df:2f:05:cb:64:eb:89:f8:7b:04:ba:d3:d7:b2:11:0a:73:
         c2:7b:83:53:a1:c8:3d:95:35:72:ea:34:be:49:6f:4f:60:2a:
         4e:d3:bb:cc:b3:0b:6c:f5:14:fe:15:87:13:ff:c3:15:93:dc:
         4f:62:25:1d:65:6b:c7:73:31:6d:3c:14:ed:db:26:86:47:54:
         13:6f:e4:7f:4c:a0:de:e0:ef:e0:9f:81:cc:a0:f0:79:55:61:
         3c:48:7e:c0:b2:cd:8e:34:22:9e:37:33:2e:8b:73:fe:08:e6:
         e9:45:80:bf:18:73:ca:91:3a:d1:5f:7d:65:73:b1:43:bb:ac:
         16:61:a9:64:f7:96:3d:f9:29:06:97:f5:7c:97:5b:76:1c:98:
         31:fb:d1:d8:91:d0:a6:68:1f:c0:e7:b5:42:b9:a1:e9:d3:7b:
         43:87:8a:1f:35:88:e7:ae:03:43:20:6b:95:f3:a9:81:ea:8a:
         8b:67:24:a4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZfukjV0uT0P/7pKbG55Hg7FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNzA5MDk0NDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDYxNzQ0OWE1OTUwZjQyZGM2NDBiOTY5MmUyMzEwMTk2OTlmOWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLuEYLWcg5sFhEEXqgozgVoSOTMP
IHbwzl9l3EqMXxoBP1c/oR9Vl2ljS3NtPyi9k3Zzs+SlZFDuN2DcdK+aShVNIwqj
g/ACqJt6pW6FLnMLgxSUatat0qUMHkQ1DN4cjZJdAmSmY6ZGbr+ajZumC8lGIuHW
42UMzILB/NwC8hsGDURAGUZ5pff2iWQfr5O8dI+rT7+FTpiLJdjBceUuR9sbJDgX
ajiPOWOehdfc575OvLCZRsO23gIvJGvY2e6dVdlhK2aXumlGfkhT/ve8vcqLM2Ya
/qD/G0vF4KELeULsth5zAsck4sXaYVPV8z07cBBY/6ONhv5vpatjSJ0bSQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFG1hdEmllQ9C3GQLlpLiMQGWmfnUMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvYldGMFNhV1ZEMExjWkF1V2t1SXhBWmFaLWRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg4VwTAN
BgkqhkiG9w0BAQsFAAOCAQEAZhSqJN6+ufNxUzeiWzTxYa+fZjS7v7Sr+nk068xc
YNJZmMUqEPt3PLSuC9Lety2KB7NYSARROmd7exzAsQ1N3lD2TeHRfoBz8d8vBctk
64n4ewS609eyEQpzwnuDU6HIPZU1cuo0vklvT2AqTtO7zLMLbPUU/hWHE//DFZPc
T2IlHWVrx3MxbTwU7dsmhkdUE2/kf0yg3uDv4J+BzKDweVVhPEh+wLLNjjQinjcz
Lotz/gjm6UWAvxhzypE60V99ZXOxQ7usFmGpZPeWPfkpBpf1fJdbdhyYMfvR2JHQ
pmgfwOe1Qrmh6dN7Q4eKHzWI564DQyBrlfOpgeqKi2ckpA==
-----END CERTIFICATE-----