Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/Ct96xN1xgvlrzbLvxfSx_-BAtNk.roa
File:                     Ct96xN1xgvlrzbLvxfSx_-BAtNk.roa (raw, json)
Hash identifier:          lrSKsEpugh4eEEm3L2JaQTWeMJQdiHgI5ot+GMevkbc=
Subject key identifier:   0A:DF:7A:C4:DD:71:82:F9:6B:CD:B2:EF:C5:F4:B1:FF:E0:40:B4:D9
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       019425219CA258BBF34E295840AF1D5837AC
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/Ct96xN1xgvlrzbLvxfSx_-BAtNk.roa
Signing time:             Thu 02 Jan 2025 03:49:07 +0000
ROA not before:           Thu 02 Jan 2025 03:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     150289
IP address blocks:        2a13:a5c5:f100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 16:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:9c:a2:58:bb:f3:4e:29:58:40:af:1d:58:37:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jan  2 03:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0adf7ac4dd7182f96bcdb2efc5f4b1ffe040b4d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:9b:d5:28:74:6c:99:7b:4f:d6:d9:c2:87:85:
                    2f:e5:16:b6:ba:dd:3d:50:36:2d:d6:1e:f1:75:1c:
                    91:84:59:fc:50:e7:2b:cc:66:5a:b8:90:c7:6e:7c:
                    ae:5b:15:89:36:c8:d4:05:06:9e:5f:21:13:d5:48:
                    ac:45:0e:5d:6a:7b:80:a6:48:0b:49:ed:38:2a:ca:
                    6b:40:ec:c2:a9:74:b6:00:46:a9:0d:b0:f2:61:73:
                    73:8d:7d:be:fc:92:ab:b2:47:16:8b:4e:2d:b2:0a:
                    0f:95:7b:85:e8:bd:a9:9a:30:40:68:67:59:40:d5:
                    45:ee:7b:62:99:c7:4c:ad:68:e4:ae:a4:6e:52:53:
                    8b:4f:55:9a:45:4c:20:e6:c8:3d:95:c3:4f:cc:b5:
                    50:52:38:64:49:e3:d5:50:bf:22:fd:78:01:2b:17:
                    02:53:13:40:63:cb:cc:c8:d9:57:99:93:36:d6:55:
                    0f:bd:85:92:81:9e:3f:9c:cb:11:be:38:9c:b4:e3:
                    a1:60:e1:e7:6f:a0:da:85:d8:b6:3e:ad:7d:a8:80:
                    74:c3:df:79:16:14:7e:ff:e0:98:aa:74:84:3f:f5:
                    e2:be:fe:7a:7c:7e:e4:3b:09:ab:e8:7f:26:77:e2:
                    81:c9:5b:b2:64:65:2f:6f:45:a5:26:7c:48:1c:74:
                    43:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:DF:7A:C4:DD:71:82:F9:6B:CD:B2:EF:C5:F4:B1:FF:E0:40:B4:D9
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/Ct96xN1xgvlrzbLvxfSx_-BAtNk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c5:f100::/40

    Signature Algorithm: sha256WithRSAEncryption
         76:59:99:77:a6:6a:74:31:3f:48:15:40:a6:74:3c:01:f7:78:
         13:9d:59:4f:24:f1:30:47:e3:50:32:dc:e6:16:bf:06:f9:ef:
         bf:0c:f0:a4:c3:8f:78:f6:8d:c2:27:65:2b:29:f7:0b:e4:e5:
         a2:83:cb:79:f9:38:50:9d:20:4a:ec:58:1e:f0:6f:40:c2:de:
         91:f6:7e:08:67:ae:d4:3c:a6:a4:5c:27:23:5d:4a:6f:5b:df:
         ea:32:f3:d8:35:96:89:06:f8:18:f9:63:cd:ba:97:87:3c:b6:
         cc:e7:87:8e:8d:44:33:3c:56:62:94:0d:bf:57:03:df:9c:29:
         fe:f4:7c:c4:62:7b:84:73:d8:12:f2:78:2a:eb:b5:47:7c:1f:
         74:e6:34:a7:7f:bb:9b:73:3e:39:63:97:0b:bc:e4:a0:96:7e:
         bd:ad:7e:3c:8d:6d:31:a1:67:42:02:75:ad:cf:ac:d8:8e:e9:
         af:87:c0:d7:89:7e:c4:80:01:85:47:68:17:8e:e0:44:70:c5:
         73:8b:b8:b6:36:bc:f7:17:a2:8c:d4:e1:54:fa:8a:dc:7d:83:
         2d:fe:fe:be:e5:4b:de:05:18:87:fe:d1:09:aa:69:e6:4a:54:
         66:ec:d3:69:be:31:ca:c3:81:20:34:c6:ac:02:b4:03:da:4c:
         dc:c7:e3:1e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQlIZyiWLvzTilYQK8dWDesMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjUwMTAyMDM0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWRmN2FjNGRkNzE4MmY5NmJjZGIyZWZjNWY0YjFmZmUwNDBiNGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0pvVKHRsmXtP1tnCh4Uv5Ra2ut09
UDYt1h7xdRyRhFn8UOcrzGZauJDHbnyuWxWJNsjUBQaeXyET1UisRQ5danuApkgL
Se04KsprQOzCqXS2AEapDbDyYXNzjX2+/JKrskcWi04tsgoPlXuF6L2pmjBAaGdZ
QNVF7ntimcdMrWjkrqRuUlOLT1WaRUwg5sg9lcNPzLVQUjhkSePVUL8i/XgBKxcC
UxNAY8vMyNlXmZM21lUPvYWSgZ4/nMsRvjictOOhYOHnb6Dahdi2Pq19qIB0w995
FhR+/+CYqnSEP/Xivv56fH7kOwmr6H8md+KByVuyZGUvb0WlJnxIHHRDpwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFArfesTdcYL5a82y78X0sf/gQLTZMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvQ3Q5NnhOMXhndmxyemJMdnhmU3hfLUJBdE5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhOlxfEw
DQYJKoZIhvcNAQELBQADggEBAHZZmXemanQxP0gVQKZ0PAH3eBOdWU8k8TBH41Ay
3OYWvwb5778M8KTDj3j2jcInZSsp9wvk5aKDy3n5OFCdIErsWB7wb0DC3pH2fghn
rtQ8pqRcJyNdSm9b3+oy89g1lokG+Bj5Y826l4c8tsznh46NRDM8VmKUDb9XA9+c
Kf70fMRie4Rz2BLyeCrrtUd8H3TmNKd/u5tzPjljlwu85KCWfr2tfjyNbTGhZ0IC
da3PrNiO6a+HwNeJfsSAAYVHaBeO4ERwxXOLuLY2vPcXoozU4VT6itx9gy3+/r7l
S94FGIf+0QmqaeZKVGbs02m+McrDgSA0xqwCtAPaTNzH4x4=
-----END CERTIFICATE-----