Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Ey_lHPTN6lbgFFg7ArbSDTKYDXw.roa
File:                     Ey_lHPTN6lbgFFg7ArbSDTKYDXw.roa (raw, json)
Hash identifier:          ceA5A/A8E6sHcShDn/A8YIV5fveY/XT+yaM7tvk2fA0=
Subject key identifier:   13:2F:E5:1C:F4:CD:EA:56:E0:14:58:3B:02:B6:D2:0D:32:98:0D:7C
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       01967AE8FA8A77CE06110301D47A547325A8
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Ey_lHPTN6lbgFFg7ArbSDTKYDXw.roa
Signing time:             Mon 28 Apr 2025 05:40:10 +0000
ROA not before:           Mon 28 Apr 2025 05:40:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209858
IP address blocks:        2a0f:ea45::/32 maxlen: 32
                          2a10:3340::/29 maxlen: 29
                          2a13:9f00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 01 May 2025 07:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7a:e8:fa:8a:77:ce:06:11:03:01:d4:7a:54:73:25:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Apr 28 05:40:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=132fe51cf4cdea56e014583b02b6d20d32980d7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:1f:08:ff:09:72:b0:a3:6d:cc:6e:50:1b:3a:
                    d1:1a:64:dd:52:3d:2d:58:d7:70:23:f5:e4:95:91:
                    9a:b9:35:7e:e1:5a:a1:35:40:1a:60:22:7e:4d:23:
                    f6:a4:5c:2a:f9:2a:37:66:f3:25:4e:35:e3:86:4f:
                    ff:1d:95:9c:2d:cf:6f:ca:8a:86:47:73:28:b5:de:
                    ac:fd:4d:14:43:dc:d1:31:92:c1:07:8f:df:4d:86:
                    30:48:27:27:09:03:c0:44:f0:3f:0f:bf:65:70:47:
                    79:e9:5b:f2:6c:ec:ba:a2:b0:0c:1e:dd:36:ab:a0:
                    14:3a:e1:fc:06:80:20:bd:d5:be:ee:00:a6:83:a4:
                    b3:1b:d0:a0:b9:12:bc:52:88:ef:ac:d4:a4:a0:37:
                    6d:ca:4c:2d:14:2f:3d:e9:95:b6:04:cf:7c:03:21:
                    15:ee:53:ab:9a:e3:5d:13:2e:a3:99:5a:de:2c:5a:
                    7a:bf:ac:22:0b:40:f1:5e:75:ac:d7:55:fc:f0:da:
                    90:94:a7:28:92:f1:7f:1c:51:6f:2f:71:7d:37:be:
                    4f:2f:9f:34:31:2d:ed:50:ef:e7:64:7f:c6:19:37:
                    32:63:fb:03:4a:d8:5e:a0:70:82:7d:98:0f:ca:1a:
                    10:bf:f0:be:7b:cd:7d:96:b5:57:49:15:67:14:ac:
                    52:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:2F:E5:1C:F4:CD:EA:56:E0:14:58:3B:02:B6:D2:0D:32:98:0D:7C
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/Ey_lHPTN6lbgFFg7ArbSDTKYDXw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:ea45::/32
                  2a10:3340::/29
                  2a13:9f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         03:43:02:0d:c8:aa:9c:df:83:50:b6:f2:2b:40:9b:dd:cd:ba:
         76:51:dd:e2:08:4d:2c:1f:e8:cb:1a:50:ae:31:07:b1:15:81:
         02:c8:fd:63:9c:2d:06:03:19:bd:22:98:ce:9a:9a:eb:49:b1:
         05:c9:a6:e7:eb:ac:07:90:fc:bf:7a:22:79:dc:a3:17:a7:41:
         91:6a:a3:c5:74:86:55:83:f7:75:38:f4:33:fc:66:9f:49:2d:
         c1:c6:83:54:a5:20:32:3a:0b:9a:94:3c:6a:06:74:64:ac:9d:
         1b:81:02:e9:be:5c:70:ea:36:1c:c7:5e:cb:c1:2a:5c:46:9d:
         4b:e5:df:99:cc:b2:8a:0a:70:3e:e6:2e:c2:99:5c:ae:d8:83:
         8a:1c:a7:87:c5:1f:e8:35:52:a7:d2:21:9e:ae:74:e2:cc:a8:
         63:b9:37:56:78:55:6e:7e:f7:4f:b4:c5:74:a9:99:46:25:f8:
         59:e3:8e:a0:e1:38:9a:8c:25:19:8b:aa:0c:ea:27:86:c6:3f:
         84:bc:15:bf:0b:e5:b4:ac:d5:6c:0e:92:3e:e7:00:3d:4e:36:
         df:50:8e:d5:2f:5c:27:cf:95:0d:b7:e3:65:28:a2:a0:74:56:
         ad:82:de:bd:3e:11:28:48:ad:8d:c6:4a:9f:56:79:f0:03:e3:
         b5:92:b1:27
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZZ66PqKd84GEQMB1HpUcyWoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNDI4MDU0MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzJmZTUxY2Y0Y2RlYTU2ZTAxNDU4M2IwMmI2ZDIwZDMyOTgwZDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1h8I/wlysKNtzG5QGzrRGmTdUj0t
WNdwI/XklZGauTV+4VqhNUAaYCJ+TSP2pFwq+So3ZvMlTjXjhk//HZWcLc9vyoqG
R3Motd6s/U0UQ9zRMZLBB4/fTYYwSCcnCQPARPA/D79lcEd56VvybOy6orAMHt02
q6AUOuH8BoAgvdW+7gCmg6SzG9CguRK8UojvrNSkoDdtykwtFC896ZW2BM98AyEV
7lOrmuNdEy6jmVreLFp6v6wiC0DxXnWs11X88NqQlKcokvF/HFFvL3F9N75PL580
MS3tUO/nZH/GGTcyY/sDStheoHCCfZgPyhoQv/C+e819lrVXSRVnFKxSKQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBMv5Rz0zepW4BRYOwK20g0ymA18MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvRXlfbEhQVE42bGJnRkZnN0FyYlNEVEtZRFh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKg/qRQMF
AyoQM0ADBQMqE58AMA0GCSqGSIb3DQEBCwUAA4IBAQADQwINyKqc34NQtvIrQJvd
zbp2Ud3iCE0sH+jLGlCuMQexFYECyP1jnC0GAxm9IpjOmprrSbEFyabn66wHkPy/
eiJ53KMXp0GRaqPFdIZVg/d1OPQz/GafSS3BxoNUpSAyOgualDxqBnRkrJ0bgQLp
vlxw6jYcx17LwSpcRp1L5d+ZzLKKCnA+5i7CmVyu2IOKHKeHxR/oNVKn0iGernTi
zKhjuTdWeFVufvdPtMV0qZlGJfhZ446g4TiajCUZi6oM6ieGxj+EvBW/C+W0rNVs
DpI+5wA9TjbfUI7VL1wnz5UNt+NlKKKgdFatgt69PhEoSK2NxkqfVnnwA+O1krEn
-----END CERTIFICATE-----