Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/NOmwGHNk4_h1lySGROFlVhhAvDU.roa
File:                     NOmwGHNk4_h1lySGROFlVhhAvDU.roa (raw, json)
Hash identifier:          eX/CLrHfnuQFtcityYzUzMtZK9FW0M25MGJ2LKFWOAE=
Subject key identifier:   34:E9:B0:18:73:64:E3:F8:75:97:24:86:44:E1:65:56:18:40:BC:35
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       01987E35B6979912044AFABA0E3C558356C7
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/NOmwGHNk4_h1lySGROFlVhhAvDU.roa
Signing time:             Wed 06 Aug 2025 07:08:26 +0000
ROA not before:           Wed 06 Aug 2025 07:08:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213903
IP address blocks:        2a13:a5c3:f100::/40 maxlen: 48
                          2a13:a5c7:2600::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Aug 2025 08:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7e:35:b6:97:99:12:04:4a:fa:ba:0e:3c:55:83:56:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Aug  6 07:08:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=34e9b0187364e3f87597248644e165561840bc35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:bd:cc:e5:0a:6f:19:63:f7:b3:5c:82:db:7f:
                    4b:03:9c:80:88:b2:a4:26:de:42:63:02:b6:a2:3a:
                    fe:d6:fb:d8:d9:a6:8b:19:d3:2c:e1:5c:ba:63:e9:
                    a0:c1:b9:c3:cf:11:e8:55:b0:25:32:98:1b:d5:1f:
                    b1:c0:f5:5a:23:57:14:fd:9b:2d:27:f0:f0:b2:a2:
                    c2:90:1c:6c:fb:83:45:f7:b8:15:5a:33:5b:e5:b4:
                    aa:95:5a:62:13:34:93:6b:dd:8b:ed:35:51:77:6c:
                    71:fa:4e:a0:b1:1b:4a:18:2b:c2:94:93:cd:34:e9:
                    52:7c:cd:17:83:03:e1:89:88:1c:23:7c:00:e9:92:
                    d1:8d:c5:94:1f:1c:da:c0:7e:40:a5:67:7b:9e:11:
                    a5:6c:4e:27:77:49:f3:d1:46:7d:d8:44:c4:77:6c:
                    1a:89:27:b0:f9:8a:b3:b8:92:3e:d6:eb:ec:b4:6d:
                    03:93:49:8e:97:9e:28:2f:3c:5b:2a:7b:8f:7b:ee:
                    7f:6a:d2:5d:f4:ce:4c:bb:6d:5d:1c:c6:4a:b7:d3:
                    d9:7a:ed:fd:42:7a:16:e2:d0:3c:15:d3:31:e6:a0:
                    e1:a5:5a:a4:2a:8e:96:82:1c:38:35:d8:90:aa:21:
                    6d:32:68:20:85:6b:0d:aa:e4:7c:70:8a:04:d6:84:
                    64:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:E9:B0:18:73:64:E3:F8:75:97:24:86:44:E1:65:56:18:40:BC:35
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/NOmwGHNk4_h1lySGROFlVhhAvDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c3:f100::/40
                  2a13:a5c7:2600::/40

    Signature Algorithm: sha256WithRSAEncryption
         ad:95:f7:0e:05:55:84:08:cb:f0:a8:ae:a7:72:14:5f:6a:bc:
         bc:cd:e6:bf:81:4f:2e:ac:c1:b7:df:fc:62:d5:13:10:3c:67:
         28:32:47:8a:cb:d7:cc:37:c8:f9:10:bc:bf:e0:20:34:48:55:
         3e:b0:ce:68:8c:95:a0:2e:4a:12:34:db:10:53:be:41:ac:44:
         36:df:4a:5e:e5:55:59:88:78:a3:1d:60:75:23:0b:e7:2b:3e:
         d2:e5:56:05:6a:1c:06:1f:b7:e4:55:a0:a0:08:5e:4b:87:bb:
         65:74:3a:ec:09:dd:2f:33:93:6c:63:e5:b2:db:f2:5d:b5:79:
         6e:45:b9:7b:7d:fe:2b:e8:8f:f5:80:61:54:78:25:2a:8c:0c:
         d7:b7:c6:f0:89:64:09:52:cb:46:34:6e:8b:8b:ad:5c:fd:33:
         31:32:a1:b3:a4:8a:5f:f1:10:a2:de:1f:38:dc:f2:70:f9:4f:
         c7:6e:33:34:47:94:de:7a:6f:2f:fe:e5:0e:10:3d:45:e3:80:
         52:66:5d:95:b7:3a:02:9a:86:5b:68:33:fb:c6:25:6f:86:a0:
         3a:cd:20:09:88:92:6b:52:ad:68:ef:21:83:e6:ae:fa:a3:4c:
         0f:68:e0:e8:73:9c:64:f3:a0:95:15:33:50:49:d7:7b:33:07:
         d3:c3:93:40
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZh+NbaXmRIESvq6DjxVg1bHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjUwODA2MDcwODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNGU5YjAxODczNjRlM2Y4NzU5NzI0ODY0NGUxNjU1NjE4NDBiYzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv73M5QpvGWP3s1yC239LA5yAiLKk
Jt5CYwK2ojr+1vvY2aaLGdMs4Vy6Y+mgwbnDzxHoVbAlMpgb1R+xwPVaI1cU/Zst
J/DwsqLCkBxs+4NF97gVWjNb5bSqlVpiEzSTa92L7TVRd2xx+k6gsRtKGCvClJPN
NOlSfM0XgwPhiYgcI3wA6ZLRjcWUHxzawH5ApWd7nhGlbE4nd0nz0UZ92ETEd2wa
iSew+YqzuJI+1uvstG0Dk0mOl54oLzxbKnuPe+5/atJd9M5Mu21dHMZKt9PZeu39
QnoW4tA8FdMx5qDhpVqkKo6Wghw4NdiQqiFtMmgghWsNquR8cIoE1oRkUwIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFDTpsBhzZOP4dZckhkThZVYYQLw1MB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvTk9td0dITms0X2gxbHlTR1JPRmxWaGhBdkRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYAKhOlw/ED
BgAqE6XHJjANBgkqhkiG9w0BAQsFAAOCAQEArZX3DgVVhAjL8Kiup3IUX2q8vM3m
v4FPLqzBt9/8YtUTEDxnKDJHisvXzDfI+RC8v+AgNEhVPrDOaIyVoC5KEjTbEFO+
QaxENt9KXuVVWYh4ox1gdSML5ys+0uVWBWocBh+35FWgoAheS4e7ZXQ67AndLzOT
bGPlstvyXbV5bkW5e33+K+iP9YBhVHglKowM17fG8IlkCVLLRjRui4utXP0zMTKh
s6SKX/EQot4fONzycPlPx24zNEeU3npvL/7lDhA9ReOAUmZdlbc6ApqGW2gz+8Yl
b4agOs0gCYiSa1KtaO8hg+au+qNMD2jg6HOcZPOglRUzUEnXezMH08OTQA==
-----END CERTIFICATE-----