Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/XD6U-BS_eNFZzoJpRnUZ_qNwIdw.roa
File:                     XD6U-BS_eNFZzoJpRnUZ_qNwIdw.roa (raw, json)
Hash identifier:          DlG1wQai3RqUFNuIZyugTTJbkaLegQwGywk2uo56jWc=
Subject key identifier:   5C:3E:94:F8:14:BF:78:D1:59:CE:82:69:46:75:19:FE:A3:70:21:DC
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       01951079A6A0DCD6A18917466C54297FDC6D
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/XD6U-BS_eNFZzoJpRnUZ_qNwIdw.roa
Signing time:             Sun 16 Feb 2025 20:36:02 +0000
ROA not before:           Sun 16 Feb 2025 20:36:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396190
IP address blocks:        2a13:bfc0::/29 maxlen: 29
                          2a14:6b40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 20:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:10:79:a6:a0:dc:d6:a1:89:17:46:6c:54:29:7f:dc:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Feb 16 20:36:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5c3e94f814bf78d159ce8269467519fea37021dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:d7:d6:86:ed:57:92:30:55:b5:bd:70:44:fd:
                    83:af:01:08:19:2e:11:54:49:02:6d:a6:f2:60:05:
                    71:33:e8:76:98:0d:43:da:0e:04:0a:88:97:85:f5:
                    30:c6:8f:87:c6:bb:7c:17:df:56:52:df:b1:65:b3:
                    15:f1:ba:a0:a3:f2:a9:62:02:70:31:21:69:08:09:
                    c9:29:0b:b5:fc:35:60:dc:aa:24:36:d2:55:a2:08:
                    05:8f:72:3d:60:32:ef:1d:93:a0:68:d8:cf:e7:65:
                    90:9a:a7:c1:6e:65:9d:3a:ae:c7:96:21:86:9b:14:
                    2a:51:d3:df:0e:4b:f0:27:5a:ea:c9:55:d8:cc:5f:
                    38:3b:b7:1f:53:4c:ee:4b:c0:e6:86:d5:94:85:ba:
                    91:fb:6a:f3:43:da:5b:ed:24:e1:14:bc:06:12:5a:
                    79:00:24:ca:16:58:f5:28:a9:74:63:5f:d1:d1:3e:
                    c5:37:ad:d2:2f:c1:94:66:be:c4:cf:57:ed:eb:18:
                    46:95:fc:44:24:24:dc:f7:72:5e:4b:98:37:17:1a:
                    d8:53:4f:5d:10:25:af:50:b6:53:6f:b9:71:fc:88:
                    e9:0c:0e:a1:11:e1:03:db:b3:f8:5a:6c:54:d5:71:
                    9d:b3:96:20:ce:2d:3d:fa:0d:55:a0:25:1b:54:a1:
                    20:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:3E:94:F8:14:BF:78:D1:59:CE:82:69:46:75:19:FE:A3:70:21:DC
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/XD6U-BS_eNFZzoJpRnUZ_qNwIdw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:bfc0::/29
                  2a14:6b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         45:f8:3e:22:ce:6b:2e:5a:49:3d:84:09:bf:f7:18:5c:21:e8:
         d4:33:b2:21:7e:fe:f8:75:b8:cc:9f:2b:b6:2a:99:7d:16:a2:
         a7:58:db:53:36:3a:07:6c:f6:11:50:bc:3e:ac:5f:2f:ea:64:
         a0:f4:d2:6d:c9:d2:2a:fe:df:b6:e6:54:0d:d6:f4:f5:58:0a:
         32:e8:f2:ef:07:d5:c2:3d:7f:42:45:0b:9a:17:a2:97:15:91:
         44:66:af:a3:28:91:8f:c6:ac:7d:96:83:c1:d8:94:a5:9a:23:
         bd:4e:f6:21:5e:8c:e7:ab:d0:58:76:0b:6d:09:f9:0c:e0:2a:
         bb:22:2b:cc:48:d3:86:0b:2d:5b:c6:7a:35:ba:68:8d:00:27:
         22:57:c4:90:d2:1c:07:fc:9f:fa:ff:cb:9b:72:f0:b7:fa:b4:
         2b:55:5e:39:10:7e:24:be:49:d3:9a:b3:d3:38:ac:97:03:36:
         54:14:84:c8:f9:41:15:fb:8f:5e:4e:f9:57:b5:26:23:93:ca:
         42:b8:17:61:2f:81:6e:41:bb:ed:34:ac:02:07:ce:c0:ba:e7:
         05:1d:d5:83:cb:87:27:70:e0:54:2d:6a:fd:40:a2:b7:d2:63:
         cd:ee:88:4d:bf:5f:e8:ff:e9:59:89:80:75:77:3e:25:91:cf:
         90:19:fe:56
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZUQeaag3NahiRdGbFQpf9xtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjUwMjE2MjAzNjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzNlOTRmODE0YmY3OGQxNTljZTgyNjk0Njc1MTlmZWEzNzAyMWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzNfWhu1XkjBVtb1wRP2DrwEIGS4R
VEkCbabyYAVxM+h2mA1D2g4ECoiXhfUwxo+Hxrt8F99WUt+xZbMV8bqgo/KpYgJw
MSFpCAnJKQu1/DVg3KokNtJVoggFj3I9YDLvHZOgaNjP52WQmqfBbmWdOq7HliGG
mxQqUdPfDkvwJ1rqyVXYzF84O7cfU0zuS8DmhtWUhbqR+2rzQ9pb7SThFLwGElp5
ACTKFlj1KKl0Y1/R0T7FN63SL8GUZr7Ez1ft6xhGlfxEJCTc93JeS5g3FxrYU09d
ECWvULZTb7lx/IjpDA6hEeED27P4WmxU1XGds5Ygzi09+g1VoCUbVKEgPQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFFw+lPgUv3jRWc6CaUZ1Gf6jcCHcMB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvWEQ2VS1CU19lTkZaem9KcFJuVVpfcU53SWR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhO/wAMF
AyoUa0AwDQYJKoZIhvcNAQELBQADggEBAEX4PiLOay5aST2ECb/3GFwh6NQzsiF+
/vh1uMyfK7YqmX0WoqdY21M2Ogds9hFQvD6sXy/qZKD00m3J0ir+37bmVA3W9PVY
CjLo8u8H1cI9f0JFC5oXopcVkURmr6MokY/GrH2Wg8HYlKWaI71O9iFejOer0Fh2
C20J+QzgKrsiK8xI04YLLVvGejW6aI0AJyJXxJDSHAf8n/r/y5ty8Lf6tCtVXjkQ
fiS+SdOas9M4rJcDNlQUhMj5QRX7j15O+Ve1JiOTykK4F2EvgW5Bu+00rAIHzsC6
5wUd1YPLhydw4FQtav1AorfSY83uiE2/X+j/6VmJgHV3PiWRz5AZ/lY=
-----END CERTIFICATE-----