Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/aKnwBsMGlkpD0KbeYSMbBzSe5sg.roa
File:                     aKnwBsMGlkpD0KbeYSMbBzSe5sg.roa (raw, json)
Hash identifier:          0CFja/15URKBiJS4hMJ/eBwi5p8lLnZlIjRaH2Bf+Sg=
Subject key identifier:   68:A9:F0:06:C3:06:96:4A:43:D0:A6:DE:61:23:1B:07:34:9E:E6:C8
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019661534AAA5B784CE9DAA4F41B59A7433C
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/aKnwBsMGlkpD0KbeYSMbBzSe5sg.roa
Signing time:             Wed 23 Apr 2025 06:26:10 +0000
ROA not before:           Wed 23 Apr 2025 06:26:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198057
IP address blocks:        2a12:f440::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Apr 2025 15:02:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:61:53:4a:aa:5b:78:4c:e9:da:a4:f4:1b:59:a7:43:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Apr 23 06:26:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68a9f006c306964a43d0a6de61231b07349ee6c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:72:43:bb:28:3c:5d:45:bd:f2:60:8c:3b:cb:
                    41:0d:6e:41:83:a6:df:10:55:10:f1:4b:2c:8c:e0:
                    3c:26:1c:e0:79:2f:66:8a:1b:d7:62:7b:02:bf:c9:
                    4f:00:b3:4b:26:f9:30:7e:cd:ed:ca:4f:70:72:9b:
                    0c:f4:76:24:96:51:5f:90:36:8f:e6:7e:a0:6a:18:
                    26:11:7e:cf:70:14:74:f4:dc:85:d0:ee:e0:e3:36:
                    1c:a4:2f:75:aa:cb:77:54:47:32:c6:b6:e6:ec:c9:
                    4a:d0:c9:50:3e:a1:cb:04:6f:65:1e:41:93:fc:a9:
                    8b:ae:9f:17:92:01:00:29:e2:d8:82:25:19:81:bd:
                    2a:03:c5:93:ac:75:44:00:41:7c:c7:6e:88:e1:c3:
                    7d:c6:e8:39:a8:da:48:eb:a3:87:9c:de:24:d9:7a:
                    da:83:84:c6:c0:36:8d:00:1d:aa:1e:df:d0:2b:43:
                    83:ca:67:31:f0:01:72:23:f1:a4:d7:80:12:84:4d:
                    16:d0:ac:4b:7f:a0:c1:23:dc:12:bd:a3:7b:c6:34:
                    d2:a5:40:75:43:6c:11:ef:9c:94:ce:0a:d1:90:06:
                    2d:c5:ca:5e:a7:be:8f:e0:da:f1:60:e0:42:39:fb:
                    90:7a:2d:a4:b1:1e:b1:85:33:15:e5:b1:d8:ae:07:
                    f1:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:A9:F0:06:C3:06:96:4A:43:D0:A6:DE:61:23:1B:07:34:9E:E6:C8
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/aKnwBsMGlkpD0KbeYSMbBzSe5sg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a12:f440::/29

    Signature Algorithm: sha256WithRSAEncryption
         12:b8:42:22:34:c6:13:95:78:72:35:8a:96:e8:32:ad:75:1a:
         e7:00:2e:bc:62:fb:56:df:7d:c6:83:7c:fd:c6:cc:a3:02:13:
         61:cd:9a:7d:4b:af:5a:59:15:4c:17:f2:6a:12:a3:20:6d:e3:
         57:ec:6f:45:13:93:af:1f:30:5d:f6:9a:0e:c2:3d:41:7e:c9:
         2f:85:1b:73:30:e3:31:c4:01:2d:81:bf:0b:d3:20:3c:81:81:
         8f:32:1e:3e:71:43:0a:35:8c:15:a0:50:28:93:9b:4b:2a:8c:
         e3:b6:b9:1c:48:dd:9d:bc:d5:ed:14:ab:1e:27:5b:e2:64:28:
         46:c8:53:62:f8:82:f8:53:f9:b1:9c:2e:6f:1a:b9:c8:3d:4d:
         79:e6:f5:ff:af:f2:e3:9e:44:f4:bb:f6:d7:ab:26:4f:10:f8:
         c2:b7:81:47:ed:66:4a:64:d5:e9:95:b8:94:7f:14:f2:e8:07:
         e2:60:23:19:45:bf:b2:1c:f3:f8:f5:6e:72:e5:65:3f:5a:87:
         19:b7:65:40:a1:c5:3c:eb:33:ed:46:1f:fb:3a:66:03:d0:c8:
         2d:06:ee:6a:05:f5:78:16:21:54:18:ae:c1:14:2b:a8:4b:99:
         c8:e0:86:4d:06:81:e4:f2:15:c7:b7:51:05:50:86:46:11:b0:
         cd:5d:c7:97
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZZhU0qqW3hM6dqk9BtZp0M8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNDIzMDYyNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGE5ZjAwNmMzMDY5NjRhNDNkMGE2ZGU2MTIzMWIwNzM0OWVlNmM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA13JDuyg8XUW98mCMO8tBDW5Bg6bf
EFUQ8UssjOA8JhzgeS9mihvXYnsCv8lPALNLJvkwfs3tyk9wcpsM9HYkllFfkDaP
5n6gahgmEX7PcBR09NyF0O7g4zYcpC91qst3VEcyxrbm7MlK0MlQPqHLBG9lHkGT
/KmLrp8XkgEAKeLYgiUZgb0qA8WTrHVEAEF8x26I4cN9xug5qNpI66OHnN4k2Xra
g4TGwDaNAB2qHt/QK0ODymcx8AFyI/Gk14AShE0W0KxLf6DBI9wSvaN7xjTSpUB1
Q2wR75yUzgrRkAYtxcpep76P4NrxYOBCOfuQei2ksR6xhTMV5bHYrgfx1wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGip8AbDBpZKQ9Cm3mEjGwc0nubIMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvYUtud0JzTUdsa3BEMEtiZVlTTWJCelNlNXNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhL0QDAN
BgkqhkiG9w0BAQsFAAOCAQEAErhCIjTGE5V4cjWKlugyrXUa5wAuvGL7Vt99xoN8
/cbMowITYc2afUuvWlkVTBfyahKjIG3jV+xvRROTrx8wXfaaDsI9QX7JL4UbczDj
McQBLYG/C9MgPIGBjzIePnFDCjWMFaBQKJObSyqM47a5HEjdnbzV7RSrHidb4mQo
RshTYviC+FP5sZwubxq5yD1Neeb1/6/y455E9Lv216smTxD4wreBR+1mSmTV6ZW4
lH8U8ugH4mAjGUW/shzz+PVucuVlP1qHGbdlQKHFPOsz7UYf+zpmA9DILQbuagX1
eBYhVBiuwRQrqEuZyOCGTQaB5PIVx7dRBVCGRhGwzV3Hlw==
-----END CERTIFICATE-----