Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/ZxyhOgGPPzjHDSrT0ATKy_HvET4.roa
File:                     ZxyhOgGPPzjHDSrT0ATKy_HvET4.roa (raw, json)
Hash identifier:          Fyp8oC9GKGrgKLc4JH1cqKfuS37cWcOuP976iQ47Ggw=
Subject key identifier:   67:1C:A1:3A:01:8F:3F:38:C7:0D:2A:D3:D0:04:CA:CB:F1:EF:11:3E
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01973B6499CB890FDC3DB014B96A486BFFDD
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/ZxyhOgGPPzjHDSrT0ATKy_HvET4.roa
Signing time:             Wed 04 Jun 2025 14:42:17 +0000
ROA not before:           Wed 04 Jun 2025 14:42:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207108
IP address blocks:        2a0f:2f40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 04:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3b:64:99:cb:89:0f:dc:3d:b0:14:b9:6a:48:6b:ff:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jun  4 14:42:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=671ca13a018f3f38c70d2ad3d004cacbf1ef113e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:96:0d:4b:37:e5:ce:b0:8c:fe:94:41:0d:99:
                    5b:29:58:1e:c1:ce:21:55:09:3a:d8:c4:0f:c8:a0:
                    67:31:30:1e:29:16:90:a0:ba:d0:64:ec:a3:e6:e7:
                    bd:16:09:61:35:ce:ad:59:d7:f7:82:6c:86:be:49:
                    f9:81:d0:be:56:92:50:bb:02:48:8e:47:b9:ad:1f:
                    0e:4c:fe:ff:f0:a6:32:61:93:7a:2f:97:fa:f7:f1:
                    52:cb:5b:8e:2c:7f:9b:af:1c:fa:95:e2:5a:64:95:
                    dc:8a:6f:55:19:0a:c7:90:ab:07:5c:03:a8:1e:cc:
                    96:49:18:2a:34:be:64:3e:cf:db:0e:57:a0:70:23:
                    80:dd:85:2d:f7:61:05:3b:06:c8:91:a3:67:ef:59:
                    c8:7f:ac:03:d5:cd:b7:b1:80:95:cf:99:2b:50:67:
                    ad:d2:cc:22:58:ad:1e:fb:07:77:de:8b:8d:9c:6b:
                    10:11:e6:36:7b:7e:58:56:82:1e:21:a8:dc:fb:6e:
                    92:00:b4:c9:96:6d:b3:d3:73:be:63:32:e0:66:4c:
                    7a:0e:97:20:6f:b0:3c:ae:21:b4:d3:d5:81:a1:86:
                    94:b1:ca:d2:d4:51:8a:64:0b:95:83:a6:29:72:b3:
                    91:c4:d5:16:37:4d:14:7c:a1:1c:2f:11:47:c2:13:
                    5d:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:1C:A1:3A:01:8F:3F:38:C7:0D:2A:D3:D0:04:CA:CB:F1:EF:11:3E
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/ZxyhOgGPPzjHDSrT0ATKy_HvET4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:2f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         3e:c5:d7:c9:66:c4:a5:13:a4:3e:b6:6d:7c:a0:b0:08:7e:b9:
         c4:ff:4c:45:6f:a5:91:24:2c:88:48:1b:54:00:8e:cb:d5:de:
         84:5c:63:5d:87:6e:87:aa:f0:64:24:35:8b:b3:70:ba:85:eb:
         f8:53:b2:7f:d6:18:d2:08:5a:86:d1:40:6f:81:22:19:6d:a3:
         f2:2f:b8:90:d1:0b:67:8a:b8:9e:31:cf:e8:7f:a0:57:ee:a0:
         9c:8a:f7:d3:81:4f:96:af:16:9b:67:00:3e:a9:48:22:83:35:
         dd:02:5d:7d:bd:0c:7e:79:3c:a3:f3:3a:a5:7a:f7:46:59:a4:
         ea:87:55:36:66:d1:4a:6f:62:6a:7c:95:c7:ba:ce:5f:66:ee:
         22:96:92:c4:36:2f:0b:ab:6a:43:f0:f7:ca:9c:e2:ff:49:e5:
         e1:3f:b8:96:36:60:9b:f9:e9:f0:de:63:4e:16:38:db:61:31:
         00:64:7d:42:45:56:cf:d0:a9:6c:91:a7:b1:fc:8a:b2:f9:ac:
         33:d5:ea:1c:26:7c:8b:e3:1a:fb:d7:82:03:86:36:c5:da:9d:
         35:c6:e0:ca:ef:f6:c1:c0:be:89:2b:9e:7b:82:fb:66:a8:64:
         13:d7:2c:26:cb:97:f8:e5:2e:48:ce:2a:f2:75:ab:d3:ba:90:
         12:bf:23:cf
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZc7ZJnLiQ/cPbAUuWpIa//dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNjA0MTQ0MjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzFjYTEzYTAxOGYzZjM4YzcwZDJhZDNkMDA0Y2FjYmYxZWYxMTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5YNSzflzrCM/pRBDZlbKVgewc4h
VQk62MQPyKBnMTAeKRaQoLrQZOyj5ue9FglhNc6tWdf3gmyGvkn5gdC+VpJQuwJI
jke5rR8OTP7/8KYyYZN6L5f69/FSy1uOLH+brxz6leJaZJXcim9VGQrHkKsHXAOo
HsyWSRgqNL5kPs/bDlegcCOA3YUt92EFOwbIkaNn71nIf6wD1c23sYCVz5krUGet
0swiWK0e+wd33ouNnGsQEeY2e35YVoIeIajc+26SALTJlm2z03O+YzLgZkx6Dpcg
b7A8riG009WBoYaUscrS1FGKZAuVg6YpcrORxNUWN00UfKEcLxFHwhNdQwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGccoToBjz84xw0q09AEysvx7xE+MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvWnh5aE9nR1BQempIRFNyVDBBVEt5X0h2RVQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg8vQDAN
BgkqhkiG9w0BAQsFAAOCAQEAPsXXyWbEpROkPrZtfKCwCH65xP9MRW+lkSQsiEgb
VACOy9XehFxjXYduh6rwZCQ1i7NwuoXr+FOyf9YY0ghahtFAb4EiGW2j8i+4kNEL
Z4q4njHP6H+gV+6gnIr304FPlq8Wm2cAPqlIIoM13QJdfb0Mfnk8o/M6pXr3Rlmk
6odVNmbRSm9ianyVx7rOX2buIpaSxDYvC6tqQ/D3ypzi/0nl4T+4ljZgm/np8N5j
ThY422ExAGR9QkVWz9CpbJGnsfyKsvmsM9XqHCZ8i+Ma+9eCA4Y2xdqdNcbgyu/2
wcC+iSuee4L7ZqhkE9csJsuX+OUuSM4q8nWr07qQEr8jzw==
-----END CERTIFICATE-----