Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/4LDf3BAWYj8mO4n0cpZaSTYNCgQ.roa
File:                     4LDf3BAWYj8mO4n0cpZaSTYNCgQ.roa (raw, json)
Hash identifier:          2PsEN5j0ePjCMadYZW/XY72E9eg7u91QL60wRji2nxY=
Subject key identifier:   E0:B0:DF:DC:10:16:62:3F:26:3B:89:F4:72:96:5A:49:36:0D:0A:04
Certificate issuer:       /CN=cf9625541abe6b5ae926671daa98ac6d8094ec7b
Certificate serial:       0195F129BF8879FC72452AB19D374F17B37E
Authority key identifier: CF:96:25:54:1A:BE:6B:5A:E9:26:67:1D:AA:98:AC:6D:80:94:EC:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z5YlVBq-a1rpJmcdqpisbYCU7Hs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/4LDf3BAWYj8mO4n0cpZaSTYNCgQ.roa
Signing time:             Tue 01 Apr 2025 11:43:19 +0000
ROA not before:           Tue 01 Apr 2025 11:43:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     45033
IP address blocks:        2a07:f80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/z5YlVBq-a1rpJmcdqpisbYCU7Hs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/z5YlVBq-a1rpJmcdqpisbYCU7Hs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z5YlVBq-a1rpJmcdqpisbYCU7Hs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 13:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:f1:29:bf:88:79:fc:72:45:2a:b1:9d:37:4f:17:b3:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf9625541abe6b5ae926671daa98ac6d8094ec7b
        Validity
            Not Before: Apr  1 11:43:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e0b0dfdc1016623f263b89f472965a49360d0a04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:0d:39:cb:5b:80:c4:16:81:de:ae:4e:d9:20:
                    b7:40:74:03:c3:66:c6:56:96:99:9c:20:fe:06:e6:
                    4d:ea:b1:d9:64:0d:68:5b:7b:12:e0:00:63:67:5f:
                    06:42:06:57:04:dd:3d:25:d1:53:90:24:d9:34:bb:
                    0b:d9:6a:b3:e6:50:9f:f4:a3:af:1f:c4:c1:f9:69:
                    cd:74:b3:f0:2a:be:8b:43:f0:3c:9b:89:fc:27:8b:
                    29:ab:c2:d0:48:05:41:ad:93:db:2d:98:4d:6b:e3:
                    0f:88:6b:b6:6e:31:8c:12:ef:82:0d:9b:4b:9b:69:
                    6b:1f:cf:5d:9f:82:f3:f2:34:be:54:99:6a:51:5b:
                    fc:2f:45:fa:99:d9:50:a5:1a:35:d2:34:de:85:2d:
                    7f:ca:fb:d1:2e:bc:ae:9c:4d:be:30:05:40:6c:d1:
                    fe:53:eb:12:7b:f6:65:34:d2:55:59:97:91:e3:8b:
                    b8:4c:18:4e:73:8f:40:a0:03:bd:6a:3a:ce:09:1e:
                    12:74:db:ba:f3:4b:3b:a5:5f:97:2b:93:ee:4b:c4:
                    dc:66:20:ca:e8:01:37:a8:fa:cf:45:c6:16:10:50:
                    a8:93:04:d8:dd:2b:65:86:c8:53:6e:a5:24:16:ec:
                    99:48:69:2e:39:46:22:e8:35:8d:a7:70:81:b4:8a:
                    fe:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:B0:DF:DC:10:16:62:3F:26:3B:89:F4:72:96:5A:49:36:0D:0A:04
            X509v3 Authority Key Identifier:
                keyid:CF:96:25:54:1A:BE:6B:5A:E9:26:67:1D:AA:98:AC:6D:80:94:EC:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z5YlVBq-a1rpJmcdqpisbYCU7Hs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/4LDf3BAWYj8mO4n0cpZaSTYNCgQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/132ed3-434d-4d49-95ca-59a587bdea3f/1/z5YlVBq-a1rpJmcdqpisbYCU7Hs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:f80::/29

    Signature Algorithm: sha256WithRSAEncryption
         7b:45:e6:8a:47:28:2e:8f:e5:1e:0e:04:22:75:1c:b1:a1:e7:
         5b:cd:d0:48:db:07:7d:57:c2:4f:a4:41:de:80:e5:a2:f7:0b:
         2e:5a:a2:db:b4:44:2a:82:58:02:0d:7d:3a:23:9c:10:5c:22:
         e9:0c:42:b9:b8:14:c6:ea:11:a1:4e:e5:88:46:27:b5:20:c6:
         aa:cc:d7:c5:fc:42:1f:8d:c9:37:ec:e1:54:2c:4a:f9:de:41:
         f1:41:46:7c:50:78:87:5e:8a:27:e9:38:ab:b4:97:e6:29:d8:
         cd:c3:68:6d:23:ef:96:61:a8:e0:34:0d:16:89:e6:59:6f:a9:
         d8:e7:0f:d2:00:4d:25:39:f8:c1:d9:83:a2:71:54:fc:b6:d9:
         2e:59:dd:a8:cf:42:bc:55:62:51:2c:54:a3:d3:b0:5e:ab:a2:
         01:f2:2e:50:65:46:74:a7:3c:5b:2b:79:ac:15:17:82:a0:df:
         a9:f3:bc:4c:b1:ea:6c:d5:d6:68:74:84:d9:79:82:52:a6:f4:
         49:66:e2:6b:2c:a0:e7:10:bf:85:d6:1a:b1:57:5f:dc:8f:fd:
         98:2c:dc:3d:bb:3c:f3:81:95:c4:c1:63:42:e2:27:d2:03:c4:
         6e:91:2d:4d:f4:97:58:dc:60:ab:78:3b:f3:d4:0c:7d:00:93:
         2b:63:21:9f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZXxKb+IefxyRSqxnTdPF7N+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmOTYyNTU0MWFiZTZiNWFlOTI2NjcxZGFhOThhYzZkODA5
NGVjN2IwHhcNMjUwNDAxMTE0MzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGIwZGZkYzEwMTY2MjNmMjYzYjg5ZjQ3Mjk2NWE0OTM2MGQwYTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsA05y1uAxBaB3q5O2SC3QHQDw2bG
VpaZnCD+BuZN6rHZZA1oW3sS4ABjZ18GQgZXBN09JdFTkCTZNLsL2Wqz5lCf9KOv
H8TB+WnNdLPwKr6LQ/A8m4n8J4spq8LQSAVBrZPbLZhNa+MPiGu2bjGMEu+CDZtL
m2lrH89dn4Lz8jS+VJlqUVv8L0X6mdlQpRo10jTehS1/yvvRLryunE2+MAVAbNH+
U+sSe/ZlNNJVWZeR44u4TBhOc49AoAO9ajrOCR4SdNu680s7pV+XK5PuS8TcZiDK
6AE3qPrPRcYWEFCokwTY3StlhshTbqUkFuyZSGkuOUYi6DWNp3CBtIr+4wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOCw39wQFmI/JjuJ9HKWWkk2DQoEMB8GA1UdIwQY
MBaAFM+WJVQavmta6SZnHaqYrG2AlOx7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejVZbFZCcS1hMXJwSm1jZHFwaXNiWUNVN0hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8xMzJlZDMtNDM0ZC00ZDQ5LTk1Y2Et
NTlhNTg3YmRlYTNmLzEvNExEZjNCQVdZajhtTzRuMGNwWmFTVFlOQ2dRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8xMzJlZDMtNDM0ZC00ZDQ5LTk1Y2EtNTlhNTg3YmRlYTNm
LzEvejVZbFZCcS1hMXJwSm1jZHFwaXNiWUNVN0hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgcPgDAN
BgkqhkiG9w0BAQsFAAOCAQEAe0XmikcoLo/lHg4EInUcsaHnW83QSNsHfVfCT6RB
3oDlovcLLlqi27REKoJYAg19OiOcEFwi6QxCubgUxuoRoU7liEYntSDGqszXxfxC
H43JN+zhVCxK+d5B8UFGfFB4h16KJ+k4q7SX5inYzcNobSPvlmGo4DQNFonmWW+p
2OcP0gBNJTn4wdmDonFU/LbZLlndqM9CvFViUSxUo9OwXquiAfIuUGVGdKc8Wyt5
rBUXgqDfqfO8TLHqbNXWaHSE2XmCUqb0SWbiayyg5xC/hdYasVdf3I/9mCzcPbs8
84GVxMFjQuIn0gPEbpEtTfSXWNxgq3g789QMfQCTK2Mhnw==
-----END CERTIFICATE-----