Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/a142a9-a00a-4235-b71f-e6b20b09f866/1/zJVAm_Aoh0U8gwZ5WRQsBP3hX6A.roa
File:                     zJVAm_Aoh0U8gwZ5WRQsBP3hX6A.roa (raw, json)
Hash identifier:          +sPk6LCRSFLjFRp6ZIQ4HhKiMmXE+FxNLLLGnfyG87E=
Subject key identifier:   CC:95:40:9B:F0:28:87:45:3C:83:06:79:59:14:2C:04:FD:E1:5F:A0
Certificate issuer:       /CN=ef7e5c75f648ac692b14bc222e2c180c863b45e2
Certificate serial:       019425219D1568982876C808DC84768408E2
Authority key identifier: EF:7E:5C:75:F6:48:AC:69:2B:14:BC:22:2E:2C:18:0C:86:3B:45:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/735cdfZIrGkrFLwiLiwYDIY7ReI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/a142a9-a00a-4235-b71f-e6b20b09f866/1/zJVAm_Aoh0U8gwZ5WRQsBP3hX6A.roa
Signing time:             Thu 02 Jan 2025 03:49:07 +0000
ROA not before:           Thu 02 Jan 2025 03:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213852
IP address blocks:        2a13:bf00::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/a142a9-a00a-4235-b71f-e6b20b09f866/1/735cdfZIrGkrFLwiLiwYDIY7ReI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/a142a9-a00a-4235-b71f-e6b20b09f866/1/735cdfZIrGkrFLwiLiwYDIY7ReI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/735cdfZIrGkrFLwiLiwYDIY7ReI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:9d:15:68:98:28:76:c8:08:dc:84:76:84:08:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef7e5c75f648ac692b14bc222e2c180c863b45e2
        Validity
            Not Before: Jan  2 03:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cc95409bf02887453c83067959142c04fde15fa0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:c8:c8:f7:66:95:e3:83:0b:79:18:d8:23:74:
                    91:cb:e8:49:55:80:22:89:4e:8f:91:bb:06:90:b0:
                    22:92:13:16:9a:f7:13:18:2d:00:54:42:2a:ee:e5:
                    bf:40:bc:90:ce:73:87:51:d0:4d:88:b5:f5:97:ff:
                    84:db:b5:1e:c3:d7:79:3e:01:c6:41:20:5a:42:02:
                    fa:b0:4b:c2:c4:61:89:f9:d1:f0:69:5a:1a:63:18:
                    aa:09:c2:da:f1:f1:30:7b:c3:5c:46:80:de:06:f2:
                    73:a5:d6:21:65:09:e5:73:b6:70:a9:5a:57:4f:e3:
                    45:f6:27:c7:f9:71:3d:d1:50:b3:cc:e9:c6:10:46:
                    f3:62:0c:79:55:3f:2f:41:e6:dc:11:f5:45:f6:eb:
                    7f:d6:3e:73:86:27:55:c2:31:36:19:06:19:60:94:
                    00:1b:cc:e4:7b:03:f6:07:0c:e4:43:94:5c:9f:49:
                    5c:ea:78:d4:f8:9a:dd:3e:89:89:b2:f3:d8:b7:94:
                    d4:a0:48:78:81:30:18:a8:78:46:08:a5:42:6d:cb:
                    ce:5f:b7:9c:b0:c7:17:9f:a7:5e:6d:c3:49:3c:d0:
                    40:d8:a9:0c:78:1a:f2:be:f4:6e:5d:a4:85:7c:cf:
                    81:65:ea:83:86:6f:6b:c4:fe:69:e9:7d:eb:34:23:
                    ff:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:95:40:9B:F0:28:87:45:3C:83:06:79:59:14:2C:04:FD:E1:5F:A0
            X509v3 Authority Key Identifier:
                keyid:EF:7E:5C:75:F6:48:AC:69:2B:14:BC:22:2E:2C:18:0C:86:3B:45:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/735cdfZIrGkrFLwiLiwYDIY7ReI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/a142a9-a00a-4235-b71f-e6b20b09f866/1/zJVAm_Aoh0U8gwZ5WRQsBP3hX6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/a142a9-a00a-4235-b71f-e6b20b09f866/1/735cdfZIrGkrFLwiLiwYDIY7ReI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:bf00::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:7b:0f:08:01:1b:de:d5:d8:8f:c2:58:8d:0b:10:cf:07:65:
         e4:2e:4c:a8:3a:52:01:33:c5:71:ff:41:45:97:bd:17:07:2c:
         7d:aa:5f:27:12:9a:13:a4:6d:37:7c:a9:f1:95:fe:f0:52:26:
         fd:b2:d9:90:ca:a7:86:8d:0c:fb:d3:f6:31:82:fa:d4:46:e3:
         4e:10:73:88:04:87:ae:85:46:53:88:73:6f:99:f1:3b:49:96:
         63:26:d4:c1:50:25:3f:c5:05:36:df:89:a3:0d:97:fa:2c:ed:
         d4:ce:26:27:20:3d:82:cd:20:24:17:14:cd:4e:6b:51:9f:a9:
         97:5f:f5:9d:b9:e7:cb:9c:94:f1:8b:83:5c:2b:3f:fd:3e:ba:
         cf:96:6a:64:f4:31:6b:03:1c:3d:8c:85:da:ec:f4:24:21:75:
         22:95:a9:8b:ef:18:fb:bf:b7:58:4c:bb:8a:fd:e3:5f:48:c4:
         0e:44:0b:17:41:7d:3a:73:fa:55:3a:58:27:99:d0:e6:a9:fb:
         d5:55:51:76:6c:0a:b8:1f:8f:6b:4c:ff:cc:8f:c7:2d:a1:00:
         a9:42:99:09:e6:1d:58:0a:68:00:05:45:ff:85:08:7d:71:5a:
         86:28:d0:58:b6:ca:cb:d4:8b:84:d0:10:8e:b5:0b:79:fa:2d:
         a6:57:60:15
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIZ0VaJgodsgI3IR2hAjiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmN2U1Yzc1ZjY0OGFjNjkyYjE0YmMyMjJlMmMxODBjODYz
YjQ1ZTIwHhcNMjUwMTAyMDM0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzk1NDA5YmYwMjg4NzQ1M2M4MzA2Nzk1OTE0MmMwNGZkZTE1ZmEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlcjI92aV44MLeRjYI3SRy+hJVYAi
iU6PkbsGkLAikhMWmvcTGC0AVEIq7uW/QLyQznOHUdBNiLX1l/+E27Uew9d5PgHG
QSBaQgL6sEvCxGGJ+dHwaVoaYxiqCcLa8fEwe8NcRoDeBvJzpdYhZQnlc7ZwqVpX
T+NF9ifH+XE90VCzzOnGEEbzYgx5VT8vQebcEfVF9ut/1j5zhidVwjE2GQYZYJQA
G8zkewP2BwzkQ5Rcn0lc6njU+JrdPomJsvPYt5TUoEh4gTAYqHhGCKVCbcvOX7ec
sMcXn6debcNJPNBA2KkMeBryvvRuXaSFfM+BZeqDhm9rxP5p6X3rNCP/2QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMyVQJvwKIdFPIMGeVkULAT94V+gMB8GA1UdIwQY
MBaAFO9+XHX2SKxpKxS8Ii4sGAyGO0XiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzM1Y2RmWklyR2tyRkx3aUxpd1lESVk3UmVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9hMTQyYTktYTAwYS00MjM1LWI3MWYt
ZTZiMjBiMDlmODY2LzEvekpWQW1fQW9oMFU4Z3daNVdSUXNCUDNoWDZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9hMTQyYTktYTAwYS00MjM1LWI3MWYtZTZiMjBiMDlmODY2
LzEvNzM1Y2RmWklyR2tyRkx3aUxpd1lESVk3UmVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhO/AAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQAVew8IARve1diPwliNCxDPB2XkLkyoOlIBM8Vx
/0FFl70XByx9ql8nEpoTpG03fKnxlf7wUib9stmQyqeGjQz70/YxgvrURuNOEHOI
BIeuhUZTiHNvmfE7SZZjJtTBUCU/xQU234mjDZf6LO3UziYnID2CzSAkFxTNTmtR
n6mXX/WduefLnJTxi4NcKz/9PrrPlmpk9DFrAxw9jIXa7PQkIXUilamL7xj7v7dY
TLuK/eNfSMQORAsXQX06c/pVOlgnmdDmqfvVVVF2bAq4H49rTP/Mj8ctoQCpQpkJ
5h1YCmgABUX/hQh9cVqGKNBYtsrL1IuE0BCOtQt5+i2mV2AV
-----END CERTIFICATE-----