Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/425pG85CvD-WqD7G4q_XQGIKAqg.roa
File:                     425pG85CvD-WqD7G4q_XQGIKAqg.roa (raw, json)
Hash identifier:          A277nuuzcfZvxdezgnYr9eoNlhLje+Mf+PFtPMVmfws=
Subject key identifier:   E3:6E:69:1B:CE:42:BC:3F:96:A8:3E:C6:E2:AF:D7:40:62:0A:02:A8
Certificate issuer:       /CN=ea2d102b6112b0d9a8b8eebac4b97c819f97c606
Certificate serial:       0196CD03A53D27274073CDCC60AF80D62CB6
Authority key identifier: EA:2D:10:2B:61:12:B0:D9:A8:B8:EE:BA:C4:B9:7C:81:9F:97:C6:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6i0QK2ESsNmouO66xLl8gZ-XxgY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/425pG85CvD-WqD7G4q_XQGIKAqg.roa
Signing time:             Wed 14 May 2025 04:18:10 +0000
ROA not before:           Wed 14 May 2025 04:18:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216198
IP address blocks:        2a13:2200:e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/6i0QK2ESsNmouO66xLl8gZ-XxgY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/6i0QK2ESsNmouO66xLl8gZ-XxgY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6i0QK2ESsNmouO66xLl8gZ-XxgY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Jun 2025 13:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:cd:03:a5:3d:27:27:40:73:cd:cc:60:af:80:d6:2c:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea2d102b6112b0d9a8b8eebac4b97c819f97c606
        Validity
            Not Before: May 14 04:18:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e36e691bce42bc3f96a83ec6e2afd740620a02a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:8d:1b:ea:b3:3e:16:c7:df:5c:a2:bb:94:73:
                    61:63:d0:1b:41:4e:47:10:ae:69:ba:90:13:b3:89:
                    fa:06:45:8d:ea:71:4d:b2:d0:e0:14:9f:68:a3:d0:
                    ca:07:fa:49:2d:5c:51:19:51:09:7e:be:6b:a1:0b:
                    bc:53:8e:6d:8f:47:cf:22:fe:af:ca:27:2a:7c:05:
                    9f:25:93:0b:5b:99:17:08:22:c7:bb:d3:52:ae:cc:
                    f5:34:80:6f:4d:df:56:a0:1f:ac:d8:33:ed:e5:21:
                    82:5e:0a:1f:2b:9e:f8:49:a9:08:32:f5:8d:27:d3:
                    b1:32:64:33:b7:0f:c5:d3:61:71:bc:2d:ec:c6:96:
                    ca:13:10:c7:f9:c3:f6:a5:c0:36:2c:be:a0:bf:2e:
                    89:15:08:5b:ac:bd:06:d3:3d:df:b5:24:4e:4c:de:
                    13:2b:74:51:bd:ad:98:56:2f:04:f2:67:f5:8d:8e:
                    a9:86:85:c9:81:0d:a2:0b:88:9c:36:95:85:d8:dc:
                    48:59:df:a6:86:c3:bd:00:f2:0e:2f:81:02:bc:7c:
                    17:4a:46:21:79:b6:9d:3f:b1:00:2d:15:86:f3:51:
                    27:b2:32:11:bc:b3:fe:8b:87:f1:4d:c6:3a:a7:01:
                    3b:bd:32:be:39:e4:bb:78:b2:77:37:8d:37:50:6e:
                    02:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:6E:69:1B:CE:42:BC:3F:96:A8:3E:C6:E2:AF:D7:40:62:0A:02:A8
            X509v3 Authority Key Identifier:
                keyid:EA:2D:10:2B:61:12:B0:D9:A8:B8:EE:BA:C4:B9:7C:81:9F:97:C6:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6i0QK2ESsNmouO66xLl8gZ-XxgY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/425pG85CvD-WqD7G4q_XQGIKAqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/6i0QK2ESsNmouO66xLl8gZ-XxgY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:2200:e::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:17:6f:1b:39:a5:d5:6a:1a:35:bd:6a:63:70:d1:07:cf:4a:
         35:a5:74:bc:96:24:52:50:a0:b0:eb:40:28:9d:ea:32:51:1d:
         bb:0a:c4:2b:17:bf:19:f8:55:73:a9:ff:c5:1d:f6:6a:46:62:
         fa:9d:1d:06:99:04:92:8b:3c:51:31:78:93:89:fa:17:6a:2d:
         24:b5:91:f5:07:a9:e5:1f:ca:7c:3e:6f:23:fb:61:e2:9f:06:
         5e:91:b5:57:d0:a1:cf:58:ee:4d:99:69:7b:5f:dc:9b:26:6e:
         90:f5:46:c9:9e:bf:df:19:2a:bf:b3:03:89:0e:88:24:29:62:
         47:9c:52:8d:7c:ff:25:a7:54:a0:da:70:b0:16:d4:74:2b:64:
         2b:29:82:35:53:36:5e:df:d7:6b:20:90:9d:10:7e:6d:6a:3e:
         66:25:0b:2e:74:90:3c:da:41:7c:15:c5:73:6d:0a:60:8f:98:
         9b:aa:44:b5:41:e6:b3:3c:d0:9c:6b:e6:82:66:ba:4c:53:72:
         aa:09:e4:ff:cf:36:3d:a3:d2:fc:3c:df:0a:8c:49:4a:00:01:
         6a:ae:eb:48:97:02:46:59:b8:f6:09:eb:a6:25:95:a5:00:24:
         02:28:b3:00:8c:a4:00:8a:48:d2:3c:83:e2:66:31:73:61:b3:
         44:7c:5b:0f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZbNA6U9JydAc83MYK+A1iy2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhMmQxMDJiNjExMmIwZDlhOGI4ZWViYWM0Yjk3YzgxOWY5
N2M2MDYwHhcNMjUwNTE0MDQxODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzZlNjkxYmNlNDJiYzNmOTZhODNlYzZlMmFmZDc0MDYyMGEwMmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo40b6rM+FsffXKK7lHNhY9AbQU5H
EK5pupATs4n6BkWN6nFNstDgFJ9oo9DKB/pJLVxRGVEJfr5roQu8U45tj0fPIv6v
yicqfAWfJZMLW5kXCCLHu9NSrsz1NIBvTd9WoB+s2DPt5SGCXgofK574SakIMvWN
J9OxMmQztw/F02FxvC3sxpbKExDH+cP2pcA2LL6gvy6JFQhbrL0G0z3ftSROTN4T
K3RRva2YVi8E8mf1jY6phoXJgQ2iC4icNpWF2NxIWd+mhsO9APIOL4ECvHwXSkYh
ebadP7EALRWG81EnsjIRvLP+i4fxTcY6pwE7vTK+OeS7eLJ3N403UG4C/QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFONuaRvOQrw/lqg+xuKv10BiCgKoMB8GA1UdIwQY
MBaAFOotECthErDZqLjuusS5fIGfl8YGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmkwUUsyRVNzTm1vdU82NnhMbDhnWi1YeGdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80Y2RlZmEtNWVlMi00NzE5LWE3ZTEt
YjgyOWNjNDAxMDMxLzEvNDI1cEc4NUN2RC1XcUQ3RzRxX1hRR0lLQXFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80Y2RlZmEtNWVlMi00NzE5LWE3ZTEtYjgyOWNjNDAxMDMx
LzEvNmkwUUsyRVNzTm1vdU82NnhMbDhnWi1YeGdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhMiAAAO
MA0GCSqGSIb3DQEBCwUAA4IBAQA/F28bOaXVaho1vWpjcNEHz0o1pXS8liRSUKCw
60AoneoyUR27CsQrF78Z+FVzqf/FHfZqRmL6nR0GmQSSizxRMXiTifoXai0ktZH1
B6nlH8p8Pm8j+2HinwZekbVX0KHPWO5NmWl7X9ybJm6Q9UbJnr/fGSq/swOJDogk
KWJHnFKNfP8lp1Sg2nCwFtR0K2QrKYI1UzZe39drIJCdEH5taj5mJQsudJA82kF8
FcVzbQpgj5ibqkS1QeazPNCca+aCZrpMU3KqCeT/zzY9o9L8PN8KjElKAAFqrutI
lwJGWbj2CeumJZWlACQCKLMAjKQAikjSPIPiZjFzYbNEfFsP
-----END CERTIFICATE-----