Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/rZwZbD_BSnHvyM26tCS0n-6jr8s.roa
File:                     rZwZbD_BSnHvyM26tCS0n-6jr8s.roa (raw, json)
Hash identifier:          xlibK6LzsFxTtBrkroU3Mk7lzRkyAhSJ743saez43/A=
Subject key identifier:   AD:9C:19:6C:3F:C1:4A:71:EF:C8:CD:BA:B4:24:B4:9F:EE:A3:AF:CB
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       01942521A616C36B0A78DB713A08567E0952
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/rZwZbD_BSnHvyM26tCS0n-6jr8s.roa
Signing time:             Thu 02 Jan 2025 03:49:09 +0000
ROA not before:           Thu 02 Jan 2025 03:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215575
IP address blocks:        2a13:a5c3:ff00::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:a6:16:c3:6b:0a:78:db:71:3a:08:56:7e:09:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jan  2 03:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ad9c196c3fc14a71efc8cdbab424b49feea3afcb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:a9:84:91:66:af:8e:20:ae:e4:53:be:6f:0a:
                    de:75:b9:92:24:aa:3e:9b:99:b0:1f:ca:ca:74:07:
                    49:f0:f0:96:f5:ac:4f:0c:63:17:a0:24:d5:bc:06:
                    5c:69:e4:be:02:04:6f:7e:3d:2e:4e:f6:ed:cb:fb:
                    07:93:1f:15:af:ea:0f:98:77:d0:99:52:96:2f:1e:
                    82:3c:87:a0:3c:3c:4a:bf:2c:ad:96:e2:63:dc:de:
                    e0:7e:f1:cd:27:43:65:fe:43:b5:b4:a9:ad:35:4e:
                    e9:d1:0c:93:a7:7f:df:2c:5d:ba:0a:0a:ea:a7:8a:
                    48:ae:88:be:14:36:6b:4f:7d:47:41:fd:3e:9d:38:
                    72:d5:5e:f3:b8:ad:ca:c6:f5:36:5a:fb:44:a7:a1:
                    98:6e:1d:76:79:bf:67:64:c7:0b:01:ad:6d:e9:a4:
                    9d:65:03:55:54:3d:0e:6d:10:b3:a9:fa:c9:c9:e1:
                    14:00:5a:88:dd:55:13:d5:1c:99:84:35:a0:1a:c6:
                    a8:32:6c:9a:12:0b:fa:ad:9a:2b:ba:3a:c9:fc:b7:
                    8c:2e:95:ac:0e:19:f4:b0:a6:e4:89:06:88:16:b2:
                    85:2f:a1:1b:b2:87:8d:7b:a6:82:9b:c5:fb:69:e5:
                    97:24:5d:72:ea:29:50:5b:f1:27:09:7f:ca:20:33:
                    d3:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:9C:19:6C:3F:C1:4A:71:EF:C8:CD:BA:B4:24:B4:9F:EE:A3:AF:CB
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/rZwZbD_BSnHvyM26tCS0n-6jr8s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c3:ff00::/44

    Signature Algorithm: sha256WithRSAEncryption
         2f:9a:3c:7c:c0:9d:2d:8a:ca:ab:60:c6:97:71:7f:7a:85:29:
         df:0e:91:9b:0a:c3:be:fb:6d:ae:fb:f2:b1:4c:68:77:ce:f0:
         3b:e0:a4:f8:30:48:2f:8d:a3:99:ae:62:ef:f4:b8:8d:9a:5b:
         63:f5:80:d8:23:16:59:0a:92:6a:5e:3f:cc:5b:70:36:b6:49:
         e1:a7:48:ee:0f:24:aa:1a:d8:e2:cf:6f:d0:95:36:c9:45:c7:
         e6:39:c5:b9:e4:74:3c:54:16:a3:cd:a0:16:10:43:ba:fe:5d:
         22:1f:54:db:6a:74:7b:9f:ff:30:80:38:5a:71:fc:3e:58:75:
         af:de:90:a6:08:e1:ad:3c:d2:2f:cd:a2:cf:09:7f:5a:d9:cf:
         b5:76:ce:bd:d1:97:c4:5d:1d:81:bf:c6:59:97:61:7d:18:1e:
         3e:61:d9:f1:28:4c:e7:5d:48:f7:1e:18:af:ac:8a:53:95:fe:
         b8:06:b9:3e:24:b8:ac:ff:38:44:93:b1:fb:fc:69:d5:47:c6:
         ae:50:c5:ce:3f:f1:93:4b:e8:f7:c6:8f:2e:3c:0b:11:b3:2b:
         f1:ab:15:5f:0f:1b:71:a8:e9:40:20:e9:a9:71:62:fa:11:dc:
         72:98:0b:16:7f:e5:77:b2:2e:3b:24:91:6b:11:fc:af:28:64:
         a7:4f:90:9d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIaYWw2sKeNtxOghWfglSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjUwMTAyMDM0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDljMTk2YzNmYzE0YTcxZWZjOGNkYmFiNDI0YjQ5ZmVlYTNhZmNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqmEkWavjiCu5FO+bwredbmSJKo+
m5mwH8rKdAdJ8PCW9axPDGMXoCTVvAZcaeS+AgRvfj0uTvbty/sHkx8Vr+oPmHfQ
mVKWLx6CPIegPDxKvyytluJj3N7gfvHNJ0Nl/kO1tKmtNU7p0QyTp3/fLF26Cgrq
p4pIroi+FDZrT31HQf0+nThy1V7zuK3KxvU2WvtEp6GYbh12eb9nZMcLAa1t6aSd
ZQNVVD0ObRCzqfrJyeEUAFqI3VUT1RyZhDWgGsaoMmyaEgv6rZorujrJ/LeMLpWs
Dhn0sKbkiQaIFrKFL6EbsoeNe6aCm8X7aeWXJF1y6ilQW/EnCX/KIDPTxwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK2cGWw/wUpx78jNurQktJ/uo6/LMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvclp3WmJEX0JTbkh2eU0yNnRDUzBuLTZqcjhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhOlw/8A
MA0GCSqGSIb3DQEBCwUAA4IBAQAvmjx8wJ0tisqrYMaXcX96hSnfDpGbCsO++22u
+/KxTGh3zvA74KT4MEgvjaOZrmLv9LiNmltj9YDYIxZZCpJqXj/MW3A2tknhp0ju
DySqGtjiz2/QlTbJRcfmOcW55HQ8VBajzaAWEEO6/l0iH1TbanR7n/8wgDhacfw+
WHWv3pCmCOGtPNIvzaLPCX9a2c+1ds690ZfEXR2Bv8ZZl2F9GB4+YdnxKEznXUj3
HhivrIpTlf64Brk+JLis/zhEk7H7/GnVR8auUMXOP/GTS+j3xo8uPAsRsyvxqxVf
DxtxqOlAIOmpcWL6EdxymAsWf+V3si47JJFrEfyvKGSnT5Cd
-----END CERTIFICATE-----