Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/e7c49c-b6d0-45de-bfba-3eaa034a8978/1/cRNU9mqjTuLyrs64AbQG-Q8lS_M.roa
File:                     cRNU9mqjTuLyrs64AbQG-Q8lS_M.roa (raw, json)
Hash identifier:          gATqx8bTowXwaPkDc2Os+EOXUJAixbB51eSVdjtnNog=
Subject key identifier:   71:13:54:F6:6A:A3:4E:E2:F2:AE:CE:B8:01:B4:06:F9:0F:25:4B:F3
Certificate issuer:       /CN=2b78cdca1616c3c6b5f191fc33a934789b12c069
Certificate serial:       019421B1F58695CC2517C0C3926625B9392C
Authority key identifier: 2B:78:CD:CA:16:16:C3:C6:B5:F1:91:FC:33:A9:34:78:9B:12:C0:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K3jNyhYWw8a18ZH8M6k0eJsSwGk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/e7c49c-b6d0-45de-bfba-3eaa034a8978/1/cRNU9mqjTuLyrs64AbQG-Q8lS_M.roa
Signing time:             Wed 01 Jan 2025 11:48:18 +0000
ROA not before:           Wed 01 Jan 2025 11:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44283
IP address blocks:        2a13:7300::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/e7c49c-b6d0-45de-bfba-3eaa034a8978/1/K3jNyhYWw8a18ZH8M6k0eJsSwGk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/e7c49c-b6d0-45de-bfba-3eaa034a8978/1/K3jNyhYWw8a18ZH8M6k0eJsSwGk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K3jNyhYWw8a18ZH8M6k0eJsSwGk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:f5:86:95:cc:25:17:c0:c3:92:66:25:b9:39:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b78cdca1616c3c6b5f191fc33a934789b12c069
        Validity
            Not Before: Jan  1 11:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=711354f66aa34ee2f2aeceb801b406f90f254bf3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:47:56:d4:7d:dd:bd:18:4f:b9:4e:b3:a0:6d:
                    7b:e0:7e:0d:ec:b9:d0:d8:5c:7a:07:ec:7e:5b:a3:
                    0e:02:11:94:b5:53:6d:5b:19:4f:93:c9:0b:11:68:
                    07:45:cb:67:f8:26:c8:40:64:a7:58:e2:56:f0:b7:
                    fb:00:db:f7:7a:cf:d4:1c:a4:c0:5f:b7:dd:1c:55:
                    26:de:76:84:78:4c:bc:62:62:29:15:fc:0e:4d:0f:
                    84:0e:82:04:c4:df:31:36:ce:11:cc:3f:7c:fd:ab:
                    fb:ee:83:93:ab:8f:79:34:d0:c3:17:be:71:dd:f1:
                    16:98:7b:93:a4:ba:01:22:26:54:05:97:f7:69:e6:
                    19:9b:bc:8d:e9:5e:a8:b5:2f:53:ec:6d:61:3a:d2:
                    a1:60:29:97:36:1e:ba:e0:67:3b:1d:db:85:2e:06:
                    f7:22:a9:80:ba:17:ed:7b:fd:18:1f:89:74:42:fe:
                    52:a6:f7:5e:43:46:13:80:98:96:20:95:6d:33:dc:
                    1c:b2:10:e5:d4:68:6a:ea:ea:83:21:d4:22:19:53:
                    44:03:69:02:64:4b:d8:e6:6d:95:8b:5b:71:78:a9:
                    5d:bb:57:08:98:d1:db:07:ea:3a:74:d3:97:67:29:
                    b7:99:a8:0e:46:fd:c0:83:7c:ea:cf:b2:aa:c9:77:
                    29:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:13:54:F6:6A:A3:4E:E2:F2:AE:CE:B8:01:B4:06:F9:0F:25:4B:F3
            X509v3 Authority Key Identifier:
                keyid:2B:78:CD:CA:16:16:C3:C6:B5:F1:91:FC:33:A9:34:78:9B:12:C0:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K3jNyhYWw8a18ZH8M6k0eJsSwGk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/e7c49c-b6d0-45de-bfba-3eaa034a8978/1/cRNU9mqjTuLyrs64AbQG-Q8lS_M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/e7c49c-b6d0-45de-bfba-3eaa034a8978/1/K3jNyhYWw8a18ZH8M6k0eJsSwGk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:7300::/29

    Signature Algorithm: sha256WithRSAEncryption
         7a:c3:b1:3b:5b:08:21:aa:5e:33:54:ff:45:d3:30:87:f0:14:
         27:ac:07:ea:01:2c:c9:57:c9:9a:1b:c8:aa:a3:9b:ed:55:7e:
         92:72:96:5e:77:c3:6a:ac:bb:b4:3b:1e:ee:20:e7:c8:a5:c2:
         33:c3:a9:2a:00:d1:e0:6e:7b:01:c3:0e:90:cd:b6:c6:08:18:
         bb:96:88:d6:7a:1e:69:b5:01:dd:e3:d6:4f:c5:81:d8:c0:15:
         d8:50:a7:e8:dc:a0:a6:1b:85:c2:25:12:4f:4a:3b:09:13:e1:
         54:56:20:fe:fe:d9:70:19:4f:eb:80:38:cd:49:80:fa:32:fe:
         6f:e6:8f:a1:14:e5:ab:40:53:29:d4:d9:59:1d:ab:05:5b:31:
         bf:de:a6:65:41:c9:ef:76:6f:80:74:d8:93:13:2b:d1:89:73:
         d3:07:58:49:66:09:db:ea:ed:cf:cc:ce:9d:1f:e8:14:4b:9a:
         cb:c9:7d:4a:8f:fd:b1:79:d2:97:19:d7:21:48:57:a6:17:e7:
         0d:f9:b6:07:14:3c:f1:da:c6:a9:eb:ad:a8:53:8c:f9:6d:d8:
         7b:71:41:e3:11:91:64:29:c6:85:9f:7e:a1:6b:b5:a2:5f:d8:
         af:d2:30:7c:ad:48:ba:53:fc:fe:4a:cd:4e:86:16:fb:c4:67:
         dc:d7:60:59
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQhsfWGlcwlF8DDkmYluTksMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiNzhjZGNhMTYxNmMzYzZiNWYxOTFmYzMzYTkzNDc4OWIx
MmMwNjkwHhcNMjUwMTAxMTE0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTEzNTRmNjZhYTM0ZWUyZjJhZWNlYjgwMWI0MDZmOTBmMjU0YmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmEdW1H3dvRhPuU6zoG174H4N7LnQ
2Fx6B+x+W6MOAhGUtVNtWxlPk8kLEWgHRctn+CbIQGSnWOJW8Lf7ANv3es/UHKTA
X7fdHFUm3naEeEy8YmIpFfwOTQ+EDoIExN8xNs4RzD98/av77oOTq495NNDDF75x
3fEWmHuTpLoBIiZUBZf3aeYZm7yN6V6otS9T7G1hOtKhYCmXNh664Gc7HduFLgb3
IqmAuhfte/0YH4l0Qv5SpvdeQ0YTgJiWIJVtM9wcshDl1Ghq6uqDIdQiGVNEA2kC
ZEvY5m2Vi1txeKldu1cImNHbB+o6dNOXZym3magORv3Ag3zqz7KqyXcpzwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHETVPZqo07i8q7OuAG0BvkPJUvzMB8GA1UdIwQY
MBaAFCt4zcoWFsPGtfGR/DOpNHibEsBpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzNqTnloWVd3OGExOFpIOE02azBlSnNTd0drLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9lN2M0OWMtYjZkMC00NWRlLWJmYmEt
M2VhYTAzNGE4OTc4LzEvY1JOVTltcWpUdUx5cnM2NEFiUUctUThsU19NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9lN2M0OWMtYjZkMC00NWRlLWJmYmEtM2VhYTAzNGE4OTc4
LzEvSzNqTnloWVd3OGExOFpIOE02azBlSnNTd0drLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhNzADAN
BgkqhkiG9w0BAQsFAAOCAQEAesOxO1sIIapeM1T/RdMwh/AUJ6wH6gEsyVfJmhvI
qqOb7VV+knKWXnfDaqy7tDse7iDnyKXCM8OpKgDR4G57AcMOkM22xggYu5aI1noe
abUB3ePWT8WB2MAV2FCn6NygphuFwiUST0o7CRPhVFYg/v7ZcBlP64A4zUmA+jL+
b+aPoRTlq0BTKdTZWR2rBVsxv96mZUHJ73ZvgHTYkxMr0Ylz0wdYSWYJ2+rtz8zO
nR/oFEuay8l9So/9sXnSlxnXIUhXphfnDfm2BxQ88drGqeutqFOM+W3Ye3FB4xGR
ZCnGhZ9+oWu1ol/Yr9IwfK1IulP8/krNToYW+8Rn3NdgWQ==
-----END CERTIFICATE-----