Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/cYJ91ITuYXoj33vFG-jF0Fh-ajc.roa
File:                     cYJ91ITuYXoj33vFG-jF0Fh-ajc.roa (raw, json)
Hash identifier:          Z/p5QOfcesLJQjsnSA/ia08r7lvPlhHAViiVlSC49cw=
Subject key identifier:   71:82:7D:D4:84:EE:61:7A:23:DF:7B:C5:1B:E8:C5:D0:58:7E:6A:37
Certificate issuer:       /CN=ea2d102b6112b0d9a8b8eebac4b97c819f97c606
Certificate serial:       01942143ACF9C5F6C5799D98576D5163B6B0
Authority key identifier: EA:2D:10:2B:61:12:B0:D9:A8:B8:EE:BA:C4:B9:7C:81:9F:97:C6:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6i0QK2ESsNmouO66xLl8gZ-XxgY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/cYJ91ITuYXoj33vFG-jF0Fh-ajc.roa
Signing time:             Wed 01 Jan 2025 09:47:50 +0000
ROA not before:           Wed 01 Jan 2025 09:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     38042
IP address blocks:        2a13:2200::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/6i0QK2ESsNmouO66xLl8gZ-XxgY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/6i0QK2ESsNmouO66xLl8gZ-XxgY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6i0QK2ESsNmouO66xLl8gZ-XxgY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:ac:f9:c5:f6:c5:79:9d:98:57:6d:51:63:b6:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea2d102b6112b0d9a8b8eebac4b97c819f97c606
        Validity
            Not Before: Jan  1 09:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=71827dd484ee617a23df7bc51be8c5d0587e6a37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:5f:6d:8e:ec:f7:3f:ec:e7:79:41:99:2c:73:
                    ac:fd:71:67:32:19:6d:73:40:9c:80:8f:b5:64:0a:
                    37:ad:fa:5e:c2:3f:86:80:2f:92:0a:57:74:f8:ca:
                    27:27:40:26:3e:ee:87:ec:58:0e:c2:db:8b:fd:e8:
                    72:ed:4e:bd:d2:0a:e1:bd:78:73:c4:2c:82:40:a3:
                    17:4a:5e:50:48:79:92:35:f0:63:9b:56:00:4c:80:
                    4e:7b:a0:3b:03:5d:bc:04:34:40:39:42:57:42:f7:
                    1c:f1:04:ac:de:35:47:2f:7e:ea:b9:91:dd:c2:8f:
                    db:b9:d9:3e:ee:6e:f4:ab:38:49:4d:73:0b:80:8c:
                    3f:79:19:4e:5c:47:9a:ca:a5:ee:1c:28:eb:60:92:
                    5c:65:a2:c0:64:de:bd:b8:aa:0f:22:f5:1c:67:c6:
                    7c:19:e8:7c:11:7d:7d:21:cd:4c:69:a7:ba:e0:f0:
                    31:0f:e0:ba:34:1a:47:53:b4:49:eb:d6:ff:bf:52:
                    c5:b9:dd:95:0f:44:d1:dc:9a:23:cc:83:37:ca:6c:
                    d9:e7:d1:6e:15:82:d9:9d:96:a3:b0:29:ac:d2:b4:
                    38:b5:d9:32:73:c5:dc:80:62:71:62:d1:5c:c5:d3:
                    03:2f:70:6f:e8:5b:9c:2a:e9:a5:19:1a:30:bf:5b:
                    41:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:82:7D:D4:84:EE:61:7A:23:DF:7B:C5:1B:E8:C5:D0:58:7E:6A:37
            X509v3 Authority Key Identifier:
                keyid:EA:2D:10:2B:61:12:B0:D9:A8:B8:EE:BA:C4:B9:7C:81:9F:97:C6:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6i0QK2ESsNmouO66xLl8gZ-XxgY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/cYJ91ITuYXoj33vFG-jF0Fh-ajc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/6i0QK2ESsNmouO66xLl8gZ-XxgY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:2200::/29

    Signature Algorithm: sha256WithRSAEncryption
         48:75:6f:3b:61:08:47:be:70:bf:3b:99:63:40:6e:eb:17:3c:
         cf:21:e5:99:c3:64:4a:be:4a:8a:1f:82:4d:be:ec:94:1d:13:
         78:80:9b:43:84:7d:e5:fc:59:25:e9:89:b6:57:a6:28:61:95:
         e2:3b:0d:46:2b:0c:07:2f:2d:a9:a9:76:bc:6a:b5:9a:55:6e:
         22:90:c5:16:c7:33:ad:27:bc:0a:9b:98:10:75:83:19:8d:25:
         be:50:61:d7:f6:74:fb:ca:95:cf:09:55:54:b3:aa:15:31:d1:
         b7:c2:b5:fa:57:f1:39:a7:7f:6a:94:4e:97:0d:4a:2a:55:48:
         8d:59:f8:e0:6a:09:e2:46:7f:51:91:89:59:85:77:1f:86:63:
         4b:e8:3a:bd:92:0e:e8:88:6e:10:05:da:89:d9:f1:01:48:83:
         13:c9:30:d3:e1:e5:18:46:22:a3:d3:be:3b:6c:85:84:ce:f1:
         c2:db:cf:43:54:33:44:c4:90:ed:66:1f:7f:a7:69:ba:51:f6:
         db:48:23:01:a0:e9:db:f7:e8:a8:00:5b:7c:79:e1:9d:48:9b:
         9f:e4:ed:97:8f:ea:b6:0f:c0:a6:90:a4:d0:35:03:03:86:35:
         cb:d9:21:ed:d4:db:da:49:62:e1:6c:58:a5:54:ea:96:40:35:
         81:73:29:ca
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQhQ6z5xfbFeZ2YV21RY7awMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhMmQxMDJiNjExMmIwZDlhOGI4ZWViYWM0Yjk3YzgxOWY5
N2M2MDYwHhcNMjUwMTAxMDk0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTgyN2RkNDg0ZWU2MTdhMjNkZjdiYzUxYmU4YzVkMDU4N2U2YTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApV9tjuz3P+zneUGZLHOs/XFnMhlt
c0CcgI+1ZAo3rfpewj+GgC+SCld0+MonJ0AmPu6H7FgOwtuL/ehy7U690grhvXhz
xCyCQKMXSl5QSHmSNfBjm1YATIBOe6A7A128BDRAOUJXQvcc8QSs3jVHL37quZHd
wo/budk+7m70qzhJTXMLgIw/eRlOXEeayqXuHCjrYJJcZaLAZN69uKoPIvUcZ8Z8
Geh8EX19Ic1Maae64PAxD+C6NBpHU7RJ69b/v1LFud2VD0TR3JojzIM3ymzZ59Fu
FYLZnZajsCms0rQ4tdkyc8XcgGJxYtFcxdMDL3Bv6FucKumlGRowv1tBAQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHGCfdSE7mF6I997xRvoxdBYfmo3MB8GA1UdIwQY
MBaAFOotECthErDZqLjuusS5fIGfl8YGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmkwUUsyRVNzTm1vdU82NnhMbDhnWi1YeGdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80Y2RlZmEtNWVlMi00NzE5LWE3ZTEt
YjgyOWNjNDAxMDMxLzEvY1lKOTFJVHVZWG9qMzN2RkctakYwRmgtYWpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80Y2RlZmEtNWVlMi00NzE5LWE3ZTEtYjgyOWNjNDAxMDMx
LzEvNmkwUUsyRVNzTm1vdU82NnhMbDhnWi1YeGdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhMiADAN
BgkqhkiG9w0BAQsFAAOCAQEASHVvO2EIR75wvzuZY0Bu6xc8zyHlmcNkSr5Kih+C
Tb7slB0TeICbQ4R95fxZJemJtlemKGGV4jsNRisMBy8tqal2vGq1mlVuIpDFFscz
rSe8CpuYEHWDGY0lvlBh1/Z0+8qVzwlVVLOqFTHRt8K1+lfxOad/apROlw1KKlVI
jVn44GoJ4kZ/UZGJWYV3H4ZjS+g6vZIO6IhuEAXaidnxAUiDE8kw0+HlGEYio9O+
O2yFhM7xwtvPQ1QzRMSQ7WYff6dpulH220gjAaDp2/foqABbfHnhnUibn+Ttl4/q
tg/AppCk0DUDA4Y1y9kh7dTb2kli4WxYpVTqlkA1gXMpyg==
-----END CERTIFICATE-----