Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/a8e45b-17c6-436d-81a8-c5195162e3be/1/2t371AmA6am_gT2DygfV8oUEot0.roa
File:                     2t371AmA6am_gT2DygfV8oUEot0.roa (raw, json)
Hash identifier:          jKlYnyLUgDsZbjU8rac27z9vNrX7VaKOYzCWe3mGEeg=
Subject key identifier:   DA:DD:FB:D4:09:80:E9:A9:BF:81:3D:83:CA:07:D5:F2:85:04:A2:DD
Certificate issuer:       /CN=baaa748ba14a76e5d8a6edacb5426082a56f5e3d
Certificate serial:       019424450252B0CE751C7552800E3DD2B12F
Authority key identifier: BA:AA:74:8B:A1:4A:76:E5:D8:A6:ED:AC:B5:42:60:82:A5:6F:5E:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uqp0i6FKduXYpu2stUJggqVvXj0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/a8e45b-17c6-436d-81a8-c5195162e3be/1/2t371AmA6am_gT2DygfV8oUEot0.roa
Signing time:             Wed 01 Jan 2025 23:48:09 +0000
ROA not before:           Wed 01 Jan 2025 23:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212568
IP address blocks:        2a13:ccc6::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/a8e45b-17c6-436d-81a8-c5195162e3be/1/uqp0i6FKduXYpu2stUJggqVvXj0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/a8e45b-17c6-436d-81a8-c5195162e3be/1/uqp0i6FKduXYpu2stUJggqVvXj0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uqp0i6FKduXYpu2stUJggqVvXj0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:02:52:b0:ce:75:1c:75:52:80:0e:3d:d2:b1:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=baaa748ba14a76e5d8a6edacb5426082a56f5e3d
        Validity
            Not Before: Jan  1 23:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=daddfbd40980e9a9bf813d83ca07d5f28504a2dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:1b:81:58:8c:ef:03:94:b6:2d:c6:31:f3:d0:
                    b7:9c:32:d8:62:31:4d:11:0c:a5:14:ed:3e:5e:dd:
                    78:f3:11:dc:17:1b:05:fb:d3:90:b9:67:a3:7d:50:
                    84:96:37:8f:d7:c0:d8:b2:00:7a:1e:82:fd:c6:fe:
                    a8:af:d3:fd:30:d1:a7:b1:cd:05:26:7d:24:68:b8:
                    27:bb:53:ce:7c:b9:06:66:f6:4f:8e:c1:06:e1:a7:
                    46:77:63:72:a6:04:81:3c:6f:ce:5b:ef:9e:42:30:
                    c6:dd:59:8c:c0:7d:52:75:79:1a:71:d5:06:62:18:
                    72:fd:89:4c:ce:88:56:c3:8f:f1:64:a4:71:e9:72:
                    d0:b6:ad:94:46:d1:f9:d9:97:31:97:32:c4:89:85:
                    d8:23:0e:bd:58:5b:db:45:1f:f0:a7:90:69:84:48:
                    a8:85:53:9f:dd:ed:55:65:e1:81:c5:67:3c:02:e3:
                    5c:75:a6:e5:ef:2f:02:a2:d0:cd:47:98:77:da:7f:
                    45:e1:fc:44:8c:63:07:8d:ef:0c:a8:9a:b8:8b:cc:
                    c3:07:54:9f:e9:95:c3:4e:7d:90:1f:8a:88:e5:23:
                    21:5a:82:de:1b:6f:f4:0e:60:66:d1:99:95:4c:c7:
                    bb:75:cb:24:e2:15:1b:d9:94:36:7a:b9:b4:05:0c:
                    95:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:DD:FB:D4:09:80:E9:A9:BF:81:3D:83:CA:07:D5:F2:85:04:A2:DD
            X509v3 Authority Key Identifier:
                keyid:BA:AA:74:8B:A1:4A:76:E5:D8:A6:ED:AC:B5:42:60:82:A5:6F:5E:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uqp0i6FKduXYpu2stUJggqVvXj0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/a8e45b-17c6-436d-81a8-c5195162e3be/1/2t371AmA6am_gT2DygfV8oUEot0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/a8e45b-17c6-436d-81a8-c5195162e3be/1/uqp0i6FKduXYpu2stUJggqVvXj0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:ccc6::/44

    Signature Algorithm: sha256WithRSAEncryption
         09:6e:ff:a5:91:0a:0a:48:be:3e:9d:8b:fe:40:9d:d5:61:53:
         ee:2a:f5:af:14:a7:65:9a:4b:cc:22:0e:11:a0:67:b0:61:68:
         44:08:ec:d0:26:5a:bb:39:16:03:53:52:07:b8:5a:92:1a:d2:
         99:1f:ef:9e:0b:d1:57:63:ec:93:5a:d8:89:57:57:2c:cf:d7:
         ed:9e:61:fd:ec:44:8d:e7:ae:52:8a:3a:a5:71:de:45:ef:6e:
         c8:48:bf:19:2e:8e:6f:5b:0a:e8:0b:ed:c1:62:59:3e:64:d5:
         75:2c:53:e4:fb:21:33:0e:f2:a7:7c:6e:85:81:d5:34:80:0e:
         fe:22:aa:fd:73:7e:cf:12:cf:e6:f1:0d:dc:2d:90:35:e5:91:
         0d:0c:ef:af:e9:8a:81:fd:26:c4:c1:51:86:02:0a:00:42:df:
         db:5b:bc:45:d7:e6:d2:14:20:e1:5b:d1:0d:36:ea:4d:a6:d3:
         d0:a8:31:f3:a9:d8:2d:bf:ae:dc:d2:cd:d7:c8:07:33:46:18:
         7a:2e:c6:0f:61:a1:9e:5c:96:3b:71:d4:a7:a3:8b:21:c8:8f:
         ea:d0:53:91:74:90:c9:b5:b8:9e:0a:9a:0d:c4:9c:f6:39:74:
         0d:4e:b5:c1:cb:fb:33:3d:0f:69:fa:f8:cd:a6:22:8a:c6:04:
         cf:48:f2:6f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQkRQJSsM51HHVSgA490rEvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhYWE3NDhiYTE0YTc2ZTVkOGE2ZWRhY2I1NDI2MDgyYTU2
ZjVlM2QwHhcNMjUwMTAxMjM0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWRkZmJkNDA5ODBlOWE5YmY4MTNkODNjYTA3ZDVmMjg1MDRhMmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohuBWIzvA5S2LcYx89C3nDLYYjFN
EQylFO0+Xt148xHcFxsF+9OQuWejfVCEljeP18DYsgB6HoL9xv6or9P9MNGnsc0F
Jn0kaLgnu1POfLkGZvZPjsEG4adGd2NypgSBPG/OW++eQjDG3VmMwH1SdXkacdUG
Yhhy/YlMzohWw4/xZKRx6XLQtq2URtH52ZcxlzLEiYXYIw69WFvbRR/wp5BphEio
hVOf3e1VZeGBxWc8AuNcdabl7y8CotDNR5h32n9F4fxEjGMHje8MqJq4i8zDB1Sf
6ZXDTn2QH4qI5SMhWoLeG2/0DmBm0ZmVTMe7dcsk4hUb2ZQ2erm0BQyVKwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNrd+9QJgOmpv4E9g8oH1fKFBKLdMB8GA1UdIwQY
MBaAFLqqdIuhSnbl2KbtrLVCYIKlb149MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXFwMGk2RktkdVhZcHUyc3RVSmdncVZ2WGowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9hOGU0NWItMTdjNi00MzZkLTgxYTgt
YzUxOTUxNjJlM2JlLzEvMnQzNzFBbUE2YW1fZ1QyRHlnZlY4b1VFb3QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9hOGU0NWItMTdjNi00MzZkLTgxYTgtYzUxOTUxNjJlM2Jl
LzEvdXFwMGk2RktkdVhZcHUyc3RVSmdncVZ2WGowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhPMxgAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAJbv+lkQoKSL4+nYv+QJ3VYVPuKvWvFKdlmkvM
Ig4RoGewYWhECOzQJlq7ORYDU1IHuFqSGtKZH++eC9FXY+yTWtiJV1csz9ftnmH9
7ESN565Sijqlcd5F727ISL8ZLo5vWwroC+3BYlk+ZNV1LFPk+yEzDvKnfG6FgdU0
gA7+Iqr9c37PEs/m8Q3cLZA15ZENDO+v6YqB/SbEwVGGAgoAQt/bW7xF1+bSFCDh
W9ENNupNptPQqDHzqdgtv67c0s3XyAczRhh6LsYPYaGeXJY7cdSno4shyI/q0FOR
dJDJtbieCpoNxJz2OXQNTrXBy/szPQ9p+vjNpiKKxgTPSPJv
-----END CERTIFICATE-----