Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/jKB4bF7QEatig6EKVxlScEN1XC8.roa
File:                     jKB4bF7QEatig6EKVxlScEN1XC8.roa (raw, json)
Hash identifier:          YIo6qCbdc07X+f+Ko5OWjfr4p+cI6VEVEj/ToimWQxE=
Subject key identifier:   8C:A0:78:6C:5E:D0:11:AB:62:83:A1:0A:57:19:52:70:43:75:5C:2F
Certificate issuer:       /CN=67ce179cbe13ddb14012985a067100ef98a55601
Certificate serial:       019591A737701064BCEABA1394928BFB7FF5
Authority key identifier: 67:CE:17:9C:BE:13:DD:B1:40:12:98:5A:06:71:00:EF:98:A5:56:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z84XnL4T3bFAEphaBnEA75ilVgE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/jKB4bF7QEatig6EKVxlScEN1XC8.roa
Signing time:             Thu 13 Mar 2025 22:36:49 +0000
ROA not before:           Thu 13 Mar 2025 22:36:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202573
IP address blocks:        2a13:1c47:f800::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/Z84XnL4T3bFAEphaBnEA75ilVgE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/Z84XnL4T3bFAEphaBnEA75ilVgE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z84XnL4T3bFAEphaBnEA75ilVgE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 04:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:91:a7:37:70:10:64:bc:ea:ba:13:94:92:8b:fb:7f:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67ce179cbe13ddb14012985a067100ef98a55601
        Validity
            Not Before: Mar 13 22:36:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8ca0786c5ed011ab6283a10a5719527043755c2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:20:7a:db:dc:92:29:ff:62:db:f3:12:2a:b8:
                    4c:86:da:e5:84:68:bf:29:01:17:00:07:d4:62:9c:
                    70:5b:5a:c4:b8:f2:fe:8a:5e:02:36:04:9a:59:71:
                    5e:1a:0a:80:4c:df:e2:d5:af:0b:32:88:15:ae:1d:
                    8d:cb:15:e5:a9:ba:87:30:0e:c8:60:16:33:49:2a:
                    36:68:55:03:96:f7:03:ec:57:12:10:ee:54:b1:5e:
                    d0:4e:c1:e5:b6:b2:f1:90:f5:d6:67:50:e2:d8:ac:
                    e6:04:f5:33:35:ed:40:8a:f5:3f:3b:5b:ba:c9:c0:
                    f9:9c:4f:6f:a2:3c:f6:be:e9:7d:c5:9c:6f:d8:a1:
                    f8:15:bc:2a:25:0d:97:a9:90:e2:1b:da:61:6f:d0:
                    af:25:48:dc:ce:ea:2e:61:c4:68:1f:8a:72:43:f1:
                    cc:ad:b7:df:d3:b8:40:31:65:c1:fe:7f:5f:c7:a6:
                    4c:3a:c2:b7:93:77:52:a2:f8:91:10:fd:7c:2f:b9:
                    d9:76:0e:4e:4e:af:61:7a:ae:55:04:50:43:37:65:
                    d8:3a:60:ee:53:8c:a0:f2:82:73:d4:59:16:99:8c:
                    2e:cd:5b:ae:ec:3f:24:59:a4:51:e2:84:cc:77:cc:
                    c3:85:62:f8:c6:86:7e:7e:d3:19:b4:da:e8:20:20:
                    9d:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:A0:78:6C:5E:D0:11:AB:62:83:A1:0A:57:19:52:70:43:75:5C:2F
            X509v3 Authority Key Identifier:
                keyid:67:CE:17:9C:BE:13:DD:B1:40:12:98:5A:06:71:00:EF:98:A5:56:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z84XnL4T3bFAEphaBnEA75ilVgE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/jKB4bF7QEatig6EKVxlScEN1XC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5d7192-a719-4cd7-994a-62c01dc69cca/1/Z84XnL4T3bFAEphaBnEA75ilVgE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:1c47:f800::/44

    Signature Algorithm: sha256WithRSAEncryption
         a2:44:e5:6c:1c:40:5a:78:61:e2:ab:15:f8:5f:55:05:7f:c1:
         7a:1f:16:f2:89:41:19:26:63:b5:38:93:c5:ee:39:74:e5:54:
         f4:9f:18:a1:e3:12:24:c3:96:48:6f:28:ba:85:34:62:43:a6:
         fe:f5:15:99:41:16:2a:d6:62:8f:e8:36:e0:15:69:1d:56:fd:
         ea:40:af:47:87:12:e9:11:b3:68:a1:44:4e:fb:9f:a0:54:39:
         89:41:d9:22:52:0a:d0:00:4d:c3:bf:5d:22:36:b3:fd:77:16:
         d2:66:da:29:29:00:b4:4a:3a:c6:e3:5f:e5:43:1d:27:2f:4a:
         49:ff:3c:61:20:54:cd:1f:22:03:45:0d:dd:a2:a6:a7:3a:67:
         26:92:eb:a8:5d:49:72:d5:a1:ca:df:09:63:24:08:4d:53:40:
         dd:dd:c8:5a:91:1e:05:d5:66:9f:29:51:90:69:34:a6:6d:37:
         64:fb:8f:af:51:ee:24:dd:02:07:ba:a6:11:2e:b1:17:4c:e2:
         66:95:e0:82:61:fb:cd:de:05:10:a8:a1:e3:ce:d5:97:17:cf:
         ac:d9:45:3e:26:49:93:43:91:23:75:8e:a9:c8:f2:db:75:d3:
         17:f0:34:8a:d8:32:a7:bb:e4:67:51:85:12:ab:23:38:c4:f8:
         70:c8:83:97
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZWRpzdwEGS86roTlJKL+3/1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3Y2UxNzljYmUxM2RkYjE0MDEyOTg1YTA2NzEwMGVmOThh
NTU2MDEwHhcNMjUwMzEzMjIzNjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2EwNzg2YzVlZDAxMWFiNjI4M2ExMGE1NzE5NTI3MDQzNzU1YzJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwSB629ySKf9i2/MSKrhMhtrlhGi/
KQEXAAfUYpxwW1rEuPL+il4CNgSaWXFeGgqATN/i1a8LMogVrh2NyxXlqbqHMA7I
YBYzSSo2aFUDlvcD7FcSEO5UsV7QTsHltrLxkPXWZ1Di2KzmBPUzNe1AivU/O1u6
ycD5nE9vojz2vul9xZxv2KH4FbwqJQ2XqZDiG9phb9CvJUjczuouYcRoH4pyQ/HM
rbff07hAMWXB/n9fx6ZMOsK3k3dSoviREP18L7nZdg5OTq9heq5VBFBDN2XYOmDu
U4yg8oJz1FkWmYwuzVuu7D8kWaRR4oTMd8zDhWL4xoZ+ftMZtNroICCdOQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIygeGxe0BGrYoOhClcZUnBDdVwvMB8GA1UdIwQY
MBaAFGfOF5y+E92xQBKYWgZxAO+YpVYBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjg0WG5MNFQzYkZBRXBoYUJuRUE3NWlsVmdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS81ZDcxOTItYTcxOS00Y2Q3LTk5NGEt
NjJjMDFkYzY5Y2NhLzEvaktCNGJGN1FFYXRpZzZFS1Z4bFNjRU4xWEM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS81ZDcxOTItYTcxOS00Y2Q3LTk5NGEtNjJjMDFkYzY5Y2Nh
LzEvWjg0WG5MNFQzYkZBRXBoYUJuRUE3NWlsVmdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhMcR/gA
MA0GCSqGSIb3DQEBCwUAA4IBAQCiROVsHEBaeGHiqxX4X1UFf8F6HxbyiUEZJmO1
OJPF7jl05VT0nxih4xIkw5ZIbyi6hTRiQ6b+9RWZQRYq1mKP6DbgFWkdVv3qQK9H
hxLpEbNooURO+5+gVDmJQdkiUgrQAE3Dv10iNrP9dxbSZtopKQC0SjrG41/lQx0n
L0pJ/zxhIFTNHyIDRQ3doqanOmcmkuuoXUly1aHK3wljJAhNU0Dd3chakR4F1Waf
KVGQaTSmbTdk+4+vUe4k3QIHuqYRLrEXTOJmleCCYfvN3gUQqKHjztWXF8+s2UU+
JkmTQ5EjdY6pyPLbddMX8DSK2DKnu+RnUYUSqyM4xPhwyIOX
-----END CERTIFICATE-----