Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/cprD7z3Jrr2FwRDQS8fDgWbDAwA.roa
File:                     cprD7z3Jrr2FwRDQS8fDgWbDAwA.roa (raw, json)
Hash identifier:          NHC8CFIEHo1Idz1X8bsst++f+4vj3GHWhw2Cnesmfp8=
Subject key identifier:   72:9A:C3:EF:3D:C9:AE:BD:85:C1:10:D0:4B:C7:C3:81:66:C3:03:00
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01974013F15A69E0CB6B1D2EA25DD3722380
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/cprD7z3Jrr2FwRDQS8fDgWbDAwA.roa
Signing time:             Thu 05 Jun 2025 12:32:18 +0000
ROA not before:           Thu 05 Jun 2025 12:32:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213505
IP address blocks:        2a10:4a00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 13:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:40:13:f1:5a:69:e0:cb:6b:1d:2e:a2:5d:d3:72:23:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jun  5 12:32:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=729ac3ef3dc9aebd85c110d04bc7c38166c30300
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:56:7d:aa:8e:75:ae:fa:b7:a1:99:3f:39:26:
                    c4:5d:6c:41:22:cf:37:71:0c:0e:51:5b:5c:4b:6f:
                    45:d0:98:b6:0e:f3:8a:d5:23:9c:e4:d0:a3:ad:15:
                    be:29:37:a3:76:1a:a6:22:25:ab:cd:07:98:e0:37:
                    18:99:69:c2:32:50:b8:78:20:05:f5:ce:3d:19:c4:
                    e0:62:b1:c5:fb:67:4a:39:c7:3c:8f:ef:dd:cb:80:
                    89:c6:e7:b0:b1:93:44:dc:ff:21:50:a6:89:c9:16:
                    df:c2:f9:8f:48:26:6f:f0:bc:0f:f3:00:87:d5:5e:
                    dd:1a:06:50:00:f9:e7:c9:ae:4c:88:12:7a:33:21:
                    f4:e0:31:e3:4d:d1:8d:f3:98:34:45:cf:d5:2c:73:
                    5e:42:ad:68:75:56:4c:00:bd:f0:d4:e3:c2:8f:0d:
                    01:c6:d7:c7:06:69:05:d2:d0:f5:dd:2b:13:3e:b1:
                    ef:40:6a:03:16:30:79:46:2a:6b:fc:1c:77:c1:c5:
                    d0:b3:cb:3d:42:0d:e7:7e:db:51:29:68:96:82:4a:
                    a4:27:7c:17:f8:c8:22:18:4b:57:7a:60:04:8e:76:
                    c8:1f:29:dd:9a:49:ed:52:15:90:3e:51:ab:20:32:
                    b8:12:8d:b5:77:98:fd:d5:ec:2e:3a:d0:27:da:bc:
                    8f:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:9A:C3:EF:3D:C9:AE:BD:85:C1:10:D0:4B:C7:C3:81:66:C3:03:00
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/cprD7z3Jrr2FwRDQS8fDgWbDAwA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4a00::/29

    Signature Algorithm: sha256WithRSAEncryption
         89:c4:97:9f:99:d5:ce:b7:9b:eb:18:57:36:ab:b1:39:95:af:
         0d:1d:4a:e2:82:40:b8:df:c0:02:eb:0f:86:bb:8f:f6:47:a2:
         1b:d7:65:93:c2:03:2a:07:c6:86:76:c3:51:81:d4:61:50:94:
         01:5e:05:50:41:2e:4a:32:f5:7a:b6:59:f6:64:97:5b:21:a5:
         82:34:8c:c9:d1:0e:49:1d:da:30:b4:e4:55:a1:26:06:06:b1:
         06:18:5b:c4:ca:f3:4c:47:19:9a:d4:c7:3c:7e:a5:20:c3:12:
         d1:d6:3a:fc:12:3a:14:06:a8:1c:72:dd:ac:51:34:7d:71:97:
         a0:23:3c:fe:ff:2b:ac:68:44:1f:74:62:87:f2:7d:f1:28:b7:
         b0:9a:7d:98:b3:9e:ca:ef:0f:9a:b9:d7:2b:3e:4d:1e:a1:12:
         32:0f:c2:05:45:0c:e2:42:32:66:e2:a7:1f:09:f9:7d:48:24:
         7a:be:13:02:0e:e6:d4:74:c5:83:0d:24:19:ce:c3:9c:99:d0:
         1b:81:f0:29:ec:30:50:86:9b:dd:96:ab:95:81:fb:89:04:42:
         6c:74:63:2f:7f:f5:a3:12:4c:54:e8:e9:3e:11:7e:d9:07:4a:
         2b:38:ef:e8:aa:f0:41:e2:40:45:e0:cb:5e:55:fe:f4:32:0c:
         2d:cf:3a:93
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZdAE/FaaeDLax0uol3TciOAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNjA1MTIzMjE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjlhYzNlZjNkYzlhZWJkODVjMTEwZDA0YmM3YzM4MTY2YzMwMzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+lZ9qo51rvq3oZk/OSbEXWxBIs83
cQwOUVtcS29F0Ji2DvOK1SOc5NCjrRW+KTejdhqmIiWrzQeY4DcYmWnCMlC4eCAF
9c49GcTgYrHF+2dKOcc8j+/dy4CJxuewsZNE3P8hUKaJyRbfwvmPSCZv8LwP8wCH
1V7dGgZQAPnnya5MiBJ6MyH04DHjTdGN85g0Rc/VLHNeQq1odVZMAL3w1OPCjw0B
xtfHBmkF0tD13SsTPrHvQGoDFjB5Ripr/Bx3wcXQs8s9Qg3nfttRKWiWgkqkJ3wX
+MgiGEtXemAEjnbIHyndmkntUhWQPlGrIDK4Eo21d5j91ewuOtAn2ryPdwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHKaw+89ya69hcEQ0EvHw4FmwwMAMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvY3ByRDd6M0pycjJGd1JEUVM4ZkRnV2JEQXdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhBKADAN
BgkqhkiG9w0BAQsFAAOCAQEAicSXn5nVzreb6xhXNquxOZWvDR1K4oJAuN/AAusP
hruP9keiG9dlk8IDKgfGhnbDUYHUYVCUAV4FUEEuSjL1erZZ9mSXWyGlgjSMydEO
SR3aMLTkVaEmBgaxBhhbxMrzTEcZmtTHPH6lIMMS0dY6/BI6FAaoHHLdrFE0fXGX
oCM8/v8rrGhEH3Rih/J98Si3sJp9mLOeyu8PmrnXKz5NHqESMg/CBUUM4kIyZuKn
Hwn5fUgker4TAg7m1HTFgw0kGc7DnJnQG4HwKewwUIab3ZarlYH7iQRCbHRjL3/1
oxJMVOjpPhF+2QdKKzjv6KrwQeJAReDLXlX+9DIMLc86kw==
-----END CERTIFICATE-----