Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/3ccb85-918b-4de8-bda2-9c8bba664ff0/1/HWWs6MqFS2nmbLw3ShctihMbNaY.roa
File:                     HWWs6MqFS2nmbLw3ShctihMbNaY.roa (raw, json)
Hash identifier:          KSXNNa9oIp9r32J4311J0aN03+Peflc2SZu+HPxriyM=
Subject key identifier:   1D:65:AC:E8:CA:85:4B:69:E6:6C:BC:37:4A:17:2D:8A:13:1B:35:A6
Certificate issuer:       /CN=ac89af60986e6d958322fb026c6b65aeec949a0d
Certificate serial:       019427485A3A5360062DA08D7D564C524687
Authority key identifier: AC:89:AF:60:98:6E:6D:95:83:22:FB:02:6C:6B:65:AE:EC:94:9A:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rImvYJhubZWDIvsCbGtlruyUmg0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/3ccb85-918b-4de8-bda2-9c8bba664ff0/1/HWWs6MqFS2nmbLw3ShctihMbNaY.roa
Signing time:             Thu 02 Jan 2025 13:50:40 +0000
ROA not before:           Thu 02 Jan 2025 13:50:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5068
IP address blocks:        2a13:ce40:6660::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/3ccb85-918b-4de8-bda2-9c8bba664ff0/1/rImvYJhubZWDIvsCbGtlruyUmg0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/3ccb85-918b-4de8-bda2-9c8bba664ff0/1/rImvYJhubZWDIvsCbGtlruyUmg0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rImvYJhubZWDIvsCbGtlruyUmg0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:5a:3a:53:60:06:2d:a0:8d:7d:56:4c:52:46:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac89af60986e6d958322fb026c6b65aeec949a0d
        Validity
            Not Before: Jan  2 13:50:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1d65ace8ca854b69e66cbc374a172d8a131b35a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:d6:48:6c:a1:34:ef:d0:f5:11:85:59:2a:1f:
                    95:51:3e:6e:40:d3:a0:58:e9:8d:7c:c5:34:57:db:
                    4f:8b:8c:0f:fc:93:7d:83:9a:2d:5e:d5:c0:84:3e:
                    23:43:84:e0:0e:06:02:60:bf:32:33:21:05:61:d1:
                    87:80:e8:1d:1a:25:9b:a2:cc:e5:58:b1:35:f8:6b:
                    b3:48:83:7b:8a:19:81:07:19:8b:e9:b3:84:70:a9:
                    e9:b5:05:25:b9:fd:99:ec:51:87:7e:1f:af:8f:98:
                    66:f9:77:5d:97:9c:f6:61:22:78:9d:63:a5:03:8b:
                    57:9c:f2:0f:84:d6:9f:ae:86:0a:11:cf:0a:46:a9:
                    ae:5f:b1:b0:51:d3:cb:9c:fc:db:16:33:2a:3d:14:
                    9d:82:0a:07:75:26:d5:b6:a8:2e:e8:f6:de:83:cb:
                    20:0b:09:6c:50:25:9b:72:0a:80:57:f4:e6:9f:d3:
                    78:1e:86:94:d1:f6:0f:1d:76:d2:06:83:a2:dc:f7:
                    ae:65:27:0d:85:b7:42:fa:59:76:96:6d:ec:81:5c:
                    02:63:88:03:30:f0:82:ad:58:77:1b:e3:58:97:19:
                    c4:ec:6e:85:ef:b3:32:ad:4b:10:4e:d2:cf:bd:44:
                    b9:99:33:94:b0:64:4b:82:fc:f0:3e:5a:8d:80:ce:
                    a1:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:65:AC:E8:CA:85:4B:69:E6:6C:BC:37:4A:17:2D:8A:13:1B:35:A6
            X509v3 Authority Key Identifier:
                keyid:AC:89:AF:60:98:6E:6D:95:83:22:FB:02:6C:6B:65:AE:EC:94:9A:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rImvYJhubZWDIvsCbGtlruyUmg0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/3ccb85-918b-4de8-bda2-9c8bba664ff0/1/HWWs6MqFS2nmbLw3ShctihMbNaY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/3ccb85-918b-4de8-bda2-9c8bba664ff0/1/rImvYJhubZWDIvsCbGtlruyUmg0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:ce40:6660::/48

    Signature Algorithm: sha256WithRSAEncryption
         01:46:4b:be:8e:0d:40:fd:0e:50:bd:c7:83:be:69:78:71:2e:
         fe:90:2a:6a:01:d2:fa:eb:36:87:08:41:24:97:3c:9c:82:0f:
         ee:6c:7d:0e:51:63:a5:ae:44:17:02:fd:98:3b:f7:0f:0f:c1:
         9d:b1:23:25:ae:b5:5b:0d:08:76:49:0e:4c:77:c1:e4:5e:0a:
         e9:f2:dd:10:2e:37:d0:80:8c:21:46:84:df:1e:e7:ba:40:b7:
         a4:5c:df:34:3e:fc:7f:21:6f:7a:25:f4:3c:b3:91:ce:dc:52:
         7d:c4:37:23:55:5b:a7:d9:ca:c6:4f:ab:8f:71:8d:d4:f6:75:
         92:e9:fc:98:5a:7f:c4:37:49:d3:2b:35:69:cd:a8:fd:e6:b1:
         9c:47:46:3e:7d:b2:1a:b7:03:6b:1d:2f:0c:89:81:12:cc:3b:
         7a:6b:14:35:df:f7:cd:f8:5c:09:99:e1:7e:c6:29:82:20:79:
         76:77:e2:55:7f:73:9d:31:34:ca:30:f4:bb:24:11:d6:95:bf:
         c2:32:2e:b4:5c:c7:e1:01:f4:a9:09:e9:48:af:81:0d:fa:d4:
         ea:40:e9:f6:b0:be:32:f7:49:c2:74:18:e0:1a:e8:5d:fc:d6:
         6d:4b:51:6d:e0:d3:40:d0:7c:de:fb:12:ab:2e:c5:ea:2b:3c:
         3c:a1:31:05
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQnSFo6U2AGLaCNfVZMUkaHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjODlhZjYwOTg2ZTZkOTU4MzIyZmIwMjZjNmI2NWFlZWM5
NDlhMGQwHhcNMjUwMTAyMTM1MDQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDY1YWNlOGNhODU0YjY5ZTY2Y2JjMzc0YTE3MmQ4YTEzMWIzNWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNZIbKE079D1EYVZKh+VUT5uQNOg
WOmNfMU0V9tPi4wP/JN9g5otXtXAhD4jQ4TgDgYCYL8yMyEFYdGHgOgdGiWboszl
WLE1+GuzSIN7ihmBBxmL6bOEcKnptQUluf2Z7FGHfh+vj5hm+Xddl5z2YSJ4nWOl
A4tXnPIPhNafroYKEc8KRqmuX7GwUdPLnPzbFjMqPRSdggoHdSbVtqgu6Pbeg8sg
CwlsUCWbcgqAV/Tmn9N4HoaU0fYPHXbSBoOi3PeuZScNhbdC+ll2lm3sgVwCY4gD
MPCCrVh3G+NYlxnE7G6F77MyrUsQTtLPvUS5mTOUsGRLgvzwPlqNgM6hSwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB1lrOjKhUtp5my8N0oXLYoTGzWmMB8GA1UdIwQY
MBaAFKyJr2CYbm2VgyL7AmxrZa7slJoNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckltdllKaHViWldESXZzQ2JHdGxydXlVbWcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8zY2NiODUtOTE4Yi00ZGU4LWJkYTIt
OWM4YmJhNjY0ZmYwLzEvSFdXczZNcUZTMm5tYkx3M1NoY3RpaE1iTmFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8zY2NiODUtOTE4Yi00ZGU4LWJkYTItOWM4YmJhNjY0ZmYw
LzEvckltdllKaHViWldESXZzQ2JHdGxydXlVbWcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhPOQGZg
MA0GCSqGSIb3DQEBCwUAA4IBAQABRku+jg1A/Q5QvceDvml4cS7+kCpqAdL66zaH
CEEklzycgg/ubH0OUWOlrkQXAv2YO/cPD8GdsSMlrrVbDQh2SQ5Md8HkXgrp8t0Q
LjfQgIwhRoTfHue6QLekXN80Pvx/IW96JfQ8s5HO3FJ9xDcjVVun2crGT6uPcY3U
9nWS6fyYWn/EN0nTKzVpzaj95rGcR0Y+fbIatwNrHS8MiYESzDt6axQ13/fN+FwJ
meF+ximCIHl2d+JVf3OdMTTKMPS7JBHWlb/CMi60XMfhAfSpCelIr4EN+tTqQOn2
sL4y90nCdBjgGuhd/NZtS1Ft4NNA0Hze+xKrLsXqKzw8oTEF
-----END CERTIFICATE-----