Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/q_ReZYg-PZljSvLfYBi5kLLq_Yg.roa
File:                     q_ReZYg-PZljSvLfYBi5kLLq_Yg.roa (raw, json)
Hash identifier:          bhfUcvzpaqVizkTcumjmJwE+YOkpCqtW16BTTcRqunU=
Subject key identifier:   AB:F4:5E:65:88:3E:3D:99:63:4A:F2:DF:60:18:B9:90:B2:EA:FD:88
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       0194274814A10EB795EF9174AC2CA3932E5A
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/q_ReZYg-PZljSvLfYBi5kLLq_Yg.roa
Signing time:             Thu 02 Jan 2025 13:50:22 +0000
ROA not before:           Thu 02 Jan 2025 13:50:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1239
IP address blocks:        2a07:7880::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:14:a1:0e:b7:95:ef:91:74:ac:2c:a3:93:2e:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jan  2 13:50:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=abf45e65883e3d99634af2df6018b990b2eafd88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:20:76:2c:0f:de:a4:e7:ff:9f:88:7d:5d:8f:
                    71:f6:e2:94:ef:2e:55:33:52:f6:34:e5:33:c6:a7:
                    a4:96:e8:11:52:11:e4:9d:85:7d:c2:77:5e:5c:de:
                    6e:b7:5d:f5:a0:2c:91:71:1f:46:b7:a1:ed:88:3a:
                    9e:17:b6:04:ac:6e:f5:a2:bd:81:5d:c9:bc:37:b6:
                    1f:74:cf:69:45:8e:2e:a5:fa:1d:d9:90:d2:95:42:
                    b3:e0:e1:52:f7:a2:f4:29:24:a7:ae:6e:90:c8:fd:
                    70:4c:fc:8b:b2:78:1c:52:2e:e1:0f:62:49:8d:cd:
                    b1:0f:6f:ba:94:61:aa:c9:b4:b6:0c:bc:25:73:e3:
                    7e:9f:df:f9:ae:22:98:d9:5a:7f:13:d1:21:38:59:
                    30:0d:17:96:66:22:83:d0:b0:34:f3:82:1d:c1:96:
                    bb:3c:96:06:6c:3c:14:c3:fe:b1:2a:09:50:36:24:
                    b7:ca:c5:4d:da:f3:1e:bb:19:cf:c0:f4:36:b6:82:
                    a6:26:e0:1f:2a:16:81:ca:9e:36:70:17:b5:79:76:
                    10:c1:a2:14:da:03:7a:25:06:0f:09:2e:fe:a1:c8:
                    3a:d7:5c:6a:4c:c7:46:4c:7b:45:67:18:c8:26:3f:
                    27:1c:b7:02:97:e6:d8:d6:ac:d5:50:2a:df:bb:42:
                    86:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:F4:5E:65:88:3E:3D:99:63:4A:F2:DF:60:18:B9:90:B2:EA:FD:88
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/q_ReZYg-PZljSvLfYBi5kLLq_Yg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:7880::/29

    Signature Algorithm: sha256WithRSAEncryption
         89:40:19:d8:32:31:7e:41:f5:00:78:74:65:e5:c6:ee:c4:79:
         24:e3:60:06:26:36:4b:7d:49:85:a3:52:52:59:72:a7:52:5f:
         6e:26:e0:5e:53:61:33:35:3f:c0:d7:fc:cd:f6:2b:12:79:32:
         c0:23:e2:0a:ec:43:07:c5:87:6b:76:fe:1f:80:c2:c1:21:87:
         fc:f1:c5:d4:c7:47:05:90:1b:c5:b9:c2:4e:13:dc:97:ca:fa:
         89:bc:2f:53:4e:06:b6:65:db:61:38:94:f6:6d:50:1d:66:38:
         17:3c:a0:ac:d1:ab:a4:34:4f:23:59:9f:be:86:d7:2f:a7:62:
         4d:db:57:24:f8:0a:34:3e:85:d7:f9:66:af:86:bb:f5:b4:74:
         bc:59:26:f8:b9:03:2f:c0:bf:af:60:0d:ad:10:ce:ab:d6:af:
         27:f0:57:3f:4d:3d:55:a8:51:09:39:77:62:20:08:24:de:90:
         a9:68:26:09:e6:cf:06:27:87:ee:cc:ed:29:f0:e8:10:69:e3:
         c5:d1:61:b0:4f:21:f6:34:c1:f2:48:74:48:27:2b:71:f8:39:
         89:15:6c:5b:87:5d:98:38:45:33:e4:cc:36:8c:36:dd:59:b2:
         1c:e7:f2:08:cb:64:b8:f9:8f:c0:ed:35:6b:16:62:cb:a9:32:
         0e:96:e6:3e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQnSBShDreV75F0rCyjky5aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwMTAyMTM1MDIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmY0NWU2NTg4M2UzZDk5NjM0YWYyZGY2MDE4Yjk5MGIyZWFmZDg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmyB2LA/epOf/n4h9XY9x9uKU7y5V
M1L2NOUzxqeklugRUhHknYV9wndeXN5ut131oCyRcR9Gt6HtiDqeF7YErG71or2B
Xcm8N7YfdM9pRY4upfod2ZDSlUKz4OFS96L0KSSnrm6QyP1wTPyLsngcUi7hD2JJ
jc2xD2+6lGGqybS2DLwlc+N+n9/5riKY2Vp/E9EhOFkwDReWZiKD0LA084IdwZa7
PJYGbDwUw/6xKglQNiS3ysVN2vMeuxnPwPQ2toKmJuAfKhaByp42cBe1eXYQwaIU
2gN6JQYPCS7+ocg611xqTMdGTHtFZxjIJj8nHLcCl+bY1qzVUCrfu0KG0wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKv0XmWIPj2ZY0ry32AYuZCy6v2IMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvcV9SZVpZZy1QWmxqU3ZMZllCaTVrTExxX1lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgd4gDAN
BgkqhkiG9w0BAQsFAAOCAQEAiUAZ2DIxfkH1AHh0ZeXG7sR5JONgBiY2S31JhaNS
Ullyp1JfbibgXlNhMzU/wNf8zfYrEnkywCPiCuxDB8WHa3b+H4DCwSGH/PHF1MdH
BZAbxbnCThPcl8r6ibwvU04GtmXbYTiU9m1QHWY4FzygrNGrpDRPI1mfvobXL6di
TdtXJPgKND6F1/lmr4a79bR0vFkm+LkDL8C/r2ANrRDOq9avJ/BXP009VahRCTl3
YiAIJN6QqWgmCebPBieH7sztKfDoEGnjxdFhsE8h9jTB8kh0SCcrcfg5iRVsW4dd
mDhFM+TMNow23VmyHOfyCMtkuPmPwO01axZiy6kyDpbmPg==
-----END CERTIFICATE-----