Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/ojK7vWUGYdcFE6E6pdTelBkJrYo.roa
File:                     ojK7vWUGYdcFE6E6pdTelBkJrYo.roa (raw, json)
Hash identifier:          OueomUE1RNmCOGseOafHFNft3QKEUk9yTpH5GbErMLc=
Subject key identifier:   A2:32:BB:BD:65:06:61:D7:05:13:A1:3A:A5:D4:DE:94:19:09:AD:8A
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0197C4A5160A44B8F5D0D529C70E6B9BB950
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/ojK7vWUGYdcFE6E6pdTelBkJrYo.roa
Signing time:             Tue 01 Jul 2025 06:20:42 +0000
ROA not before:           Tue 01 Jul 2025 06:20:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212477
IP address blocks:        2a13:cf00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 06:57:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c4:a5:16:0a:44:b8:f5:d0:d5:29:c7:0e:6b:9b:b9:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jul  1 06:20:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a232bbbd650661d70513a13aa5d4de941909ad8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:2c:84:0a:df:65:ec:48:ba:ce:f4:ad:5f:49:
                    cc:93:1d:b6:90:93:a0:c8:2c:24:c8:d3:21:00:4e:
                    17:d4:e2:23:12:f4:cd:bb:62:f1:56:00:d5:10:0a:
                    69:92:02:30:30:92:ff:a4:eb:37:62:53:3a:57:30:
                    38:82:19:41:6f:e4:29:85:30:1c:d2:5d:15:3c:e5:
                    ad:c5:6a:b4:4d:19:00:98:b2:36:d0:42:4f:59:bd:
                    ef:9c:87:40:eb:a8:de:0b:07:e9:2e:58:f2:db:6c:
                    89:f2:9f:99:a7:e5:11:21:3c:a1:f2:fa:79:08:6c:
                    42:83:17:8f:d9:bc:ba:2b:41:38:75:5c:5b:d4:ed:
                    d2:35:f9:c4:a8:98:58:0e:5e:ce:3e:7c:95:29:12:
                    f2:c1:05:c7:28:ee:be:63:36:89:17:6b:38:a2:5d:
                    fa:f8:08:89:5b:44:b7:d2:5c:2b:c8:f4:41:ae:dd:
                    4c:c7:e0:fc:2b:09:68:c5:72:7c:93:0c:4d:00:9a:
                    f1:62:5e:3c:bb:11:97:ef:e6:fc:0f:86:d9:8f:21:
                    10:4b:d5:56:ef:6b:7c:0c:6e:60:37:01:c5:4b:1d:
                    d9:81:bf:a7:31:a0:86:8b:4e:66:7c:8a:4c:75:87:
                    27:fb:bc:6e:b3:c3:0d:d1:84:29:ac:86:d4:e8:8e:
                    01:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:32:BB:BD:65:06:61:D7:05:13:A1:3A:A5:D4:DE:94:19:09:AD:8A
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/ojK7vWUGYdcFE6E6pdTelBkJrYo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:cf00::/29

    Signature Algorithm: sha256WithRSAEncryption
         96:ef:9b:56:47:36:97:e7:79:ff:74:08:af:aa:43:91:14:c1:
         af:cf:96:76:41:07:2f:09:ea:38:2e:6d:57:6f:78:05:cd:35:
         e7:c0:6b:2c:fa:00:cc:4a:64:bd:57:f1:ff:42:4c:1a:0c:d3:
         16:54:64:5a:d0:4d:5a:68:78:ab:69:3a:0f:3b:ea:e3:f1:8c:
         d3:cb:7c:f8:0a:56:84:cd:f1:11:9d:d6:f7:5a:a4:04:30:e7:
         ea:79:33:12:99:eb:7c:70:b9:eb:ae:7c:6e:80:a3:20:d1:c3:
         e6:3b:fd:f5:e5:46:25:8e:b4:a3:f6:d9:a3:7a:53:f7:3a:8e:
         b6:69:a6:3a:cf:84:7a:1a:1f:1e:12:1f:a9:e0:03:5c:0a:0f:
         3e:5c:10:e8:19:30:c5:87:f2:c5:82:e1:3f:fa:96:5f:85:ba:
         5a:fe:50:fa:e2:fa:fb:29:b7:86:8c:53:33:cf:61:e6:ea:52:
         e5:66:b6:62:81:b8:13:18:ce:00:a4:81:84:e7:3b:92:bc:97:
         59:c3:a2:ca:19:83:d1:57:32:f3:c4:65:49:b2:90:68:2b:57:
         59:e0:72:d5:97:be:52:e5:34:65:0d:c8:04:63:a7:42:75:50:
         a8:3d:7b:bf:f8:08:ff:e6:6a:b4:53:4a:96:cb:6b:08:b7:0b:
         3e:d1:4c:42
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZfEpRYKRLj10NUpxw5rm7lQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNzAxMDYyMDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjMyYmJiZDY1MDY2MWQ3MDUxM2ExM2FhNWQ0ZGU5NDE5MDlhZDhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2yyECt9l7Ei6zvStX0nMkx22kJOg
yCwkyNMhAE4X1OIjEvTNu2LxVgDVEAppkgIwMJL/pOs3YlM6VzA4ghlBb+QphTAc
0l0VPOWtxWq0TRkAmLI20EJPWb3vnIdA66jeCwfpLljy22yJ8p+Zp+URITyh8vp5
CGxCgxeP2by6K0E4dVxb1O3SNfnEqJhYDl7OPnyVKRLywQXHKO6+YzaJF2s4ol36
+AiJW0S30lwryPRBrt1Mx+D8KwloxXJ8kwxNAJrxYl48uxGX7+b8D4bZjyEQS9VW
72t8DG5gNwHFSx3Zgb+nMaCGi05mfIpMdYcn+7xus8MN0YQprIbU6I4BwwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKIyu71lBmHXBROhOqXU3pQZCa2KMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvb2pLN3ZXVUdZZGNGRTZFNnBkVGVsQmtKcllvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPPADAN
BgkqhkiG9w0BAQsFAAOCAQEAlu+bVkc2l+d5/3QIr6pDkRTBr8+WdkEHLwnqOC5t
V294Bc0158BrLPoAzEpkvVfx/0JMGgzTFlRkWtBNWmh4q2k6Dzvq4/GM08t8+ApW
hM3xEZ3W91qkBDDn6nkzEpnrfHC56658boCjINHD5jv99eVGJY60o/bZo3pT9zqO
tmmmOs+EehofHhIfqeADXAoPPlwQ6BkwxYfyxYLhP/qWX4W6Wv5Q+uL6+ym3hoxT
M89h5upS5Wa2YoG4ExjOAKSBhOc7kryXWcOiyhmD0Vcy88RlSbKQaCtXWeBy1Ze+
UuU0ZQ3IBGOnQnVQqD17v/gI/+ZqtFNKlstrCLcLPtFMQg==
-----END CERTIFICATE-----