Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/4OWbmQvrbkxw_L6B6p_nfFL78Nk.roa
File:                     4OWbmQvrbkxw_L6B6p_nfFL78Nk.roa (raw, json)
Hash identifier:          D3I+4GLPQ8XjvI8vcfRpTGTXJnxkK7ZsaWQ3tzMa0FA=
Subject key identifier:   E0:E5:9B:99:0B:EB:6E:4C:70:FC:BE:81:EA:9F:E7:7C:52:FB:F0:D9
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       0198D1B43390D6D6192877FD0F79B65975A9
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/4OWbmQvrbkxw_L6B6p_nfFL78Nk.roa
Signing time:             Fri 22 Aug 2025 12:15:04 +0000
ROA not before:           Fri 22 Aug 2025 12:15:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     55201
IP address blocks:        2a13:a5c1::/32 maxlen: 48
                          2a13:a5c4::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:d1:b4:33:90:d6:d6:19:28:77:fd:0f:79:b6:59:75:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Aug 22 12:15:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e0e59b990beb6e4c70fcbe81ea9fe77c52fbf0d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:bf:f6:94:09:c5:ec:7f:c7:d1:eb:88:c6:4d:
                    81:21:03:90:ef:bb:1f:76:b9:0f:42:f4:6a:de:2f:
                    53:22:1c:9a:d7:ab:c2:2b:82:70:55:f9:2b:c2:81:
                    6f:55:b3:54:66:97:c9:af:7b:c1:c3:81:c9:8c:34:
                    29:e0:9e:78:17:b9:0a:36:fd:a7:d6:7d:30:25:ea:
                    51:a3:07:1d:5e:31:74:f2:96:07:06:d0:52:1b:8c:
                    4e:5e:0f:2d:8c:05:8c:7e:ed:c0:c5:46:25:2f:e1:
                    5d:43:cc:52:9d:19:35:aa:11:6c:77:08:8e:11:79:
                    63:9a:87:34:bc:db:1a:0d:63:70:10:14:bb:47:cf:
                    82:27:f8:1f:96:e4:39:36:e2:9c:9d:55:80:97:5e:
                    14:f1:d1:a7:96:a2:2c:d5:6f:5a:a5:82:64:75:8a:
                    4c:e0:84:32:61:58:8a:41:d5:0f:b9:38:e1:3b:b8:
                    26:40:f9:e4:28:31:21:05:99:b1:ca:d1:19:0b:8a:
                    a9:cf:7d:5d:e3:1d:00:15:fd:a0:a5:a5:d7:85:d0:
                    59:56:e4:31:ff:eb:c0:3f:34:03:cf:85:71:39:20:
                    ee:52:f7:37:3f:cc:9a:46:bb:18:4d:a1:4d:15:4b:
                    aa:4d:17:a1:bf:f2:7a:ed:c4:64:b5:49:61:d7:44:
                    e0:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:E5:9B:99:0B:EB:6E:4C:70:FC:BE:81:EA:9F:E7:7C:52:FB:F0:D9
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/4OWbmQvrbkxw_L6B6p_nfFL78Nk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c1::/32
                  2a13:a5c4::/32

    Signature Algorithm: sha256WithRSAEncryption
         a9:bd:2d:35:d3:35:cd:db:b0:6b:0b:27:43:45:12:97:c8:17:
         3d:b2:3a:15:f3:63:6a:ab:8a:b1:b5:39:10:70:eb:d3:b7:5c:
         0f:f1:3c:60:f6:12:38:50:37:8e:78:8e:21:47:53:48:57:fd:
         c7:43:67:03:2a:78:6d:88:8b:86:81:40:aa:56:91:08:66:69:
         0e:0a:c4:e0:e4:21:86:a3:b0:70:1a:50:97:3c:da:32:e5:34:
         1b:b3:8f:df:34:66:08:8a:d7:54:b8:79:f7:d8:e3:1e:af:24:
         67:3a:19:b6:6b:b3:d3:be:99:74:a5:f0:04:46:28:4e:d7:05:
         08:65:08:de:36:8f:b1:42:f4:25:9a:c1:39:6d:05:69:98:63:
         f6:a5:3d:f9:f4:2e:d9:e2:c2:b6:8f:fd:a9:cd:d4:f4:44:32:
         ae:cc:d7:da:08:36:10:dd:6a:aa:d3:b2:74:ef:06:dc:1b:f8:
         73:a0:bb:5d:f0:79:fc:0c:a9:dd:a3:88:c4:4a:0c:4a:37:73:
         e1:8f:95:3b:e0:d6:fa:37:49:69:4a:4f:12:45:fb:24:b1:9c:
         41:b9:cc:62:e3:28:fc:66:ba:d4:fb:7c:ff:0d:01:91:20:6d:
         83:0d:83:e2:13:ff:8b:fb:17:c8:75:f8:65:15:12:d4:d1:2c:
         65:58:80:83
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZjRtDOQ1tYZKHf9D3m2WXWpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjUwODIyMTIxNTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGU1OWI5OTBiZWI2ZTRjNzBmY2JlODFlYTlmZTc3YzUyZmJmMGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkr/2lAnF7H/H0euIxk2BIQOQ77sf
drkPQvRq3i9TIhya16vCK4JwVfkrwoFvVbNUZpfJr3vBw4HJjDQp4J54F7kKNv2n
1n0wJepRowcdXjF08pYHBtBSG4xOXg8tjAWMfu3AxUYlL+FdQ8xSnRk1qhFsdwiO
EXljmoc0vNsaDWNwEBS7R8+CJ/gfluQ5NuKcnVWAl14U8dGnlqIs1W9apYJkdYpM
4IQyYViKQdUPuTjhO7gmQPnkKDEhBZmxytEZC4qpz31d4x0AFf2gpaXXhdBZVuQx
/+vAPzQDz4VxOSDuUvc3P8yaRrsYTaFNFUuqTRehv/J67cRktUlh10Tg3QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFODlm5kL625McPy+geqf53xS+/DZMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvNE9XYm1RdnJia3h3X0w2QjZwX25mRkw3OE5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKhOlwQMF
ACoTpcQwDQYJKoZIhvcNAQELBQADggEBAKm9LTXTNc3bsGsLJ0NFEpfIFz2yOhXz
Y2qrirG1ORBw69O3XA/xPGD2EjhQN454jiFHU0hX/cdDZwMqeG2Ii4aBQKpWkQhm
aQ4KxODkIYajsHAaUJc82jLlNBuzj980ZgiK11S4effY4x6vJGc6GbZrs9O+mXSl
8ARGKE7XBQhlCN42j7FC9CWawTltBWmYY/alPfn0LtniwraP/anN1PREMq7M19oI
NhDdaqrTsnTvBtwb+HOgu13wefwMqd2jiMRKDEo3c+GPlTvg1vo3SWlKTxJF+ySx
nEG5zGLjKPxmutT7fP8NAZEgbYMNg+IT/4v7F8h1+GUVEtTRLGVYgIM=
-----END CERTIFICATE-----