Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/9hr0RxcMrr0PdZUeFGL7xFCCX6M.roa
File:                     9hr0RxcMrr0PdZUeFGL7xFCCX6M.roa (raw, json)
Hash identifier:          c+l8O2VvW8FmRNHxjGZmeZsqcY4y9njJ0XhuiOI82Ig=
Subject key identifier:   F6:1A:F4:47:17:0C:AE:BD:0F:75:95:1E:14:62:FB:C4:50:82:5F:A3
Certificate issuer:       /CN=4be1bbbe540079d2b7f270b92ceaf3b2a816e8fa
Certificate serial:       0194221FF4F1B1D07DEE031055FAE60619CE
Authority key identifier: 4B:E1:BB:BE:54:00:79:D2:B7:F2:70:B9:2C:EA:F3:B2:A8:16:E8:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S-G7vlQAedK38nC5LOrzsqgW6Po.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/9hr0RxcMrr0PdZUeFGL7xFCCX6M.roa
Signing time:             Wed 01 Jan 2025 13:48:27 +0000
ROA not before:           Wed 01 Jan 2025 13:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204339
IP address blocks:        2a13:3307::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/S-G7vlQAedK38nC5LOrzsqgW6Po.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/S-G7vlQAedK38nC5LOrzsqgW6Po.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S-G7vlQAedK38nC5LOrzsqgW6Po.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:f4:f1:b1:d0:7d:ee:03:10:55:fa:e6:06:19:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4be1bbbe540079d2b7f270b92ceaf3b2a816e8fa
        Validity
            Not Before: Jan  1 13:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f61af447170caebd0f75951e1462fbc450825fa3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:8d:48:91:dc:ba:05:f5:7b:55:10:29:1a:07:
                    10:2c:85:55:d5:74:1b:a6:b8:6d:6b:a2:fb:ea:a3:
                    22:77:90:39:6f:98:91:d1:d3:ce:a2:72:46:f0:57:
                    c1:79:c5:3d:32:b7:8f:75:46:8e:14:eb:7a:65:40:
                    da:3e:ca:3f:94:bb:57:42:4c:af:92:77:24:5d:df:
                    30:b9:c0:1e:23:f1:f1:3d:fc:35:72:d4:cc:cd:2e:
                    cd:c6:fe:9e:6f:87:e0:a0:ca:17:88:f6:b3:b9:2a:
                    3a:c7:5d:ec:d1:23:ba:f4:6e:1c:a9:dc:9c:c7:57:
                    4f:ff:80:2e:28:28:9c:b9:ae:13:94:0f:9d:96:2c:
                    3a:6d:0f:99:4a:e5:26:8d:ff:74:f8:0f:6b:76:a3:
                    08:e6:97:26:65:c2:f0:24:6c:48:a5:d6:88:57:be:
                    a7:1e:73:6b:3a:df:24:d6:db:9d:de:b6:56:97:d9:
                    14:e7:29:d9:39:f4:ef:bc:d1:2a:ac:1a:d6:91:1d:
                    9d:4b:6f:ce:65:5d:05:56:1f:e1:32:91:03:1f:e7:
                    48:91:62:4b:47:43:ab:30:78:a2:81:12:8a:84:5c:
                    05:29:7a:6e:f5:ba:aa:0b:ee:f3:6f:30:03:92:d3:
                    8f:0a:95:76:4e:ab:d8:40:1e:50:c9:5a:97:26:88:
                    56:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:1A:F4:47:17:0C:AE:BD:0F:75:95:1E:14:62:FB:C4:50:82:5F:A3
            X509v3 Authority Key Identifier:
                keyid:4B:E1:BB:BE:54:00:79:D2:B7:F2:70:B9:2C:EA:F3:B2:A8:16:E8:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S-G7vlQAedK38nC5LOrzsqgW6Po.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/9hr0RxcMrr0PdZUeFGL7xFCCX6M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/S-G7vlQAedK38nC5LOrzsqgW6Po.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:3307::/32

    Signature Algorithm: sha256WithRSAEncryption
         55:83:3f:f0:13:c8:f1:c6:da:9a:33:28:74:f7:32:e4:1c:f4:
         83:79:68:88:d6:c2:02:16:10:8c:c3:df:01:14:2b:37:90:7d:
         c7:db:4f:34:b2:7c:a5:22:a9:26:f7:16:81:35:9d:dc:54:7f:
         f6:f9:d0:b8:d7:61:a9:50:8f:5e:49:f0:49:d5:fe:97:46:95:
         90:05:36:05:01:6d:5b:af:31:ec:8c:c8:1a:4b:97:31:b6:f8:
         34:dd:d9:d4:33:79:8b:67:8f:b3:04:9f:47:5f:05:bb:8a:ba:
         32:70:92:de:27:d1:46:2f:8b:ce:3d:6e:22:4c:6a:80:ba:8f:
         c3:11:05:25:3d:d8:b2:b9:31:d6:74:3e:e0:72:0c:7e:40:6a:
         66:0e:a6:1b:b1:c8:9b:d1:91:31:63:13:d8:1b:e8:22:14:dc:
         6a:45:c9:fe:75:5c:52:53:e4:5c:2b:8a:25:51:14:98:29:df:
         da:e9:2a:5a:b8:6a:b1:ac:93:cf:9d:0a:0a:03:11:c6:15:39:
         3a:96:17:63:13:93:e6:9e:78:8b:5a:88:05:0a:fd:95:5c:8a:
         a3:33:ff:22:0a:13:09:bc:33:c0:57:ab:8c:db:e8:03:a0:ba:
         c9:de:37:af:ce:7d:0f:22:d0:b5:69:c4:9d:b3:32:61:fe:bf:
         a2:64:3b:b6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQiH/TxsdB97gMQVfrmBhnOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZTFiYmJlNTQwMDc5ZDJiN2YyNzBiOTJjZWFmM2IyYTgx
NmU4ZmEwHhcNMjUwMTAxMTM0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjFhZjQ0NzE3MGNhZWJkMGY3NTk1MWUxNDYyZmJjNDUwODI1ZmEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2I1Ikdy6BfV7VRApGgcQLIVV1XQb
prhta6L76qMid5A5b5iR0dPOonJG8FfBecU9MrePdUaOFOt6ZUDaPso/lLtXQkyv
knckXd8wucAeI/HxPfw1ctTMzS7Nxv6eb4fgoMoXiPazuSo6x13s0SO69G4cqdyc
x1dP/4AuKCicua4TlA+dliw6bQ+ZSuUmjf90+A9rdqMI5pcmZcLwJGxIpdaIV76n
HnNrOt8k1tud3rZWl9kU5ynZOfTvvNEqrBrWkR2dS2/OZV0FVh/hMpEDH+dIkWJL
R0OrMHiigRKKhFwFKXpu9bqqC+7zbzADktOPCpV2TqvYQB5QyVqXJohWswIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPYa9EcXDK69D3WVHhRi+8RQgl+jMB8GA1UdIwQY
MBaAFEvhu75UAHnSt/JwuSzq87KoFuj6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUy1HN3ZsUUFlZEszOG5DNUxPcnpzcWdXNlBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My83YzdiZjYtMmJkZi00YzdkLTlhZWMt
MWVmMWNlZTY2MWNhLzEvOWhyMFJ4Y01ycjBQZFpVZUZHTDd4RkNDWDZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My83YzdiZjYtMmJkZi00YzdkLTlhZWMtMWVmMWNlZTY2MWNh
LzEvUy1HN3ZsUUFlZEszOG5DNUxPcnpzcWdXNlBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhMzBzAN
BgkqhkiG9w0BAQsFAAOCAQEAVYM/8BPI8cbamjModPcy5Bz0g3loiNbCAhYQjMPf
ARQrN5B9x9tPNLJ8pSKpJvcWgTWd3FR/9vnQuNdhqVCPXknwSdX+l0aVkAU2BQFt
W68x7IzIGkuXMbb4NN3Z1DN5i2ePswSfR18Fu4q6MnCS3ifRRi+Lzj1uIkxqgLqP
wxEFJT3Ysrkx1nQ+4HIMfkBqZg6mG7HIm9GRMWMT2BvoIhTcakXJ/nVcUlPkXCuK
JVEUmCnf2ukqWrhqsayTz50KCgMRxhU5OpYXYxOT5p54i1qIBQr9lVyKozP/IgoT
CbwzwFerjNvoA6C6yd43r859DyLQtWnEnbMyYf6/omQ7tg==
-----END CERTIFICATE-----