Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/GAH7yylXjOXfj72kfNxt7O7O-Kk.roa
File:                     GAH7yylXjOXfj72kfNxt7O7O-Kk.roa (raw, json)
Hash identifier:          8ip9zYMsNu2OsFPX0eEYwTGBCcd4QjxYodQKFt1FWDg=
Subject key identifier:   18:01:FB:CB:29:57:8C:E5:DF:8F:BD:A4:7C:DC:6D:EC:EE:CE:F8:A9
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       0197372149746CB114F796B3526B32D6CCC2
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/GAH7yylXjOXfj72kfNxt7O7O-Kk.roa
Signing time:             Tue 03 Jun 2025 18:50:17 +0000
ROA not before:           Tue 03 Jun 2025 18:50:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60581
IP address blocks:        2a13:c047::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 10:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:37:21:49:74:6c:b1:14:f7:96:b3:52:6b:32:d6:cc:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Jun  3 18:50:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1801fbcb29578ce5df8fbda47cdc6deceecef8a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:89:21:bf:f5:c7:45:7f:93:c4:13:6e:e4:47:
                    18:cb:40:37:75:12:ea:5d:ca:d6:a2:ea:49:fc:c8:
                    15:52:a8:68:23:29:32:47:df:a2:0b:97:90:fe:db:
                    d8:2e:2a:94:91:e6:dc:0c:77:98:06:af:f0:f4:f6:
                    73:02:e8:6d:db:e9:7a:11:ac:33:8d:f4:f8:78:58:
                    95:41:17:ad:18:33:ff:ef:64:7e:fa:be:ad:ab:5b:
                    66:c9:46:49:b0:84:9a:35:49:71:e2:bd:33:d9:c6:
                    b8:c9:e9:99:55:f7:61:bc:f1:ad:14:ef:d3:ab:21:
                    a0:ad:8a:4b:04:4d:34:2c:cb:47:bd:f0:10:df:e3:
                    11:cc:07:b3:02:3a:c9:a1:c1:3f:0e:0f:e7:ca:ec:
                    4d:4e:b5:86:65:66:11:0a:e8:8f:8c:3a:dd:24:08:
                    73:11:84:be:a2:ff:3f:17:3c:51:c1:2c:14:0d:fa:
                    4e:dd:63:1d:d0:ed:e4:44:1d:69:a2:18:5e:4e:15:
                    d4:18:1e:c8:b6:68:96:f9:57:05:e2:65:9c:67:81:
                    ea:69:85:6d:b1:91:19:2d:2b:78:dd:be:5d:c9:dc:
                    42:05:93:89:60:a7:07:94:c7:a2:4d:60:31:5c:2a:
                    7b:1d:73:5b:4a:e1:e4:f0:41:bd:f7:eb:51:23:9f:
                    d9:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:01:FB:CB:29:57:8C:E5:DF:8F:BD:A4:7C:DC:6D:EC:EE:CE:F8:A9
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/GAH7yylXjOXfj72kfNxt7O7O-Kk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c047::/32

    Signature Algorithm: sha256WithRSAEncryption
         21:ae:d8:c4:5a:be:65:ee:b9:95:e4:44:8b:19:8e:cf:ad:e9:
         fc:26:b8:f0:54:dc:13:96:e2:7d:c1:7e:44:0e:cb:4a:86:b8:
         7e:5b:30:12:1e:db:99:51:73:cd:2b:87:6b:28:c0:07:d6:ce:
         2e:76:58:d1:0a:40:b4:23:e0:03:b3:45:d3:f7:f2:8b:1c:65:
         12:55:06:48:70:67:82:4f:3d:8a:eb:ab:aa:80:91:46:55:5c:
         59:4a:fa:87:10:21:e1:3f:de:63:0f:6d:cf:63:7a:7b:e8:3e:
         88:60:e9:4e:01:55:76:ff:cb:1f:01:e1:85:8b:1b:10:b5:77:
         ae:6f:2a:7a:39:26:92:ce:4d:ea:40:cf:cf:8a:0d:7a:78:ac:
         35:b7:89:0d:33:e5:24:5e:3e:fb:90:b8:f4:dc:7b:7d:a1:3a:
         18:70:bb:82:59:0c:48:88:d2:35:ba:0c:28:90:c3:ae:76:a1:
         e9:04:ae:2a:e9:48:e2:5f:f4:98:91:7e:92:0d:06:4a:4f:10:
         6a:fd:7b:a6:85:f7:99:e6:56:72:50:c6:88:7d:eb:10:b4:70:
         26:c8:6c:0e:ee:d0:da:cd:5a:b5:0b:bb:e5:3b:19:bd:ac:d3:
         51:d3:3a:ed:cb:72:ca:af:2f:50:5b:38:63:eb:9f:3d:02:94:
         c0:2a:90:64
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZc3IUl0bLEU95azUmsy1szCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjUwNjAzMTg1MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODAxZmJjYjI5NTc4Y2U1ZGY4ZmJkYTQ3Y2RjNmRlY2VlY2VmOGE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwokhv/XHRX+TxBNu5EcYy0A3dRLq
XcrWoupJ/MgVUqhoIykyR9+iC5eQ/tvYLiqUkebcDHeYBq/w9PZzAuht2+l6Eawz
jfT4eFiVQRetGDP/72R++r6tq1tmyUZJsISaNUlx4r0z2ca4yemZVfdhvPGtFO/T
qyGgrYpLBE00LMtHvfAQ3+MRzAezAjrJocE/Dg/nyuxNTrWGZWYRCuiPjDrdJAhz
EYS+ov8/FzxRwSwUDfpO3WMd0O3kRB1pohheThXUGB7ItmiW+VcF4mWcZ4HqaYVt
sZEZLSt43b5dydxCBZOJYKcHlMeiTWAxXCp7HXNbSuHk8EG99+tRI5/ZDQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBgB+8spV4zl34+9pHzcbezuzvipMB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvR0FIN3l5bFhqT1hmajcya2ZOeHQ3TzdPLUtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhPARzAN
BgkqhkiG9w0BAQsFAAOCAQEAIa7YxFq+Ze65leREixmOz63p/Ca48FTcE5bifcF+
RA7LSoa4flswEh7bmVFzzSuHayjAB9bOLnZY0QpAtCPgA7NF0/fyixxlElUGSHBn
gk89iuurqoCRRlVcWUr6hxAh4T/eYw9tz2N6e+g+iGDpTgFVdv/LHwHhhYsbELV3
rm8qejkmks5N6kDPz4oNenisNbeJDTPlJF4++5C49Nx7faE6GHC7glkMSIjSNboM
KJDDrnah6QSuKulI4l/0mJF+kg0GSk8Qav17poX3meZWclDGiH3rELRwJshsDu7Q
2s1atQu75TsZvazTUdM67ctyyq8vUFs4Y+ufPQKUwCqQZA==
-----END CERTIFICATE-----