Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/3ccb85-918b-4de8-bda2-9c8bba664ff0/1/b81h_NWwhKjMbH2-sUXyjP4n64s.roa
File:                     b81h_NWwhKjMbH2-sUXyjP4n64s.roa (raw, json)
Hash identifier:          e3T+4A186w/5PvOch5tYGnvLHtBctNKp6kP6+X8+j/w=
Subject key identifier:   6F:CD:61:FC:D5:B0:84:A8:CC:6C:7D:BE:B1:45:F2:8C:FE:27:EB:8B
Certificate issuer:       /CN=ac89af60986e6d958322fb026c6b65aeec949a0d
Certificate serial:       019427485A908A885C9B9C81E15BDDE26DC0
Authority key identifier: AC:89:AF:60:98:6E:6D:95:83:22:FB:02:6C:6B:65:AE:EC:94:9A:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rImvYJhubZWDIvsCbGtlruyUmg0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/3ccb85-918b-4de8-bda2-9c8bba664ff0/1/b81h_NWwhKjMbH2-sUXyjP4n64s.roa
Signing time:             Thu 02 Jan 2025 13:50:40 +0000
ROA not before:           Thu 02 Jan 2025 13:50:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        2a13:ce40:6667::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/3ccb85-918b-4de8-bda2-9c8bba664ff0/1/rImvYJhubZWDIvsCbGtlruyUmg0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/3ccb85-918b-4de8-bda2-9c8bba664ff0/1/rImvYJhubZWDIvsCbGtlruyUmg0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rImvYJhubZWDIvsCbGtlruyUmg0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:5a:90:8a:88:5c:9b:9c:81:e1:5b:dd:e2:6d:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac89af60986e6d958322fb026c6b65aeec949a0d
        Validity
            Not Before: Jan  2 13:50:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6fcd61fcd5b084a8cc6c7dbeb145f28cfe27eb8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:e5:42:5c:24:22:df:24:c3:63:f3:1a:c0:59:
                    05:61:ae:89:47:9e:c1:8d:a6:8a:9d:c3:1d:08:96:
                    2d:b8:45:26:78:2d:1c:e2:f8:e4:f7:a0:1d:85:42:
                    b6:ce:28:44:cf:a5:1c:b4:f2:7f:66:3a:99:4e:e9:
                    0f:0e:74:71:f6:63:79:eb:4c:30:96:ce:1e:e4:b1:
                    df:69:ff:8a:7c:87:77:c6:29:64:a4:f2:5e:4b:fe:
                    2d:c0:f6:1b:bc:2d:14:27:5c:f0:45:69:a0:08:00:
                    b8:1d:95:e6:95:4f:d2:18:d0:7b:09:fd:86:e8:29:
                    b2:1a:6d:ae:19:fd:3e:e9:be:c2:6f:e0:50:b1:4f:
                    aa:3c:c6:9e:58:24:02:a8:55:0d:df:e3:19:b4:41:
                    d3:c4:78:89:33:fc:72:a1:15:8f:8f:22:be:e2:79:
                    30:f2:24:26:1b:0d:ee:5c:5a:88:f0:5a:79:1a:cc:
                    5e:76:9a:69:0b:80:20:cb:ca:10:2f:ca:cd:04:d2:
                    a3:d8:42:60:62:14:5a:3c:ea:e3:72:01:72:2e:b4:
                    d2:bd:53:9d:ea:bd:e5:1f:ca:cd:9d:c4:3e:bf:80:
                    14:d2:4d:a1:28:35:8d:38:1e:11:cc:f9:65:72:49:
                    2d:1f:9e:b7:2d:4f:3d:f8:bd:36:ae:f0:7e:4c:d2:
                    e2:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:CD:61:FC:D5:B0:84:A8:CC:6C:7D:BE:B1:45:F2:8C:FE:27:EB:8B
            X509v3 Authority Key Identifier:
                keyid:AC:89:AF:60:98:6E:6D:95:83:22:FB:02:6C:6B:65:AE:EC:94:9A:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rImvYJhubZWDIvsCbGtlruyUmg0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/3ccb85-918b-4de8-bda2-9c8bba664ff0/1/b81h_NWwhKjMbH2-sUXyjP4n64s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/3ccb85-918b-4de8-bda2-9c8bba664ff0/1/rImvYJhubZWDIvsCbGtlruyUmg0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:ce40:6667::/48

    Signature Algorithm: sha256WithRSAEncryption
         5d:e9:07:27:34:9e:5e:51:24:4f:04:04:e2:ba:20:fa:e2:e2:
         66:f6:13:55:58:43:51:e6:7e:7f:b2:63:98:6d:c1:d6:e5:65:
         df:a3:4f:c6:7a:4a:58:0f:a7:b0:23:db:83:2a:26:7a:5b:be:
         ad:2c:0d:fd:3e:ef:0c:39:0c:94:e8:17:41:cf:20:c8:0e:59:
         f8:2a:bf:c9:ae:7d:67:39:8b:ed:2d:60:01:22:bd:96:0f:08:
         84:cb:9b:e4:39:b2:d6:e1:ef:ab:55:a3:a2:67:f8:3f:e9:ff:
         dc:9b:05:74:21:70:a3:9d:a7:92:20:6c:82:36:5d:c3:49:bc:
         c3:01:6f:8a:14:e6:ce:a1:03:ef:43:1a:a8:a8:05:71:12:ce:
         d9:52:25:84:f9:75:03:30:4e:40:bc:36:94:37:12:c1:92:f1:
         d5:6f:aa:94:46:5b:00:68:95:82:e4:08:6b:10:2c:03:ab:2a:
         ea:5f:bb:c0:2f:59:fc:70:24:93:27:81:ed:dc:ed:22:ff:4f:
         bc:77:f7:e9:36:39:39:11:7a:01:da:b9:00:74:10:3a:76:61:
         45:fc:8b:f2:15:27:ec:e0:ce:7c:e5:cb:e1:f1:e4:84:0f:e6:
         b2:e5:90:f8:17:8a:6e:46:c8:47:57:8a:8e:b1:d4:6e:2e:10:
         30:73:9a:6a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQnSFqQiohcm5yB4Vvd4m3AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjODlhZjYwOTg2ZTZkOTU4MzIyZmIwMjZjNmI2NWFlZWM5
NDlhMGQwHhcNMjUwMTAyMTM1MDQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmNkNjFmY2Q1YjA4NGE4Y2M2YzdkYmViMTQ1ZjI4Y2ZlMjdlYjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAveVCXCQi3yTDY/MawFkFYa6JR57B
jaaKncMdCJYtuEUmeC0c4vjk96AdhUK2zihEz6UctPJ/ZjqZTukPDnRx9mN560ww
ls4e5LHfaf+KfId3xilkpPJeS/4twPYbvC0UJ1zwRWmgCAC4HZXmlU/SGNB7Cf2G
6CmyGm2uGf0+6b7Cb+BQsU+qPMaeWCQCqFUN3+MZtEHTxHiJM/xyoRWPjyK+4nkw
8iQmGw3uXFqI8Fp5GsxedpppC4Agy8oQL8rNBNKj2EJgYhRaPOrjcgFyLrTSvVOd
6r3lH8rNncQ+v4AU0k2hKDWNOB4RzPllckktH563LU89+L02rvB+TNLi8QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFG/NYfzVsISozGx9vrFF8oz+J+uLMB8GA1UdIwQY
MBaAFKyJr2CYbm2VgyL7AmxrZa7slJoNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckltdllKaHViWldESXZzQ2JHdGxydXlVbWcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS8zY2NiODUtOTE4Yi00ZGU4LWJkYTIt
OWM4YmJhNjY0ZmYwLzEvYjgxaF9OV3doS2pNYkgyLXNVWHlqUDRuNjRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS8zY2NiODUtOTE4Yi00ZGU4LWJkYTItOWM4YmJhNjY0ZmYw
LzEvckltdllKaHViWldESXZzQ2JHdGxydXlVbWcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhPOQGZn
MA0GCSqGSIb3DQEBCwUAA4IBAQBd6QcnNJ5eUSRPBATiuiD64uJm9hNVWENR5n5/
smOYbcHW5WXfo0/GekpYD6ewI9uDKiZ6W76tLA39Pu8MOQyU6BdBzyDIDln4Kr/J
rn1nOYvtLWABIr2WDwiEy5vkObLW4e+rVaOiZ/g/6f/cmwV0IXCjnaeSIGyCNl3D
SbzDAW+KFObOoQPvQxqoqAVxEs7ZUiWE+XUDME5AvDaUNxLBkvHVb6qURlsAaJWC
5AhrECwDqyrqX7vAL1n8cCSTJ4Ht3O0i/0+8d/fpNjk5EXoB2rkAdBA6dmFF/Ivy
FSfs4M585cvh8eSED+ay5ZD4F4puRshHV4qOsdRuLhAwc5pq
-----END CERTIFICATE-----