Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/JYmQcVf6BfsYcKxJFKZsXd4f2To.roa
File:                     JYmQcVf6BfsYcKxJFKZsXd4f2To.roa (raw, json)
Hash identifier:          tjmsYQgdvBrGDDiyWAJWajhEM88kj9HYgypYyxWTvaY=
Subject key identifier:   25:89:90:71:57:FA:05:FB:18:70:AC:49:14:A6:6C:5D:DE:1F:D9:3A
Certificate issuer:       /CN=67ce179cbe13ddb14012985a067100ef98a55601
Certificate serial:       01941FFA3BE994C6FB9B30E6AB23BF93E1A4
Authority key identifier: 67:CE:17:9C:BE:13:DD:B1:40:12:98:5A:06:71:00:EF:98:A5:56:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z84XnL4T3bFAEphaBnEA75ilVgE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/JYmQcVf6BfsYcKxJFKZsXd4f2To.roa
Signing time:             Wed 01 Jan 2025 03:48:00 +0000
ROA not before:           Wed 01 Jan 2025 03:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212832
IP address blocks:        2a13:1c46::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/Z84XnL4T3bFAEphaBnEA75ilVgE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/Z84XnL4T3bFAEphaBnEA75ilVgE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z84XnL4T3bFAEphaBnEA75ilVgE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 19:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:3b:e9:94:c6:fb:9b:30:e6:ab:23:bf:93:e1:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67ce179cbe13ddb14012985a067100ef98a55601
        Validity
            Not Before: Jan  1 03:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2589907157fa05fb1870ac4914a66c5dde1fd93a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:84:5c:ec:89:a3:12:37:a0:a8:b7:d6:94:d3:
                    c8:34:49:8d:47:09:76:57:ab:54:45:03:f0:51:bc:
                    47:fe:0a:d1:5e:17:5c:28:7e:bd:5e:56:25:65:9a:
                    67:9c:7c:ee:dc:7b:26:29:34:14:85:84:39:fb:c6:
                    80:ff:53:63:13:88:26:90:cb:db:89:19:b5:14:7c:
                    aa:fc:fe:ac:80:39:9f:be:0b:08:85:84:ea:17:3a:
                    46:8f:53:13:60:c3:18:39:b4:a6:e0:0b:e2:71:ce:
                    61:93:8c:be:2e:2c:a4:41:78:48:8d:43:06:42:7b:
                    3e:5c:aa:c2:c9:96:51:6f:dd:61:be:3d:50:9d:14:
                    06:ef:7c:eb:23:36:d4:84:6d:75:d0:71:0b:2c:cb:
                    25:7c:79:4d:e7:e9:52:32:69:ca:72:88:02:95:be:
                    a0:e0:fa:af:f8:5b:c4:3a:28:f9:f5:4d:08:a0:fd:
                    e3:5a:30:3d:8b:be:e0:ca:ae:d3:70:d8:20:c6:24:
                    01:58:0b:61:1d:15:4a:0c:15:0a:07:29:05:17:49:
                    a1:a3:7c:98:9d:a1:41:aa:b3:be:f0:b3:66:10:35:
                    c6:e8:87:03:b3:47:33:3e:0a:a3:bc:e4:d4:ea:1f:
                    c5:9a:20:f0:c7:11:01:10:57:51:23:c4:3f:56:72:
                    25:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:89:90:71:57:FA:05:FB:18:70:AC:49:14:A6:6C:5D:DE:1F:D9:3A
            X509v3 Authority Key Identifier:
                keyid:67:CE:17:9C:BE:13:DD:B1:40:12:98:5A:06:71:00:EF:98:A5:56:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z84XnL4T3bFAEphaBnEA75ilVgE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/JYmQcVf6BfsYcKxJFKZsXd4f2To.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/Z84XnL4T3bFAEphaBnEA75ilVgE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:1c46::/32

    Signature Algorithm: sha256WithRSAEncryption
         67:65:83:e1:5c:82:20:86:21:77:02:4c:74:73:cb:38:19:d2:
         91:73:c3:2e:99:ed:7e:8b:16:17:df:6d:0f:ba:14:73:b5:35:
         53:4c:a4:e2:77:0b:5b:e8:4e:be:b6:52:02:41:17:76:8b:09:
         83:d2:62:9d:21:b3:d7:1f:59:62:7d:88:11:eb:0b:06:d2:e3:
         b5:b7:16:b7:e7:ca:e0:e8:21:d0:91:82:b7:d6:4f:40:8f:d9:
         45:c2:16:53:bb:f5:d3:a2:42:8a:c5:1f:e5:c8:3f:85:27:ac:
         e9:99:7f:39:bd:b4:bc:20:61:6b:13:3e:be:9d:cb:4b:fd:1c:
         e5:5a:88:70:da:4d:8e:f2:d0:c2:9a:f1:53:4b:36:82:9b:6f:
         32:48:ee:15:61:4e:3e:b0:05:87:f6:dc:aa:78:6f:de:17:35:
         78:27:61:62:f1:4b:73:10:b0:d6:ad:ac:13:e3:0a:3b:9b:46:
         e2:cb:8e:61:52:46:f8:ba:b5:42:e6:48:b1:3e:8c:32:ec:bd:
         e4:f3:1d:d9:15:3c:37:97:6d:da:6e:4f:e9:73:4f:2f:13:8b:
         54:c7:f6:c2:ef:cb:6d:24:b6:4d:6c:23:f5:0b:cc:4f:16:16:
         15:f5:26:16:1d:06:cc:4a:b1:57:5b:ae:6a:05:49:c3:5c:9f:
         0c:54:40:5a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQf+jvplMb7mzDmqyO/k+GkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3Y2UxNzljYmUxM2RkYjE0MDEyOTg1YTA2NzEwMGVmOThh
NTU2MDEwHhcNMjUwMTAxMDM0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTg5OTA3MTU3ZmEwNWZiMTg3MGFjNDkxNGE2NmM1ZGRlMWZkOTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxIRc7ImjEjegqLfWlNPINEmNRwl2
V6tURQPwUbxH/grRXhdcKH69XlYlZZpnnHzu3HsmKTQUhYQ5+8aA/1NjE4gmkMvb
iRm1FHyq/P6sgDmfvgsIhYTqFzpGj1MTYMMYObSm4Avicc5hk4y+LiykQXhIjUMG
Qns+XKrCyZZRb91hvj1QnRQG73zrIzbUhG110HELLMslfHlN5+lSMmnKcogClb6g
4Pqv+FvEOij59U0IoP3jWjA9i77gyq7TcNggxiQBWAthHRVKDBUKBykFF0mho3yY
naFBqrO+8LNmEDXG6IcDs0czPgqjvOTU6h/FmiDwxxEBEFdRI8Q/VnIl9wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCWJkHFX+gX7GHCsSRSmbF3eH9k6MB8GA1UdIwQY
MBaAFGfOF5y+E92xQBKYWgZxAO+YpVYBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjg0WG5MNFQzYkZBRXBoYUJuRUE3NWlsVmdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS81ZDcxOTItYTcxOS00Y2Q3LTk5NGEt
NjJjMDFkYzY5Y2NhLzEvSlltUWNWZjZCZnNZY0t4SkZLWnNYZDRmMlRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS81ZDcxOTItYTcxOS00Y2Q3LTk5NGEtNjJjMDFkYzY5Y2Nh
LzEvWjg0WG5MNFQzYkZBRXBoYUJuRUE3NWlsVmdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhMcRjAN
BgkqhkiG9w0BAQsFAAOCAQEAZ2WD4VyCIIYhdwJMdHPLOBnSkXPDLpntfosWF99t
D7oUc7U1U0yk4ncLW+hOvrZSAkEXdosJg9JinSGz1x9ZYn2IEesLBtLjtbcWt+fK
4Ogh0JGCt9ZPQI/ZRcIWU7v106JCisUf5cg/hSes6Zl/Ob20vCBhaxM+vp3LS/0c
5VqIcNpNjvLQwprxU0s2gptvMkjuFWFOPrAFh/bcqnhv3hc1eCdhYvFLcxCw1q2s
E+MKO5tG4suOYVJG+Lq1QuZIsT6MMuy95PMd2RU8N5dt2m5P6XNPLxOLVMf2wu/L
bSS2TWwj9QvMTxYWFfUmFh0GzEqxV1uuagVJw1yfDFRAWg==
-----END CERTIFICATE-----