Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/a43a05-603f-4607-bc68-99060e2458ec/1/rWk5sIUEQt5GM5tD9jvlVGxlmoc.roa
File:                     rWk5sIUEQt5GM5tD9jvlVGxlmoc.roa (raw, json)
Hash identifier:          bdSHmybqlxfqe2LDlmT/vhR2hatifsBsFgj+STLVUXQ=
Subject key identifier:   AD:69:39:B0:85:04:42:DE:46:33:9B:43:F6:3B:E5:54:6C:65:9A:87
Certificate issuer:       /CN=a42371281dfe19072d1339dd0482b2aafad542ce
Certificate serial:       01941F8C9D68A7B95ADBE6002C1953E82116
Authority key identifier: A4:23:71:28:1D:FE:19:07:2D:13:39:DD:04:82:B2:AA:FA:D5:42:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pCNxKB3-GQctEzndBIKyqvrVQs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/a43a05-603f-4607-bc68-99060e2458ec/1/rWk5sIUEQt5GM5tD9jvlVGxlmoc.roa
Signing time:             Wed 01 Jan 2025 01:48:16 +0000
ROA not before:           Wed 01 Jan 2025 01:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57025
IP address blocks:        2a13:db00::/30 maxlen: 30
                          2a13:db01:1000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/a43a05-603f-4607-bc68-99060e2458ec/1/pCNxKB3-GQctEzndBIKyqvrVQs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/a43a05-603f-4607-bc68-99060e2458ec/1/pCNxKB3-GQctEzndBIKyqvrVQs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pCNxKB3-GQctEzndBIKyqvrVQs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:9d:68:a7:b9:5a:db:e6:00:2c:19:53:e8:21:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a42371281dfe19072d1339dd0482b2aafad542ce
        Validity
            Not Before: Jan  1 01:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ad6939b0850442de46339b43f63be5546c659a87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:0c:89:33:d4:28:58:2f:97:39:7b:42:4b:a3:
                    ae:dc:19:f4:4c:e1:c1:f2:7a:94:fe:3b:66:a7:26:
                    85:45:74:85:ad:37:e9:a9:bf:4f:32:f8:40:30:9d:
                    9d:d6:ff:28:b0:49:ba:9e:5d:b4:b2:cb:b4:f3:3e:
                    7c:c3:36:70:cb:aa:b8:c8:1c:e0:e1:dc:a4:96:6b:
                    d3:24:33:0c:b6:de:98:cc:e0:5d:c2:7e:ac:f4:00:
                    dd:4d:fa:77:06:cb:b5:48:35:dc:eb:1b:4a:5d:a0:
                    e7:dc:d8:5b:f4:9f:c8:39:24:da:eb:d5:f2:69:f9:
                    3d:48:46:0e:0b:1e:44:47:6c:b2:10:82:64:c5:0c:
                    b1:b6:19:4d:47:fb:f7:38:18:4e:d9:2f:0b:c1:f5:
                    64:f5:88:28:b7:15:87:e8:9e:7c:6b:41:6e:1b:cb:
                    b1:3a:c6:8f:ae:30:79:5f:44:78:b1:a8:0e:df:d7:
                    5c:ba:76:3a:82:5c:84:b2:bf:07:60:91:d5:b9:cb:
                    7a:e0:a3:a2:6f:50:11:01:e0:24:2a:f0:6b:f8:c8:
                    41:9e:48:97:d8:7f:ee:21:40:69:e4:0c:52:7b:12:
                    83:ce:77:c4:03:11:a8:55:73:c4:d9:47:3a:c2:d6:
                    d3:9b:a9:d9:ca:ba:fb:76:77:11:51:29:71:79:09:
                    aa:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:69:39:B0:85:04:42:DE:46:33:9B:43:F6:3B:E5:54:6C:65:9A:87
            X509v3 Authority Key Identifier:
                keyid:A4:23:71:28:1D:FE:19:07:2D:13:39:DD:04:82:B2:AA:FA:D5:42:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pCNxKB3-GQctEzndBIKyqvrVQs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/a43a05-603f-4607-bc68-99060e2458ec/1/rWk5sIUEQt5GM5tD9jvlVGxlmoc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/a43a05-603f-4607-bc68-99060e2458ec/1/pCNxKB3-GQctEzndBIKyqvrVQs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:db00::/30

    Signature Algorithm: sha256WithRSAEncryption
         30:39:a5:5a:c3:2e:79:f2:9d:fa:33:13:18:58:7d:0e:0f:16:
         23:d0:86:36:6e:15:a3:49:37:16:b0:58:8e:c8:cb:f3:f1:63:
         76:4d:13:09:61:4a:d7:53:6d:2f:8f:1d:4e:f4:26:3d:a7:4d:
         e0:2c:9a:19:b4:d8:3d:48:f5:4b:0f:db:da:de:39:ba:a4:26:
         a5:68:7b:03:a8:fc:ee:1c:01:44:16:20:4c:d2:b1:32:ec:ff:
         04:1a:d9:f8:0e:c1:39:f9:5b:d2:bd:01:44:9f:46:7f:f8:23:
         91:29:9f:88:23:dc:16:9b:10:5e:4e:98:5f:87:cd:aa:e7:84:
         a3:55:8c:74:15:03:7a:7f:e0:31:a2:9e:6d:f4:b3:d4:94:05:
         a4:5b:c1:4b:2a:a2:d7:02:c3:81:e9:8f:1f:f6:1a:6f:1d:20:
         13:63:7a:80:63:94:f9:ab:91:a2:96:df:9d:4e:3e:f7:ec:3c:
         70:9f:e7:c3:c2:f6:13:4b:de:e9:ff:02:17:a2:84:af:76:11:
         b2:a1:67:fe:47:a2:f8:6f:a2:b3:99:49:f0:e6:85:bb:73:f7:
         bc:70:4a:9b:90:b5:bc:07:42:f5:56:2f:da:8f:a9:1d:28:61:
         09:8a:71:2c:1a:e0:43:1c:96:40:91:6b:22:09:29:60:fd:33:
         1c:0d:12:f2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQfjJ1op7la2+YALBlT6CEWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0MjM3MTI4MWRmZTE5MDcyZDEzMzlkZDA0ODJiMmFhZmFk
NTQyY2UwHhcNMjUwMTAxMDE0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDY5MzliMDg1MDQ0MmRlNDYzMzliNDNmNjNiZTU1NDZjNjU5YTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2wyJM9QoWC+XOXtCS6Ou3Bn0TOHB
8nqU/jtmpyaFRXSFrTfpqb9PMvhAMJ2d1v8osEm6nl20ssu08z58wzZwy6q4yBzg
4dyklmvTJDMMtt6YzOBdwn6s9ADdTfp3Bsu1SDXc6xtKXaDn3Nhb9J/IOSTa69Xy
afk9SEYOCx5ER2yyEIJkxQyxthlNR/v3OBhO2S8LwfVk9YgotxWH6J58a0FuG8ux
OsaPrjB5X0R4sagO39dcunY6glyEsr8HYJHVuct64KOib1ARAeAkKvBr+MhBnkiX
2H/uIUBp5AxSexKDznfEAxGoVXPE2Uc6wtbTm6nZyrr7dncRUSlxeQmq+QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFK1pObCFBELeRjObQ/Y75VRsZZqHMB8GA1UdIwQY
MBaAFKQjcSgd/hkHLRM53QSCsqr61ULOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcENOeEtCMy1HUWN0RXpuZEJJS3lxdnJWUXM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9hNDNhMDUtNjAzZi00NjA3LWJjNjgt
OTkwNjBlMjQ1OGVjLzEvcldrNXNJVUVRdDVHTTV0RDlqdmxWR3hsbW9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9hNDNhMDUtNjAzZi00NjA3LWJjNjgtOTkwNjBlMjQ1OGVj
LzEvcENOeEtCMy1HUWN0RXpuZEJJS3lxdnJWUXM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUCKhPbADAN
BgkqhkiG9w0BAQsFAAOCAQEAMDmlWsMuefKd+jMTGFh9Dg8WI9CGNm4Vo0k3FrBY
jsjL8/Fjdk0TCWFK11NtL48dTvQmPadN4CyaGbTYPUj1Sw/b2t45uqQmpWh7A6j8
7hwBRBYgTNKxMuz/BBrZ+A7BOflb0r0BRJ9Gf/gjkSmfiCPcFpsQXk6YX4fNqueE
o1WMdBUDen/gMaKebfSz1JQFpFvBSyqi1wLDgemPH/Yabx0gE2N6gGOU+auRopbf
nU4+9+w8cJ/nw8L2E0ve6f8CF6KEr3YRsqFn/kei+G+is5lJ8OaFu3P3vHBKm5C1
vAdC9VYv2o+pHShhCYpxLBrgQxyWQJFrIgkpYP0zHA0S8g==
-----END CERTIFICATE-----