Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/2DtFiNnZxsSvwyUABXFDH9xGeRs.roa
File:                     2DtFiNnZxsSvwyUABXFDH9xGeRs.roa (raw, json)
Hash identifier:          G39uHphZZEEAkLxmvTSGrIOoh5KobplqqdurCmrnTaM=
Subject key identifier:   D8:3B:45:88:D9:D9:C6:C4:AF:C3:25:00:05:71:43:1F:DC:46:79:1B
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       01942521A31AAC11A3F4F3C3D0A5544FE900
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/2DtFiNnZxsSvwyUABXFDH9xGeRs.roa
Signing time:             Thu 02 Jan 2025 03:49:08 +0000
ROA not before:           Thu 02 Jan 2025 03:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213903
IP address blocks:        2a13:a5c7:2600::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 10:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:a3:1a:ac:11:a3:f4:f3:c3:d0:a5:54:4f:e9:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jan  2 03:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d83b4588d9d9c6c4afc325000571431fdc46791b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:cd:90:e0:ba:8b:b3:57:8a:29:f2:a1:e2:fa:
                    ae:a8:f9:96:35:e2:d1:f2:a1:17:69:8e:04:38:35:
                    dd:77:b6:d2:3f:f5:a6:0f:b4:2e:ac:7e:f1:c0:42:
                    2c:fc:63:ee:40:58:07:bb:bc:f5:58:45:b7:45:ab:
                    2a:f8:a3:1b:c5:16:6d:66:93:43:b2:76:bc:79:48:
                    a0:d4:72:51:cd:c3:2d:52:83:a5:f0:85:d1:3c:47:
                    19:c0:6c:86:f1:6f:57:6e:82:af:65:d4:70:63:cf:
                    e6:51:bc:75:7a:6c:c0:e4:3a:f4:67:53:81:9f:78:
                    a0:9f:61:bb:f1:2e:cb:51:ec:4c:85:ed:b6:9d:04:
                    03:3d:5c:d8:16:b4:77:b0:7e:75:8d:a6:79:8d:43:
                    f9:fc:64:d0:ce:f0:bb:7e:e1:5b:d4:73:c0:64:e1:
                    3f:11:e9:2f:f8:16:18:7a:5d:e8:d6:18:b6:d4:ae:
                    3f:4a:13:bf:bf:ef:f7:e7:b8:69:65:5c:ae:56:86:
                    49:71:4b:31:67:03:42:3e:78:d5:23:3b:0b:a7:7d:
                    81:df:c3:4b:73:72:c0:e6:bd:a5:78:75:3e:cc:52:
                    c8:63:2d:aa:f3:58:97:78:df:9b:89:4a:f8:6a:a9:
                    51:cd:c0:de:f7:8a:54:00:6b:43:b1:6e:fa:85:18:
                    9d:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:3B:45:88:D9:D9:C6:C4:AF:C3:25:00:05:71:43:1F:DC:46:79:1B
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/2DtFiNnZxsSvwyUABXFDH9xGeRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c7:2600::/40

    Signature Algorithm: sha256WithRSAEncryption
         68:17:cd:ac:8d:a0:d2:ad:02:1e:24:1b:67:d8:20:0a:b6:04:
         c2:9d:17:6b:00:7e:7d:f3:be:82:65:7c:a9:d8:eb:08:cd:f9:
         9c:bd:9b:de:55:21:54:de:2d:64:fc:5a:51:8b:a7:d4:87:e8:
         a1:e3:b0:ca:86:0e:87:b5:c5:06:46:72:8e:ce:01:03:30:9b:
         78:2f:87:2e:a5:a9:77:f0:92:4c:60:2c:6c:bf:35:2d:f9:a3:
         df:bf:37:d4:4c:13:35:f9:9e:cd:df:30:55:2d:51:fa:f5:75:
         52:36:c3:b0:9e:15:a2:0c:df:87:91:1d:b9:c7:76:3c:28:a5:
         a4:40:32:75:b5:be:20:8a:9c:ab:7e:7d:cb:d3:2b:27:8e:7b:
         57:21:8b:68:8a:2b:be:12:9a:66:1c:4d:e5:14:f5:db:35:e4:
         4e:b7:37:1f:96:26:fa:81:84:a5:c2:15:6b:40:a1:67:72:1d:
         c3:f7:40:2d:d8:5a:85:df:dd:c4:14:fa:99:81:c5:3f:2f:b8:
         33:47:e2:fe:59:4e:fa:f6:97:f6:7b:bf:e3:c4:ef:64:96:85:
         b1:6a:44:d7:76:a0:40:63:03:79:8b:99:39:3c:7c:d1:a0:bc:
         41:d4:cc:25:3a:b1:8f:74:5e:04:62:8a:2a:42:c4:af:e5:84:
         1f:9d:4f:05
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQlIaMarBGj9PPD0KVUT+kAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjUwMTAyMDM0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODNiNDU4OGQ5ZDljNmM0YWZjMzI1MDAwNTcxNDMxZmRjNDY3OTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqc2Q4LqLs1eKKfKh4vquqPmWNeLR
8qEXaY4EODXdd7bSP/WmD7QurH7xwEIs/GPuQFgHu7z1WEW3Rasq+KMbxRZtZpND
sna8eUig1HJRzcMtUoOl8IXRPEcZwGyG8W9XboKvZdRwY8/mUbx1emzA5Dr0Z1OB
n3ign2G78S7LUexMhe22nQQDPVzYFrR3sH51jaZ5jUP5/GTQzvC7fuFb1HPAZOE/
Eekv+BYYel3o1hi21K4/ShO/v+/357hpZVyuVoZJcUsxZwNCPnjVIzsLp32B38NL
c3LA5r2leHU+zFLIYy2q81iXeN+biUr4aqlRzcDe94pUAGtDsW76hRidPQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNg7RYjZ2cbEr8MlAAVxQx/cRnkbMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvMkR0RmlOblp4c1N2d3lVQUJYRkRIOXhHZVJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhOlxyYw
DQYJKoZIhvcNAQELBQADggEBAGgXzayNoNKtAh4kG2fYIAq2BMKdF2sAfn3zvoJl
fKnY6wjN+Zy9m95VIVTeLWT8WlGLp9SH6KHjsMqGDoe1xQZGco7OAQMwm3gvhy6l
qXfwkkxgLGy/NS35o9+/N9RMEzX5ns3fMFUtUfr1dVI2w7CeFaIM34eRHbnHdjwo
paRAMnW1viCKnKt+fcvTKyeOe1chi2iKK74SmmYcTeUU9ds15E63Nx+WJvqBhKXC
FWtAoWdyHcP3QC3YWoXf3cQU+pmBxT8vuDNH4v5ZTvr2l/Z7v+PE72SWhbFqRNd2
oEBjA3mLmTk8fNGgvEHUzCU6sY90XgRiiipCxK/lhB+dTwU=
-----END CERTIFICATE-----