Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/AaypEsEdVYUGBO9pIAcSnVHxcng.roa
File:                     AaypEsEdVYUGBO9pIAcSnVHxcng.roa (raw, json)
Hash identifier:          xIrmQSj5iiQlA0CWV5z6X22s4gAVeMqFSjtUBU0ngGI=
Subject key identifier:   01:AC:A9:12:C1:1D:55:85:06:04:EF:69:20:07:12:9D:51:F1:72:78
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       019425219DD4A7954A63C37719F9145669F8
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/AaypEsEdVYUGBO9pIAcSnVHxcng.roa
Signing time:             Thu 02 Jan 2025 03:49:07 +0000
ROA not before:           Thu 02 Jan 2025 03:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199310
IP address blocks:        2a13:a5c3:f000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 08:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:9d:d4:a7:95:4a:63:c3:77:19:f9:14:56:69:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jan  2 03:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=01aca912c11d55850604ef692007129d51f17278
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:30:94:b9:e8:91:37:fb:f0:27:c6:2c:68:a8:
                    59:21:c4:14:19:a1:ba:cb:50:84:54:32:0b:29:85:
                    34:5f:26:ef:63:01:c5:d7:b2:f9:1c:9e:23:86:de:
                    54:a0:4b:20:e6:bb:fc:38:fc:e3:36:0f:b9:47:35:
                    e3:20:5d:44:71:fa:35:f3:97:42:4a:a2:55:09:9c:
                    f6:01:31:32:3c:4b:41:7e:ac:6f:26:88:6f:ef:5a:
                    ba:a5:f2:99:3d:de:d7:15:bf:10:89:c3:4b:8e:5c:
                    40:d4:9e:cc:bd:b3:b8:98:00:a5:1b:f4:84:87:e9:
                    70:9c:8c:9b:25:9a:b1:75:99:10:79:2f:d6:db:9b:
                    e7:49:f4:41:8d:88:ca:97:21:f4:25:51:9c:dd:7f:
                    5f:37:78:f9:2b:3d:95:b2:c8:a3:22:ff:7d:33:34:
                    6d:3a:9b:6d:21:d5:94:59:3b:c9:ef:99:1c:af:0c:
                    e8:03:bd:c8:f3:bf:c8:d9:26:1f:a2:15:8e:54:b8:
                    bb:cb:e3:bf:44:57:db:f6:5d:52:0a:71:00:3d:59:
                    fb:b8:f1:04:8d:84:9a:2f:ed:45:14:2a:72:ad:73:
                    25:6d:83:60:02:30:53:d0:fb:b5:8e:9a:d6:c3:c9:
                    d8:5d:7c:01:50:15:35:53:b3:13:55:05:2c:de:84:
                    72:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:AC:A9:12:C1:1D:55:85:06:04:EF:69:20:07:12:9D:51:F1:72:78
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/AaypEsEdVYUGBO9pIAcSnVHxcng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c3:f000::/40

    Signature Algorithm: sha256WithRSAEncryption
         24:0a:2e:1a:24:10:cd:9d:b5:1f:86:33:19:18:9c:e4:9b:3e:
         1a:01:b8:29:78:35:4f:91:39:7a:5f:47:b5:a1:24:b9:cd:48:
         73:f5:cb:28:8d:81:7f:a6:ab:7c:a4:54:d5:ad:63:0e:1e:e1:
         8d:5a:1e:71:6a:08:00:f8:e9:45:ae:4f:af:88:d2:eb:4a:1b:
         7a:3f:50:a7:98:ba:a2:6b:71:4d:c8:03:32:6d:1d:d0:e2:37:
         4f:80:63:68:80:b9:cc:9d:16:6e:de:7f:c2:72:cf:16:88:e6:
         4e:03:97:73:fb:99:0c:87:cf:f7:4c:9b:49:6d:ca:2f:98:bf:
         64:9f:8c:b3:03:87:d1:ac:85:d2:76:c4:01:c8:ad:76:5d:74:
         90:63:d7:f2:ed:00:2c:cd:95:c3:24:77:35:f5:35:0c:61:b0:
         29:6b:ae:8d:96:41:5d:6a:09:e7:57:d3:e2:bc:33:1b:83:55:
         a0:63:91:bd:1e:30:08:b9:94:86:1b:ff:d6:bd:5c:dc:c3:43:
         18:72:fb:41:f2:3e:c8:8b:55:f2:59:d3:ef:09:b7:cc:8c:fb:
         9a:8a:b0:53:c4:af:fb:48:c6:2d:28:55:6c:91:4b:a1:ea:94:
         2c:9d:c6:37:bd:f4:28:b2:49:f0:95:f2:b1:e8:ca:0c:b8:75:
         20:1a:b7:6a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQlIZ3Up5VKY8N3GfkUVmn4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjUwMTAyMDM0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWFjYTkxMmMxMWQ1NTg1MDYwNGVmNjkyMDA3MTI5ZDUxZjE3Mjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4DCUueiRN/vwJ8YsaKhZIcQUGaG6
y1CEVDILKYU0XybvYwHF17L5HJ4jht5UoEsg5rv8OPzjNg+5RzXjIF1Ecfo185dC
SqJVCZz2ATEyPEtBfqxvJohv71q6pfKZPd7XFb8QicNLjlxA1J7MvbO4mAClG/SE
h+lwnIybJZqxdZkQeS/W25vnSfRBjYjKlyH0JVGc3X9fN3j5Kz2VssijIv99MzRt
OpttIdWUWTvJ75kcrwzoA73I87/I2SYfohWOVLi7y+O/RFfb9l1SCnEAPVn7uPEE
jYSaL+1FFCpyrXMlbYNgAjBT0Pu1jprWw8nYXXwBUBU1U7MTVQUs3oRyaQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFAGsqRLBHVWFBgTvaSAHEp1R8XJ4MB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvQWF5cEVzRWRWWVVHQk85cElBY1NuVkh4Y25nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhOlw/Aw
DQYJKoZIhvcNAQELBQADggEBACQKLhokEM2dtR+GMxkYnOSbPhoBuCl4NU+ROXpf
R7WhJLnNSHP1yyiNgX+mq3ykVNWtYw4e4Y1aHnFqCAD46UWuT6+I0utKG3o/UKeY
uqJrcU3IAzJtHdDiN0+AY2iAucydFm7ef8JyzxaI5k4Dl3P7mQyHz/dMm0ltyi+Y
v2SfjLMDh9GshdJ2xAHIrXZddJBj1/LtACzNlcMkdzX1NQxhsClrro2WQV1qCedX
0+K8MxuDVaBjkb0eMAi5lIYb/9a9XNzDQxhy+0HyPsiLVfJZ0+8Jt8yM+5qKsFPE
r/tIxi0oVWyRS6HqlCydxje99CiySfCV8rHoygy4dSAat2o=
-----END CERTIFICATE-----