Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/ec6b29-3621-4024-8628-28842529c7a1/1/5IPzjXtbudzhqWSCz_2qKpvgqfM.roa
File:                     5IPzjXtbudzhqWSCz_2qKpvgqfM.roa (raw, json)
Hash identifier:          3/k5aiqNpyNZ/fHElOfLbVv7ZKiwKvI6JAy6AM1SccM=
Subject key identifier:   E4:83:F3:8D:7B:5B:B9:DC:E1:A9:64:82:CF:FD:AA:2A:9B:E0:A9:F3
Certificate issuer:       /CN=c79d13664a379d8b5dadf763dd04f5115e023184
Certificate serial:       0198139E85E48BB804D48FFF4E2ABDFC3C16
Authority key identifier: C7:9D:13:66:4A:37:9D:8B:5D:AD:F7:63:DD:04:F5:11:5E:02:31:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x50TZko3nYtdrfdj3QT1EV4CMYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/ec6b29-3621-4024-8628-28842529c7a1/1/5IPzjXtbudzhqWSCz_2qKpvgqfM.roa
Signing time:             Wed 16 Jul 2025 14:23:32 +0000
ROA not before:           Wed 16 Jul 2025 14:23:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198037
IP address blocks:        2a13:7dc0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/ec6b29-3621-4024-8628-28842529c7a1/1/x50TZko3nYtdrfdj3QT1EV4CMYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/ec6b29-3621-4024-8628-28842529c7a1/1/x50TZko3nYtdrfdj3QT1EV4CMYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x50TZko3nYtdrfdj3QT1EV4CMYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:13:9e:85:e4:8b:b8:04:d4:8f:ff:4e:2a:bd:fc:3c:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c79d13664a379d8b5dadf763dd04f5115e023184
        Validity
            Not Before: Jul 16 14:23:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e483f38d7b5bb9dce1a96482cffdaa2a9be0a9f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:da:b1:e1:a5:d4:bf:69:83:23:65:53:55:b3:
                    21:37:cf:b9:db:b2:0c:de:90:96:82:37:74:92:47:
                    7c:7b:98:5a:07:a9:4d:af:5e:df:93:af:14:c1:2f:
                    1b:b7:5a:49:25:8d:ac:c2:1a:db:97:88:4c:b1:5c:
                    98:f7:bf:37:b1:72:5e:11:32:df:c4:0c:94:57:8c:
                    d9:45:ac:21:44:30:25:15:21:b2:8e:be:c3:49:6d:
                    eb:28:fd:98:91:9e:5b:96:7a:02:3b:d9:69:55:68:
                    ba:ea:17:a6:d9:23:27:0b:a0:28:5f:94:45:a5:d4:
                    bd:04:46:9c:d7:c7:58:b3:2c:71:e5:5a:14:f2:91:
                    25:2c:41:56:4f:97:27:a1:75:a8:35:7a:c4:67:0f:
                    b4:fd:a8:ce:34:ad:fa:60:c8:24:39:cd:04:d4:44:
                    c3:83:0d:b6:f7:9f:f8:df:79:91:85:49:02:af:54:
                    95:24:22:18:77:77:5e:a3:d5:76:88:0c:a7:06:52:
                    c9:71:fd:89:d0:33:3a:d2:14:13:3d:42:77:20:a1:
                    ba:2b:36:b8:8a:15:b0:49:2c:fe:b5:3e:df:20:fa:
                    a5:d5:f7:7c:09:05:ee:24:ec:8f:26:c4:a6:32:17:
                    38:18:51:ef:bb:0f:a4:91:e7:19:8e:9c:11:07:df:
                    44:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:83:F3:8D:7B:5B:B9:DC:E1:A9:64:82:CF:FD:AA:2A:9B:E0:A9:F3
            X509v3 Authority Key Identifier:
                keyid:C7:9D:13:66:4A:37:9D:8B:5D:AD:F7:63:DD:04:F5:11:5E:02:31:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x50TZko3nYtdrfdj3QT1EV4CMYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/ec6b29-3621-4024-8628-28842529c7a1/1/5IPzjXtbudzhqWSCz_2qKpvgqfM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/ec6b29-3621-4024-8628-28842529c7a1/1/x50TZko3nYtdrfdj3QT1EV4CMYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:7dc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         3c:a0:03:c2:ab:23:e9:6c:2a:69:42:28:b5:33:6e:37:ac:53:
         cf:b4:e0:15:c8:fd:0a:bf:46:39:ad:ba:b3:53:51:3c:22:d9:
         25:bc:ef:8c:a1:13:15:8d:bf:e4:b4:20:66:cd:f1:1c:3f:2a:
         f7:1c:62:f4:fb:a4:27:b9:34:da:7c:c0:bf:6b:22:8c:bf:23:
         e6:cf:d8:ca:75:98:6b:ea:52:e1:15:63:ed:dd:62:1c:fa:3c:
         7e:b9:af:34:57:0d:4d:ca:de:93:f6:87:11:3c:bc:28:7f:22:
         26:f2:54:b9:ba:27:b8:40:e6:3f:68:00:b8:e9:31:00:1e:f4:
         c0:45:f7:12:df:c8:ca:2e:ab:02:e5:23:90:1a:a6:96:63:e6:
         d1:6a:d6:1e:43:66:7b:1a:80:3e:d5:a4:64:e6:4f:27:a6:1e:
         2c:e4:d2:46:3f:f6:79:d7:d0:61:a1:cc:97:2c:86:eb:3c:38:
         a0:b4:7c:db:c9:02:54:86:3e:cd:e5:dc:af:4d:a9:3f:4b:dd:
         27:bb:84:eb:3c:8d:b7:75:b1:e5:ee:4e:37:06:18:40:ba:e8:
         7c:8c:97:b7:30:b8:ad:fb:42:28:a8:cb:21:8f:78:94:1d:28:
         64:67:81:f3:35:af:a9:61:6a:9e:aa:1d:25:12:61:de:64:51:
         3b:ee:8c:2b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZgTnoXki7gE1I//Tiq9/DwWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3OWQxMzY2NGEzNzlkOGI1ZGFkZjc2M2RkMDRmNTExNWUw
MjMxODQwHhcNMjUwNzE2MTQyMzMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDgzZjM4ZDdiNWJiOWRjZTFhOTY0ODJjZmZkYWEyYTliZTBhOWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2dqx4aXUv2mDI2VTVbMhN8+527IM
3pCWgjd0kkd8e5haB6lNr17fk68UwS8bt1pJJY2swhrbl4hMsVyY9783sXJeETLf
xAyUV4zZRawhRDAlFSGyjr7DSW3rKP2YkZ5blnoCO9lpVWi66hem2SMnC6AoX5RF
pdS9BEac18dYsyxx5VoU8pElLEFWT5cnoXWoNXrEZw+0/ajONK36YMgkOc0E1ETD
gw2295/433mRhUkCr1SVJCIYd3deo9V2iAynBlLJcf2J0DM60hQTPUJ3IKG6Kza4
ihWwSSz+tT7fIPql1fd8CQXuJOyPJsSmMhc4GFHvuw+kkecZjpwRB99EqQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOSD8417W7nc4alkgs/9qiqb4KnzMB8GA1UdIwQY
MBaAFMedE2ZKN52LXa33Y90E9RFeAjGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDUwVFprbzNuWXRkcmZkajNRVDFFVjRDTVlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9lYzZiMjktMzYyMS00MDI0LTg2Mjgt
Mjg4NDI1MjljN2ExLzEvNUlQempYdGJ1ZHpocVdTQ3pfMnFLcHZncWZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9lYzZiMjktMzYyMS00MDI0LTg2MjgtMjg4NDI1MjljN2Ex
LzEveDUwVFprbzNuWXRkcmZkajNRVDFFVjRDTVlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhN9wDAN
BgkqhkiG9w0BAQsFAAOCAQEAPKADwqsj6WwqaUIotTNuN6xTz7TgFcj9Cr9GOa26
s1NRPCLZJbzvjKETFY2/5LQgZs3xHD8q9xxi9PukJ7k02nzAv2sijL8j5s/YynWY
a+pS4RVj7d1iHPo8frmvNFcNTcrek/aHETy8KH8iJvJUubonuEDmP2gAuOkxAB70
wEX3Et/Iyi6rAuUjkBqmlmPm0WrWHkNmexqAPtWkZOZPJ6YeLOTSRj/2edfQYaHM
lyyG6zw4oLR828kCVIY+zeXcr02pP0vdJ7uE6zyNt3Wx5e5ONwYYQLrofIyXtzC4
rftCKKjLIY94lB0oZGeB8zWvqWFqnqodJRJh3mRRO+6MKw==
-----END CERTIFICATE-----