Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/VZFGS-Fn4Kqjnwh23jee48-bApo.roa
File:                     VZFGS-Fn4Kqjnwh23jee48-bApo.roa (raw, json)
Hash identifier:          KDb7CTkFWG3SWfMMbnKx/BeDHCaf7g0U9ZYnth5W3TE=
Subject key identifier:   55:91:46:4B:E1:67:E0:AA:A3:9F:08:76:DE:37:9E:E3:CF:9B:02:9A
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       01942521A6F4F3A0885ADDD5A8A12AC62BEB
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/VZFGS-Fn4Kqjnwh23jee48-bApo.roa
Signing time:             Thu 02 Jan 2025 03:49:09 +0000
ROA not before:           Thu 02 Jan 2025 03:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215926
IP address blocks:        2a13:a5c7:1700::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Mar 2025 19:20:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:a6:f4:f3:a0:88:5a:dd:d5:a8:a1:2a:c6:2b:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jan  2 03:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5591464be167e0aaa39f0876de379ee3cf9b029a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:65:a2:b6:df:36:09:13:8a:7e:68:8a:c6:a3:
                    5c:8c:70:3d:1a:d3:cd:d7:00:d5:2f:9f:c8:60:16:
                    d3:9f:fb:5f:8a:46:de:c6:ef:92:e6:58:d6:fe:48:
                    89:c9:f8:98:a7:ad:17:45:ff:8d:d0:08:e8:6a:b4:
                    2f:33:f0:b1:34:f7:ca:6a:59:71:ae:d7:b4:6c:54:
                    39:11:88:2f:4c:1e:36:93:b4:c9:ac:8a:fb:1a:8b:
                    5d:29:a8:6f:ee:14:69:d4:2a:2b:ee:e3:95:f5:94:
                    1f:fa:a3:4d:58:23:1b:b7:d5:c6:7a:55:86:8d:d0:
                    49:77:29:e3:ce:fd:c1:05:c2:cc:9b:a2:66:e2:66:
                    94:e7:bb:e8:87:e5:1e:a9:98:96:0c:92:18:12:c7:
                    62:d6:99:ab:a2:f8:fb:e8:3e:5d:93:4a:59:73:53:
                    a8:77:f7:74:a4:45:c1:d0:1b:b2:f6:a6:3f:57:fd:
                    1e:80:c4:37:76:12:38:c6:1b:b0:5f:fc:d0:0c:5e:
                    90:3c:b3:fb:37:e6:8b:d1:34:cb:cf:e6:92:98:37:
                    74:aa:2f:1e:a8:c0:12:2c:26:a7:9a:39:5e:20:e0:
                    c4:10:22:85:88:40:1c:c5:d6:05:26:c5:7f:6b:35:
                    88:ec:8c:a3:c6:e7:f1:0a:b4:4e:99:18:a2:7f:62:
                    73:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:91:46:4B:E1:67:E0:AA:A3:9F:08:76:DE:37:9E:E3:CF:9B:02:9A
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/VZFGS-Fn4Kqjnwh23jee48-bApo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c7:1700::/40

    Signature Algorithm: sha256WithRSAEncryption
         4c:e6:a6:76:13:59:e9:3f:fb:26:69:e2:da:b8:43:db:27:ff:
         d3:1a:0c:08:c9:d9:4c:15:8f:fa:25:61:85:90:df:ef:f3:d1:
         e2:a4:4f:0a:fb:d5:e1:cd:f7:11:0f:3e:b6:25:7b:04:de:13:
         76:c5:ef:ed:cf:78:5f:be:34:fe:56:a6:95:cd:a5:15:27:9e:
         91:ae:94:62:9a:62:92:02:49:a6:32:e5:dd:9c:91:82:5b:c4:
         f6:e7:a5:d7:af:e1:52:d6:82:0a:f9:17:40:ab:3b:3c:d5:b8:
         fe:db:01:8c:55:f7:a6:70:fc:d2:3f:a3:fa:c5:47:b6:b0:c1:
         0e:15:1c:60:5a:b8:62:11:e7:ec:c8:78:bc:d5:d4:9b:f5:07:
         58:f3:9f:ab:2c:7d:72:89:48:48:69:c8:d4:67:45:00:5f:f8:
         c3:e9:e8:0f:aa:23:1a:36:68:f7:8c:8f:7f:de:6f:f3:14:74:
         9a:07:51:14:3f:f6:26:5d:85:d2:f8:83:9c:ed:e8:4b:69:78:
         ed:42:f9:8b:9f:50:2f:81:68:45:5f:67:84:75:0a:b3:f4:76:
         5d:f1:a5:8a:5e:21:02:20:4e:b2:dd:ea:5d:60:03:04:97:28:
         50:44:bb:46:30:28:bb:ad:6f:2a:79:44:24:72:e7:c0:0e:cc:
         45:5e:a2:74
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQlIab086CIWt3VqKEqxivrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjUwMTAyMDM0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTkxNDY0YmUxNjdlMGFhYTM5ZjA4NzZkZTM3OWVlM2NmOWIwMjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7mWitt82CROKfmiKxqNcjHA9GtPN
1wDVL5/IYBbTn/tfikbexu+S5ljW/kiJyfiYp60XRf+N0AjoarQvM/CxNPfKallx
rte0bFQ5EYgvTB42k7TJrIr7GotdKahv7hRp1Cor7uOV9ZQf+qNNWCMbt9XGelWG
jdBJdynjzv3BBcLMm6Jm4maU57voh+UeqZiWDJIYEsdi1pmrovj76D5dk0pZc1Oo
d/d0pEXB0Buy9qY/V/0egMQ3dhI4xhuwX/zQDF6QPLP7N+aL0TTLz+aSmDd0qi8e
qMASLCanmjleIODEECKFiEAcxdYFJsV/azWI7IyjxufxCrROmRiif2Jz8QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFWRRkvhZ+Cqo58Idt43nuPPmwKaMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvVlpGR1MtRm40S3FqbndoMjNqZWU0OC1iQXBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhOlxxcw
DQYJKoZIhvcNAQELBQADggEBAEzmpnYTWek/+yZp4tq4Q9sn/9MaDAjJ2UwVj/ol
YYWQ3+/z0eKkTwr71eHN9xEPPrYlewTeE3bF7+3PeF++NP5WppXNpRUnnpGulGKa
YpICSaYy5d2ckYJbxPbnpdev4VLWggr5F0CrOzzVuP7bAYxV96Zw/NI/o/rFR7aw
wQ4VHGBauGIR5+zIeLzV1Jv1B1jzn6ssfXKJSEhpyNRnRQBf+MPp6A+qIxo2aPeM
j3/eb/MUdJoHURQ/9iZdhdL4g5zt6EtpeO1C+YufUC+BaEVfZ4R1CrP0dl3xpYpe
IQIgTrLd6l1gAwSXKFBEu0YwKLutbyp5RCRy58AOzEVeonQ=
-----END CERTIFICATE-----