Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/JtAsjQszicgAK_Bz09MaZjgSHRs.roa
File:                     JtAsjQszicgAK_Bz09MaZjgSHRs.roa (raw, json)
Hash identifier:          3F49sCHbl/xh5CG+U8kddXehfQts9G+pawy1bD9ilGQ=
Subject key identifier:   26:D0:2C:8D:0B:33:89:C8:00:2B:F0:73:D3:D3:1A:66:38:12:1D:1B
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       01942521A4D462D1816385FCD4D53B44BF59
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/JtAsjQszicgAK_Bz09MaZjgSHRs.roa
Signing time:             Thu 02 Jan 2025 03:49:09 +0000
ROA not before:           Thu 02 Jan 2025 03:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214655
IP address blocks:        2a13:a5c7:1900::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:a4:d4:62:d1:81:63:85:fc:d4:d5:3b:44:bf:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jan  2 03:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=26d02c8d0b3389c8002bf073d3d31a6638121d1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:d9:dc:c3:88:c6:cd:6d:13:22:3d:69:25:9f:
                    a2:f3:b5:8c:86:2e:1d:4e:71:bb:1a:5a:15:fe:8d:
                    1d:b6:99:3f:30:f8:84:cd:fb:04:4e:29:6d:47:66:
                    c3:85:c3:5b:c3:30:aa:18:3c:32:24:d4:a2:6a:41:
                    38:4f:b1:06:e4:21:ef:bb:67:8b:fd:f5:95:40:e6:
                    d1:1b:c3:e1:ff:a5:82:4a:10:5e:df:38:4e:67:4a:
                    7d:41:cf:cd:14:41:cd:43:3b:0a:da:6c:d1:f5:54:
                    6c:52:fc:28:aa:5c:07:4e:8b:e2:20:59:b0:7e:db:
                    12:c9:6a:e6:2b:38:1d:bc:e0:5b:4a:e2:12:94:ec:
                    73:cb:b3:39:01:63:58:5a:87:11:2d:7e:10:d8:34:
                    84:e7:27:25:61:61:d9:c9:00:ef:c6:c9:4d:8e:02:
                    a0:e4:72:d6:c6:4c:1f:3c:c0:7f:b1:a1:c5:f2:bd:
                    72:9d:2c:0a:89:ad:c2:12:a9:e9:0e:5e:cc:b8:82:
                    5d:d8:19:1b:52:26:81:d1:1e:5a:3b:61:18:39:35:
                    b2:20:52:22:ba:df:a9:02:c3:3d:91:91:83:39:4c:
                    38:6e:d0:03:e9:eb:04:7a:15:c8:64:53:80:ed:2b:
                    34:be:93:43:dc:8f:33:a9:a1:ea:af:13:d3:ad:ef:
                    84:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:D0:2C:8D:0B:33:89:C8:00:2B:F0:73:D3:D3:1A:66:38:12:1D:1B
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/JtAsjQszicgAK_Bz09MaZjgSHRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c7:1900::/40

    Signature Algorithm: sha256WithRSAEncryption
         42:df:96:7b:23:da:c5:77:dc:67:44:60:5d:49:9c:31:5a:65:
         95:c0:72:41:13:2b:8d:2e:32:1c:0c:50:3f:07:6b:3d:f2:0b:
         7c:ae:50:ad:15:e7:4d:65:f0:92:e8:1c:4f:4c:b6:12:6d:c0:
         bf:79:92:a4:dd:78:e8:7d:d7:8b:b3:cd:ab:09:84:e5:48:c1:
         91:db:2d:31:73:37:dd:a6:3a:61:27:16:ff:4e:fe:0b:b0:05:
         ca:98:5c:0f:ac:02:a0:94:0d:10:62:8c:af:26:28:5f:51:3a:
         83:8b:29:e6:ba:42:e1:6e:09:cb:24:41:16:89:34:c0:09:f9:
         fa:cf:de:f5:58:1b:04:20:c1:a4:6d:67:aa:57:bf:4e:5d:38:
         7b:8f:36:61:fc:3c:b2:1f:24:11:55:a5:cd:c6:a2:fe:ba:d9:
         57:3d:a8:71:62:93:ec:25:b9:7d:d7:00:b7:f0:2f:83:f1:18:
         b6:9a:0b:00:28:e3:33:08:33:45:ad:ff:96:10:cc:c5:a6:c3:
         ea:6e:00:88:93:41:91:21:18:84:19:ff:46:ad:1a:24:01:13:
         5f:04:9a:53:83:34:59:97:61:a2:65:b9:ef:1d:86:cc:f5:e7:
         ee:46:40:49:2a:a7:52:e1:94:ac:a5:05:c4:5c:27:3c:65:dd:
         20:3f:31:7e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQlIaTUYtGBY4X81NU7RL9ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjUwMTAyMDM0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmQwMmM4ZDBiMzM4OWM4MDAyYmYwNzNkM2QzMWE2NjM4MTIxZDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAytncw4jGzW0TIj1pJZ+i87WMhi4d
TnG7GloV/o0dtpk/MPiEzfsETiltR2bDhcNbwzCqGDwyJNSiakE4T7EG5CHvu2eL
/fWVQObRG8Ph/6WCShBe3zhOZ0p9Qc/NFEHNQzsK2mzR9VRsUvwoqlwHToviIFmw
ftsSyWrmKzgdvOBbSuISlOxzy7M5AWNYWocRLX4Q2DSE5yclYWHZyQDvxslNjgKg
5HLWxkwfPMB/saHF8r1ynSwKia3CEqnpDl7MuIJd2BkbUiaB0R5aO2EYOTWyIFIi
ut+pAsM9kZGDOUw4btAD6esEehXIZFOA7Ss0vpND3I8zqaHqrxPTre+EiwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCbQLI0LM4nIACvwc9PTGmY4Eh0bMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvSnRBc2pRc3ppY2dBS19CejA5TWFaamdTSFJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhOlxxkw
DQYJKoZIhvcNAQELBQADggEBAELflnsj2sV33GdEYF1JnDFaZZXAckETK40uMhwM
UD8Haz3yC3yuUK0V501l8JLoHE9MthJtwL95kqTdeOh914uzzasJhOVIwZHbLTFz
N92mOmEnFv9O/guwBcqYXA+sAqCUDRBijK8mKF9ROoOLKea6QuFuCcskQRaJNMAJ
+frP3vVYGwQgwaRtZ6pXv05dOHuPNmH8PLIfJBFVpc3Gov662Vc9qHFik+wluX3X
ALfwL4PxGLaaCwAo4zMIM0Wt/5YQzMWmw+puAIiTQZEhGIQZ/0atGiQBE18EmlOD
NFmXYaJlue8dhsz15+5GQEkqp1LhlKylBcRcJzxl3SA/MX4=
-----END CERTIFICATE-----