Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/C5ZPs1BV822qo-looSl5Qdn_9-s.roa
File:                     C5ZPs1BV822qo-looSl5Qdn_9-s.roa (raw, json)
Hash identifier:          cdQqRZg0RFtaJeXLy+H8WIj03OTMMtQ0oJ+xONMvG/s=
Subject key identifier:   0B:96:4F:B3:50:55:F3:6D:AA:A3:E9:68:A1:29:79:41:D9:FF:F7:EB
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       019EC977306EBC9384D19EE0F1AB328A1E38
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/C5ZPs1BV822qo-looSl5Qdn_9-s.roa
Signing time:             Mon 15 Jun 2026 04:08:11 +0000
ROA not before:           Mon 15 Jun 2026 04:08:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62563
IP address blocks:        2a13:d2c6::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Jun 2026 19:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:c9:77:30:6e:bc:93:84:d1:9e:e0:f1:ab:32:8a:1e:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Jun 15 04:08:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0b964fb35055f36daaa3e968a1297941d9fff7eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:c0:9b:c3:0f:9e:2e:71:1c:ae:4b:82:20:78:
                    91:3a:b9:13:6c:56:60:af:6f:81:39:c7:db:73:27:
                    8c:ce:f9:ec:1d:b8:0c:4b:b5:18:f9:2b:30:0a:ca:
                    e9:89:8b:0a:1d:ea:90:73:9c:52:77:2a:10:36:f6:
                    6d:8b:e3:d6:3b:d3:4b:10:5a:71:dc:05:75:a4:bd:
                    86:bb:b7:30:12:f9:8a:f2:9b:89:c2:74:4d:da:b9:
                    21:4f:91:94:da:8d:fa:81:f5:42:48:02:9f:f5:c6:
                    5c:c6:bc:83:04:a0:bf:bd:17:c7:4c:7e:55:e0:d8:
                    30:74:3e:b8:3b:dd:a7:11:e5:96:3b:98:b1:73:e6:
                    88:0b:8f:81:b3:a7:bb:7b:d5:69:4b:8b:95:b5:fb:
                    35:0f:1e:7c:b5:17:9a:d3:57:9b:d6:43:e8:a0:fe:
                    8e:33:07:09:5e:1b:a9:86:ec:ec:d3:b1:e2:41:5d:
                    9d:63:ca:26:a8:3b:69:25:f2:0f:ae:b3:4d:4f:0e:
                    be:40:0c:bd:f0:7c:70:0a:25:31:70:7d:d5:7f:11:
                    57:ce:ce:bb:3b:f5:68:bd:c4:c0:33:11:88:e5:c2:
                    b8:65:27:63:b0:bd:00:f3:e9:11:b0:be:ae:8e:68:
                    82:3e:71:02:60:85:ff:59:f0:97:a7:c0:d7:72:80:
                    68:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:96:4F:B3:50:55:F3:6D:AA:A3:E9:68:A1:29:79:41:D9:FF:F7:EB
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/C5ZPs1BV822qo-looSl5Qdn_9-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:d2c6::/32

    Signature Algorithm: sha256WithRSAEncryption
         43:bc:47:a4:78:6e:18:34:be:f7:43:72:6d:ce:62:9d:ae:94:
         5d:3a:55:74:ac:78:38:12:63:67:25:f6:57:7b:98:f1:4e:f5:
         20:08:04:35:02:a4:d0:82:5d:82:7d:09:d5:4e:31:5e:6d:3d:
         4b:88:5b:ed:06:17:6f:04:02:b2:df:7b:60:a1:06:fa:6c:85:
         fa:81:69:30:98:73:15:a3:7c:d0:d9:45:df:07:e2:ca:b1:04:
         56:61:27:34:0e:4f:db:01:31:91:f0:e2:6d:7f:8a:d2:64:2e:
         92:81:27:8d:9c:a3:ee:49:bb:f4:9d:c3:36:77:97:11:20:90:
         ba:1b:6a:d0:c4:1f:46:d0:62:81:b4:ec:1c:9f:4f:01:45:a4:
         f9:2c:28:72:2a:71:fe:49:0b:3b:16:13:e8:42:ee:92:28:ba:
         89:e2:32:5a:9e:83:b9:35:cb:56:6b:c3:71:5a:70:28:0f:bd:
         be:fc:f5:d2:84:9e:a7:b4:00:13:09:c9:d7:9b:8a:ca:26:5a:
         7d:78:a2:ba:da:ea:67:25:42:44:0a:27:ec:13:0e:9f:d4:d4:
         76:47:84:a3:09:19:cb:53:f4:b7:ed:8d:a3:33:69:7d:5c:95:
         ea:a8:0e:b8:5a:9c:d3:67:82:b5:ce:c5:d1:96:90:36:08:00:
         3c:23:38:c1
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ7JdzBuvJOE0Z7g8asyih44MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjYwNjE1MDQwODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjk2NGZiMzUwNTVmMzZkYWFhM2U5NjhhMTI5Nzk0MWQ5ZmZmN2ViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqMCbww+eLnEcrkuCIHiROrkTbFZg
r2+BOcfbcyeMzvnsHbgMS7UY+SswCsrpiYsKHeqQc5xSdyoQNvZti+PWO9NLEFpx
3AV1pL2Gu7cwEvmK8puJwnRN2rkhT5GU2o36gfVCSAKf9cZcxryDBKC/vRfHTH5V
4NgwdD64O92nEeWWO5ixc+aIC4+Bs6e7e9VpS4uVtfs1Dx58tRea01eb1kPooP6O
MwcJXhuphuzs07HiQV2dY8omqDtpJfIPrrNNTw6+QAy98HxwCiUxcH3VfxFXzs67
O/VovcTAMxGI5cK4ZSdjsL0A8+kRsL6ujmiCPnECYIX/WfCXp8DXcoBo8QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAuWT7NQVfNtqqPpaKEpeUHZ//frMB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvQzVaUHMxQlY4MjJxby1sb29TbDVRZG5fOS1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhPSxjAN
BgkqhkiG9w0BAQsFAAOCAQEAQ7xHpHhuGDS+90Nybc5ina6UXTpVdKx4OBJjZyX2
V3uY8U71IAgENQKk0IJdgn0J1U4xXm09S4hb7QYXbwQCst97YKEG+myF+oFpMJhz
FaN80NlF3wfiyrEEVmEnNA5P2wExkfDibX+K0mQukoEnjZyj7km79J3DNneXESCQ
uhtq0MQfRtBigbTsHJ9PAUWk+Swocipx/kkLOxYT6ELukii6ieIyWp6DuTXLVmvD
cVpwKA+9vvz10oSep7QAEwnJ15uKyiZafXiiutrqZyVCRAon7BMOn9TUdkeEowkZ
y1P0t+2NozNpfVyV6qgOuFqc02eCtc7F0ZaQNggAPCM4wQ==
-----END CERTIFICATE-----