Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/qZsKt_ptHkmgzHpNBoHuPdXUL7U.roa
File:                     qZsKt_ptHkmgzHpNBoHuPdXUL7U.roa (raw, json)
Hash identifier:          4XhIWgfo35tkxm29m9dMluZExP1VEJy3L9NulF6SgGw=
Subject key identifier:   A9:9B:0A:B7:FA:6D:1E:49:A0:CC:7A:4D:06:81:EE:3D:D5:D4:2F:B5
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       0197418DD846C64F9ED787EA25B1B2272E43
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/qZsKt_ptHkmgzHpNBoHuPdXUL7U.roa
Signing time:             Thu 05 Jun 2025 19:25:04 +0000
ROA not before:           Thu 05 Jun 2025 19:25:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        2a13:c040::/32 maxlen: 32
                          2a14:6ac0::/32 maxlen: 32
                          2a14:6b40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 10:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:41:8d:d8:46:c6:4f:9e:d7:87:ea:25:b1:b2:27:2e:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Jun  5 19:25:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a99b0ab7fa6d1e49a0cc7a4d0681ee3dd5d42fb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:6c:f1:da:91:aa:fc:09:e2:0c:a4:3e:6b:9e:
                    4b:d1:fb:72:d8:e0:1e:cd:ec:87:d8:6b:2b:64:54:
                    33:fd:73:a4:5b:5e:c0:20:37:6a:e9:2a:01:88:6d:
                    24:f5:76:09:b4:9a:c8:d2:93:54:a7:b5:79:9a:fd:
                    cd:6b:24:f5:b3:21:38:80:59:80:41:49:5d:c4:ad:
                    c2:e9:f3:6b:07:b2:61:68:86:8e:65:e6:14:7b:3b:
                    63:2d:6f:56:c3:91:ec:19:60:dd:46:d2:84:df:36:
                    19:77:3e:0d:87:88:91:35:4c:cc:95:6d:4f:8b:fc:
                    00:29:32:5e:40:fd:7d:a3:88:ea:d4:18:42:dd:0a:
                    cd:95:ec:b6:27:5c:79:1e:56:04:4c:27:35:9f:89:
                    22:3b:d9:04:64:c9:6c:d6:73:b1:a1:0e:d0:11:49:
                    e6:2d:f4:f9:aa:17:dd:7a:bf:88:3f:17:8e:07:05:
                    c6:8d:1a:14:de:16:fd:02:1f:ce:4d:b4:59:7e:b3:
                    bc:65:bb:04:22:d3:e0:02:53:85:7a:06:f0:c6:fc:
                    19:7c:ac:22:6b:92:84:69:50:7f:14:57:4f:32:3e:
                    bb:89:4b:23:49:37:55:88:ca:b3:26:f4:ad:35:9e:
                    57:42:88:9d:9c:18:5a:28:8e:06:21:be:dc:fc:12:
                    91:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:9B:0A:B7:FA:6D:1E:49:A0:CC:7A:4D:06:81:EE:3D:D5:D4:2F:B5
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/qZsKt_ptHkmgzHpNBoHuPdXUL7U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c040::/32
                  2a14:6ac0::/32
                  2a14:6b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         5e:59:25:89:62:b6:83:7e:47:8c:36:fc:d4:5d:e5:1c:4a:98:
         2b:a2:c3:2a:0c:ea:b1:61:c8:ed:43:02:02:ce:34:24:17:de:
         b2:fa:e5:00:b2:b8:bc:34:c4:6b:b2:40:5c:2d:f8:9f:db:aa:
         dd:aa:25:8d:a1:a4:62:0c:a0:ad:01:2f:00:07:70:c2:ab:a9:
         2a:0d:41:9b:ed:10:34:46:3e:e4:28:38:2a:c9:81:af:22:58:
         71:67:0e:a2:5a:87:88:4e:9d:57:a8:cb:98:20:16:aa:71:c3:
         8d:38:64:38:f9:c1:6e:65:26:fc:f0:83:ea:18:c0:c9:36:ec:
         25:15:f3:3e:a7:f5:ac:29:3b:19:d3:e3:8d:0b:7c:39:ed:a9:
         0b:cd:d2:c2:03:2d:66:bf:f6:aa:a4:65:df:86:ae:00:a9:bb:
         52:8e:f9:c2:02:a3:ab:e0:3d:af:5c:e6:ac:27:04:c0:f0:d3:
         30:88:45:d2:13:f4:7c:f5:43:a8:55:ac:44:e8:c2:5d:9d:94:
         b1:07:be:ce:c4:21:f7:9f:52:c4:31:8f:de:a2:e0:04:b0:3e:
         78:5e:0a:3a:b9:04:e3:88:66:ab:c5:ca:ab:35:0e:a2:2e:19:
         b1:ab:5c:64:b9:c5:2f:ca:61:8d:f6:f8:c4:11:f8:60:79:a6:
         84:5a:29:67
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZdBjdhGxk+e14fqJbGyJy5DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjUwNjA1MTkyNTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTliMGFiN2ZhNmQxZTQ5YTBjYzdhNGQwNjgxZWUzZGQ1ZDQyZmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2zx2pGq/AniDKQ+a55L0fty2OAe
zeyH2GsrZFQz/XOkW17AIDdq6SoBiG0k9XYJtJrI0pNUp7V5mv3NayT1syE4gFmA
QUldxK3C6fNrB7JhaIaOZeYUeztjLW9Ww5HsGWDdRtKE3zYZdz4Nh4iRNUzMlW1P
i/wAKTJeQP19o4jq1BhC3QrNley2J1x5HlYETCc1n4kiO9kEZMls1nOxoQ7QEUnm
LfT5qhfder+IPxeOBwXGjRoU3hb9Ah/OTbRZfrO8ZbsEItPgAlOFegbwxvwZfKwi
a5KEaVB/FFdPMj67iUsjSTdViMqzJvStNZ5XQoidnBhaKI4GIb7c/BKRjQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKmbCrf6bR5JoMx6TQaB7j3V1C+1MB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvcVpzS3RfcHRIa21nekhwTkJvSHVQZFhVTDdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUAKhPAQAMF
ACoUasADBQMqFGtAMA0GCSqGSIb3DQEBCwUAA4IBAQBeWSWJYraDfkeMNvzUXeUc
SpgrosMqDOqxYcjtQwICzjQkF96y+uUAsri8NMRrskBcLfif26rdqiWNoaRiDKCt
AS8AB3DCq6kqDUGb7RA0Rj7kKDgqyYGvIlhxZw6iWoeITp1XqMuYIBaqccONOGQ4
+cFuZSb88IPqGMDJNuwlFfM+p/WsKTsZ0+ONC3w57akLzdLCAy1mv/aqpGXfhq4A
qbtSjvnCAqOr4D2vXOasJwTA8NMwiEXSE/R89UOoVaxE6MJdnZSxB77OxCH3n1LE
MY/eouAEsD54Xgo6uQTjiGarxcqrNQ6iLhmxq1xkucUvymGN9vjEEfhgeaaEWiln
-----END CERTIFICATE-----