Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/79b597-6b0c-4d03-bf40-31247f3a4539/1/cpWvTztcB_PVgTrvB1pOMqOcrgg.roa
File:                     cpWvTztcB_PVgTrvB1pOMqOcrgg.roa (raw, json)
Hash identifier:          F85tpYix9Q/joiRkP3de92k+CoUDGGFBzb+mLGcQwm8=
Subject key identifier:   72:95:AF:4F:3B:5C:07:F3:D5:81:3A:EF:07:5A:4E:32:A3:9C:AE:08
Certificate issuer:       /CN=9051ebf8c28f817b7f148bfc95cc2b5b4cb30089
Certificate serial:       01941FFABA00A9B497973795914170B36D8F
Authority key identifier: 90:51:EB:F8:C2:8F:81:7B:7F:14:8B:FC:95:CC:2B:5B:4C:B3:00:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kFHr-MKPgXt_FIv8lcwrW0yzAIk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/79b597-6b0c-4d03-bf40-31247f3a4539/1/cpWvTztcB_PVgTrvB1pOMqOcrgg.roa
Signing time:             Wed 01 Jan 2025 03:48:32 +0000
ROA not before:           Wed 01 Jan 2025 03:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53358
IP address blocks:        2a13:5880::/30 maxlen: 30
                          2a13:5884::/30 maxlen: 30
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/79b597-6b0c-4d03-bf40-31247f3a4539/1/kFHr-MKPgXt_FIv8lcwrW0yzAIk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/79b597-6b0c-4d03-bf40-31247f3a4539/1/kFHr-MKPgXt_FIv8lcwrW0yzAIk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kFHr-MKPgXt_FIv8lcwrW0yzAIk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:ba:00:a9:b4:97:97:37:95:91:41:70:b3:6d:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9051ebf8c28f817b7f148bfc95cc2b5b4cb30089
        Validity
            Not Before: Jan  1 03:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7295af4f3b5c07f3d5813aef075a4e32a39cae08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:c8:d0:7e:99:ea:fd:b3:b2:d3:5a:f0:2e:43:
                    57:06:57:f0:66:d4:88:18:88:b3:18:ea:67:67:95:
                    cb:31:bd:31:4e:c5:2e:b3:d9:6f:4d:14:59:0b:7d:
                    82:d5:eb:e3:7d:96:41:c9:dc:fe:ef:a3:84:ca:7b:
                    32:c2:6c:6b:5a:d3:fa:d4:fe:c0:43:df:ce:0d:18:
                    e0:6a:06:58:11:84:4f:9b:51:7a:70:55:04:88:da:
                    9c:74:e9:8b:f5:67:96:bb:4d:86:84:a8:e4:08:31:
                    60:fa:27:83:96:9c:bb:5c:b5:8b:75:2f:35:1b:f0:
                    3c:01:7b:41:0b:e5:69:7b:ed:e9:d9:71:1b:34:4b:
                    44:d8:77:8f:8f:d6:43:9b:9d:78:77:e3:ca:d3:15:
                    41:07:d0:40:01:e0:0f:f8:6d:b4:6c:d8:5b:28:7e:
                    b7:e3:75:da:4e:69:ca:45:e1:f1:c3:16:81:d7:a1:
                    5e:41:a7:00:c4:b7:77:ef:fe:b3:ef:c2:08:2a:d2:
                    3d:ee:0b:6c:27:55:44:0d:fd:6d:82:4d:38:8e:6b:
                    45:5d:31:a4:52:c7:93:4a:72:ae:99:95:ad:90:2e:
                    1c:7a:58:1c:1d:eb:ed:94:94:26:13:f5:fe:11:c5:
                    a3:0b:d2:08:a6:d1:dd:4c:08:45:a9:ed:5b:5d:d2:
                    07:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:95:AF:4F:3B:5C:07:F3:D5:81:3A:EF:07:5A:4E:32:A3:9C:AE:08
            X509v3 Authority Key Identifier:
                keyid:90:51:EB:F8:C2:8F:81:7B:7F:14:8B:FC:95:CC:2B:5B:4C:B3:00:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kFHr-MKPgXt_FIv8lcwrW0yzAIk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/79b597-6b0c-4d03-bf40-31247f3a4539/1/cpWvTztcB_PVgTrvB1pOMqOcrgg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/79b597-6b0c-4d03-bf40-31247f3a4539/1/kFHr-MKPgXt_FIv8lcwrW0yzAIk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:5880::/29

    Signature Algorithm: sha256WithRSAEncryption
         24:fb:dc:92:85:ed:9c:be:eb:1c:7c:14:f5:0f:af:b1:33:40:
         59:6a:23:8b:b8:a7:6f:b1:53:58:84:8d:3f:d3:0f:6a:54:62:
         05:dd:b0:b0:d8:12:0c:29:53:b3:4f:6c:b9:d0:41:08:24:9b:
         73:a5:f5:9e:fe:dd:9c:8b:87:d3:d2:0b:a1:d8:dd:3f:fc:21:
         77:84:21:c0:54:ad:d0:32:dc:72:46:74:ec:ec:36:25:03:26:
         e2:98:76:a9:f4:eb:3c:0a:5c:6e:8d:0f:31:f2:50:3d:4b:59:
         da:20:25:51:18:26:ac:fe:ae:31:2d:a4:13:21:88:9f:6d:16:
         7f:88:96:dd:01:26:8c:9a:97:cd:5f:02:e5:00:9c:d4:fe:35:
         9b:72:af:e1:64:51:7c:ca:50:17:c8:55:37:7c:b4:48:77:c0:
         5b:3d:6b:4c:73:4b:a2:61:37:6e:de:da:3c:c4:f7:4b:1c:82:
         3a:00:d3:29:ca:80:18:e4:ab:77:30:c9:2d:7d:50:d4:6d:b7:
         57:81:68:4e:05:c9:0d:31:24:60:ae:a1:5e:e1:d0:c5:ae:2e:
         c3:f7:20:52:78:68:37:ae:92:4a:c5:ac:90:f9:e9:26:b4:19:
         0a:00:2e:0a:2d:27:bc:27:a4:27:74:61:7b:86:1b:97:4d:4e:
         0e:e6:81:e9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQf+roAqbSXlzeVkUFws22PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwNTFlYmY4YzI4ZjgxN2I3ZjE0OGJmYzk1Y2MyYjViNGNi
MzAwODkwHhcNMjUwMTAxMDM0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Mjk1YWY0ZjNiNWMwN2YzZDU4MTNhZWYwNzVhNGUzMmEzOWNhZTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlsjQfpnq/bOy01rwLkNXBlfwZtSI
GIizGOpnZ5XLMb0xTsUus9lvTRRZC32C1evjfZZBydz+76OEynsywmxrWtP61P7A
Q9/ODRjgagZYEYRPm1F6cFUEiNqcdOmL9WeWu02GhKjkCDFg+ieDlpy7XLWLdS81
G/A8AXtBC+Vpe+3p2XEbNEtE2HePj9ZDm514d+PK0xVBB9BAAeAP+G20bNhbKH63
43XaTmnKReHxwxaB16FeQacAxLd37/6z78IIKtI97gtsJ1VEDf1tgk04jmtFXTGk
UseTSnKumZWtkC4celgcHevtlJQmE/X+EcWjC9IIptHdTAhFqe1bXdIHtQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHKVr087XAfz1YE67wdaTjKjnK4IMB8GA1UdIwQY
MBaAFJBR6/jCj4F7fxSL/JXMK1tMswCJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0ZIci1NS1BnWHRfRkl2OGxjd3JXMHl6QUlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My83OWI1OTctNmIwYy00ZDAzLWJmNDAt
MzEyNDdmM2E0NTM5LzEvY3BXdlR6dGNCX1BWZ1RydkIxcE9NcU9jcmdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My83OWI1OTctNmIwYy00ZDAzLWJmNDAtMzEyNDdmM2E0NTM5
LzEva0ZIci1NS1BnWHRfRkl2OGxjd3JXMHl6QUlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhNYgDAN
BgkqhkiG9w0BAQsFAAOCAQEAJPvckoXtnL7rHHwU9Q+vsTNAWWoji7inb7FTWISN
P9MPalRiBd2wsNgSDClTs09sudBBCCSbc6X1nv7dnIuH09ILodjdP/whd4QhwFSt
0DLcckZ07Ow2JQMm4ph2qfTrPApcbo0PMfJQPUtZ2iAlURgmrP6uMS2kEyGIn20W
f4iW3QEmjJqXzV8C5QCc1P41m3Kv4WRRfMpQF8hVN3y0SHfAWz1rTHNLomE3bt7a
PMT3SxyCOgDTKcqAGOSrdzDJLX1Q1G23V4FoTgXJDTEkYK6hXuHQxa4uw/cgUnho
N66SSsWskPnpJrQZCgAuCi0nvCekJ3Rhe4Ybl01ODuaB6Q==
-----END CERTIFICATE-----