Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/b1964a-30ae-4482-845d-746365dba5bb/1/pu37aaPKmJJmzEZb3WE1L9EQpBE.roa
File:                     pu37aaPKmJJmzEZb3WE1L9EQpBE.roa (raw, json)
Hash identifier:          VP6IdjQYZ7B3GdQRubA1U7AJ3y5mN/9HjBZHj+QjimE=
Subject key identifier:   A6:ED:FB:69:A3:CA:98:92:66:CC:46:5B:DD:61:35:2F:D1:10:A4:11
Certificate issuer:       /CN=d57831c1f5e6002542bcebadef24128ad846eaf9
Certificate serial:       0198E834B1A7219B8210474C6C307AFD734E
Authority key identifier: D5:78:31:C1:F5:E6:00:25:42:BC:EB:AD:EF:24:12:8A:D8:46:EA:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1XgxwfXmACVCvOut7yQSithG6vk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/b1964a-30ae-4482-845d-746365dba5bb/1/pu37aaPKmJJmzEZb3WE1L9EQpBE.roa
Signing time:             Tue 26 Aug 2025 21:07:04 +0000
ROA not before:           Tue 26 Aug 2025 21:07:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209847
IP address blocks:        2a13:6300::/32 maxlen: 32
                          2a13:6304::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/b1964a-30ae-4482-845d-746365dba5bb/1/1XgxwfXmACVCvOut7yQSithG6vk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/b1964a-30ae-4482-845d-746365dba5bb/1/1XgxwfXmACVCvOut7yQSithG6vk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1XgxwfXmACVCvOut7yQSithG6vk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 17:17:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:e8:34:b1:a7:21:9b:82:10:47:4c:6c:30:7a:fd:73:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d57831c1f5e6002542bcebadef24128ad846eaf9
        Validity
            Not Before: Aug 26 21:07:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a6edfb69a3ca989266cc465bdd61352fd110a411
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:cb:da:ab:6b:46:f2:de:b1:7a:28:4b:05:0f:
                    28:03:fe:36:57:bc:24:f7:a0:41:98:cf:fc:ca:27:
                    09:c3:f4:b9:25:dc:d9:41:64:6b:c8:27:32:67:54:
                    f8:aa:86:a3:a9:ff:29:08:fa:3e:78:22:2d:2f:dc:
                    71:b0:f8:f0:91:f4:8b:f7:02:e5:f0:13:c3:2b:b1:
                    a8:76:c9:4a:26:71:0b:fe:41:8b:38:43:68:47:b8:
                    cf:ab:81:98:b0:5f:d4:51:d5:9c:d4:26:bb:82:23:
                    a9:ee:46:a0:df:5e:0b:7b:11:1b:2f:ec:61:80:ec:
                    fa:be:9d:fa:a2:2a:bb:36:96:59:8d:58:c2:b4:1e:
                    68:ec:10:16:78:08:d3:64:2e:07:f6:5b:1c:98:e5:
                    32:0a:46:59:3c:7e:2e:92:33:02:18:46:3a:e5:e6:
                    fd:eb:4f:ca:08:e2:fb:37:e3:6e:ab:e1:81:96:82:
                    3f:27:93:a2:6a:95:dd:5a:09:60:65:63:b7:d0:15:
                    65:0c:0d:f8:a3:5b:e8:a1:07:13:d2:8a:18:6c:a3:
                    0b:e4:b1:16:88:c0:6d:87:a3:96:d3:f4:81:3f:dc:
                    98:8a:42:fd:e8:47:a2:15:70:e9:2a:38:bf:ec:1a:
                    e2:3a:b0:4e:ad:28:d9:f7:e8:43:fd:3d:90:f5:ce:
                    97:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:ED:FB:69:A3:CA:98:92:66:CC:46:5B:DD:61:35:2F:D1:10:A4:11
            X509v3 Authority Key Identifier:
                keyid:D5:78:31:C1:F5:E6:00:25:42:BC:EB:AD:EF:24:12:8A:D8:46:EA:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1XgxwfXmACVCvOut7yQSithG6vk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/b1964a-30ae-4482-845d-746365dba5bb/1/pu37aaPKmJJmzEZb3WE1L9EQpBE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/b1964a-30ae-4482-845d-746365dba5bb/1/1XgxwfXmACVCvOut7yQSithG6vk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:6300::/32
                  2a13:6304::/32

    Signature Algorithm: sha256WithRSAEncryption
         6b:c7:eb:b5:59:8b:c2:74:04:c7:58:ed:63:87:73:0e:a2:e8:
         9d:ea:33:eb:2c:c0:5f:e8:02:b9:9c:b7:df:a5:13:ce:c0:9b:
         fc:2c:90:7e:5f:64:3d:a5:70:f9:c8:6f:7e:e6:20:4f:bf:8e:
         94:77:43:bf:7c:51:48:db:5a:01:a4:8a:69:8f:7e:c8:4d:86:
         ea:12:4c:7c:0d:64:63:ca:74:2e:6c:0b:18:7e:d5:3c:53:13:
         4c:8e:94:6c:0f:ee:6d:5f:21:f9:69:b2:49:97:d1:fa:30:01:
         ac:6d:11:a3:fd:8a:26:b4:81:7f:0d:33:e6:f4:7b:a3:82:08:
         28:9a:d0:5c:b4:16:b9:93:d8:52:da:65:63:d1:44:8b:93:fc:
         91:0d:87:5c:6d:60:d1:23:52:99:8f:4d:9a:16:0e:50:16:4a:
         67:c0:d3:eb:07:d9:4f:60:19:92:54:a4:26:b6:0a:04:b1:b9:
         78:27:e1:96:ff:fe:0d:2b:1f:1b:a3:f5:90:9b:8c:d1:76:00:
         ec:48:7a:b4:08:19:e0:11:ee:b1:83:de:80:99:4a:e0:f4:e7:
         59:d1:ac:13:44:cd:74:37:4b:3c:0b:1c:45:26:6d:b6:6e:b3:
         85:ec:7c:d6:48:9a:cb:b9:d3:ce:8c:7c:f7:02:c8:db:6c:72:
         c4:fc:42:c9
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZjoNLGnIZuCEEdMbDB6/XNOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NzgzMWMxZjVlNjAwMjU0MmJjZWJhZGVmMjQxMjhhZDg0
NmVhZjkwHhcNMjUwODI2MjEwNzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmVkZmI2OWEzY2E5ODkyNjZjYzQ2NWJkZDYxMzUyZmQxMTBhNDExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApMvaq2tG8t6xeihLBQ8oA/42V7wk
96BBmM/8yicJw/S5JdzZQWRryCcyZ1T4qoajqf8pCPo+eCItL9xxsPjwkfSL9wLl
8BPDK7GodslKJnEL/kGLOENoR7jPq4GYsF/UUdWc1Ca7giOp7kag314LexEbL+xh
gOz6vp36oiq7NpZZjVjCtB5o7BAWeAjTZC4H9lscmOUyCkZZPH4ukjMCGEY65eb9
60/KCOL7N+Nuq+GBloI/J5OiapXdWglgZWO30BVlDA34o1vooQcT0ooYbKML5LEW
iMBth6OW0/SBP9yYikL96EeiFXDpKji/7BriOrBOrSjZ9+hD/T2Q9c6XEQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKbt+2mjypiSZsxGW91hNS/REKQRMB8GA1UdIwQY
MBaAFNV4McH15gAlQrzrre8kEorYRur5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVhneHdmWG1BQ1ZDdk91dDd5UVNpdGhHNnZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC9iMTk2NGEtMzBhZS00NDgyLTg0NWQt
NzQ2MzY1ZGJhNWJiLzEvcHUzN2FhUEttSkptekVaYjNXRTFMOUVRcEJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC9iMTk2NGEtMzBhZS00NDgyLTg0NWQtNzQ2MzY1ZGJhNWJi
LzEvMVhneHdmWG1BQ1ZDdk91dDd5UVNpdGhHNnZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKhNjAAMF
ACoTYwQwDQYJKoZIhvcNAQELBQADggEBAGvH67VZi8J0BMdY7WOHcw6i6J3qM+ss
wF/oArmct9+lE87Am/wskH5fZD2lcPnIb37mIE+/jpR3Q798UUjbWgGkimmPfshN
huoSTHwNZGPKdC5sCxh+1TxTE0yOlGwP7m1fIflpskmX0fowAaxtEaP9iia0gX8N
M+b0e6OCCCia0Fy0FrmT2FLaZWPRRIuT/JENh1xtYNEjUpmPTZoWDlAWSmfA0+sH
2U9gGZJUpCa2CgSxuXgn4Zb//g0rHxuj9ZCbjNF2AOxIerQIGeAR7rGD3oCZSuD0
51nRrBNEzXQ3SzwLHEUmbbZus4XsfNZImsu5086MfPcCyNtscsT8Qsk=
-----END CERTIFICATE-----