Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/3YupD0E1MQgwS1xrKNs025XGrvU.roa
File:                     3YupD0E1MQgwS1xrKNs025XGrvU.roa (raw, json)
Hash identifier:          21HOFTvc6Ct7i0rTAQHqk7NP6aZsXA22C7NraCUFkZ8=
Subject key identifier:   DD:8B:A9:0F:41:35:31:08:30:4B:5C:6B:28:DB:34:DB:95:C6:AE:F5
Certificate issuer:       /CN=5524b2e26dd3afcc5c1eac01f90263d201fbe099
Certificate serial:       019424457B32842716DC1CC52A2C48A5DB42
Authority key identifier: 55:24:B2:E2:6D:D3:AF:CC:5C:1E:AC:01:F9:02:63:D2:01:FB:E0:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/3YupD0E1MQgwS1xrKNs025XGrvU.roa
Signing time:             Wed 01 Jan 2025 23:48:40 +0000
ROA not before:           Wed 01 Jan 2025 23:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216213
IP address blocks:        2a13:e0c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 22:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:7b:32:84:27:16:dc:1c:c5:2a:2c:48:a5:db:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5524b2e26dd3afcc5c1eac01f90263d201fbe099
        Validity
            Not Before: Jan  1 23:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dd8ba90f41353108304b5c6b28db34db95c6aef5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:36:72:60:26:b6:20:c7:16:ad:7e:6e:ec:06:
                    ee:57:71:41:06:6e:c9:50:25:3c:ff:8b:7a:c2:aa:
                    75:52:05:d1:9d:80:b6:1b:95:4f:68:3f:de:33:a5:
                    70:b4:c8:ac:5e:53:73:29:38:c2:33:81:ce:fe:b0:
                    fa:96:07:36:9d:49:d2:e4:ca:92:bc:06:34:26:00:
                    aa:a0:62:45:25:5b:62:ad:c4:06:6a:d5:72:90:a9:
                    ba:a9:f6:e0:21:80:52:77:d5:71:94:e0:5a:ca:f4:
                    54:b6:45:61:7c:56:09:93:3f:0c:68:f5:ce:af:21:
                    c7:29:e8:f1:63:e7:e8:df:d3:31:ca:58:1a:a0:05:
                    f3:99:9e:9e:d2:52:47:68:4c:a4:01:09:90:43:a2:
                    0b:b4:b9:fd:5c:d0:2b:46:02:59:a4:47:b3:0a:e0:
                    79:01:c4:45:a9:17:35:1f:cb:25:29:8f:c7:c1:6e:
                    c5:97:c0:e7:27:43:c7:df:2f:c0:2d:74:52:63:ad:
                    f5:68:63:5c:cf:28:42:dc:0e:15:90:f7:e4:42:31:
                    39:b3:ab:05:75:d6:ba:ad:3e:03:f2:c8:84:ae:38:
                    86:56:ce:14:de:71:bc:9e:05:86:41:31:07:76:4f:
                    4a:2b:70:9a:42:37:d9:be:14:cf:24:ca:49:23:76:
                    5c:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:8B:A9:0F:41:35:31:08:30:4B:5C:6B:28:DB:34:DB:95:C6:AE:F5
            X509v3 Authority Key Identifier:
                keyid:55:24:B2:E2:6D:D3:AF:CC:5C:1E:AC:01:F9:02:63:D2:01:FB:E0:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/3YupD0E1MQgwS1xrKNs025XGrvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:e0c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         94:36:e0:5f:99:28:92:fa:35:18:bf:e4:f5:a6:d2:02:b7:c4:
         fd:f5:fa:02:e7:6c:a8:30:c9:03:b2:83:fa:04:b9:ce:1c:51:
         81:8b:f0:b4:8d:49:7d:89:f4:7f:1f:c9:57:3f:e0:d4:d8:b6:
         82:09:6b:81:9a:7f:e2:84:5d:60:0b:c5:44:a4:6f:00:07:21:
         38:36:24:54:33:dc:c9:54:46:6a:e4:10:13:45:4f:b8:78:0e:
         d4:c5:61:ab:d7:33:4b:8a:5b:c1:64:8a:8b:35:95:ed:f8:1b:
         59:06:10:85:f0:64:0a:b6:b4:f9:68:67:42:f7:ea:27:08:27:
         47:18:f3:fa:3e:39:7a:84:ce:95:d3:f1:2a:80:48:c3:27:0e:
         6c:dd:52:95:75:1b:bd:5e:4d:39:1b:92:e1:f0:c9:58:df:e9:
         b8:ee:2f:9d:24:cc:c0:dc:a3:60:f0:d1:20:d7:9d:d2:05:9d:
         19:36:e9:57:89:ea:79:7d:7c:72:03:df:3f:a4:20:2c:3c:6c:
         19:ff:ee:b3:78:46:6b:6d:20:1a:34:91:94:2e:98:be:5f:b6:
         ae:60:97:3e:f2:c8:37:bb:70:46:35:a7:07:9c:13:03:4f:18:
         6c:94:f2:d2:0d:c3:cb:69:1b:2a:c2:8c:49:e3:82:1e:ef:12:
         14:da:04:ad
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQkRXsyhCcW3BzFKixIpdtCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1MjRiMmUyNmRkM2FmY2M1YzFlYWMwMWY5MDI2M2QyMDFm
YmUwOTkwHhcNMjUwMTAxMjM0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDhiYTkwZjQxMzUzMTA4MzA0YjVjNmIyOGRiMzRkYjk1YzZhZWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjZyYCa2IMcWrX5u7AbuV3FBBm7J
UCU8/4t6wqp1UgXRnYC2G5VPaD/eM6VwtMisXlNzKTjCM4HO/rD6lgc2nUnS5MqS
vAY0JgCqoGJFJVtircQGatVykKm6qfbgIYBSd9VxlOBayvRUtkVhfFYJkz8MaPXO
ryHHKejxY+fo39MxylgaoAXzmZ6e0lJHaEykAQmQQ6ILtLn9XNArRgJZpEezCuB5
AcRFqRc1H8slKY/HwW7Fl8DnJ0PH3y/ALXRSY631aGNczyhC3A4VkPfkQjE5s6sF
dda6rT4D8siErjiGVs4U3nG8ngWGQTEHdk9KK3CaQjfZvhTPJMpJI3Zc7wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFN2LqQ9BNTEIMEtcayjbNNuVxq71MB8GA1UdIwQY
MBaAFFUksuJt06/MXB6sAfkCY9IB++CZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlNTeTRtM1RyOHhjSHF3Qi1RSmowZ0g3NEprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8xNDMzOTItZDg2OC00YTI2LTg1NDMt
M2FhMjIyN2JhZGZlLzEvM1l1cEQwRTFNUWd3UzF4cktOczAyNVhHcnZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8xNDMzOTItZDg2OC00YTI2LTg1NDMtM2FhMjIyN2JhZGZl
LzEvVlNTeTRtM1RyOHhjSHF3Qi1RSmowZ0g3NEprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPgwDAN
BgkqhkiG9w0BAQsFAAOCAQEAlDbgX5kokvo1GL/k9abSArfE/fX6AudsqDDJA7KD
+gS5zhxRgYvwtI1JfYn0fx/JVz/g1Ni2gglrgZp/4oRdYAvFRKRvAAchODYkVDPc
yVRGauQQE0VPuHgO1MVhq9czS4pbwWSKizWV7fgbWQYQhfBkCra0+WhnQvfqJwgn
Rxjz+j45eoTOldPxKoBIwycObN1SlXUbvV5NORuS4fDJWN/puO4vnSTMwNyjYPDR
INed0gWdGTbpV4nqeX18cgPfP6QgLDxsGf/us3hGa20gGjSRlC6Yvl+2rmCXPvLI
N7twRjWnB5wTA08YbJTy0g3Dy2kbKsKMSeOCHu8SFNoErQ==
-----END CERTIFICATE-----