Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/tInwtSZcrsH8UY6U7EDIYnH3Yk0.roa
File:                     tInwtSZcrsH8UY6U7EDIYnH3Yk0.roa (raw, json)
Hash identifier:          zFxJOJCL915U4XRjIJJYP12UDRgs6lgTMvwGG3kcUiA=
Subject key identifier:   B4:89:F0:B5:26:5C:AE:C1:FC:51:8E:94:EC:40:C8:62:71:F7:62:4D
Certificate issuer:       /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial:       019639AB0181916D4019687778D623D833F2
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/tInwtSZcrsH8UY6U7EDIYnH3Yk0.roa
Signing time:             Tue 15 Apr 2025 13:37:10 +0000
ROA not before:           Tue 15 Apr 2025 13:37:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396993
IP address blocks:        2a13:4900::/29 maxlen: 29
                          2a13:9f00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 05:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:39:ab:01:81:91:6d:40:19:68:77:78:d6:23:d8:33:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
        Validity
            Not Before: Apr 15 13:37:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b489f0b5265caec1fc518e94ec40c86271f7624d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:36:87:43:46:d8:0c:53:77:08:bd:03:fe:83:
                    59:1a:bf:84:78:d4:6a:63:4e:17:1b:86:d5:78:66:
                    e9:71:27:e2:ff:ed:19:68:0a:fa:3b:4b:e8:45:57:
                    d2:e4:26:b2:92:fc:72:d1:ae:aa:c7:a5:14:9c:51:
                    41:26:04:8e:fe:da:7e:1f:81:a0:cb:7e:72:d7:e7:
                    81:40:8e:66:64:18:92:1e:0c:93:ee:46:b3:56:b0:
                    09:8d:71:3e:f4:cb:b1:8a:4c:12:1b:14:c4:31:5a:
                    41:ea:74:4f:8b:05:cc:29:93:66:5d:ad:de:1d:bf:
                    63:da:ee:96:64:9c:73:ac:4c:a2:bf:40:30:d1:48:
                    e2:cf:5b:62:62:9b:25:3d:fa:6a:aa:51:ab:ca:90:
                    df:b2:32:9e:64:df:fd:a8:e4:bd:96:83:35:70:be:
                    a2:c1:45:69:f7:f4:48:1e:95:e1:0b:6d:15:aa:45:
                    25:cc:03:61:1d:fa:f5:75:69:ef:64:0e:2d:3b:07:
                    b5:23:b8:ce:30:aa:c6:af:8b:60:db:4c:28:86:6c:
                    e2:83:c9:6a:9d:6a:b7:f7:b1:34:7f:24:97:b6:78:
                    eb:9f:d6:d4:39:06:99:29:86:81:4c:22:00:3c:35:
                    6b:c3:aa:11:72:4e:13:ef:4b:a3:35:09:ba:ba:fa:
                    a8:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:89:F0:B5:26:5C:AE:C1:FC:51:8E:94:EC:40:C8:62:71:F7:62:4D
            X509v3 Authority Key Identifier:
                keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/tInwtSZcrsH8UY6U7EDIYnH3Yk0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:4900::/29
                  2a13:9f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         74:f1:09:18:ba:54:eb:1a:5e:7d:3f:46:88:96:ae:94:b8:16:
         c3:cc:5d:21:d7:86:4c:bd:83:df:cb:f7:34:78:a0:dc:74:d4:
         d2:76:12:65:53:85:7b:c2:d9:53:11:54:21:3b:b6:80:f2:04:
         fa:b3:8d:10:62:4c:84:e3:6b:e0:09:11:ae:12:0c:d4:f1:f7:
         85:48:2e:ac:d1:b5:68:fe:13:8d:77:a5:6f:0b:bb:1b:5a:5d:
         06:f5:a7:5c:77:ab:d6:5e:d8:e9:9b:7f:4a:40:a5:f3:72:6a:
         52:21:1c:83:68:da:21:bb:8f:57:84:57:d0:a3:4b:17:9f:15:
         d6:2c:b7:64:82:46:d2:ff:8d:c4:5c:09:6c:4a:aa:73:f0:a9:
         98:8a:24:f7:2a:64:d1:45:cd:22:20:d5:fc:40:60:f1:26:9e:
         33:0c:e6:f0:fb:b8:bc:36:2f:fd:00:72:c3:14:78:18:7d:3a:
         e2:f3:4a:27:80:ba:02:15:39:ab:68:67:34:af:c8:2d:2d:31:
         ec:72:b0:7c:0a:3f:1a:ee:49:0c:62:21:6e:9b:0e:64:4b:ea:
         ab:e0:f9:32:cb:ed:9c:81:22:e0:dd:ed:3c:fc:09:2f:ed:b3:
         3f:7d:f6:9a:5b:62:35:b0:fb:3b:1d:36:3d:de:c8:04:9e:a7:
         bf:64:64:03
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZY5qwGBkW1AGWh3eNYj2DPyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwNDE1MTMzNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDg5ZjBiNTI2NWNhZWMxZmM1MThlOTRlYzQwYzg2MjcxZjc2MjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjaHQ0bYDFN3CL0D/oNZGr+EeNRq
Y04XG4bVeGbpcSfi/+0ZaAr6O0voRVfS5Caykvxy0a6qx6UUnFFBJgSO/tp+H4Gg
y35y1+eBQI5mZBiSHgyT7kazVrAJjXE+9MuxikwSGxTEMVpB6nRPiwXMKZNmXa3e
Hb9j2u6WZJxzrEyiv0Aw0Ujiz1tiYpslPfpqqlGrypDfsjKeZN/9qOS9loM1cL6i
wUVp9/RIHpXhC20VqkUlzANhHfr1dWnvZA4tOwe1I7jOMKrGr4tg20wohmzig8lq
nWq397E0fySXtnjrn9bUOQaZKYaBTCIAPDVrw6oRck4T70ujNQm6uvqoewIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLSJ8LUmXK7B/FGOlOxAyGJx92JNMB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvdElud3RTWmNyc0g4VVk2VTdFRElZbkgzWWswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhNJAAMF
AyoTnwAwDQYJKoZIhvcNAQELBQADggEBAHTxCRi6VOsaXn0/RoiWrpS4FsPMXSHX
hky9g9/L9zR4oNx01NJ2EmVThXvC2VMRVCE7toDyBPqzjRBiTITja+AJEa4SDNTx
94VILqzRtWj+E413pW8LuxtaXQb1p1x3q9Ze2Ombf0pApfNyalIhHINo2iG7j1eE
V9CjSxefFdYst2SCRtL/jcRcCWxKqnPwqZiKJPcqZNFFzSIg1fxAYPEmnjMM5vD7
uLw2L/0AcsMUeBh9OuLzSieAugIVOatoZzSvyC0tMexysHwKPxruSQxiIW6bDmRL
6qvg+TLL7ZyBIuDd7Tz8CS/tsz999ppbYjWw+zsdNj3eyASep79kZAM=
-----END CERTIFICATE-----