Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_BPKDl06S5B-WQij73gHPR1pC88.roa
File:                     _BPKDl06S5B-WQij73gHPR1pC88.roa (raw, json)
Hash identifier:          TpQi5kxvdYE7MlhfQqrq2bStKZhLcIZbpWTNfLLNzmc=
Subject key identifier:   FC:13:CA:0E:5D:3A:4B:90:7E:59:08:A3:EF:78:07:3D:1D:69:0B:CF
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       01951404065C9B70E12AC58548B7F4548F64
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_BPKDl06S5B-WQij73gHPR1pC88.roa
Signing time:             Mon 17 Feb 2025 13:06:02 +0000
ROA not before:           Mon 17 Feb 2025 13:06:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213856
IP address blocks:        2a13:a5c3:d600::/40 maxlen: 48
                          2a13:a5c5::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:14:04:06:5c:9b:70:e1:2a:c5:85:48:b7:f4:54:8f:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Feb 17 13:06:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fc13ca0e5d3a4b907e5908a3ef78073d1d690bcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:65:c6:3c:90:02:0c:10:e3:7a:18:f8:8a:89:
                    40:ab:42:6a:88:1a:89:c7:01:99:86:b3:f8:d5:e8:
                    5b:f6:12:05:bb:9d:25:90:ee:9d:d5:f2:ea:88:8d:
                    72:ee:a0:27:3f:c7:7c:d3:81:03:10:e8:aa:5c:29:
                    9d:72:b2:41:19:ce:59:ef:dd:d0:f3:f6:be:9f:48:
                    60:2b:1a:83:47:e7:41:9f:b2:51:50:05:1a:6d:5f:
                    e8:ee:5c:96:ef:f6:e9:03:ce:3e:bd:a0:cd:80:37:
                    a4:ba:cd:93:ab:e8:7b:66:e6:aa:ea:fd:14:75:ac:
                    74:cd:fb:f8:5a:c5:56:c8:fb:a0:9a:ec:94:99:c1:
                    da:c9:62:47:39:d0:d8:4d:fb:57:05:fd:16:bc:dd:
                    7b:ff:52:da:8c:c1:a6:65:e2:af:5d:d9:6b:0f:13:
                    d8:86:ae:bb:f1:52:e5:65:94:d6:37:d8:0c:72:59:
                    76:0b:82:fb:ab:35:03:a7:39:8e:4e:7b:6a:59:fc:
                    ee:6a:a8:7f:fa:1a:e4:cc:7a:34:e4:eb:c4:f0:5c:
                    4d:89:d6:f5:3f:6c:aa:55:c8:94:fc:3d:a5:0c:e4:
                    e5:fc:72:bb:c0:48:39:1e:ed:c9:6c:42:77:95:35:
                    1f:20:f4:95:40:e3:96:cb:87:13:bd:83:05:cc:dc:
                    14:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:13:CA:0E:5D:3A:4B:90:7E:59:08:A3:EF:78:07:3D:1D:69:0B:CF
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_BPKDl06S5B-WQij73gHPR1pC88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c3:d600::/40
                  2a13:a5c5::/32

    Signature Algorithm: sha256WithRSAEncryption
         9b:a6:75:5b:3f:40:8f:5b:98:7d:6b:e1:cd:ad:7e:42:83:16:
         60:73:92:dd:15:5f:b3:d7:02:41:4d:96:20:d7:c0:fd:b6:5d:
         c4:a8:e4:ab:df:e2:cc:df:e0:d6:7a:35:c7:6c:72:f8:f3:7c:
         78:c7:1e:70:4d:c9:2e:8f:79:b4:92:6f:98:6b:cf:0d:ba:4d:
         e3:02:28:55:61:08:5a:14:98:98:46:f9:07:61:9a:2d:88:71:
         9f:92:e2:82:48:07:4f:4a:73:9f:df:10:92:e1:94:dc:05:da:
         55:eb:e1:be:24:bb:09:d2:c3:5f:05:7c:b3:83:7d:dc:0c:85:
         f0:73:f6:c8:58:8c:7e:1d:92:0f:d2:3d:7e:2d:43:24:b8:4e:
         86:85:0d:77:5a:94:09:4f:40:f4:c7:4d:a4:35:93:ae:b8:7f:
         d2:72:73:37:b8:8a:33:34:d6:8d:92:1a:b4:56:c2:e1:91:eb:
         85:85:86:cb:c3:91:9d:8f:01:5e:f1:0b:ae:e0:bd:32:ea:96:
         e3:01:55:98:67:ab:e3:fc:6a:de:43:51:61:2b:f4:25:41:ec:
         f6:ce:8f:ad:80:b5:25:06:83:ca:da:84:0d:00:78:44:c2:d7:
         bd:e6:76:01:07:80:3a:e9:38:21:2b:45:da:a3:30:f8:c1:5c:
         6f:f9:dd:54
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgISAZUUBAZcm3DhKsWFSLf0VI9kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjUwMjE3MTMwNjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzEzY2EwZTVkM2E0YjkwN2U1OTA4YTNlZjc4MDczZDFkNjkwYmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGXGPJACDBDjehj4iolAq0JqiBqJ
xwGZhrP41ehb9hIFu50lkO6d1fLqiI1y7qAnP8d804EDEOiqXCmdcrJBGc5Z793Q
8/a+n0hgKxqDR+dBn7JRUAUabV/o7lyW7/bpA84+vaDNgDekus2Tq+h7Zuaq6v0U
dax0zfv4WsVWyPugmuyUmcHayWJHOdDYTftXBf0WvN17/1LajMGmZeKvXdlrDxPY
hq678VLlZZTWN9gMcll2C4L7qzUDpzmOTntqWfzuaqh/+hrkzHo05OvE8FxNidb1
P2yqVciU/D2lDOTl/HK7wEg5Hu3JbEJ3lTUfIPSVQOOWy4cTvYMFzNwUxwIDAQAB
o4ICEjCCAg4wHQYDVR0OBBYEFPwTyg5dOkuQflkIo+94Bz0daQvPMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvX0JQS0RsMDZTNUItV1FpajczZ0hQUjFwQzg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCgGCCsGAQUFBwEHAQH/BBkwFzAVBAIAAjAPAwYAKhOlw9YD
BQAqE6XFMA0GCSqGSIb3DQEBCwUAA4IBAQCbpnVbP0CPW5h9a+HNrX5CgxZgc5Ld
FV+z1wJBTZYg18D9tl3EqOSr3+LM3+DWejXHbHL483x4xx5wTckuj3m0km+Ya88N
uk3jAihVYQhaFJiYRvkHYZotiHGfkuKCSAdPSnOf3xCS4ZTcBdpV6+G+JLsJ0sNf
BXyzg33cDIXwc/bIWIx+HZIP0j1+LUMkuE6GhQ13WpQJT0D0x02kNZOuuH/ScnM3
uIozNNaNkhq0VsLhkeuFhYbLw5GdjwFe8Quu4L0y6pbjAVWYZ6vj/GreQ1FhK/Ql
Qez2zo+tgLUlBoPK2oQNAHhEwte95nYBB4A66TghK0XaozD4wVxv+d1U
-----END CERTIFICATE-----