Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/FN6eGuuI_wxSJwtVgTgHksuIU2k.roa
File:                     FN6eGuuI_wxSJwtVgTgHksuIU2k.roa (raw, json)
Hash identifier:          lcwy4N23aWEQwNKLPfOGbzSMxuSa2S19+LPrrtBD9kQ=
Subject key identifier:   14:DE:9E:1A:EB:88:FF:0C:52:27:0B:55:81:38:07:92:CB:88:53:69
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       01942521A283D1779AA0DB85FE5FE196E256
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/FN6eGuuI_wxSJwtVgTgHksuIU2k.roa
Signing time:             Thu 02 Jan 2025 03:49:08 +0000
ROA not before:           Thu 02 Jan 2025 03:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213750
IP address blocks:        2a13:a5c7:2700::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:a2:83:d1:77:9a:a0:db:85:fe:5f:e1:96:e2:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jan  2 03:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=14de9e1aeb88ff0c52270b5581380792cb885369
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:0f:21:5f:60:07:e9:d0:fb:62:c1:8a:9f:18:
                    43:dc:e5:4a:a1:9f:46:8b:70:5e:c0:7e:6f:d4:4c:
                    6b:ae:5a:cc:6c:aa:c8:0f:59:d0:9d:dc:4e:23:dc:
                    c2:78:90:38:d2:ac:47:3b:ad:21:48:91:62:81:d6:
                    e9:83:82:8f:cc:10:23:9d:84:e9:ab:d6:15:3b:96:
                    c0:5a:34:73:aa:48:0b:a6:f1:7b:31:87:f5:01:14:
                    85:43:0d:a9:93:02:d6:fa:b7:69:23:85:38:bd:c8:
                    29:6c:68:78:a7:0f:ab:7c:6a:15:55:38:63:7c:18:
                    bf:cb:55:04:9e:dc:9c:09:48:7d:4e:4c:dd:8b:77:
                    7f:8d:7d:8a:49:cf:1a:d6:16:37:42:3f:77:ff:1d:
                    30:e5:f3:66:b4:a6:ea:b1:83:60:0f:b1:bf:a9:83:
                    37:72:00:a8:48:54:c2:04:36:e7:b8:24:d7:59:f6:
                    a1:9f:37:29:53:61:40:0d:11:56:94:f0:86:d9:c2:
                    a6:23:61:f3:8d:b7:e1:1c:56:09:21:8c:c7:30:eb:
                    88:d1:11:2c:3b:d5:24:34:26:02:90:87:2c:19:59:
                    d1:3d:3d:c3:d7:ab:88:b6:91:97:d8:79:44:e3:b2:
                    80:40:ca:70:fb:cb:bc:36:c9:76:a3:e3:89:ce:f4:
                    0b:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:DE:9E:1A:EB:88:FF:0C:52:27:0B:55:81:38:07:92:CB:88:53:69
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/FN6eGuuI_wxSJwtVgTgHksuIU2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c7:2700::/40

    Signature Algorithm: sha256WithRSAEncryption
         45:c0:e3:09:11:6b:d3:05:cd:30:8e:de:9b:9f:eb:dd:24:18:
         e4:11:a9:bc:9c:14:61:e1:a1:1f:f6:05:6c:f3:0e:20:19:85:
         d2:9e:a4:3e:3f:26:3f:0f:d4:f7:4f:33:ec:20:30:de:7c:8c:
         53:c7:15:83:a5:a6:76:a9:9b:ce:96:39:cd:bd:be:39:42:a6:
         5d:d3:ec:88:fd:d0:16:ac:b8:31:e2:b9:82:65:70:ee:3f:b1:
         c6:59:07:a0:60:f8:6a:4e:66:20:19:75:0c:b9:88:52:b6:ec:
         f4:7a:9a:f6:f8:f4:1a:b0:52:3f:ab:76:81:c9:d1:33:30:c8:
         eb:ba:51:bb:f0:1e:f7:d3:6e:63:f4:f2:bf:a1:01:19:66:17:
         3a:19:cd:86:2f:23:ef:89:f2:ad:99:8f:5a:6e:34:ab:f6:dc:
         4f:bd:bf:d6:8b:78:1d:33:a2:e6:69:96:5a:58:2d:9e:63:3a:
         e5:4d:03:86:bf:fe:c2:6f:6e:04:cc:f2:19:a7:32:c6:1c:7c:
         7d:13:4f:7a:b3:63:a6:66:40:9c:b3:55:8b:af:da:a5:34:ee:
         c1:bc:59:ea:43:ec:0e:67:d8:27:17:ec:70:fe:56:a7:ea:e3:
         87:19:86:21:1f:d4:44:3c:4f:18:f8:6c:01:e2:9e:8c:e0:72:
         c0:f3:f2:ca
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQlIaKD0XeaoNuF/l/hluJWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjUwMTAyMDM0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGRlOWUxYWViODhmZjBjNTIyNzBiNTU4MTM4MDc5MmNiODg1MzY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsw8hX2AH6dD7YsGKnxhD3OVKoZ9G
i3BewH5v1ExrrlrMbKrID1nQndxOI9zCeJA40qxHO60hSJFigdbpg4KPzBAjnYTp
q9YVO5bAWjRzqkgLpvF7MYf1ARSFQw2pkwLW+rdpI4U4vcgpbGh4pw+rfGoVVThj
fBi/y1UEntycCUh9Tkzdi3d/jX2KSc8a1hY3Qj93/x0w5fNmtKbqsYNgD7G/qYM3
cgCoSFTCBDbnuCTXWfahnzcpU2FADRFWlPCG2cKmI2HzjbfhHFYJIYzHMOuI0REs
O9UkNCYCkIcsGVnRPT3D16uItpGX2HlE47KAQMpw+8u8Nsl2o+OJzvQLSQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFBTenhrriP8MUicLVYE4B5LLiFNpMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvRk42ZUd1dUlfd3hTSnd0VmdUZ0hrc3VJVTJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhOlxycw
DQYJKoZIhvcNAQELBQADggEBAEXA4wkRa9MFzTCO3puf690kGOQRqbycFGHhoR/2
BWzzDiAZhdKepD4/Jj8P1PdPM+wgMN58jFPHFYOlpnapm86WOc29vjlCpl3T7Ij9
0BasuDHiuYJlcO4/scZZB6Bg+GpOZiAZdQy5iFK27PR6mvb49BqwUj+rdoHJ0TMw
yOu6UbvwHvfTbmP08r+hARlmFzoZzYYvI++J8q2Zj1puNKv23E+9v9aLeB0zouZp
llpYLZ5jOuVNA4a//sJvbgTM8hmnMsYcfH0TT3qzY6ZmQJyzVYuv2qU07sG8WepD
7A5n2CcX7HD+Vqfq44cZhiEf1EQ8Txj4bAHinozgcsDz8so=
-----END CERTIFICATE-----