Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VnNqBCs69mw3KKPb6Vb8kFHyox8.roa
File:                     VnNqBCs69mw3KKPb6Vb8kFHyox8.roa (raw, json)
Hash identifier:          7rIPU6+3Skn9EHd7NCmjus3+fpG9f70YdMuRczX9f04=
Subject key identifier:   56:73:6A:04:2B:3A:F6:6C:37:28:A3:DB:E9:56:FC:90:51:F2:A3:1F
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       01942445A46C3E636E2721D3E465115CF529
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VnNqBCs69mw3KKPb6Vb8kFHyox8.roa
Signing time:             Wed 01 Jan 2025 23:48:51 +0000
ROA not before:           Wed 01 Jan 2025 23:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200216
IP address blocks:        2a13:b640::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:a4:6c:3e:63:6e:27:21:d3:e4:65:11:5c:f5:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Jan  1 23:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=56736a042b3af66c3728a3dbe956fc9051f2a31f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:70:32:3c:c1:13:e3:b7:8c:57:d0:83:1d:d9:
                    56:d0:bb:6e:2a:df:67:b8:ec:6b:f4:cb:56:60:72:
                    8f:b2:a1:0d:6a:be:f3:5b:fa:54:a8:db:b8:4d:e6:
                    a4:04:73:fa:f9:0a:ed:02:0c:49:25:d7:7a:db:83:
                    f9:c3:8f:d3:51:fa:e7:0f:c0:02:cd:4a:eb:e9:8f:
                    9c:8a:ab:f1:69:af:4c:64:e6:9c:18:c6:1b:65:38:
                    4b:0c:c6:ab:e4:ba:c4:45:68:f4:bc:98:34:3d:fd:
                    cd:58:28:39:63:39:1a:d9:c5:dc:f6:ad:64:32:9e:
                    20:fe:22:52:81:ee:4e:77:fc:9c:41:dd:35:f0:5f:
                    aa:86:2c:31:7f:78:cb:55:5e:e3:9a:f2:d0:cf:65:
                    be:ef:36:86:5b:d0:d5:26:15:02:63:08:21:09:f6:
                    e6:bc:0d:05:cc:f5:ca:cf:7a:f7:45:aa:8f:7c:8e:
                    b3:7c:a9:e6:37:98:eb:f2:63:c6:23:c4:3a:dc:b3:
                    81:90:11:11:aa:36:2a:9d:34:7c:84:98:a2:a4:81:
                    57:b3:32:8f:c3:ed:a9:80:3b:65:80:db:3f:31:dd:
                    0a:05:48:7b:11:55:bd:82:be:7c:70:fa:14:ad:f6:
                    2c:a0:4c:1f:86:81:f4:45:fb:04:93:67:da:e3:7b:
                    db:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:73:6A:04:2B:3A:F6:6C:37:28:A3:DB:E9:56:FC:90:51:F2:A3:1F
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VnNqBCs69mw3KKPb6Vb8kFHyox8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:b640::/29

    Signature Algorithm: sha256WithRSAEncryption
         28:51:bc:63:18:c0:af:d6:98:24:39:c3:e2:5d:95:53:41:f1:
         8c:8f:65:e8:50:16:49:01:f0:e1:6e:a7:f5:f8:16:10:ed:80:
         9d:d7:66:d7:58:a2:3c:1d:02:b0:9d:31:d0:ca:65:81:e2:c0:
         ba:d8:39:c1:20:9f:b1:53:0c:b8:a9:25:0c:0f:48:de:d1:23:
         b0:56:4f:94:2d:a0:f6:6c:10:dd:79:ae:bf:56:e5:d5:66:59:
         63:39:0b:e4:ca:89:c5:de:9a:33:fd:5d:45:c7:76:22:57:70:
         06:0b:ca:ff:0f:ca:a7:9d:a2:5f:67:8b:97:f4:1f:25:24:f9:
         6e:f7:f0:90:10:f0:99:cd:6c:3f:a6:58:89:6d:fd:26:19:88:
         a5:f8:a0:16:f8:9f:de:88:ac:2d:1e:6c:f1:7b:d2:83:71:cc:
         d9:ab:8c:c8:83:f0:5c:3a:de:c7:27:b8:de:f0:ce:a3:44:94:
         76:2d:ab:b2:a1:48:d8:5e:74:5f:66:24:f2:64:ff:ca:85:fb:
         7e:c8:41:eb:0b:74:7b:cf:f9:14:68:9a:0f:48:c2:fe:85:f9:
         9d:8f:c0:f1:f3:25:55:60:a7:00:6b:15:90:77:8a:67:d8:13:
         bd:e8:36:63:13:50:95:9c:6b:4d:34:7d:04:40:ed:18:bd:0e:
         4e:c2:ed:92
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQkRaRsPmNuJyHT5GURXPUpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjUwMTAxMjM0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjczNmEwNDJiM2FmNjZjMzcyOGEzZGJlOTU2ZmM5MDUxZjJhMzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAknAyPMET47eMV9CDHdlW0LtuKt9n
uOxr9MtWYHKPsqENar7zW/pUqNu4TeakBHP6+QrtAgxJJdd624P5w4/TUfrnD8AC
zUrr6Y+ciqvxaa9MZOacGMYbZThLDMar5LrERWj0vJg0Pf3NWCg5Yzka2cXc9q1k
Mp4g/iJSge5Od/ycQd018F+qhiwxf3jLVV7jmvLQz2W+7zaGW9DVJhUCYwghCfbm
vA0FzPXKz3r3RaqPfI6zfKnmN5jr8mPGI8Q63LOBkBERqjYqnTR8hJiipIFXszKP
w+2pgDtlgNs/Md0KBUh7EVW9gr58cPoUrfYsoEwfhoH0RfsEk2fa43vboQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFZzagQrOvZsNyij2+lW/JBR8qMfMB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvVm5OcUJDczY5bXczS0tQYjZWYjhrRkh5b3g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhO2QDAN
BgkqhkiG9w0BAQsFAAOCAQEAKFG8YxjAr9aYJDnD4l2VU0HxjI9l6FAWSQHw4W6n
9fgWEO2Anddm11iiPB0CsJ0x0MplgeLAutg5wSCfsVMMuKklDA9I3tEjsFZPlC2g
9mwQ3Xmuv1bl1WZZYzkL5MqJxd6aM/1dRcd2IldwBgvK/w/Kp52iX2eLl/QfJST5
bvfwkBDwmc1sP6ZYiW39JhmIpfigFvif3oisLR5s8XvSg3HM2auMyIPwXDrexye4
3vDOo0SUdi2rsqFI2F50X2Yk8mT/yoX7fshB6wt0e8/5FGiaD0jC/oX5nY/A8fMl
VWCnAGsVkHeKZ9gTveg2YxNQlZxrTTR9BEDtGL0OTsLtkg==
-----END CERTIFICATE-----