Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/NzVn53qodIDSWt0vOG1oqhpGi_E.roa
File:                     NzVn53qodIDSWt0vOG1oqhpGi_E.roa (raw, json)
Hash identifier:          Lyhkl4afO2r+5/N5rOlPypCReelqQa6ct1JAxr+7elc=
Subject key identifier:   37:35:67:E7:7A:A8:74:80:D2:5A:DD:2F:38:6D:68:AA:1A:46:8B:F1
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       01942521A662B9A64A2DCE8FE9085B60125C
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/NzVn53qodIDSWt0vOG1oqhpGi_E.roa
Signing time:             Thu 02 Jan 2025 03:49:09 +0000
ROA not before:           Thu 02 Jan 2025 03:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215786
IP address blocks:        2a13:a5c7:1800::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 09:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:a6:62:b9:a6:4a:2d:ce:8f:e9:08:5b:60:12:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jan  2 03:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=373567e77aa87480d25add2f386d68aa1a468bf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:2f:91:6c:a5:d9:cf:ad:01:09:ec:da:9e:c1:
                    c2:b1:37:d3:2e:b0:0c:7c:1e:88:5b:bd:db:90:ac:
                    26:48:b3:ed:54:f8:72:0a:67:85:03:c3:8f:5e:70:
                    89:db:39:33:12:3d:b6:8a:3b:95:4e:a2:f3:67:ec:
                    11:2f:b8:b1:90:4a:bc:4f:29:31:12:c5:20:b2:e5:
                    6f:9c:f5:1e:cc:92:51:2f:69:2b:08:72:fb:5a:8f:
                    da:13:a9:75:9b:27:51:c3:4e:66:b9:16:a2:0f:b7:
                    f3:27:d5:af:06:6b:d9:76:c9:5e:48:b7:61:c0:a3:
                    5b:98:bc:bb:a1:32:97:3e:f2:7b:7b:25:97:b2:d3:
                    b9:a9:7b:6d:4e:50:06:ef:76:5d:a9:ce:87:8a:00:
                    b6:06:0c:a5:8a:5a:fc:ab:46:1c:11:c1:d1:28:08:
                    87:f9:34:c1:9b:3f:e9:63:80:26:3e:b4:53:c6:da:
                    66:70:46:4f:43:a1:ab:ea:6a:bd:14:ef:fb:49:c1:
                    7f:47:e1:67:31:4c:25:b4:14:13:67:d3:c7:7a:5e:
                    ba:57:47:f6:c6:5f:18:25:25:8b:fd:9c:13:28:ed:
                    da:66:75:03:06:72:fb:ae:42:ce:53:9d:f2:04:e2:
                    1b:64:b5:40:3d:78:f1:51:a8:e4:69:6b:de:9c:0d:
                    1f:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:35:67:E7:7A:A8:74:80:D2:5A:DD:2F:38:6D:68:AA:1A:46:8B:F1
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/NzVn53qodIDSWt0vOG1oqhpGi_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c7:1800::/40

    Signature Algorithm: sha256WithRSAEncryption
         61:c0:d7:e2:51:f2:47:94:1e:9a:1c:f9:16:87:5b:c2:f2:32:
         39:2a:2c:1e:32:22:c4:6c:a1:d8:bd:6c:56:2e:ec:20:7c:55:
         bb:32:fb:1c:0a:5b:2b:08:f6:45:9f:e5:65:f8:61:af:6e:f0:
         88:3e:bd:55:ab:43:2a:34:5e:76:03:38:c7:6c:21:9f:f0:2c:
         1a:c2:ce:f0:f2:cf:66:2c:e8:98:ad:32:72:cd:b9:24:fa:af:
         18:a2:44:a5:74:bd:5c:66:32:5d:63:14:2e:2c:2e:07:09:97:
         92:1d:bb:b8:e3:a8:b3:08:fd:56:7f:62:85:37:50:69:61:83:
         74:e0:10:57:f6:cb:7d:f8:93:4a:7e:de:3e:95:50:75:97:8a:
         f0:c8:6b:3b:3d:68:04:e2:a9:83:06:e7:63:9c:74:49:6f:45:
         4d:11:7a:3b:64:6b:73:15:bf:f5:54:7c:b3:f8:6f:19:be:9e:
         89:26:7b:99:61:ee:96:1e:0e:c7:87:6c:db:57:57:22:7b:f2:
         5f:19:b8:23:c3:d4:79:54:da:a2:a9:84:16:c7:35:0a:d6:ad:
         b8:39:dd:4d:a7:0d:ca:12:5d:f1:30:e9:83:0e:20:20:73:ea:
         0b:63:06:88:3c:a5:90:78:5b:09:b7:a0:2f:a6:01:a4:93:62:
         5d:5b:a9:85
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQlIaZiuaZKLc6P6QhbYBJcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjUwMTAyMDM0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzM1NjdlNzdhYTg3NDgwZDI1YWRkMmYzODZkNjhhYTFhNDY4YmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvi+RbKXZz60BCezansHCsTfTLrAM
fB6IW73bkKwmSLPtVPhyCmeFA8OPXnCJ2zkzEj22ijuVTqLzZ+wRL7ixkEq8Tykx
EsUgsuVvnPUezJJRL2krCHL7Wo/aE6l1mydRw05muRaiD7fzJ9WvBmvZdsleSLdh
wKNbmLy7oTKXPvJ7eyWXstO5qXttTlAG73Zdqc6HigC2Bgylilr8q0YcEcHRKAiH
+TTBmz/pY4AmPrRTxtpmcEZPQ6Gr6mq9FO/7ScF/R+FnMUwltBQTZ9PHel66V0f2
xl8YJSWL/ZwTKO3aZnUDBnL7rkLOU53yBOIbZLVAPXjxUajkaWvenA0f+wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDc1Z+d6qHSA0lrdLzhtaKoaRovxMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvTnpWbjUzcW9kSURTV3Qwdk9HMW9xaHBHaV9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhOlxxgw
DQYJKoZIhvcNAQELBQADggEBAGHA1+JR8keUHpoc+RaHW8LyMjkqLB4yIsRsodi9
bFYu7CB8Vbsy+xwKWysI9kWf5WX4Ya9u8Ig+vVWrQyo0XnYDOMdsIZ/wLBrCzvDy
z2Ys6JitMnLNuST6rxiiRKV0vVxmMl1jFC4sLgcJl5Idu7jjqLMI/VZ/YoU3UGlh
g3TgEFf2y334k0p+3j6VUHWXivDIazs9aATiqYMG52OcdElvRU0Rejtka3MVv/VU
fLP4bxm+nokme5lh7pYeDseHbNtXVyJ78l8ZuCPD1HlU2qKphBbHNQrWrbg53U2n
DcoSXfEw6YMOICBz6gtjBog8pZB4Wwm3oC+mAaSTYl1bqYU=
-----END CERTIFICATE-----