Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/d99fac-35dc-4f2c-8f95-f195223d03b3/1/NdI4eek8jOjsWz1VECAlKFSlieY.roa
File:                     NdI4eek8jOjsWz1VECAlKFSlieY.roa (raw, json)
Hash identifier:          KdGGoQzPMHoGucfApjzpne/EBBMfi+F0OYkvglIdCSE=
Subject key identifier:   35:D2:38:79:E9:3C:8C:E8:EC:5B:3D:55:10:20:25:28:54:A5:89:E6
Certificate issuer:       /CN=7c29c2f5723f29ec5e0e793e73ab55b8a1c86ba9
Certificate serial:       0194274783B71871E61BC037CF06C14AA481
Authority key identifier: 7C:29:C2:F5:72:3F:29:EC:5E:0E:79:3E:73:AB:55:B8:A1:C8:6B:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fCnC9XI_KexeDnk-c6tVuKHIa6k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/d99fac-35dc-4f2c-8f95-f195223d03b3/1/NdI4eek8jOjsWz1VECAlKFSlieY.roa
Signing time:             Thu 02 Jan 2025 13:49:45 +0000
ROA not before:           Thu 02 Jan 2025 13:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57712
IP address blocks:        2a13:8e40:1000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/d99fac-35dc-4f2c-8f95-f195223d03b3/1/fCnC9XI_KexeDnk-c6tVuKHIa6k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/d99fac-35dc-4f2c-8f95-f195223d03b3/1/fCnC9XI_KexeDnk-c6tVuKHIa6k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fCnC9XI_KexeDnk-c6tVuKHIa6k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 22:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:83:b7:18:71:e6:1b:c0:37:cf:06:c1:4a:a4:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c29c2f5723f29ec5e0e793e73ab55b8a1c86ba9
        Validity
            Not Before: Jan  2 13:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=35d23879e93c8ce8ec5b3d551020252854a589e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:dd:06:d8:41:db:68:8f:a2:57:b6:d8:6c:bb:
                    17:01:57:78:ba:a1:b0:1d:64:07:6e:2e:62:24:9a:
                    e8:05:24:30:40:5f:e9:61:39:4e:a5:98:09:4f:62:
                    30:6c:fb:34:f1:d5:46:b9:d8:f0:b5:b5:ff:28:a7:
                    2a:f8:25:51:51:d2:00:6a:1c:f3:11:b0:c1:5c:a8:
                    d9:ca:45:af:be:4d:e7:ee:21:f2:dc:47:3a:95:1f:
                    22:e3:6e:27:9a:47:3f:58:96:8f:63:05:d7:2d:b6:
                    4c:02:11:12:32:6e:ae:04:7c:a0:b1:7d:bd:0c:1b:
                    bf:b7:4c:6d:3b:ec:7c:0d:84:38:9e:a7:6d:dc:f1:
                    54:f4:0f:ed:68:88:ca:d4:47:28:18:92:4d:4f:a8:
                    3a:d4:a4:90:94:b0:b3:1d:99:11:0e:f5:48:41:67:
                    c9:56:27:3b:ac:ef:47:5f:fc:e4:94:e7:e8:9f:37:
                    32:71:98:ac:16:56:ed:03:ff:95:76:cb:c1:63:93:
                    a6:52:8c:a8:4f:8b:68:03:0c:13:18:c8:ff:22:42:
                    b7:83:0b:d7:e8:78:7e:48:9b:43:bd:6a:35:7c:a9:
                    4d:cb:e2:3a:51:97:9e:1d:34:de:22:40:05:25:93:
                    0f:c2:86:03:f1:48:a5:a2:d8:37:8e:a4:f6:c4:b9:
                    25:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:D2:38:79:E9:3C:8C:E8:EC:5B:3D:55:10:20:25:28:54:A5:89:E6
            X509v3 Authority Key Identifier:
                keyid:7C:29:C2:F5:72:3F:29:EC:5E:0E:79:3E:73:AB:55:B8:A1:C8:6B:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fCnC9XI_KexeDnk-c6tVuKHIa6k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/d99fac-35dc-4f2c-8f95-f195223d03b3/1/NdI4eek8jOjsWz1VECAlKFSlieY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/d99fac-35dc-4f2c-8f95-f195223d03b3/1/fCnC9XI_KexeDnk-c6tVuKHIa6k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:8e40:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         3c:41:fb:da:be:c6:29:ad:26:20:f6:38:44:39:35:73:e6:6e:
         e2:1d:a3:fd:e6:40:62:d3:c6:86:4d:94:c6:1b:20:3f:15:71:
         5a:78:2f:7f:6b:84:7f:56:7f:85:a6:32:47:62:0d:77:cd:e0:
         8e:99:6f:c8:be:f5:12:80:4b:23:90:9c:bf:07:a4:21:e5:84:
         9c:9a:91:a1:89:17:82:e0:46:9e:55:80:4b:96:c5:99:59:4a:
         12:e1:e2:91:89:e9:ec:1a:d7:c8:80:08:f7:e8:66:0a:5f:7a:
         e3:b4:0c:ad:98:d6:79:d2:5d:c8:07:d2:86:e5:e7:dc:97:8a:
         fc:51:f5:56:66:f4:4e:05:65:0f:84:ba:cb:e3:fc:59:6a:3a:
         a4:dd:d3:60:cd:40:f3:24:89:a7:ee:bd:27:7e:dd:f7:78:3c:
         cc:8a:b6:3d:60:81:c0:d5:09:03:1e:27:65:1a:a0:63:8b:0b:
         dd:1b:03:00:b1:ff:6b:5d:da:c6:0f:ea:89:9b:ec:8f:c2:f1:
         04:c0:ae:54:bf:e6:d4:7b:98:06:3c:65:6f:7f:6e:b2:e2:f4:
         d1:be:27:6f:41:a9:c3:90:f0:bd:fe:af:b2:0a:cc:79:ce:22:
         d0:0f:63:e3:cb:ce:12:59:6f:2d:ca:1c:84:16:af:60:27:6c:
         55:27:79:4f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQnR4O3GHHmG8A3zwbBSqSBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjMjljMmY1NzIzZjI5ZWM1ZTBlNzkzZTczYWI1NWI4YTFj
ODZiYTkwHhcNMjUwMTAyMTM0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWQyMzg3OWU5M2M4Y2U4ZWM1YjNkNTUxMDIwMjUyODU0YTU4OWU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyN0G2EHbaI+iV7bYbLsXAVd4uqGw
HWQHbi5iJJroBSQwQF/pYTlOpZgJT2IwbPs08dVGudjwtbX/KKcq+CVRUdIAahzz
EbDBXKjZykWvvk3n7iHy3Ec6lR8i424nmkc/WJaPYwXXLbZMAhESMm6uBHygsX29
DBu/t0xtO+x8DYQ4nqdt3PFU9A/taIjK1EcoGJJNT6g61KSQlLCzHZkRDvVIQWfJ
Vic7rO9HX/zklOfonzcycZisFlbtA/+VdsvBY5OmUoyoT4toAwwTGMj/IkK3gwvX
6Hh+SJtDvWo1fKlNy+I6UZeeHTTeIkAFJZMPwoYD8Uilotg3jqT2xLklvQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDXSOHnpPIzo7Fs9VRAgJShUpYnmMB8GA1UdIwQY
MBaAFHwpwvVyPynsXg55PnOrVbihyGupMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkNuQzlYSV9LZXhlRG5rLWM2dFZ1S0hJYTZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9kOTlmYWMtMzVkYy00ZjJjLThmOTUt
ZjE5NTIyM2QwM2IzLzEvTmRJNGVlazhqT2pzV3oxVkVDQWxLRlNsaWVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9kOTlmYWMtMzVkYy00ZjJjLThmOTUtZjE5NTIyM2QwM2Iz
LzEvZkNuQzlYSV9LZXhlRG5rLWM2dFZ1S0hJYTZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhOOQBAw
DQYJKoZIhvcNAQELBQADggEBADxB+9q+ximtJiD2OEQ5NXPmbuIdo/3mQGLTxoZN
lMYbID8VcVp4L39rhH9Wf4WmMkdiDXfN4I6Zb8i+9RKASyOQnL8HpCHlhJyakaGJ
F4LgRp5VgEuWxZlZShLh4pGJ6ewa18iACPfoZgpfeuO0DK2Y1nnSXcgH0obl59yX
ivxR9VZm9E4FZQ+Eusvj/FlqOqTd02DNQPMkiafuvSd+3fd4PMyKtj1ggcDVCQMe
J2UaoGOLC90bAwCx/2td2sYP6omb7I/C8QTArlS/5tR7mAY8ZW9/brLi9NG+J29B
qcOQ8L3+r7IKzHnOItAPY+PLzhJZby3KHIQWr2AnbFUneU8=
-----END CERTIFICATE-----