Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/g7yhzpXq3BgfhordvGjsMt7kfrg.roa
File:                     g7yhzpXq3BgfhordvGjsMt7kfrg.roa (raw, json)
Hash identifier:          c7ZRmToYMDP7qHJOFRZKhc+w75h5IFWQUmuwyfCoMxQ=
Subject key identifier:   83:BC:A1:CE:95:EA:DC:18:1F:86:8A:DD:BC:68:EC:32:DE:E4:7E:B8
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       019737205F3EA6A1748272433BF0AE74B6F8
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/g7yhzpXq3BgfhordvGjsMt7kfrg.roa
Signing time:             Tue 03 Jun 2025 18:49:17 +0000
ROA not before:           Tue 03 Jun 2025 18:49:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203624
IP address blocks:        2a13:c043::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:37:20:5f:3e:a6:a1:74:82:72:43:3b:f0:ae:74:b6:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Jun  3 18:49:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=83bca1ce95eadc181f868addbc68ec32dee47eb8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:04:d6:11:f9:63:9e:0a:ec:3f:47:3a:88:f0:
                    f0:bf:64:d5:67:ef:b1:4d:eb:41:e1:1f:d7:76:0f:
                    83:c2:c4:d0:a8:d6:65:bc:65:00:f1:cd:3a:5a:d3:
                    5f:cd:35:84:14:9d:d7:6e:b0:11:0f:bd:dd:ea:16:
                    8a:6b:6e:c9:75:9b:a4:13:71:b0:53:73:dc:48:26:
                    e0:07:86:37:4c:d2:e1:d3:41:37:80:d5:0f:af:d0:
                    0f:f1:c0:26:a2:dd:38:67:8b:7d:61:15:5a:08:a6:
                    c4:29:69:14:96:15:84:d9:86:2f:9e:2c:a6:91:51:
                    ac:46:2f:ff:57:3b:94:79:f0:ed:04:f8:60:02:f0:
                    a4:73:0c:5b:8b:36:54:86:3b:cc:ab:f6:35:52:66:
                    3b:f2:89:f7:23:c7:92:02:8c:2f:e0:e8:a6:99:f1:
                    63:65:f0:92:3e:3a:30:39:71:62:bc:75:67:96:d8:
                    62:d7:46:cd:6a:fa:9c:b2:3e:db:1b:1c:6a:ab:b2:
                    42:44:3b:53:2d:7d:42:85:a3:f6:07:95:89:0b:e9:
                    e8:39:85:0a:b6:89:2e:9b:0d:5c:0b:71:c2:74:4b:
                    2e:3d:79:48:25:ba:ae:23:02:a6:1f:0c:22:f2:0c:
                    85:8a:de:c2:f2:6a:5b:6c:e6:4e:fb:a3:24:b2:a5:
                    71:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:BC:A1:CE:95:EA:DC:18:1F:86:8A:DD:BC:68:EC:32:DE:E4:7E:B8
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/g7yhzpXq3BgfhordvGjsMt7kfrg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c043::/32

    Signature Algorithm: sha256WithRSAEncryption
         8c:af:1e:d6:a5:72:dc:69:fe:e8:f9:b8:c7:6e:1e:f5:61:ad:
         66:40:c1:58:94:c2:18:1c:96:98:70:79:87:42:7d:16:00:3d:
         7a:56:f0:80:44:b6:74:71:fc:56:cd:e8:20:90:f5:63:d9:0e:
         8c:7d:46:f1:aa:d4:b1:73:99:a4:a9:bd:3a:2a:64:9e:74:b5:
         6c:19:c2:d4:ee:3d:9b:89:07:e2:bb:1f:f9:31:d7:83:15:14:
         61:4f:dd:f8:9f:8e:7c:14:bf:e8:ea:91:01:01:df:6f:14:82:
         f9:49:a1:00:b2:bf:d4:1c:63:ff:94:d9:03:9b:6a:22:49:de:
         db:84:72:21:53:47:db:b4:46:be:8c:fe:be:1c:d7:d9:f5:89:
         c0:67:82:dd:cc:d5:1e:86:35:f5:44:3e:2e:66:6f:84:4c:33:
         93:f9:42:eb:81:26:35:6f:35:39:8c:66:62:bf:6c:1e:36:d3:
         be:d9:09:fa:9f:3c:e9:9a:1b:bc:27:df:2e:4b:73:86:8e:07:
         cb:51:47:b0:ab:c4:ef:45:bd:8b:1f:2c:88:82:12:e2:dd:1f:
         92:53:16:47:58:20:0e:83:31:1d:c0:9d:84:5a:d7:21:47:0c:
         e9:2f:eb:55:35:51:a6:8b:ae:81:d9:86:ab:00:3a:c0:5f:ad:
         68:13:bb:9d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZc3IF8+pqF0gnJDO/CudLb4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjUwNjAzMTg0OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2JjYTFjZTk1ZWFkYzE4MWY4NjhhZGRiYzY4ZWMzMmRlZTQ3ZWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5ATWEfljngrsP0c6iPDwv2TVZ++x
TetB4R/Xdg+DwsTQqNZlvGUA8c06WtNfzTWEFJ3XbrARD73d6haKa27JdZukE3Gw
U3PcSCbgB4Y3TNLh00E3gNUPr9AP8cAmot04Z4t9YRVaCKbEKWkUlhWE2YYvniym
kVGsRi//VzuUefDtBPhgAvCkcwxbizZUhjvMq/Y1UmY78on3I8eSAowv4OimmfFj
ZfCSPjowOXFivHVnlthi10bNavqcsj7bGxxqq7JCRDtTLX1ChaP2B5WJC+noOYUK
tokumw1cC3HCdEsuPXlIJbquIwKmHwwi8gyFit7C8mpbbOZO+6MksqVxpwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIO8oc6V6twYH4aK3bxo7DLe5H64MB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvZzd5aHpwWHEzQmdmaG9yZHZHanNNdDdrZnJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhPAQzAN
BgkqhkiG9w0BAQsFAAOCAQEAjK8e1qVy3Gn+6Pm4x24e9WGtZkDBWJTCGByWmHB5
h0J9FgA9elbwgES2dHH8Vs3oIJD1Y9kOjH1G8arUsXOZpKm9OipknnS1bBnC1O49
m4kH4rsf+THXgxUUYU/d+J+OfBS/6OqRAQHfbxSC+UmhALK/1Bxj/5TZA5tqIkne
24RyIVNH27RGvoz+vhzX2fWJwGeC3czVHoY19UQ+LmZvhEwzk/lC64EmNW81OYxm
Yr9sHjbTvtkJ+p886ZobvCffLktzho4Hy1FHsKvE70W9ix8siIIS4t0fklMWR1gg
DoMxHcCdhFrXIUcM6S/rVTVRpouugdmGqwA6wF+taBO7nQ==
-----END CERTIFICATE-----