Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/ztR-X-XUe1Xh0QChqqLF2ligt7k.roa
File:                     ztR-X-XUe1Xh0QChqqLF2ligt7k.roa (raw, json)
Hash identifier:          CjpxiU6lrdbGvsbdG037hB+/t1FzHeME53FBo4igFt0=
Subject key identifier:   CE:D4:7E:5F:E5:D4:7B:55:E1:D1:00:A1:AA:A2:C5:DA:58:A0:B7:B9
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0197C4A515BFE3D8CEF48635D2538A3FCB9C
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/ztR-X-XUe1Xh0QChqqLF2ligt7k.roa
Signing time:             Tue 01 Jul 2025 06:20:42 +0000
ROA not before:           Tue 01 Jul 2025 06:20:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63473
IP address blocks:        2a0f:1380::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 14:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c4:a5:15:bf:e3:d8:ce:f4:86:35:d2:53:8a:3f:cb:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jul  1 06:20:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ced47e5fe5d47b55e1d100a1aaa2c5da58a0b7b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:30:00:d1:c1:16:a7:bc:c9:2b:b8:76:99:e1:
                    78:d8:23:05:0c:54:1a:ce:54:4f:5f:77:7d:6e:66:
                    b4:49:f3:c7:4d:49:86:a5:e1:12:36:6b:16:b0:f5:
                    24:a2:a3:8c:5c:fb:be:09:cc:c2:e3:77:39:72:27:
                    41:c5:79:bf:11:cd:cd:d6:ed:30:c5:24:fb:69:d2:
                    98:02:ec:38:16:86:00:0c:f2:e2:5b:02:b8:73:19:
                    34:b2:a4:a7:63:71:21:8c:51:12:9f:ce:eb:72:07:
                    6f:4f:b4:7d:3f:1f:8b:c8:81:30:da:ae:2f:47:04:
                    12:45:6f:b7:29:fe:35:4b:54:48:44:6b:c9:75:c2:
                    b9:f2:92:4e:09:bd:35:a6:df:a1:95:f8:15:d4:dd:
                    96:85:ef:11:35:9f:ba:2b:02:bf:d2:50:6d:a0:4d:
                    2a:75:48:43:d3:fa:7b:0f:64:cc:d8:ca:10:ed:39:
                    3b:58:ed:bc:30:d4:14:ab:fe:d8:8d:b2:d9:b0:07:
                    29:76:94:ed:0b:f4:98:4c:bf:12:96:0a:6b:c7:1f:
                    c5:16:f7:85:3d:93:13:41:75:d1:75:85:5c:59:f0:
                    a6:1e:10:0f:67:61:6e:0c:eb:e6:3a:fa:ac:e9:1c:
                    d5:2b:9e:58:6b:76:ad:bb:20:6b:ba:21:2d:6a:21:
                    d0:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:D4:7E:5F:E5:D4:7B:55:E1:D1:00:A1:AA:A2:C5:DA:58:A0:B7:B9
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/ztR-X-XUe1Xh0QChqqLF2ligt7k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:1380::/29

    Signature Algorithm: sha256WithRSAEncryption
         28:c1:94:7c:32:4c:65:ba:da:f5:bd:32:f0:31:cc:28:af:7b:
         e8:5c:0b:ee:69:95:43:17:0e:6c:a1:7b:dc:b9:44:31:27:98:
         10:33:d9:01:34:a6:0f:69:cd:4a:bf:18:35:66:d5:be:e6:d1:
         0e:48:b5:4c:fd:77:4a:06:12:16:5c:55:64:87:30:9a:cb:2e:
         6e:af:58:27:02:16:db:09:d9:74:ab:72:fb:a4:25:7f:59:f1:
         32:14:99:e6:15:40:a2:ca:c9:ae:94:f2:3b:2d:ad:64:2f:1c:
         43:01:6f:55:79:f8:31:5b:a4:74:e6:cc:69:5f:87:0a:25:b0:
         2b:9c:00:13:7e:37:fc:10:af:c5:86:17:65:cd:b8:a5:ec:ab:
         ad:da:e9:56:6f:ad:ea:3b:b2:a7:6c:eb:e9:29:94:2c:0c:a7:
         8c:f6:00:59:f6:16:7e:09:b4:db:ea:92:e3:81:87:ad:9f:07:
         6d:60:44:4d:75:a1:fe:ab:67:55:b9:4f:81:06:bd:71:38:ea:
         29:18:b9:ad:5d:ed:59:1a:bb:6a:3a:19:df:44:7a:b4:1c:d1:
         3e:5e:26:cb:b3:a8:ed:72:89:ec:3d:63:f5:30:f7:34:df:3c:
         73:f3:20:53:0d:74:38:1e:92:3b:0b:fc:32:58:9b:ec:ea:de:
         85:39:f0:e4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZfEpRW/49jO9IY10lOKP8ucMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNzAxMDYyMDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWQ0N2U1ZmU1ZDQ3YjU1ZTFkMTAwYTFhYWEyYzVkYTU4YTBiN2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkDAA0cEWp7zJK7h2meF42CMFDFQa
zlRPX3d9bma0SfPHTUmGpeESNmsWsPUkoqOMXPu+CczC43c5cidBxXm/Ec3N1u0w
xST7adKYAuw4FoYADPLiWwK4cxk0sqSnY3EhjFESn87rcgdvT7R9Px+LyIEw2q4v
RwQSRW+3Kf41S1RIRGvJdcK58pJOCb01pt+hlfgV1N2Whe8RNZ+6KwK/0lBtoE0q
dUhD0/p7D2TM2MoQ7Tk7WO28MNQUq/7YjbLZsAcpdpTtC/SYTL8Slgprxx/FFveF
PZMTQXXRdYVcWfCmHhAPZ2FuDOvmOvqs6RzVK55Ya3atuyBruiEtaiHQYQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFM7Ufl/l1HtV4dEAoaqixdpYoLe5MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvenRSLVgtWFVlMVhoMFFDaHFxTEYybGlndDdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg8TgDAN
BgkqhkiG9w0BAQsFAAOCAQEAKMGUfDJMZbra9b0y8DHMKK976FwL7mmVQxcObKF7
3LlEMSeYEDPZATSmD2nNSr8YNWbVvubRDki1TP13SgYSFlxVZIcwmssubq9YJwIW
2wnZdKty+6Qlf1nxMhSZ5hVAosrJrpTyOy2tZC8cQwFvVXn4MVukdObMaV+HCiWw
K5wAE343/BCvxYYXZc24peyrrdrpVm+t6juyp2zr6SmULAynjPYAWfYWfgm02+qS
44GHrZ8HbWBETXWh/qtnVblPgQa9cTjqKRi5rV3tWRq7ajoZ30R6tBzRPl4my7Oo
7XKJ7D1j9TD3NN88c/MgUw10OB6SOwv8Mlib7OrehTnw5A==
-----END CERTIFICATE-----