Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/11/326131333a633030373a383031613a3a2f34382d3438203d3e2030.roa
File:                     326131333a633030373a383031613a3a2f34382d3438203d3e2030.roa (raw, json)
Hash identifier:          IG+vZ/fPQSrx47BMYI7QMTGbob3LNGJ8H7YniLo/348=
Subject key identifier:   DF:4D:0C:F6:6C:42:39:0E:CA:8E:C8:94:8A:5A:EE:06:86:4A:58:1F
Certificate issuer:       /CN=d4700d8e6f022571a0b26fcd4c70c0408ea4ffc9
Certificate serial:       4CB6A8BEA18C800D8BE9B17D3C2FBF54407AB1B3
Authority key identifier: D4:70:0D:8E:6F:02:25:71:A0:B2:6F:CD:4C:70:C0:40:8E:A4:FF:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1HANjm8CJXGgsm_NTHDAQI6k_8k.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/11/326131333a633030373a383031613a3a2f34382d3438203d3e2030.roa
Signing time:             Mon 16 Jun 2025 22:13:11 +0000
ROA not before:           Mon 16 Jun 2025 22:08:11 +0000
ROA not after:            Mon 15 Jun 2026 22:13:11 +0000
asID:                     0
IP address blocks:        2a13:c007:801a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/11/D4700D8E6F022571A0B26FCD4C70C0408EA4FFC9.crl
                          rsync://rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/11/D4700D8E6F022571A0B26FCD4C70C0408EA4FFC9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1HANjm8CJXGgsm_NTHDAQI6k_8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 15:47:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:b6:a8:be:a1:8c:80:0d:8b:e9:b1:7d:3c:2f:bf:54:40:7a:b1:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4700d8e6f022571a0b26fcd4c70c0408ea4ffc9
        Validity
            Not Before: Jun 16 22:08:11 2025 GMT
            Not After : Jun 15 22:13:11 2026 GMT
        Subject: CN=DF4D0CF66C42390ECA8EC8948A5AEE06864A581F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:f9:ce:12:93:22:de:08:28:f3:6e:84:54:a1:
                    3f:59:fe:3e:2f:b8:3b:a0:a1:d3:e4:d2:a3:d3:43:
                    49:70:07:50:70:93:9e:ea:b5:3a:bc:98:3e:98:55:
                    b7:82:d7:7c:dd:7a:a1:11:ad:e8:e1:f5:2d:e0:c2:
                    17:82:02:4b:b4:da:83:da:3a:b0:cf:ed:16:00:45:
                    98:b5:67:2b:94:35:11:04:ac:f6:23:31:43:a0:d7:
                    37:bf:c3:67:94:a7:d9:45:04:b9:30:84:d7:07:ac:
                    ea:9a:08:9d:2d:e6:75:e4:0e:65:7e:4d:d4:cb:69:
                    8e:82:5b:09:14:fc:41:e2:53:6a:3c:eb:eb:49:22:
                    22:29:3b:47:37:9b:f6:1c:61:63:f2:07:a3:1e:1f:
                    d3:66:e3:12:be:7e:0d:73:e7:f7:e7:0c:08:91:35:
                    b0:f4:e0:9d:0d:4b:01:f6:aa:52:76:49:d8:a3:b4:
                    a7:3a:7d:32:d7:4c:34:65:e3:07:98:30:87:fd:b7:
                    c5:02:98:ea:ed:62:e0:35:cd:56:58:a1:0f:2d:10:
                    86:81:7d:6a:f0:24:8a:83:a9:36:ac:66:4c:77:19:
                    c2:54:69:62:37:40:b9:ef:39:44:ba:95:10:de:0e:
                    1b:36:fc:7c:28:8e:90:ff:21:f9:0c:7a:42:41:9c:
                    1e:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:4D:0C:F6:6C:42:39:0E:CA:8E:C8:94:8A:5A:EE:06:86:4A:58:1F
            X509v3 Authority Key Identifier:
                keyid:D4:70:0D:8E:6F:02:25:71:A0:B2:6F:CD:4C:70:C0:40:8E:A4:FF:C9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/11/D4700D8E6F022571A0B26FCD4C70C0408EA4FFC9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1HANjm8CJXGgsm_NTHDAQI6k_8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/6ab96e7a6130498aa9813d7ee5bbed31/11/326131333a633030373a383031613a3a2f34382d3438203d3e2030.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c007:801a::/48

    Signature Algorithm: sha256WithRSAEncryption
         71:26:2c:8d:2e:7d:56:96:23:c3:f9:73:c6:b1:76:c5:28:31:
         5a:73:e6:4c:6a:49:8f:99:82:8f:a0:6f:89:56:79:ee:d2:8c:
         25:8e:3d:48:77:fb:ee:b7:5d:b1:28:6e:64:b8:81:20:71:45:
         a9:4b:a8:72:d6:f6:fc:34:3e:52:18:23:4b:83:57:63:57:45:
         62:ba:78:d4:d0:8e:d5:5b:cd:72:41:36:05:a3:7a:2e:bc:d8:
         c8:7c:be:88:8b:6e:35:63:20:a2:73:32:f8:ca:0e:4d:fb:15:
         5b:47:ff:3e:10:28:dc:70:60:7b:27:45:70:13:9a:a6:c0:04:
         ee:ec:cd:ae:76:38:6f:4f:f2:b7:11:7b:7a:6f:6b:3d:4d:c4:
         91:58:a5:71:65:72:f0:1e:3b:4f:c4:9f:9b:3c:df:3c:1f:a8:
         53:ad:12:79:52:f6:c9:a6:14:ed:0c:9f:3a:02:58:eb:47:4c:
         33:2c:f4:6a:dd:62:59:c6:02:fd:97:42:7e:46:23:ce:45:7f:
         fa:85:9e:a4:13:b6:82:cb:3a:3b:e8:51:8f:75:ec:ea:1d:50:
         35:bb:f2:df:91:68:ef:fe:94:41:72:2d:59:4d:49:55:1b:09:
         6c:79:76:32:de:54:c3:af:71:f7:6a:23:a4:32:58:04:0f:6f:
         1c:67:6c:9f
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgIUTLaovqGMgA2L6bF9PC+/VEB6sbMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZDQ3MDBkOGU2ZjAyMjU3MWEwYjI2ZmNkNGM3MGMwNDA4
ZWE0ZmZjOTAeFw0yNTA2MTYyMjA4MTFaFw0yNjA2MTUyMjEzMTFaMDMxMTAvBgNV
BAMTKERGNEQwQ0Y2NkM0MjM5MEVDQThFQzg5NDhBNUFFRTA2ODY0QTU4MUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDY+c4SkyLeCCjzboRUoT9Z/j4v
uDugodPk0qPTQ0lwB1Bwk57qtTq8mD6YVbeC13zdeqERrejh9S3gwheCAku02oPa
OrDP7RYARZi1ZyuUNREErPYjMUOg1ze/w2eUp9lFBLkwhNcHrOqaCJ0t5nXkDmV+
TdTLaY6CWwkU/EHiU2o86+tJIiIpO0c3m/YcYWPyB6MeH9Nm4xK+fg1z5/fnDAiR
NbD04J0NSwH2qlJ2SdijtKc6fTLXTDRl4weYMIf9t8UCmOrtYuA1zVZYoQ8tEIaB
fWrwJIqDqTasZkx3GcJUaWI3QLnvOUS6lRDeDhs2/HwojpD/IfkMekJBnB5ZAgMB
AAGjggInMIICIzAdBgNVHQ4EFgQU300M9mxCOQ7KjsiUilruBoZKWB8wHwYDVR0j
BBgwFoAU1HANjm8CJXGgsm/NTHDAQI6k/8kwDgYDVR0PAQH/BAQDAgeAMIGGBgNV
HR8EfzB9MHugeaB3hnVyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvNmFiOTZlN2E2MTMwNDk4YWE5ODEzZDdlZTViYmVkMzEvMTEvRDQ3MDBEOEU2
RjAyMjU3MUEwQjI2RkNENEM3MEMwNDA4RUE0RkZDOS5jcmwwZAYIKwYBBQUHAQEE
WDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9y
eS9ERUZBVUxULzFIQU5qbThDSlhHZ3NtX05USERBUUk2a184ay5jZXIwgaMGCCsG
AQUFBwELBIGWMIGTMIGQBggrBgEFBQcwC4aBg3JzeW5jOi8vcnBraS1ycHMuYXJp
bi5uZXQvcmVwb3NpdG9yeS82YWI5NmU3YTYxMzA0OThhYTk4MTNkN2VlNWJiZWQz
MS8xMS8zMjYxMzEzMzNhNjMzMDMwMzczYTM4MzAzMTYxM2EzYTJmMzQzODJkMzQz
ODIwM2QzZTIwMzAucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIgYIKwYB
BQUHAQcBAf8EEzARMA8EAgACMAkDBwAqE8AHgBowDQYJKoZIhvcNAQELBQADggEB
AHEmLI0ufVaWI8P5c8axdsUoMVpz5kxqSY+Zgo+gb4lWee7SjCWOPUh3++63XbEo
bmS4gSBxRalLqHLW9vw0PlIYI0uDV2NXRWK6eNTQjtVbzXJBNgWjei682Mh8voiL
bjVjIKJzMvjKDk37FVtH/z4QKNxwYHsnRXATmqbABO7sza52OG9P8rcRe3pvaz1N
xJFYpXFlcvAeO0/En5s83zwfqFOtEnlS9smmFO0MnzoCWOtHTDMs9GrdYlnGAv2X
Qn5GI85Ff/qFnqQTtoLLOjvoUY917OodUDW78t+RaO/+lEFyLVlNSVUbCWx5djLe
VMOvcfdqI6QyWAQPbxxnbJ8=
-----END CERTIFICATE-----