Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/kCw9KW7g2WHXSaE7taxeZTizKC4.roa
File:                     kCw9KW7g2WHXSaE7taxeZTizKC4.roa (raw, json)
Hash identifier:          0phDtsrapiUcNDcI7I3hyFhO2oK9iXRAiRoI4U9hIt8=
Subject key identifier:   90:2C:3D:29:6E:E0:D9:61:D7:49:A1:3B:B5:AC:5E:65:38:B3:28:2E
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       019425219F36A8A54750B25A7D072068AC18
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/kCw9KW7g2WHXSaE7taxeZTizKC4.roa
Signing time:             Thu 02 Jan 2025 03:49:07 +0000
ROA not before:           Thu 02 Jan 2025 03:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203314
IP address blocks:        2a13:a5c7:2500::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:9f:36:a8:a5:47:50:b2:5a:7d:07:20:68:ac:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jan  2 03:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=902c3d296ee0d961d749a13bb5ac5e6538b3282e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:b0:85:94:80:09:2a:a9:94:04:e9:bd:1d:98:
                    0d:4d:16:7d:1f:37:e6:af:ef:aa:9b:3e:62:29:9c:
                    bc:7c:81:64:af:13:e4:4b:87:89:93:7f:32:86:1d:
                    6a:49:97:ee:ca:23:ba:95:99:ad:20:cd:f4:02:fb:
                    49:cc:7d:06:b5:25:13:ac:71:5e:fa:87:1f:73:cc:
                    7f:36:40:49:38:7e:31:fd:8e:7b:47:f5:90:46:bb:
                    e1:8d:46:56:dc:d9:04:0f:5e:89:c1:d4:9f:13:d6:
                    7f:fb:76:f0:1b:22:76:08:93:0d:a8:48:7c:41:d5:
                    99:66:cf:f9:b3:21:01:c3:b9:df:f6:df:f1:0b:80:
                    bf:e5:e2:f9:bb:a2:aa:ad:be:d9:dc:e9:28:93:05:
                    d2:bd:31:80:74:e7:ee:0e:eb:af:81:90:e5:f6:73:
                    e9:07:44:a2:55:13:23:8a:74:10:f3:18:23:08:a2:
                    85:41:b9:70:77:37:31:fc:ad:74:96:06:e2:b3:3a:
                    47:8b:37:ee:de:35:63:bf:2c:11:77:e1:09:85:1a:
                    65:7e:e4:ae:80:1e:04:ad:c8:06:9d:31:b6:db:66:
                    99:d0:00:04:ae:a1:97:a5:de:df:14:58:75:79:bf:
                    5a:22:95:39:b1:44:f3:e0:99:11:30:1a:74:1c:e7:
                    9c:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:2C:3D:29:6E:E0:D9:61:D7:49:A1:3B:B5:AC:5E:65:38:B3:28:2E
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/kCw9KW7g2WHXSaE7taxeZTizKC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c7:2500::/40

    Signature Algorithm: sha256WithRSAEncryption
         5b:67:5d:bc:db:c9:d5:f3:c4:a2:c1:f8:a3:4b:2d:ea:6b:29:
         df:43:04:a9:59:f4:5e:fb:b7:98:55:7e:d1:a3:63:80:c9:d8:
         04:10:17:e5:bc:6f:c3:fe:41:0b:5b:a7:07:ba:e0:13:97:8f:
         52:93:60:b4:6c:69:f9:a1:8f:b2:84:33:67:7c:7d:b8:33:77:
         cc:e2:f3:df:3d:ea:c5:30:f4:b6:43:a6:bf:bb:ab:4b:95:f0:
         f4:57:4f:1b:e2:dc:c3:a0:fc:9f:3a:5a:ae:bd:af:0c:66:6b:
         ee:e7:26:fa:a8:5b:eb:e5:3a:e5:16:f2:ac:d9:cf:45:3b:ab:
         54:2d:b6:4a:79:a6:d6:43:5d:d8:20:75:3f:41:3f:d7:06:c5:
         62:7f:02:2a:9a:70:c1:dc:3e:0c:d6:57:62:16:0c:39:ef:82:
         c0:cc:bc:67:6f:34:06:f0:4d:02:cb:cd:e5:22:f2:14:da:f1:
         c1:04:d9:35:c3:d4:06:2c:11:a7:f0:1d:08:8f:7a:ae:40:17:
         70:c0:38:81:8e:c5:23:79:c7:ce:a0:89:05:34:aa:95:75:c4:
         3b:7e:50:7f:f1:1a:bf:cd:9b:4a:98:23:d8:50:e2:7e:0b:31:
         2e:eb:ad:14:c6:09:24:87:21:30:c0:ad:6e:a0:33:87:11:e6:
         a4:a7:ff:f6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQlIZ82qKVHULJafQcgaKwYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjUwMTAyMDM0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDJjM2QyOTZlZTBkOTYxZDc0OWExM2JiNWFjNWU2NTM4YjMyODJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqrCFlIAJKqmUBOm9HZgNTRZ9Hzfm
r++qmz5iKZy8fIFkrxPkS4eJk38yhh1qSZfuyiO6lZmtIM30AvtJzH0GtSUTrHFe
+ocfc8x/NkBJOH4x/Y57R/WQRrvhjUZW3NkED16JwdSfE9Z/+3bwGyJ2CJMNqEh8
QdWZZs/5syEBw7nf9t/xC4C/5eL5u6Kqrb7Z3OkokwXSvTGAdOfuDuuvgZDl9nPp
B0SiVRMjinQQ8xgjCKKFQblwdzcx/K10lgbiszpHizfu3jVjvywRd+EJhRplfuSu
gB4ErcgGnTG222aZ0AAErqGXpd7fFFh1eb9aIpU5sUTz4JkRMBp0HOechwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFJAsPSlu4Nlh10mhO7WsXmU4syguMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEva0N3OUtXN2cyV0hYU2FFN3RheGVaVGl6S0M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhOlxyUw
DQYJKoZIhvcNAQELBQADggEBAFtnXbzbydXzxKLB+KNLLeprKd9DBKlZ9F77t5hV
ftGjY4DJ2AQQF+W8b8P+QQtbpwe64BOXj1KTYLRsafmhj7KEM2d8fbgzd8zi8989
6sUw9LZDpr+7q0uV8PRXTxvi3MOg/J86Wq69rwxma+7nJvqoW+vlOuUW8qzZz0U7
q1Qttkp5ptZDXdggdT9BP9cGxWJ/AiqacMHcPgzWV2IWDDnvgsDMvGdvNAbwTQLL
zeUi8hTa8cEE2TXD1AYsEafwHQiPeq5AF3DAOIGOxSN5x86giQU0qpV1xDt+UH/x
Gr/Nm0qYI9hQ4n4LMS7rrRTGCSSHITDArW6gM4cR5qSn//Y=
-----END CERTIFICATE-----