Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/PrwKv-LxClxDWPIzpmtd0SUVKOA.roa
File:                     PrwKv-LxClxDWPIzpmtd0SUVKOA.roa (raw, json)
Hash identifier:          PB5nadJ7Zlp7pGWpzoHOMgtzMAgNvx2fppNEsfjJQYY=
Subject key identifier:   3E:BC:0A:BF:E2:F1:0A:5C:43:58:F2:33:A6:6B:5D:D1:25:15:28:E0
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       0196DA62CF65B1A78183CCB06ACFF219A197
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/PrwKv-LxClxDWPIzpmtd0SUVKOA.roa
Signing time:             Fri 16 May 2025 18:37:10 +0000
ROA not before:           Fri 16 May 2025 18:37:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215750
IP address blocks:        2a13:a5c7:2600::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 13:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:da:62:cf:65:b1:a7:81:83:cc:b0:6a:cf:f2:19:a1:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: May 16 18:37:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ebc0abfe2f10a5c4358f233a66b5dd1251528e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:81:46:dd:64:bd:c9:78:01:19:7e:9e:7e:d7:
                    ed:f5:c8:4b:ad:e3:c7:55:aa:69:ac:6b:f9:1c:c2:
                    00:27:ec:ca:31:05:f8:a7:f4:8c:ce:5b:30:93:c1:
                    8e:cd:63:eb:09:89:22:a7:06:2b:cc:e4:29:7c:8e:
                    8a:1d:97:06:a8:dc:7c:64:14:a4:c1:f8:ef:77:db:
                    f9:27:cd:85:d9:8d:df:42:54:e5:a8:70:e4:ea:05:
                    22:64:4d:56:f6:61:dd:60:27:e8:e9:b5:9b:2c:87:
                    81:64:78:72:55:60:de:a2:7e:76:82:4b:48:93:4f:
                    e0:8f:20:fb:9c:79:54:cb:2b:f6:cf:36:64:d8:fc:
                    fe:5e:63:76:49:af:18:9a:76:4b:3a:54:de:6a:bf:
                    1c:27:01:76:2e:f3:f5:de:46:b9:1a:30:58:38:f4:
                    1e:6d:5b:0d:2d:8a:22:90:48:07:cf:96:27:18:31:
                    1b:c7:b7:7d:67:c3:4c:44:2a:05:cb:81:fe:67:a4:
                    a9:38:82:bf:d8:35:40:98:97:ea:63:99:2c:1f:77:
                    65:7a:3f:18:f7:22:1a:29:2d:75:2a:b7:ac:85:3f:
                    d9:46:07:8f:c9:bf:a2:cb:0c:dc:ae:6a:6f:6b:3f:
                    c4:1a:bc:ce:7f:fc:d9:13:a1:50:90:e0:ba:64:a1:
                    91:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:BC:0A:BF:E2:F1:0A:5C:43:58:F2:33:A6:6B:5D:D1:25:15:28:E0
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/PrwKv-LxClxDWPIzpmtd0SUVKOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c7:2600::/40

    Signature Algorithm: sha256WithRSAEncryption
         64:90:6c:42:1c:03:9d:c5:52:9c:cc:fc:ae:db:70:39:89:65:
         4a:c4:03:90:6c:64:5b:49:9b:1c:8d:e3:3c:0e:77:d2:72:9d:
         c7:a0:9d:28:52:53:bb:8b:b7:6b:d8:0a:7c:36:9a:dc:da:d6:
         8d:4e:5e:24:f2:8b:51:72:b2:3b:5b:33:16:a9:e3:02:42:4a:
         6a:91:99:37:c5:d7:54:50:1f:cf:24:a3:58:af:65:4c:da:6e:
         5b:e5:4d:5f:e1:ef:6e:b2:2b:2e:ee:3f:52:1e:f2:5b:55:f4:
         79:0e:9b:b2:ca:28:f8:52:4a:e6:f5:4a:05:64:1b:d1:0d:bb:
         1e:89:7a:18:2e:1a:b1:55:8d:7d:08:51:ee:bb:4c:12:c6:9f:
         f2:ae:2b:06:a0:a7:60:e8:91:1d:36:1c:02:a1:aa:df:6d:5f:
         3c:da:7a:10:7c:e2:99:82:b5:61:5f:e8:46:7c:ff:e9:20:6d:
         46:f2:69:89:f4:bc:f3:1a:1e:ea:cf:84:a7:34:34:6f:03:13:
         b0:20:56:34:57:45:d8:e6:ca:60:53:cf:71:94:2f:8c:b1:7f:
         09:57:f6:d7:c1:58:78:ec:ec:5e:9b:d2:93:42:c4:77:55:62:
         2f:64:c6:07:28:2e:5f:10:10:3a:d8:28:ae:80:72:34:00:8d:
         f6:f0:6a:c3
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZbaYs9lsaeBg8ywas/yGaGXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjUwNTE2MTgzNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZWJjMGFiZmUyZjEwYTVjNDM1OGYyMzNhNjZiNWRkMTI1MTUyOGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4YFG3WS9yXgBGX6eftft9chLrePH
VapprGv5HMIAJ+zKMQX4p/SMzlswk8GOzWPrCYkipwYrzOQpfI6KHZcGqNx8ZBSk
wfjvd9v5J82F2Y3fQlTlqHDk6gUiZE1W9mHdYCfo6bWbLIeBZHhyVWDeon52gktI
k0/gjyD7nHlUyyv2zzZk2Pz+XmN2Sa8YmnZLOlTear8cJwF2LvP13ka5GjBYOPQe
bVsNLYoikEgHz5YnGDEbx7d9Z8NMRCoFy4H+Z6SpOIK/2DVAmJfqY5ksH3dlej8Y
9yIaKS11KreshT/ZRgePyb+iywzcrmpvaz/EGrzOf/zZE6FQkOC6ZKGR2wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFD68Cr/i8QpcQ1jyM6ZrXdElFSjgMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvUHJ3S3YtTHhDbHhEV1BJenBtdGQwU1VWS09BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhOlxyYw
DQYJKoZIhvcNAQELBQADggEBAGSQbEIcA53FUpzM/K7bcDmJZUrEA5BsZFtJmxyN
4zwOd9JyncegnShSU7uLt2vYCnw2mtza1o1OXiTyi1FysjtbMxap4wJCSmqRmTfF
11RQH88ko1ivZUzablvlTV/h726yKy7uP1Ie8ltV9HkOm7LKKPhSSub1SgVkG9EN
ux6JehguGrFVjX0IUe67TBLGn/KuKwagp2DokR02HAKhqt9tXzzaehB84pmCtWFf
6EZ8/+kgbUbyaYn0vPMaHurPhKc0NG8DE7AgVjRXRdjmymBTz3GUL4yxfwlX9tfB
WHjs7F6b0pNCxHdVYi9kxgcoLl8QEDrYKK6AcjQAjfbwasM=
-----END CERTIFICATE-----