Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/JhghdJ7VjztXKvkYZLina0WyjwI.roa
File:                     JhghdJ7VjztXKvkYZLina0WyjwI.roa (raw, json)
Hash identifier:          2GwdwgzZjwQGzAWsiR/XnPvpsFd9g9HIMvHZzUcynKY=
Subject key identifier:   26:18:21:74:9E:D5:8F:3B:57:2A:F9:18:64:B8:A7:6B:45:B2:8F:02
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       019571FCAE4FE12491F449B5A26B629812F0
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/JhghdJ7VjztXKvkYZLina0WyjwI.roa
Signing time:             Fri 07 Mar 2025 19:02:19 +0000
ROA not before:           Fri 07 Mar 2025 19:02:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209389
IP address blocks:        2a13:a5c7:3000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:71:fc:ae:4f:e1:24:91:f4:49:b5:a2:6b:62:98:12:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Mar  7 19:02:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=261821749ed58f3b572af91864b8a76b45b28f02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:6d:f3:37:21:c3:1f:7b:1b:e6:33:bc:3c:65:
                    8d:c2:4b:09:c5:0f:a3:75:ca:34:e1:8d:5c:74:22:
                    36:e9:23:ed:4c:20:6c:c8:4e:44:b1:c3:14:4b:75:
                    df:4e:89:bf:10:94:4f:38:61:7d:2f:84:67:c4:3d:
                    9f:87:ed:34:ac:a7:b3:21:30:b1:93:85:19:52:e5:
                    d8:42:4f:72:47:82:f4:55:59:d7:97:10:46:20:a5:
                    5f:e9:69:13:d4:b2:b2:0c:1b:41:4c:f4:1a:8d:5f:
                    f0:23:94:07:e9:a5:8d:48:ed:aa:a1:ce:32:41:d1:
                    27:74:e7:3b:0a:58:60:e8:f2:92:c9:2d:38:19:9b:
                    a2:a8:b3:c1:b4:5f:7e:fa:91:a1:e2:bc:36:94:75:
                    b1:35:7e:85:ea:65:96:72:47:02:8b:c8:30:a2:9a:
                    d5:fb:16:82:fc:62:83:72:33:a9:d5:37:6b:9f:95:
                    74:a0:30:39:fe:5a:f0:fb:6e:fd:f6:8a:e7:85:7f:
                    0b:e3:27:5e:83:e1:ba:6d:a5:a4:c9:da:dd:40:4a:
                    f8:cf:bd:0e:f0:9a:6a:c8:cd:1a:1e:8d:37:21:5a:
                    27:f3:1b:3a:ff:f0:c4:dc:e7:af:27:b2:49:63:14:
                    b8:55:64:d0:7a:e9:71:f9:f4:74:cc:81:7e:35:d6:
                    c3:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:18:21:74:9E:D5:8F:3B:57:2A:F9:18:64:B8:A7:6B:45:B2:8F:02
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/JhghdJ7VjztXKvkYZLina0WyjwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c7:3000::/40

    Signature Algorithm: sha256WithRSAEncryption
         4a:d5:64:ae:b4:47:2f:c2:88:26:11:80:f8:da:ee:69:8e:e6:
         79:d8:76:6a:d6:60:54:21:4e:74:95:b6:25:f1:ba:7d:df:bc:
         10:96:9b:dc:58:0e:1f:5a:4f:7a:e9:7c:16:e9:cd:a4:e8:47:
         d3:99:ba:de:29:f4:d6:55:e4:28:3c:ae:ea:c1:19:f0:78:31:
         4e:d4:f4:aa:06:ba:5b:60:8d:2e:4f:3a:07:29:89:d0:1a:a8:
         69:a4:86:0b:03:33:23:5c:74:01:d1:d7:d9:b0:73:28:87:91:
         0a:1f:8c:58:9d:05:ef:87:0f:ce:a4:8d:ff:9f:a0:83:b8:0f:
         d5:b7:2d:c9:97:78:05:85:48:71:7b:ce:ff:f9:c5:01:ad:d2:
         a1:02:29:2b:51:4b:eb:d7:04:25:59:09:bf:50:6b:4e:7a:92:
         d4:51:96:7e:4b:cc:be:e8:5f:38:0f:f5:8a:6b:e1:24:bd:77:
         9a:a3:cd:9e:14:f6:8c:66:3a:ca:37:18:e9:d5:0a:f4:a7:f1:
         95:1e:11:c0:0f:07:31:a0:0d:33:32:ff:33:6e:0a:7e:fc:ca:
         1f:25:76:b5:01:8c:8b:bb:9a:2c:3c:d4:d0:99:b2:05:6c:d7:
         76:a7:a2:a1:0b:68:f1:b8:b6:78:92:0f:c9:2d:bc:18:76:59:
         c0:b3:94:06
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZVx/K5P4SSR9Em1omtimBLwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjUwMzA3MTkwMjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjE4MjE3NDllZDU4ZjNiNTcyYWY5MTg2NGI4YTc2YjQ1YjI4ZjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxm3zNyHDH3sb5jO8PGWNwksJxQ+j
dco04Y1cdCI26SPtTCBsyE5EscMUS3XfTom/EJRPOGF9L4RnxD2fh+00rKezITCx
k4UZUuXYQk9yR4L0VVnXlxBGIKVf6WkT1LKyDBtBTPQajV/wI5QH6aWNSO2qoc4y
QdEndOc7Clhg6PKSyS04GZuiqLPBtF9++pGh4rw2lHWxNX6F6mWWckcCi8gwoprV
+xaC/GKDcjOp1Tdrn5V0oDA5/lrw+2799ornhX8L4ydeg+G6baWkydrdQEr4z70O
8JpqyM0aHo03IVon8xs6//DE3OevJ7JJYxS4VWTQeulx+fR0zIF+NdbDuQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCYYIXSe1Y87Vyr5GGS4p2tFso8CMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvSmhnaGRKN1ZqenRYS3ZrWVpMaW5hMFd5andJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhOlxzAw
DQYJKoZIhvcNAQELBQADggEBAErVZK60Ry/CiCYRgPja7mmO5nnYdmrWYFQhTnSV
tiXxun3fvBCWm9xYDh9aT3rpfBbpzaToR9OZut4p9NZV5Cg8rurBGfB4MU7U9KoG
ultgjS5POgcpidAaqGmkhgsDMyNcdAHR19mwcyiHkQofjFidBe+HD86kjf+foIO4
D9W3LcmXeAWFSHF7zv/5xQGt0qECKStRS+vXBCVZCb9Qa056ktRRln5LzL7oXzgP
9Ypr4SS9d5qjzZ4U9oxmOso3GOnVCvSn8ZUeEcAPBzGgDTMy/zNuCn78yh8ldrUB
jIu7miw81NCZsgVs13anoqELaPG4tniSD8ktvBh2WcCzlAY=
-----END CERTIFICATE-----