Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/h738lN5c3TyKcj8anxVMoHPkxGE.roa
File:                     h738lN5c3TyKcj8anxVMoHPkxGE.roa (raw, json)
Hash identifier:          pjqnFNlGOHySNRAPtEKFXim6O4weYwyodx7laOQF5Og=
Subject key identifier:   87:BD:FC:94:DE:5C:DD:3C:8A:72:3F:1A:9F:15:4C:A0:73:E4:C4:61
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       019425219D9699FB0EFF0286A15C308A5C7D
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/h738lN5c3TyKcj8anxVMoHPkxGE.roa
Signing time:             Thu 02 Jan 2025 03:49:07 +0000
ROA not before:           Thu 02 Jan 2025 03:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198376
IP address blocks:        2a13:a5c6:6000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:9d:96:99:fb:0e:ff:02:86:a1:5c:30:8a:5c:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jan  2 03:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=87bdfc94de5cdd3c8a723f1a9f154ca073e4c461
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:de:9d:44:16:ed:1c:03:b4:ac:e9:30:6a:ee:
                    00:08:b4:bc:43:b8:d6:ff:c5:2e:bb:16:af:3d:f8:
                    78:63:3f:f5:14:5c:ac:2c:f8:22:31:e0:ab:6f:31:
                    d3:e2:f6:ee:7d:c3:81:14:89:df:85:bc:ef:70:04:
                    33:42:48:78:04:3b:83:b3:9a:f9:cb:92:de:1a:76:
                    38:f7:56:e8:18:be:d4:54:74:e4:b0:4c:08:e9:42:
                    20:49:02:3a:e0:63:d6:d8:88:9d:f5:ac:23:da:61:
                    7d:97:b2:d9:73:68:dc:a5:73:ff:f6:1d:da:b5:81:
                    74:b8:f2:62:59:0d:d9:05:d1:fe:ca:14:a0:97:ab:
                    57:8e:86:ac:18:93:b3:28:2d:7f:6b:7c:b0:e6:f3:
                    ae:4a:75:59:3a:66:2f:b5:27:a5:9d:fa:5f:4b:d6:
                    c8:01:f1:8c:0e:7a:df:74:c3:90:90:05:b1:ab:1f:
                    0d:63:79:90:6c:78:e6:34:bd:d6:04:45:1f:b3:3f:
                    6f:0d:01:ab:e2:61:7b:68:e0:13:21:47:ff:68:ba:
                    cb:f9:49:4e:c6:18:e9:7d:2b:9d:21:0f:10:5a:a8:
                    f2:5f:ec:ba:ce:52:6e:9c:b5:03:42:bf:5d:a6:8a:
                    1e:7d:d1:93:13:dc:43:ba:e9:50:1d:70:10:17:b7:
                    02:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:BD:FC:94:DE:5C:DD:3C:8A:72:3F:1A:9F:15:4C:A0:73:E4:C4:61
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/h738lN5c3TyKcj8anxVMoHPkxGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c6:6000::/36

    Signature Algorithm: sha256WithRSAEncryption
         63:de:d8:3f:ea:49:b5:e6:9b:6e:1e:e1:50:c7:9a:69:60:df:
         b2:09:8f:02:3a:ec:48:01:04:0d:24:f4:69:b2:70:c1:92:c3:
         ba:56:16:3b:cb:3e:44:20:d6:6d:5c:45:26:b7:8d:07:9a:44:
         2f:bc:cd:57:60:7d:ff:d4:5b:93:0c:78:f3:0c:36:c3:26:1d:
         9c:ef:1b:9d:d3:88:4b:61:84:a8:54:4c:1e:3b:2a:60:69:85:
         26:1e:ed:02:6a:09:65:54:a6:66:2f:da:ca:09:cc:9e:94:21:
         3d:10:b5:26:af:3e:38:39:09:3f:dd:48:bb:33:4b:f2:7e:da:
         7a:94:22:50:34:29:30:cd:4d:7d:28:58:59:ca:25:8f:6b:38:
         62:d5:0f:51:0b:f2:af:1e:17:22:c8:3c:4e:26:3a:cb:cd:2d:
         23:82:f0:86:26:ef:f3:df:0c:e1:7a:d0:0e:d5:b4:85:df:78:
         12:8e:b5:91:76:da:e1:e5:90:7d:ad:5f:1d:89:ff:b0:91:7a:
         a1:2c:af:83:94:50:10:b1:38:55:b1:6b:44:86:30:b4:c6:96:
         49:ed:47:4e:be:8c:50:58:2a:ee:86:36:d1:fb:04:7e:32:19:
         84:df:02:85:5a:ca:d1:8d:16:6d:b7:3d:ac:1c:aa:14:58:d4:
         b1:d2:f7:99
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQlIZ2WmfsO/wKGoVwwilx9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjUwMTAyMDM0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2JkZmM5NGRlNWNkZDNjOGE3MjNmMWE5ZjE1NGNhMDczZTRjNDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA496dRBbtHAO0rOkwau4ACLS8Q7jW
/8UuuxavPfh4Yz/1FFysLPgiMeCrbzHT4vbufcOBFInfhbzvcAQzQkh4BDuDs5r5
y5LeGnY491boGL7UVHTksEwI6UIgSQI64GPW2Iid9awj2mF9l7LZc2jcpXP/9h3a
tYF0uPJiWQ3ZBdH+yhSgl6tXjoasGJOzKC1/a3yw5vOuSnVZOmYvtSelnfpfS9bI
AfGMDnrfdMOQkAWxqx8NY3mQbHjmNL3WBEUfsz9vDQGr4mF7aOATIUf/aLrL+UlO
xhjpfSudIQ8QWqjyX+y6zlJunLUDQr9dpooefdGTE9xDuulQHXAQF7cCPQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIe9/JTeXN08inI/Gp8VTKBz5MRhMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvaDczOGxONWMzVHlLY2o4YW54Vk1vSFBreEdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhOlxmAw
DQYJKoZIhvcNAQELBQADggEBAGPe2D/qSbXmm24e4VDHmmlg37IJjwI67EgBBA0k
9GmycMGSw7pWFjvLPkQg1m1cRSa3jQeaRC+8zVdgff/UW5MMePMMNsMmHZzvG53T
iEthhKhUTB47KmBphSYe7QJqCWVUpmYv2soJzJ6UIT0QtSavPjg5CT/dSLszS/J+
2nqUIlA0KTDNTX0oWFnKJY9rOGLVD1EL8q8eFyLIPE4mOsvNLSOC8IYm7/PfDOF6
0A7VtIXfeBKOtZF22uHlkH2tXx2J/7CReqEsr4OUUBCxOFWxa0SGMLTGlkntR06+
jFBYKu6GNtH7BH4yGYTfAoVaytGNFm23PawcqhRY1LHS95k=
-----END CERTIFICATE-----