Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/nA32LB0mYPwIX7MPEWO5__8MQk8.roa
File:                     nA32LB0mYPwIX7MPEWO5__8MQk8.roa (raw, json)
Hash identifier:          aBCwRqT9DfdJNy6cO2f5LVquWP4w8QyjXDCVhCrrUPY=
Subject key identifier:   9C:0D:F6:2C:1D:26:60:FC:08:5F:B3:0F:11:63:B9:FF:FF:0C:42:4F
Certificate issuer:       /CN=5524b2e26dd3afcc5c1eac01f90263d201fbe099
Certificate serial:       01971884F035008C081ABA4D94E7088E1A2F
Authority key identifier: 55:24:B2:E2:6D:D3:AF:CC:5C:1E:AC:01:F9:02:63:D2:01:FB:E0:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/nA32LB0mYPwIX7MPEWO5__8MQk8.roa
Signing time:             Wed 28 May 2025 20:10:54 +0000
ROA not before:           Wed 28 May 2025 20:10:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212477
IP address blocks:        2a13:4a80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 02:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:18:84:f0:35:00:8c:08:1a:ba:4d:94:e7:08:8e:1a:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5524b2e26dd3afcc5c1eac01f90263d201fbe099
        Validity
            Not Before: May 28 20:10:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c0df62c1d2660fc085fb30f1163b9ffff0c424f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:63:3c:40:07:e2:75:f7:43:ef:5c:49:05:8e:
                    92:06:24:87:82:3e:3f:11:d0:30:ea:58:38:b0:37:
                    a2:35:4e:d5:d5:44:22:49:83:27:35:26:fb:78:18:
                    93:73:48:ae:56:4a:7c:07:d5:4f:d5:d3:82:cf:a2:
                    a7:c9:08:c0:b0:70:d7:db:7b:a9:c2:dc:8e:3f:80:
                    cd:96:79:49:4d:0a:57:3f:2e:5f:8a:63:98:86:6e:
                    54:bc:87:de:bd:7d:95:f4:20:70:1e:b5:2f:38:0b:
                    e9:14:22:85:9f:b8:f1:08:8b:f8:c2:9f:71:2d:88:
                    e4:cf:a0:38:70:fa:90:7e:f4:86:e4:c8:a5:22:41:
                    f4:0c:89:87:16:ba:5b:15:20:5b:4d:83:42:19:a0:
                    93:90:01:a9:56:c0:1f:dc:db:79:1f:82:93:92:51:
                    9d:ca:26:83:86:2e:21:2c:a7:64:f9:4c:00:60:87:
                    cc:74:2a:04:10:f0:41:83:7f:ee:1e:ad:f7:f4:bf:
                    1a:e1:bf:64:d5:8f:f5:46:87:87:0d:10:90:c9:f7:
                    c9:03:1a:fe:32:84:27:16:1b:22:a8:3b:51:60:f6:
                    bb:79:7b:ec:e2:74:bb:3d:25:c8:49:27:22:86:f9:
                    bf:fe:f7:67:37:f1:6c:ef:d9:ef:58:47:b8:27:ec:
                    4d:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:0D:F6:2C:1D:26:60:FC:08:5F:B3:0F:11:63:B9:FF:FF:0C:42:4F
            X509v3 Authority Key Identifier:
                keyid:55:24:B2:E2:6D:D3:AF:CC:5C:1E:AC:01:F9:02:63:D2:01:FB:E0:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/nA32LB0mYPwIX7MPEWO5__8MQk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:4a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         49:a2:cd:e5:61:4f:06:39:66:f6:68:d3:18:64:0d:3f:6d:7b:
         27:f2:3e:ba:e7:cd:7a:58:12:92:39:3c:b4:b4:1a:2d:2b:e8:
         d9:94:13:f1:66:77:e2:23:50:39:be:be:ac:b1:fb:df:11:3d:
         37:01:b7:dd:dd:66:17:c0:d1:bb:dd:77:ab:e7:e6:b6:97:ba:
         b2:3f:8d:4d:a9:e6:e0:50:54:c3:8d:3d:af:27:10:52:d3:74:
         97:4c:17:bb:a6:e1:d7:8b:c1:a7:f6:35:c5:73:23:01:11:b4:
         18:08:4e:e3:c3:ca:59:2b:a8:28:36:87:fd:d1:c6:c7:65:78:
         04:87:36:e4:c1:15:c2:c6:70:24:fd:fd:db:e8:d6:25:0f:ca:
         23:09:b7:d4:99:66:22:1f:9b:c6:a3:ce:e6:e5:4e:1c:ea:5a:
         c5:ac:32:37:51:e0:d6:42:0a:17:d6:8a:9e:ae:73:c2:9b:e1:
         b7:7d:17:d1:b1:8d:02:4c:05:9f:d7:4c:e6:b3:df:c4:20:ad:
         34:65:7a:c4:14:7b:1f:a2:29:dc:51:f3:1e:bf:6e:53:ba:68:
         e7:ef:07:e9:a4:80:02:c6:3c:31:0e:4e:ff:14:43:64:84:2a:
         0b:3d:69:41:cb:77:85:be:f9:46:05:e7:fe:f4:cf:54:d8:04:
         bd:92:e4:d1
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZcYhPA1AIwIGrpNlOcIjhovMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1MjRiMmUyNmRkM2FmY2M1YzFlYWMwMWY5MDI2M2QyMDFm
YmUwOTkwHhcNMjUwNTI4MjAxMDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzBkZjYyYzFkMjY2MGZjMDg1ZmIzMGYxMTYzYjlmZmZmMGM0MjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0mM8QAfidfdD71xJBY6SBiSHgj4/
EdAw6lg4sDeiNU7V1UQiSYMnNSb7eBiTc0iuVkp8B9VP1dOCz6KnyQjAsHDX23up
wtyOP4DNlnlJTQpXPy5fimOYhm5UvIfevX2V9CBwHrUvOAvpFCKFn7jxCIv4wp9x
LYjkz6A4cPqQfvSG5MilIkH0DImHFrpbFSBbTYNCGaCTkAGpVsAf3Nt5H4KTklGd
yiaDhi4hLKdk+UwAYIfMdCoEEPBBg3/uHq339L8a4b9k1Y/1RoeHDRCQyffJAxr+
MoQnFhsiqDtRYPa7eXvs4nS7PSXISScihvm//vdnN/Fs79nvWEe4J+xNSQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJwN9iwdJmD8CF+zDxFjuf//DEJPMB8GA1UdIwQY
MBaAFFUksuJt06/MXB6sAfkCY9IB++CZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlNTeTRtM1RyOHhjSHF3Qi1RSmowZ0g3NEprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8xNDMzOTItZDg2OC00YTI2LTg1NDMt
M2FhMjIyN2JhZGZlLzEvbkEzMkxCMG1ZUHdJWDdNUEVXTzVfXzhNUWs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8xNDMzOTItZDg2OC00YTI2LTg1NDMtM2FhMjIyN2JhZGZl
LzEvVlNTeTRtM1RyOHhjSHF3Qi1RSmowZ0g3NEprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhNKgDAN
BgkqhkiG9w0BAQsFAAOCAQEASaLN5WFPBjlm9mjTGGQNP217J/I+uufNelgSkjk8
tLQaLSvo2ZQT8WZ34iNQOb6+rLH73xE9NwG33d1mF8DRu913q+fmtpe6sj+NTanm
4FBUw409rycQUtN0l0wXu6bh14vBp/Y1xXMjARG0GAhO48PKWSuoKDaH/dHGx2V4
BIc25MEVwsZwJP392+jWJQ/KIwm31JlmIh+bxqPO5uVOHOpaxawyN1Hg1kIKF9aK
nq5zwpvht30X0bGNAkwFn9dM5rPfxCCtNGV6xBR7H6Ip3FHzHr9uU7po5+8H6aSA
AsY8MQ5O/xRDZIQqCz1pQct3hb75RgXn/vTPVNgEvZLk0Q==
-----END CERTIFICATE-----