Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/y_JsphXDGhtYIly7VDuihnNcQ5U.roa
File:                     y_JsphXDGhtYIly7VDuihnNcQ5U.roa (raw, json)
Hash identifier:          e2p81FmOY2QZWDBjWNf+vYK0z1VRG2fKaiv+Lz4SL1c=
Subject key identifier:   CB:F2:6C:A6:15:C3:1A:1B:58:22:5C:BB:54:3B:A2:86:73:5C:43:95
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       01942521A1375B1F75BE538D2BE246703E07
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/y_JsphXDGhtYIly7VDuihnNcQ5U.roa
Signing time:             Thu 02 Jan 2025 03:49:08 +0000
ROA not before:           Thu 02 Jan 2025 03:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213663
IP address blocks:        2a13:a5c3:f100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:a1:37:5b:1f:75:be:53:8d:2b:e2:46:70:3e:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jan  2 03:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cbf26ca615c31a1b58225cbb543ba286735c4395
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:b0:94:63:7c:87:58:78:d3:6c:31:84:78:92:
                    01:b2:82:7f:ce:bd:63:25:25:0f:32:84:6c:11:3a:
                    ff:d8:41:d4:b3:76:94:4f:97:82:42:44:98:bb:8c:
                    b5:b3:83:b6:ad:78:48:b4:32:3a:9b:d5:f0:db:c4:
                    0a:d0:ab:32:a8:94:02:de:d3:8d:1f:8e:96:1d:39:
                    0b:a3:5b:e1:ae:15:58:b5:53:ae:08:42:8e:6b:6b:
                    5c:06:ef:0c:27:7a:fd:74:42:9b:d0:55:d0:76:53:
                    bc:25:61:a3:09:54:be:99:13:a4:35:03:d9:0e:fd:
                    9a:7b:82:4c:7f:96:d5:d5:ff:3f:79:87:16:c9:6d:
                    a8:db:97:3a:16:29:fc:f0:78:3b:d1:eb:a6:28:d8:
                    ff:7c:bc:2d:45:a6:09:5a:12:71:b7:ee:50:f9:87:
                    44:a2:e2:b8:33:fc:eb:b2:04:f3:bb:03:f6:3d:5d:
                    4d:b3:4b:03:e9:6e:57:ba:f9:9b:e5:72:51:3e:a5:
                    7d:87:70:7e:e4:aa:d0:57:cd:f3:57:22:b8:12:da:
                    b9:a9:68:a6:32:2d:84:d6:ba:a1:88:0b:9d:1a:24:
                    ab:cb:c3:de:bc:d9:0a:cd:b7:66:02:00:0c:cb:e0:
                    c9:3d:91:04:a1:5c:e4:07:a6:5a:38:6c:2f:95:69:
                    63:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:F2:6C:A6:15:C3:1A:1B:58:22:5C:BB:54:3B:A2:86:73:5C:43:95
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/y_JsphXDGhtYIly7VDuihnNcQ5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c3:f100::/40

    Signature Algorithm: sha256WithRSAEncryption
         88:c5:35:14:09:a6:bd:5d:0a:61:4d:e8:e2:db:34:a5:ad:3d:
         54:5e:7d:88:cb:9d:e5:2f:37:8d:b6:44:d4:18:a1:b0:60:da:
         f7:36:50:b2:0b:f5:5b:1b:91:8a:4d:ca:9d:8f:ba:18:7f:88:
         96:1b:13:6d:bf:09:1f:0c:1a:06:b9:50:f1:65:88:4b:ca:ac:
         c0:53:5a:24:33:91:70:74:65:65:e8:58:15:15:05:00:47:e6:
         fc:12:b5:44:01:4f:8f:58:84:12:f6:1c:9e:c0:01:ec:7a:94:
         13:02:96:ab:8a:b6:79:71:5a:8d:4e:dc:c6:04:55:28:37:c7:
         d1:46:f5:a5:8c:8e:3a:1b:c0:97:c7:55:19:be:c9:ea:cb:54:
         5b:29:1d:63:fd:04:e2:e6:53:0f:79:6b:79:04:ea:e4:45:a3:
         57:54:c0:fc:65:ae:b7:d3:04:50:b3:b3:be:5b:fb:a8:3f:6a:
         87:40:b8:c3:33:96:d2:52:d7:17:cc:95:f6:73:16:f3:96:2c:
         de:67:ad:4e:d6:34:e7:1b:99:9e:e9:9d:a6:36:d9:ff:8f:77:
         94:79:c7:d3:ef:4b:60:bb:af:27:e6:a9:3f:51:fc:62:03:7f:
         25:85:5d:0e:a6:22:5e:04:20:46:24:a5:aa:98:e4:1b:64:93:
         06:07:b7:ae
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQlIaE3Wx91vlONK+JGcD4HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjUwMTAyMDM0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmYyNmNhNjE1YzMxYTFiNTgyMjVjYmI1NDNiYTI4NjczNWM0Mzk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAybCUY3yHWHjTbDGEeJIBsoJ/zr1j
JSUPMoRsETr/2EHUs3aUT5eCQkSYu4y1s4O2rXhItDI6m9Xw28QK0KsyqJQC3tON
H46WHTkLo1vhrhVYtVOuCEKOa2tcBu8MJ3r9dEKb0FXQdlO8JWGjCVS+mROkNQPZ
Dv2ae4JMf5bV1f8/eYcWyW2o25c6Fin88Hg70eumKNj/fLwtRaYJWhJxt+5Q+YdE
ouK4M/zrsgTzuwP2PV1Ns0sD6W5Xuvmb5XJRPqV9h3B+5KrQV83zVyK4Etq5qWim
Mi2E1rqhiAudGiSry8PevNkKzbdmAgAMy+DJPZEEoVzkB6ZaOGwvlWljPwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMvybKYVwxobWCJcu1Q7ooZzXEOVMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEveV9Kc3BoWERHaHRZSWx5N1ZEdWlobk5jUTVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhOlw/Ew
DQYJKoZIhvcNAQELBQADggEBAIjFNRQJpr1dCmFN6OLbNKWtPVRefYjLneUvN422
RNQYobBg2vc2ULIL9VsbkYpNyp2Puhh/iJYbE22/CR8MGga5UPFliEvKrMBTWiQz
kXB0ZWXoWBUVBQBH5vwStUQBT49YhBL2HJ7AAex6lBMClquKtnlxWo1O3MYEVSg3
x9FG9aWMjjobwJfHVRm+yerLVFspHWP9BOLmUw95a3kE6uRFo1dUwPxlrrfTBFCz
s75b+6g/aodAuMMzltJS1xfMlfZzFvOWLN5nrU7WNOcbmZ7pnaY22f+Pd5R5x9Pv
S2C7ryfmqT9R/GIDfyWFXQ6mIl4EIEYkpaqY5BtkkwYHt64=
-----END CERTIFICATE-----