Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/5jihEGuQ4yw7LrN-GxhKRXWzO7o.roa
File:                     5jihEGuQ4yw7LrN-GxhKRXWzO7o.roa (raw, json)
Hash identifier:          i+yfzR8jSMTDKBjs/TXoC5+0uTvIRes38f4P8v9dk/U=
Subject key identifier:   E6:38:A1:10:6B:90:E3:2C:3B:2E:B3:7E:1B:18:4A:45:75:B3:3B:BA
Certificate issuer:       /CN=7d965ea6b39c22aec2ad2d4d4c0a3a313df1defa
Certificate serial:       01942143C0970D927CF2C45CD41971D777BA
Authority key identifier: 7D:96:5E:A6:B3:9C:22:AE:C2:AD:2D:4D:4C:0A:3A:31:3D:F1:DE:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fZZeprOcIq7CrS1NTAo6MT3x3vo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/5jihEGuQ4yw7LrN-GxhKRXWzO7o.roa
Signing time:             Wed 01 Jan 2025 09:47:55 +0000
ROA not before:           Wed 01 Jan 2025 09:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208029
IP address blocks:        2a13:79c7:2100::/40 maxlen: 48
                          2a13:79c7:2120::/47 maxlen: 47
                          2a13:79c7:2122::/47 maxlen: 47
                          2a13:79c7:2124::/47 maxlen: 47
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/fZZeprOcIq7CrS1NTAo6MT3x3vo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/fZZeprOcIq7CrS1NTAo6MT3x3vo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fZZeprOcIq7CrS1NTAo6MT3x3vo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 21:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:c0:97:0d:92:7c:f2:c4:5c:d4:19:71:d7:77:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d965ea6b39c22aec2ad2d4d4c0a3a313df1defa
        Validity
            Not Before: Jan  1 09:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e638a1106b90e32c3b2eb37e1b184a4575b33bba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:e5:bd:95:62:d4:b9:79:7a:85:11:4a:92:08:
                    a2:2b:b2:b8:17:29:83:bd:81:78:40:39:ab:0d:e0:
                    bc:96:06:18:11:18:8a:1f:0a:de:6a:16:fd:63:e7:
                    61:a6:2c:8e:38:7f:5e:aa:3e:41:6b:50:3b:9a:06:
                    56:e2:e9:bc:69:e8:b1:bd:d5:f2:ee:e1:03:e3:bd:
                    dd:1d:db:86:65:e8:cc:f4:40:f6:b0:c0:b8:9a:b2:
                    de:36:e3:8a:6c:a1:b7:99:e4:2f:bb:1d:76:4c:9c:
                    c2:06:38:af:44:05:1d:df:f7:76:48:28:1f:14:3b:
                    77:b4:6b:bc:5b:31:1a:87:19:82:fa:64:c6:f2:77:
                    6e:85:cf:b8:8a:78:82:cd:48:b1:46:d9:55:5a:c1:
                    b0:2b:58:cb:9e:7f:05:03:69:61:5a:79:0e:3b:fe:
                    85:da:d5:14:0b:02:a2:61:b9:41:ac:33:53:01:5d:
                    69:4f:e3:77:7f:68:8b:ae:37:c4:df:6d:73:33:c7:
                    f8:cb:e4:8b:53:56:7f:42:8b:9a:cc:84:88:75:50:
                    a2:ce:59:38:40:34:f8:b8:42:88:a8:7b:79:d9:cb:
                    2c:db:b8:83:fd:26:89:63:3a:65:76:21:c8:47:48:
                    d4:d1:be:30:19:ca:aa:b4:0f:58:4a:8e:aa:53:55:
                    2c:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:38:A1:10:6B:90:E3:2C:3B:2E:B3:7E:1B:18:4A:45:75:B3:3B:BA
            X509v3 Authority Key Identifier:
                keyid:7D:96:5E:A6:B3:9C:22:AE:C2:AD:2D:4D:4C:0A:3A:31:3D:F1:DE:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fZZeprOcIq7CrS1NTAo6MT3x3vo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/5jihEGuQ4yw7LrN-GxhKRXWzO7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/dbb22b-2a1a-4762-a0f7-32f5a9507731/1/fZZeprOcIq7CrS1NTAo6MT3x3vo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:79c7:2100::/40

    Signature Algorithm: sha256WithRSAEncryption
         60:73:d6:07:c4:d0:cd:a3:de:50:59:2a:1e:ec:cc:93:e4:a4:
         9f:b4:1c:8b:2d:48:a6:26:c6:f4:cc:ad:b4:c7:12:5e:ba:17:
         3e:c8:b5:ee:fc:54:97:12:d9:9d:71:93:0c:16:e1:87:cf:74:
         89:0c:25:45:84:e0:fe:8d:19:aa:fd:46:82:0d:6d:79:66:05:
         b1:42:ff:4a:6a:84:4c:7e:58:c5:68:0b:62:c5:e6:84:ce:bd:
         5f:89:58:ca:1f:f0:28:0b:02:33:25:30:90:68:f0:70:60:77:
         d3:c3:60:ed:11:a4:e1:eb:95:01:1f:be:f7:a5:63:3a:73:67:
         d7:d0:26:17:2b:6b:7c:2b:1c:f8:dd:48:4a:34:47:34:54:94:
         7f:85:b4:83:2d:85:73:aa:0c:50:d3:54:f8:66:6e:cb:1c:30:
         cf:63:df:ff:b2:f9:f9:08:34:ed:7e:7f:63:1d:c8:79:e1:6c:
         11:c8:bc:2d:fc:3c:ab:1f:d9:07:b5:0c:e8:f4:14:51:6e:94:
         0a:fe:d5:c6:3b:5c:a4:9d:54:99:82:6a:35:d5:a2:a4:cb:c2:
         98:d2:4b:7f:37:76:58:39:dd:fb:4d:13:0c:c1:16:02:47:90:
         a3:30:d5:b4:70:6b:36:f2:14:6e:80:ea:cc:e4:e3:77:3b:8a:
         e9:51:79:c0
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQhQ8CXDZJ88sRc1Blx13e6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkOTY1ZWE2YjM5YzIyYWVjMmFkMmQ0ZDRjMGEzYTMxM2Rm
MWRlZmEwHhcNMjUwMTAxMDk0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjM4YTExMDZiOTBlMzJjM2IyZWIzN2UxYjE4NGE0NTc1YjMzYmJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy+W9lWLUuXl6hRFKkgiiK7K4FymD
vYF4QDmrDeC8lgYYERiKHwreahb9Y+dhpiyOOH9eqj5Ba1A7mgZW4um8aeixvdXy
7uED473dHduGZejM9ED2sMC4mrLeNuOKbKG3meQvux12TJzCBjivRAUd3/d2SCgf
FDt3tGu8WzEahxmC+mTG8nduhc+4iniCzUixRtlVWsGwK1jLnn8FA2lhWnkOO/6F
2tUUCwKiYblBrDNTAV1pT+N3f2iLrjfE321zM8f4y+SLU1Z/QouazISIdVCizlk4
QDT4uEKIqHt52css27iD/SaJYzpldiHIR0jU0b4wGcqqtA9YSo6qU1UsqQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFOY4oRBrkOMsOy6zfhsYSkV1szu6MB8GA1UdIwQY
MBaAFH2WXqaznCKuwq0tTUwKOjE98d76MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlpaZXByT2NJcTdDclMxTlRBbzZNVDN4M3ZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9kYmIyMmItMmExYS00NzYyLWEwZjct
MzJmNWE5NTA3NzMxLzEvNWppaEVHdVE0eXc3THJOLUd4aEtSWFd6TzdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9kYmIyMmItMmExYS00NzYyLWEwZjctMzJmNWE5NTA3NzMx
LzEvZlpaZXByT2NJcTdDclMxTlRBbzZNVDN4M3ZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhN5xyEw
DQYJKoZIhvcNAQELBQADggEBAGBz1gfE0M2j3lBZKh7szJPkpJ+0HIstSKYmxvTM
rbTHEl66Fz7Ite78VJcS2Z1xkwwW4YfPdIkMJUWE4P6NGar9RoINbXlmBbFC/0pq
hEx+WMVoC2LF5oTOvV+JWMof8CgLAjMlMJBo8HBgd9PDYO0RpOHrlQEfvvelYzpz
Z9fQJhcra3wrHPjdSEo0RzRUlH+FtIMthXOqDFDTVPhmbsscMM9j3/+y+fkINO1+
f2MdyHnhbBHIvC38PKsf2Qe1DOj0FFFulAr+1cY7XKSdVJmCajXVoqTLwpjSS383
dlg53ftNEwzBFgJHkKMw1bRwazbyFG6A6szk43c7iulRecA=
-----END CERTIFICATE-----