Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/1gGvpO2TsvBOOX_kiZ0svgOuWGs.roa
File:                     1gGvpO2TsvBOOX_kiZ0svgOuWGs.roa (raw, json)
Hash identifier:          7IYscttuW0cFL8aI5IJItWXroic9Ov1isN94p2UvTa0=
Subject key identifier:   D6:01:AF:A4:ED:93:B2:F0:4E:39:7F:E4:89:9D:2C:BE:03:AE:58:6B
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01950008F9460C0FC13DC72BBA4C20E9ADEF
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/1gGvpO2TsvBOOX_kiZ0svgOuWGs.roa
Signing time:             Thu 13 Feb 2025 15:59:02 +0000
ROA not before:           Thu 13 Feb 2025 15:59:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1002
IP address blocks:        2a05:b300::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:00:08:f9:46:0c:0f:c1:3d:c7:2b:ba:4c:20:e9:ad:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Feb 13 15:59:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d601afa4ed93b2f04e397fe4899d2cbe03ae586b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:6b:79:cf:f8:ac:b9:ca:9d:7d:b6:bc:37:ad:
                    e1:66:51:7f:d0:5d:93:4e:aa:88:99:be:e3:91:f1:
                    0a:a5:6c:ce:ff:54:7e:91:6d:c8:fe:70:f4:71:3d:
                    df:59:35:05:82:1f:0e:9f:09:9f:67:78:e2:73:6a:
                    7e:6b:a2:fe:00:f1:f1:42:97:71:77:58:b0:ee:f5:
                    53:8e:57:3b:36:36:86:22:ff:87:7d:73:aa:6f:09:
                    02:84:85:3a:3e:62:c9:7b:53:0b:54:20:94:80:32:
                    08:af:a2:10:e1:65:d3:52:f7:e1:b8:d8:dd:84:e7:
                    f2:36:69:3f:4d:54:66:b6:d5:26:25:f9:a8:e1:82:
                    95:e5:38:01:a1:cd:d1:9e:12:6c:54:42:e6:46:34:
                    0e:c3:76:60:01:f8:24:1c:b4:c1:8b:55:94:84:6d:
                    10:6d:f7:b3:e0:78:8e:67:d6:b7:b2:1e:55:44:8f:
                    44:47:4c:50:71:8e:db:2a:5d:f1:91:6f:80:f0:5f:
                    59:8d:22:14:3a:85:29:a7:34:9a:c4:d3:f5:fc:a4:
                    01:b0:d9:fe:b9:ee:71:30:87:c4:e4:24:34:1d:ed:
                    34:5f:b6:11:a3:3f:93:bb:02:1d:3c:a5:09:74:75:
                    04:c6:87:42:62:aa:35:37:db:47:05:e5:a1:d0:9d:
                    7b:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:01:AF:A4:ED:93:B2:F0:4E:39:7F:E4:89:9D:2C:BE:03:AE:58:6B
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/1gGvpO2TsvBOOX_kiZ0svgOuWGs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:b300::/29

    Signature Algorithm: sha256WithRSAEncryption
         1b:8d:ff:67:17:7d:db:e0:ae:41:03:0f:63:0b:56:47:76:51:
         39:be:f7:53:ba:a1:b0:50:b8:b4:40:fa:87:67:6b:f6:5e:7a:
         a3:fa:5b:cb:a4:cd:91:91:f3:2f:f8:be:95:43:d0:6f:0e:88:
         33:dc:8f:f0:f1:6d:c1:bf:6e:35:bd:48:a2:05:25:e8:0a:9a:
         e7:d6:9d:5a:1a:e4:56:cb:9f:2e:85:f6:18:3a:9a:10:46:cd:
         37:30:e7:ef:21:f4:d1:47:8f:7c:bf:9f:6c:fe:2a:73:d3:cb:
         c0:d5:1e:38:95:e8:cc:ed:9d:0c:43:c2:77:62:b8:ad:2d:27:
         71:04:29:6a:a0:da:f4:91:65:32:f7:98:d0:d6:77:5e:6b:02:
         e2:93:39:6b:26:f7:2f:84:c0:91:09:cc:a8:2c:ef:80:15:c6:
         3c:2e:f3:32:53:fd:63:e9:57:6e:86:a3:d7:b6:42:95:9f:c7:
         7e:90:34:9d:7f:cb:6a:dc:b9:11:f0:70:d7:56:db:cb:5c:67:
         c4:2e:75:ad:d8:59:89:92:f5:2c:86:97:26:c2:88:f4:fe:fa:
         a4:d3:00:e8:4b:7b:51:c2:f8:36:39:44:26:52:5c:3f:27:d3:
         1a:f4:58:c0:39:8d:fd:d9:82:b7:b7:26:80:c7:16:3f:4c:4b:
         f8:e0:d1:a2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZUACPlGDA/BPccrukwg6a3vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwMjEzMTU1OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjAxYWZhNGVkOTNiMmYwNGUzOTdmZTQ4OTlkMmNiZTAzYWU1ODZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsWt5z/isucqdfba8N63hZlF/0F2T
TqqImb7jkfEKpWzO/1R+kW3I/nD0cT3fWTUFgh8OnwmfZ3jic2p+a6L+APHxQpdx
d1iw7vVTjlc7NjaGIv+HfXOqbwkChIU6PmLJe1MLVCCUgDIIr6IQ4WXTUvfhuNjd
hOfyNmk/TVRmttUmJfmo4YKV5TgBoc3RnhJsVELmRjQOw3ZgAfgkHLTBi1WUhG0Q
bfez4HiOZ9a3sh5VRI9ER0xQcY7bKl3xkW+A8F9ZjSIUOoUppzSaxNP1/KQBsNn+
ue5xMIfE5CQ0He00X7YRoz+TuwIdPKUJdHUExodCYqo1N9tHBeWh0J171QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNYBr6Ttk7LwTjl/5ImdLL4DrlhrMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvMWdHdnBPMlRzdkJPT1hfa2laMHN2Z091V0dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgWzADAN
BgkqhkiG9w0BAQsFAAOCAQEAG43/Zxd92+CuQQMPYwtWR3ZROb73U7qhsFC4tED6
h2dr9l56o/pby6TNkZHzL/i+lUPQbw6IM9yP8PFtwb9uNb1IogUl6Aqa59adWhrk
VsufLoX2GDqaEEbNNzDn7yH00UePfL+fbP4qc9PLwNUeOJXozO2dDEPCd2K4rS0n
cQQpaqDa9JFlMveY0NZ3XmsC4pM5ayb3L4TAkQnMqCzvgBXGPC7zMlP9Y+lXboaj
17ZClZ/HfpA0nX/Laty5EfBw11bby1xnxC51rdhZiZL1LIaXJsKI9P76pNMA6Et7
UcL4NjlEJlJcPyfTGvRYwDmN/dmCt7cmgMcWP0xL+ODRog==
-----END CERTIFICATE-----