Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9f5223-a56c-465b-ac65-fd152a6a0587/1/U6VNcEpQLheujm9tfxISPahfL9s.roa
File:                     U6VNcEpQLheujm9tfxISPahfL9s.roa (raw, json)
Hash identifier:          tqMx8bcAAmv5ueMpkfbZ9NeoounqgDLr2ieBeeNoTVg=
Subject key identifier:   53:A5:4D:70:4A:50:2E:17:AE:8E:6F:6D:7F:12:12:3D:A8:5F:2F:DB
Certificate issuer:       /CN=e5aaf76d27ba812e0d5ce2305f17c53188c2580c
Certificate serial:       019423D737DD29B9909F84018D32C2025C6B
Authority key identifier: E5:AA:F7:6D:27:BA:81:2E:0D:5C:E2:30:5F:17:C5:31:88:C2:58:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5ar3bSe6gS4NXOIwXxfFMYjCWAw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9f5223-a56c-465b-ac65-fd152a6a0587/1/U6VNcEpQLheujm9tfxISPahfL9s.roa
Signing time:             Wed 01 Jan 2025 21:48:14 +0000
ROA not before:           Wed 01 Jan 2025 21:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35773
IP address blocks:        2a13:d880::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9f5223-a56c-465b-ac65-fd152a6a0587/1/5ar3bSe6gS4NXOIwXxfFMYjCWAw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9f5223-a56c-465b-ac65-fd152a6a0587/1/5ar3bSe6gS4NXOIwXxfFMYjCWAw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5ar3bSe6gS4NXOIwXxfFMYjCWAw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:37:dd:29:b9:90:9f:84:01:8d:32:c2:02:5c:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e5aaf76d27ba812e0d5ce2305f17c53188c2580c
        Validity
            Not Before: Jan  1 21:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53a54d704a502e17ae8e6f6d7f12123da85f2fdb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:5b:9e:7b:e5:f3:b8:52:6a:de:0c:31:1e:e2:
                    f8:01:fa:85:a0:6c:25:fb:77:76:c6:a3:39:bd:5f:
                    82:2a:f4:64:6f:a6:b1:ca:01:f7:d4:fc:fc:90:28:
                    9c:dc:b6:7f:92:d1:c7:05:20:c0:fd:59:76:26:05:
                    2e:2d:24:9e:9b:65:47:5e:64:5f:0c:df:3a:5a:55:
                    6d:7e:5c:56:dd:a1:f7:6a:8d:41:b7:b7:10:a2:60:
                    d9:d3:d8:20:0c:e3:63:87:01:c2:9f:3a:f5:0e:54:
                    0e:6f:26:d2:3a:83:03:29:3c:65:ca:36:8e:69:69:
                    59:78:2d:2a:f2:eb:64:2b:56:68:ba:5e:31:96:b4:
                    9b:fb:25:90:d3:73:f2:dd:82:92:9f:14:35:52:45:
                    0b:05:5a:a7:8c:34:50:a7:65:56:65:51:0b:ca:b0:
                    32:11:f6:4e:8f:aa:e8:39:80:de:78:1a:20:79:60:
                    b2:56:81:af:af:0a:55:8c:5c:b3:5c:41:12:e1:a5:
                    0c:25:2b:54:f4:65:6c:a9:46:35:14:68:a6:bf:b7:
                    e2:3f:8a:f5:6c:0d:6a:f8:73:2c:78:50:06:9d:75:
                    c2:d2:5c:19:78:26:96:c2:51:0a:aa:5a:0d:e3:eb:
                    93:20:f0:13:fa:2c:1b:a7:4e:ec:47:c4:7f:80:b8:
                    84:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:A5:4D:70:4A:50:2E:17:AE:8E:6F:6D:7F:12:12:3D:A8:5F:2F:DB
            X509v3 Authority Key Identifier:
                keyid:E5:AA:F7:6D:27:BA:81:2E:0D:5C:E2:30:5F:17:C5:31:88:C2:58:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5ar3bSe6gS4NXOIwXxfFMYjCWAw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9f5223-a56c-465b-ac65-fd152a6a0587/1/U6VNcEpQLheujm9tfxISPahfL9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9f5223-a56c-465b-ac65-fd152a6a0587/1/5ar3bSe6gS4NXOIwXxfFMYjCWAw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:d880::/29

    Signature Algorithm: sha256WithRSAEncryption
         0d:81:3c:af:4a:bd:a8:3b:49:38:ce:e5:5c:61:76:92:c7:6d:
         3a:d0:e0:d0:8f:02:d3:ef:c7:ec:ec:6b:38:ce:b4:b3:56:ae:
         37:cb:0c:6e:60:00:0e:96:bc:d5:4c:bb:f7:75:2d:07:ea:81:
         93:9e:08:4c:a0:bc:ec:95:c4:4f:62:36:cd:4f:7c:cd:ab:fb:
         1b:e0:7f:7d:36:30:50:b8:0a:76:cd:85:b7:ad:1b:76:7d:6e:
         a4:90:73:da:7f:41:7c:c2:c9:e3:ba:4c:78:3f:97:69:6e:4d:
         6f:5a:e9:a3:4d:08:c1:6a:58:bd:22:50:2e:37:8f:1e:95:df:
         c2:0c:e2:6a:04:e2:5b:ae:ab:a9:14:86:64:bb:75:34:ed:e1:
         ed:ec:05:b7:80:b1:99:03:3b:71:ea:b6:56:4b:1f:11:ca:ae:
         8d:e5:0f:80:98:dc:d1:11:2f:2e:4a:f3:52:bc:8e:3c:53:65:
         f9:1f:3e:cd:60:75:6f:da:ce:a0:29:28:cb:a7:68:30:91:c3:
         69:c9:89:67:5b:16:ce:9a:be:41:d5:ff:5d:e0:d4:7d:46:e5:
         16:a6:fa:10:9a:99:20:dd:57:78:d5:bb:d6:b7:df:4a:ad:ec:
         91:77:b6:bc:bf:42:17:55:00:da:a2:19:77:18:5f:a1:a6:b7:
         29:6a:55:36
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQj1zfdKbmQn4QBjTLCAlxrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1YWFmNzZkMjdiYTgxMmUwZDVjZTIzMDVmMTdjNTMxODhj
MjU4MGMwHhcNMjUwMTAxMjE0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2E1NGQ3MDRhNTAyZTE3YWU4ZTZmNmQ3ZjEyMTIzZGE4NWYyZmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFuee+XzuFJq3gwxHuL4AfqFoGwl
+3d2xqM5vV+CKvRkb6axygH31Pz8kCic3LZ/ktHHBSDA/Vl2JgUuLSSem2VHXmRf
DN86WlVtflxW3aH3ao1Bt7cQomDZ09ggDONjhwHCnzr1DlQObybSOoMDKTxlyjaO
aWlZeC0q8utkK1Zoul4xlrSb+yWQ03Py3YKSnxQ1UkULBVqnjDRQp2VWZVELyrAy
EfZOj6roOYDeeBogeWCyVoGvrwpVjFyzXEES4aUMJStU9GVsqUY1FGimv7fiP4r1
bA1q+HMseFAGnXXC0lwZeCaWwlEKqloN4+uTIPAT+iwbp07sR8R/gLiEAQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFOlTXBKUC4Xro5vbX8SEj2oXy/bMB8GA1UdIwQY
MBaAFOWq920nuoEuDVziMF8XxTGIwlgMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNWFyM2JTZTZnUzROWE9Jd1h4ZkZNWWpDV0F3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85ZjUyMjMtYTU2Yy00NjViLWFjNjUt
ZmQxNTJhNmEwNTg3LzEvVTZWTmNFcFFMaGV1am05dGZ4SVNQYWhmTDlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85ZjUyMjMtYTU2Yy00NjViLWFjNjUtZmQxNTJhNmEwNTg3
LzEvNWFyM2JTZTZnUzROWE9Jd1h4ZkZNWWpDV0F3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPYgDAN
BgkqhkiG9w0BAQsFAAOCAQEADYE8r0q9qDtJOM7lXGF2ksdtOtDg0I8C0+/H7Oxr
OM60s1auN8sMbmAADpa81Uy793UtB+qBk54ITKC87JXET2I2zU98zav7G+B/fTYw
ULgKds2Ft60bdn1upJBz2n9BfMLJ47pMeD+XaW5Nb1rpo00IwWpYvSJQLjePHpXf
wgziagTiW66rqRSGZLt1NO3h7ewFt4CxmQM7ceq2VksfEcqujeUPgJjc0REvLkrz
UryOPFNl+R8+zWB1b9rOoCkoy6doMJHDacmJZ1sWzpq+QdX/XeDUfUblFqb6EJqZ
IN1XeNW71rffSq3skXe2vL9CF1UA2qIZdxhfoaa3KWpVNg==
-----END CERTIFICATE-----