Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/2HQG6OpGW546i32lz2B1KuHuikk.roa
File:                     2HQG6OpGW546i32lz2B1KuHuikk.roa (raw, json)
Hash identifier:          g2wjQsrus72t2bx+BXfkgFX8/CYpehbSKSJPBF1HdXc=
Subject key identifier:   D8:74:06:E8:EA:46:5B:9E:3A:8B:7D:A5:CF:60:75:2A:E1:EE:8A:49
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01976A0C925DF8B2C7BCD6C6EC2992BB702F
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/2HQG6OpGW546i32lz2B1KuHuikk.roa
Signing time:             Fri 13 Jun 2025 16:08:18 +0000
ROA not before:           Fri 13 Jun 2025 16:08:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205692
IP address blocks:        2a0f:8100::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 20:59:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:6a:0c:92:5d:f8:b2:c7:bc:d6:c6:ec:29:92:bb:70:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Jun 13 16:08:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d87406e8ea465b9e3a8b7da5cf60752ae1ee8a49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:20:ca:b9:7c:4e:0a:59:14:d6:a8:7f:1e:40:
                    80:8d:d4:54:71:c7:26:13:f3:d7:e0:48:82:08:36:
                    70:0f:4a:d9:ba:14:fc:5a:7b:92:1f:3f:6c:34:c1:
                    e6:3b:0f:b0:c0:2f:cf:8b:36:da:8f:6a:52:97:bc:
                    b2:d5:d0:08:ef:5e:52:f1:f5:5b:94:a2:9d:fc:f6:
                    ca:88:09:0a:af:82:f3:e7:e6:3a:c6:ac:6a:63:3a:
                    0b:f9:0f:5c:73:24:02:ed:9d:6d:c9:de:be:8d:c9:
                    0f:2b:94:11:8b:fb:a4:43:63:25:c9:1a:b0:33:fa:
                    fa:7a:ef:bf:dc:2d:55:5e:eb:94:2e:bc:09:57:4d:
                    b0:e5:bc:09:c6:08:84:66:c3:fd:dd:be:36:db:b2:
                    9c:61:50:08:4c:55:80:ea:6b:76:10:b5:f2:aa:db:
                    78:b3:22:66:fa:9f:0a:ef:7e:60:dc:90:5a:ed:ac:
                    8b:29:3c:9d:40:23:bf:6f:b9:c2:80:7b:24:fd:5f:
                    8f:7b:4a:81:b1:72:60:b8:32:fd:47:af:98:38:64:
                    c2:eb:b4:11:75:eb:f3:26:29:78:6f:1d:40:28:fc:
                    9b:38:dc:bb:4b:0c:eb:d3:fd:68:2a:73:ab:cb:f5:
                    1f:77:f6:4f:b9:30:3b:91:85:6c:67:09:73:de:d9:
                    3e:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:74:06:E8:EA:46:5B:9E:3A:8B:7D:A5:CF:60:75:2A:E1:EE:8A:49
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/2HQG6OpGW546i32lz2B1KuHuikk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:8100::/29

    Signature Algorithm: sha256WithRSAEncryption
         6c:c6:f8:3e:fb:f5:95:ab:00:01:ce:eb:0b:e5:e6:38:02:ed:
         9f:15:6c:a3:8e:df:56:25:bf:8d:03:da:7b:7f:5c:27:91:40:
         12:54:97:a8:d1:57:d7:66:eb:a6:e8:d4:37:f1:60:96:cd:a3:
         29:b8:af:cc:77:ed:b0:3a:e6:7e:70:d3:dd:78:88:a5:42:f6:
         a8:54:f5:b0:ae:4f:2c:ee:b6:77:49:0c:93:15:01:3c:8d:e7:
         92:7b:c2:1e:51:54:b5:86:c8:c5:36:bc:22:f6:cb:b6:ad:14:
         e1:c1:f5:3c:2d:37:e7:af:bf:03:a7:6e:5e:d0:ce:22:4f:c3:
         1a:d8:88:0f:cd:a3:56:98:2b:dd:f2:8d:44:f3:30:43:f0:4b:
         6a:83:4c:c2:8f:b7:e2:5b:98:ba:0a:cb:52:46:95:97:b6:bb:
         91:cf:59:0b:86:54:24:ef:f5:f5:33:6c:c4:ae:ba:be:6f:fa:
         fd:12:3b:e3:5b:44:21:11:04:b9:32:f5:e7:28:ec:1a:83:1f:
         c0:f4:e8:b4:cf:8d:a4:ea:d3:da:e2:88:0b:44:89:29:79:7e:
         d3:2a:d4:6e:2f:3e:01:96:1d:ea:ef:d4:62:15:32:07:e2:1b:
         a7:61:68:14:fd:e7:c4:6b:0e:1c:59:56:e1:1c:38:2e:2e:4d:
         f4:b7:5b:7a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZdqDJJd+LLHvNbG7CmSu3AvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNjEzMTYwODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODc0MDZlOGVhNDY1YjllM2E4YjdkYTVjZjYwNzUyYWUxZWU4YTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoiDKuXxOClkU1qh/HkCAjdRUcccm
E/PX4EiCCDZwD0rZuhT8WnuSHz9sNMHmOw+wwC/Pizbaj2pSl7yy1dAI715S8fVb
lKKd/PbKiAkKr4Lz5+Y6xqxqYzoL+Q9ccyQC7Z1tyd6+jckPK5QRi/ukQ2MlyRqw
M/r6eu+/3C1VXuuULrwJV02w5bwJxgiEZsP93b4227KcYVAITFWA6mt2ELXyqtt4
syJm+p8K735g3JBa7ayLKTydQCO/b7nCgHsk/V+Pe0qBsXJguDL9R6+YOGTC67QR
devzJil4bx1AKPybONy7Swzr0/1oKnOry/Ufd/ZPuTA7kYVsZwlz3tk+rQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNh0BujqRlueOot9pc9gdSrh7opJMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvMkhRRzZPcEdXNTQ2aTMybHoyQjFLdUh1aWtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg+BADAN
BgkqhkiG9w0BAQsFAAOCAQEAbMb4Pvv1lasAAc7rC+XmOALtnxVso47fViW/jQPa
e39cJ5FAElSXqNFX12brpujUN/Fgls2jKbivzHftsDrmfnDT3XiIpUL2qFT1sK5P
LO62d0kMkxUBPI3nknvCHlFUtYbIxTa8IvbLtq0U4cH1PC0356+/A6duXtDOIk/D
GtiID82jVpgr3fKNRPMwQ/BLaoNMwo+34luYugrLUkaVl7a7kc9ZC4ZUJO/19TNs
xK66vm/6/RI741tEIREEuTL15yjsGoMfwPTotM+NpOrT2uKIC0SJKXl+0yrUbi8+
AZYd6u/UYhUyB+Ibp2FoFP3nxGsOHFlW4Rw4Li5N9Ldbeg==
-----END CERTIFICATE-----