Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/tY7BHUvnSszc7zTuhTRehaET6sI.roa
File:                     tY7BHUvnSszc7zTuhTRehaET6sI.roa (raw, json)
Hash identifier:          KeG1ndmoCZ2IjHvkM2LPj9WePrlmC0S+eFWuoo10hmc=
Subject key identifier:   B5:8E:C1:1D:4B:E7:4A:CC:DC:EF:34:EE:85:34:5E:85:A1:13:EA:C2
Certificate issuer:       /CN=70bf553042f1a43827dc034500bbd1068a7297ca
Certificate serial:       01967C64EADBD397264DC2C05458FC836B22
Authority key identifier: 70:BF:55:30:42:F1:A4:38:27:DC:03:45:00:BB:D1:06:8A:72:97:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cL9VMELxpDgn3ANFALvRBopyl8o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/tY7BHUvnSszc7zTuhTRehaET6sI.roa
Signing time:             Mon 28 Apr 2025 12:35:10 +0000
ROA not before:           Mon 28 Apr 2025 12:35:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     136787
IP address blocks:        2a13:240:8000::/40 maxlen: 40
                          2a13:240:8888::/48 maxlen: 48
                          2a13:240:9999::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/cL9VMELxpDgn3ANFALvRBopyl8o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/cL9VMELxpDgn3ANFALvRBopyl8o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cL9VMELxpDgn3ANFALvRBopyl8o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 17 May 2025 14:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7c:64:ea:db:d3:97:26:4d:c2:c0:54:58:fc:83:6b:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70bf553042f1a43827dc034500bbd1068a7297ca
        Validity
            Not Before: Apr 28 12:35:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b58ec11d4be74accdcef34ee85345e85a113eac2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:92:14:2c:62:a4:20:6b:68:96:e5:8e:f2:d7:
                    18:c2:51:8b:08:7b:ce:80:30:17:13:c1:fc:d8:ef:
                    74:cf:32:76:33:fe:a7:fe:84:b0:7b:b9:65:60:10:
                    00:2d:53:a9:d5:00:7f:ce:08:97:6c:de:8f:5d:4a:
                    b5:58:53:56:c1:8b:93:13:79:30:ea:1a:be:b3:8e:
                    7c:51:5e:4b:d4:79:bd:85:9b:cb:ab:89:f4:5e:4d:
                    60:a4:de:de:18:0d:0c:d2:89:54:4c:10:92:d3:fe:
                    0e:ab:99:3e:dc:b4:22:e1:70:98:72:e3:47:32:d9:
                    6a:6a:ab:95:47:7a:56:8b:03:f6:49:45:74:4a:7b:
                    d1:c4:13:61:74:26:26:3f:12:5a:bc:8f:86:01:33:
                    c3:40:04:25:d0:5e:9e:f9:40:25:00:6d:be:d7:59:
                    06:fa:8a:3b:83:4a:bf:63:e0:16:ce:52:42:28:04:
                    2c:52:aa:34:12:03:2f:31:fb:4f:bd:d8:a6:9d:de:
                    2e:6e:35:b8:c1:ee:41:32:48:3a:a2:e1:a4:cc:f5:
                    91:91:bd:7c:0d:71:e4:36:09:00:a9:8e:be:85:0f:
                    69:cd:a7:9e:25:20:39:e9:80:ef:14:49:a4:38:85:
                    38:ce:19:f5:66:4b:3d:6a:ef:2a:0c:2d:12:c5:06:
                    38:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:8E:C1:1D:4B:E7:4A:CC:DC:EF:34:EE:85:34:5E:85:A1:13:EA:C2
            X509v3 Authority Key Identifier:
                keyid:70:BF:55:30:42:F1:A4:38:27:DC:03:45:00:BB:D1:06:8A:72:97:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cL9VMELxpDgn3ANFALvRBopyl8o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/tY7BHUvnSszc7zTuhTRehaET6sI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/df7944-2589-47cb-ab56-5358401fb796/1/cL9VMELxpDgn3ANFALvRBopyl8o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:240:8000::/40
                  2a13:240:8888::/48
                  2a13:240:9999::/48

    Signature Algorithm: sha256WithRSAEncryption
         af:6d:3f:4a:5c:32:cf:a5:42:ab:0f:8d:26:ab:b5:c5:b4:a7:
         88:b3:74:66:0a:60:91:ef:8b:bb:04:07:a4:46:89:33:a9:d7:
         6e:1e:09:a3:1e:f2:fc:c1:8f:73:07:1b:9d:58:3b:0e:7a:93:
         58:57:34:3f:91:74:6e:72:8a:09:a0:59:33:cd:1b:da:17:9c:
         51:dd:be:4d:b1:ba:88:8e:36:93:ea:82:a4:0e:25:0a:09:ca:
         d2:4c:69:4b:23:17:27:6e:98:32:fc:81:1f:1a:24:8f:27:2f:
         a9:2c:69:19:ed:67:2c:e9:48:cd:3a:b1:b1:ed:3d:30:e8:58:
         a9:f7:da:60:82:1e:bd:0d:57:23:fc:49:17:78:1c:f8:c8:3c:
         8f:51:d9:c8:37:61:b6:c1:63:b6:08:88:e9:61:a1:05:f4:68:
         c4:92:ef:80:48:f5:c7:9b:3e:f6:78:2b:7b:cf:82:49:48:11:
         99:c1:d8:b6:9a:41:ef:b6:a0:b4:1a:27:64:4d:67:7a:5b:fe:
         d1:da:c5:e1:1e:b0:46:e4:5e:f2:b2:07:9c:8f:27:4a:0a:5a:
         03:5f:f2:6b:97:0a:d8:73:75:a8:02:ce:bf:7d:8b:e6:63:dc:
         d6:8d:16:eb:c5:1f:41:a9:b3:ef:7b:87:a0:05:c2:f1:41:f3:
         24:fc:78:2b
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZZ8ZOrb05cmTcLAVFj8g2siMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwYmY1NTMwNDJmMWE0MzgyN2RjMDM0NTAwYmJkMTA2OGE3
Mjk3Y2EwHhcNMjUwNDI4MTIzNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNThlYzExZDRiZTc0YWNjZGNlZjM0ZWU4NTM0NWU4NWExMTNlYWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJIULGKkIGtoluWO8tcYwlGLCHvO
gDAXE8H82O90zzJ2M/6n/oSwe7llYBAALVOp1QB/zgiXbN6PXUq1WFNWwYuTE3kw
6hq+s458UV5L1Hm9hZvLq4n0Xk1gpN7eGA0M0olUTBCS0/4Oq5k+3LQi4XCYcuNH
MtlqaquVR3pWiwP2SUV0SnvRxBNhdCYmPxJavI+GATPDQAQl0F6e+UAlAG2+11kG
+oo7g0q/Y+AWzlJCKAQsUqo0EgMvMftPvdimnd4ubjW4we5BMkg6ouGkzPWRkb18
DXHkNgkAqY6+hQ9pzaeeJSA56YDvFEmkOIU4zhn1Zks9au8qDC0SxQY43wIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFLWOwR1L50rM3O807oU0XoWhE+rCMB8GA1UdIwQY
MBaAFHC/VTBC8aQ4J9wDRQC70QaKcpfKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0w5Vk1FTHhwRGduM0FORkFMdlJCb3B5bDhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9kZjc5NDQtMjU4OS00N2NiLWFiNTYt
NTM1ODQwMWZiNzk2LzEvdFk3QkhVdm5Tc3pjN3pUdWhUUmVoYUVUNnNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9kZjc5NDQtMjU4OS00N2NiLWFiNTYtNTM1ODQwMWZiNzk2
LzEvY0w5Vk1FTHhwRGduM0FORkFMdlJCb3B5bDhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAAjAaAwYAKhMCQIAD
BwAqEwJAiIgDBwAqEwJAmZkwDQYJKoZIhvcNAQELBQADggEBAK9tP0pcMs+lQqsP
jSartcW0p4izdGYKYJHvi7sEB6RGiTOp124eCaMe8vzBj3MHG51YOw56k1hXND+R
dG5yigmgWTPNG9oXnFHdvk2xuoiONpPqgqQOJQoJytJMaUsjFydumDL8gR8aJI8n
L6ksaRntZyzpSM06sbHtPTDoWKn32mCCHr0NVyP8SRd4HPjIPI9R2cg3YbbBY7YI
iOlhoQX0aMSS74BI9cebPvZ4K3vPgklIEZnB2LaaQe+2oLQaJ2RNZ3pb/tHaxeEe
sEbkXvKyB5yPJ0oKWgNf8muXCthzdagCzr99i+Zj3NaNFuvFH0Gps+97h6AFwvFB
8yT8eCs=
-----END CERTIFICATE-----