Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/0YsqmYoX8nSnq9tL_jZR7_IicOU.roa
File:                     0YsqmYoX8nSnq9tL_jZR7_IicOU.roa (raw, json)
Hash identifier:          Ld1DlRt0TARzLlXLVHsaGFQTRwffTa4AKCb432jsq74=
Subject key identifier:   D1:8B:2A:99:8A:17:F2:74:A7:AB:DB:4B:FE:36:51:EF:F2:22:70:E5
Certificate issuer:       /CN=5524b2e26dd3afcc5c1eac01f90263d201fbe099
Certificate serial:       0197D6C5E376F91FB010B7DDE5959CB0999F
Authority key identifier: 55:24:B2:E2:6D:D3:AF:CC:5C:1E:AC:01:F9:02:63:D2:01:FB:E0:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/0YsqmYoX8nSnq9tL_jZR7_IicOU.roa
Signing time:             Fri 04 Jul 2025 18:49:42 +0000
ROA not before:           Fri 04 Jul 2025 18:49:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        2a13:4a80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 13:47:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d6:c5:e3:76:f9:1f:b0:10:b7:dd:e5:95:9c:b0:99:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5524b2e26dd3afcc5c1eac01f90263d201fbe099
        Validity
            Not Before: Jul  4 18:49:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d18b2a998a17f274a7abdb4bfe3651eff22270e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:5f:53:5e:ca:06:76:19:98:d1:c9:e8:66:44:
                    e2:79:15:b1:57:a2:51:27:39:39:2b:82:1c:d4:a6:
                    66:22:16:77:b1:7d:c4:81:84:07:e2:ca:32:28:f4:
                    e3:f1:13:c4:0f:42:c9:ae:b1:bb:76:94:f9:e8:c0:
                    da:cf:31:d7:e1:e5:f5:3c:ec:6a:84:7b:33:a0:77:
                    e5:86:03:e4:ee:bc:d1:a8:5d:40:ad:af:87:2c:e1:
                    9f:7f:2f:e4:6a:93:58:a0:5c:d0:e2:17:ec:6e:5a:
                    10:0e:4a:47:db:73:a9:64:57:d5:73:2a:58:7e:1c:
                    45:80:3d:56:18:93:75:b9:df:d4:09:95:d2:da:fd:
                    c6:ee:8f:78:66:11:f4:ec:d8:1f:35:c2:9b:cf:be:
                    8f:66:f9:2a:96:6f:d9:0f:a2:a1:c5:d9:89:42:d8:
                    4a:59:70:15:6a:fb:0d:cf:ee:a1:e2:09:6b:78:1d:
                    4c:97:8f:ae:a6:bc:39:f3:52:07:22:c5:ee:22:d9:
                    d7:ce:a8:a7:9f:bd:ea:36:23:34:ee:6b:c4:e4:1c:
                    99:e7:2e:24:dc:54:19:64:1e:fe:44:28:11:ab:55:
                    c2:26:75:61:dd:3e:48:c2:73:b9:67:b8:17:aa:95:
                    c4:80:83:0d:78:7c:a6:9d:f1:05:2f:af:42:7d:ab:
                    2e:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:8B:2A:99:8A:17:F2:74:A7:AB:DB:4B:FE:36:51:EF:F2:22:70:E5
            X509v3 Authority Key Identifier:
                keyid:55:24:B2:E2:6D:D3:AF:CC:5C:1E:AC:01:F9:02:63:D2:01:FB:E0:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/0YsqmYoX8nSnq9tL_jZR7_IicOU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:4a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         0c:62:7e:ab:16:12:3a:fb:63:65:bd:a8:2c:98:3f:ed:b8:bf:
         1c:ee:86:7b:ec:6b:07:19:c1:bc:4f:df:fa:ee:99:04:03:3e:
         6c:fc:e4:be:ae:13:2d:fa:cc:76:be:ca:1e:28:75:77:2c:77:
         37:a3:b8:d7:14:70:59:ed:00:9e:4c:6c:8d:e7:32:4d:75:b1:
         a9:5d:ee:d3:c3:81:d6:a5:5a:e4:7a:c0:b3:3e:12:69:cb:a8:
         77:26:98:27:6f:6b:96:35:39:7a:a3:75:78:b2:b6:ad:94:e4:
         64:cd:23:25:be:3d:93:31:83:11:85:c7:d9:b2:73:f9:f8:97:
         f0:af:74:86:4d:6d:f4:1f:33:4a:b4:33:31:0b:0f:9f:75:c8:
         20:e4:7a:55:5e:4f:bd:06:44:0d:37:d4:49:96:ac:5e:29:4f:
         3d:02:b5:a6:bd:1d:7b:d5:20:79:b2:fd:8d:91:30:65:45:ad:
         f4:84:1c:51:ab:7e:e2:f3:09:7b:e5:06:90:87:9c:95:00:b1:
         e1:db:38:1a:0b:4f:11:49:17:1a:f0:fe:18:3c:1a:10:e0:b4:
         6a:66:8e:d3:72:a6:cf:5f:6b:08:a6:e8:af:85:78:e7:b4:94:
         55:1c:ef:20:b9:65:85:fa:04:45:9e:73:37:f4:8e:94:c8:61:
         ed:b9:ca:c9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZfWxeN2+R+wELfd5ZWcsJmfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1MjRiMmUyNmRkM2FmY2M1YzFlYWMwMWY5MDI2M2QyMDFm
YmUwOTkwHhcNMjUwNzA0MTg0OTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMThiMmE5OThhMTdmMjc0YTdhYmRiNGJmZTM2NTFlZmYyMjI3MGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA019TXsoGdhmY0cnoZkTieRWxV6JR
Jzk5K4Ic1KZmIhZ3sX3EgYQH4soyKPTj8RPED0LJrrG7dpT56MDazzHX4eX1POxq
hHszoHflhgPk7rzRqF1Ara+HLOGffy/kapNYoFzQ4hfsbloQDkpH23OpZFfVcypY
fhxFgD1WGJN1ud/UCZXS2v3G7o94ZhH07NgfNcKbz76PZvkqlm/ZD6KhxdmJQthK
WXAVavsNz+6h4glreB1Ml4+uprw581IHIsXuItnXzqinn73qNiM07mvE5ByZ5y4k
3FQZZB7+RCgRq1XCJnVh3T5IwnO5Z7gXqpXEgIMNeHymnfEFL69CfasuZQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNGLKpmKF/J0p6vbS/42Ue/yInDlMB8GA1UdIwQY
MBaAFFUksuJt06/MXB6sAfkCY9IB++CZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlNTeTRtM1RyOHhjSHF3Qi1RSmowZ0g3NEprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8xNDMzOTItZDg2OC00YTI2LTg1NDMt
M2FhMjIyN2JhZGZlLzEvMFlzcW1Zb1g4blNucTl0TF9qWlI3X0lpY09VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8xNDMzOTItZDg2OC00YTI2LTg1NDMtM2FhMjIyN2JhZGZl
LzEvVlNTeTRtM1RyOHhjSHF3Qi1RSmowZ0g3NEprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhNKgDAN
BgkqhkiG9w0BAQsFAAOCAQEADGJ+qxYSOvtjZb2oLJg/7bi/HO6Ge+xrBxnBvE/f
+u6ZBAM+bPzkvq4TLfrMdr7KHih1dyx3N6O41xRwWe0AnkxsjecyTXWxqV3u08OB
1qVa5HrAsz4SacuodyaYJ29rljU5eqN1eLK2rZTkZM0jJb49kzGDEYXH2bJz+fiX
8K90hk1t9B8zSrQzMQsPn3XIIOR6VV5PvQZEDTfUSZasXilPPQK1pr0de9UgebL9
jZEwZUWt9IQcUat+4vMJe+UGkIeclQCx4ds4GgtPEUkXGvD+GDwaEOC0amaO03Km
z19rCKbor4V457SUVRzvILllhfoERZ5zN/SOlMhh7bnKyQ==
-----END CERTIFICATE-----