Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5dac30-8570-47b2-b26a-7f3a428171c7/1/t4twN0aSa0K9eQj9_U5RX1_3ON0.roa
File:                     t4twN0aSa0K9eQj9_U5RX1_3ON0.roa (raw, json)
Hash identifier:          bDhB2OJvqSQD0pWiRQx+Ywx+t/naLGQ733yplp/x/5s=
Subject key identifier:   B7:8B:70:37:46:92:6B:42:BD:79:08:FD:FD:4E:51:5F:5F:F7:38:DD
Certificate issuer:       /CN=922a1a67e2da7112d4559cd8dbd8141f8f3277e8
Certificate serial:       01996EDA9A05B840D1BFD1F408D3470CD8B2
Authority key identifier: 92:2A:1A:67:E2:DA:71:12:D4:55:9C:D8:DB:D8:14:1F:8F:32:77:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kioaZ-LacRLUVZzY29gUH48yd-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5dac30-8570-47b2-b26a-7f3a428171c7/1/t4twN0aSa0K9eQj9_U5RX1_3ON0.roa
Signing time:             Mon 22 Sep 2025 00:37:23 +0000
ROA not before:           Mon 22 Sep 2025 00:37:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201321
IP address blocks:        2a13:5a07:ff::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5dac30-8570-47b2-b26a-7f3a428171c7/1/kioaZ-LacRLUVZzY29gUH48yd-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5dac30-8570-47b2-b26a-7f3a428171c7/1/kioaZ-LacRLUVZzY29gUH48yd-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kioaZ-LacRLUVZzY29gUH48yd-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:6e:da:9a:05:b8:40:d1:bf:d1:f4:08:d3:47:0c:d8:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=922a1a67e2da7112d4559cd8dbd8141f8f3277e8
        Validity
            Not Before: Sep 22 00:37:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b78b703746926b42bd7908fdfd4e515f5ff738dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:19:46:e4:02:f6:3e:73:b9:27:c7:0b:1e:06:
                    a9:19:99:b7:9b:06:46:1f:e5:e3:c5:c6:ba:ed:1d:
                    a0:68:b5:9f:95:cf:61:0e:19:9b:07:b9:97:fe:1b:
                    30:3a:11:85:8e:16:fd:5d:29:4f:d3:68:ad:b5:2e:
                    7e:fb:47:de:94:8f:d3:87:8f:65:b5:ee:fd:6c:97:
                    98:7b:1b:1f:5a:37:8f:c2:6e:20:d4:40:89:82:17:
                    ca:07:ac:f3:37:63:63:eb:05:93:d6:dc:07:30:cf:
                    35:25:f3:2e:77:1e:ab:e0:33:21:db:52:24:42:70:
                    2b:a8:79:d8:9c:87:30:6f:7f:1a:c1:d8:40:79:4d:
                    25:3c:e0:5c:91:2b:16:e1:25:c8:9f:94:96:86:83:
                    a3:23:40:9b:1c:40:ae:b3:a0:e4:59:b7:4c:73:de:
                    70:be:f9:07:70:82:9d:0d:77:b1:79:54:f4:b8:67:
                    80:30:33:2d:78:0e:f3:bc:10:26:83:71:7e:00:40:
                    76:f0:87:cf:c2:f5:ea:76:bd:7a:4b:29:63:62:69:
                    91:68:02:a8:ff:c0:df:a2:cb:22:06:9b:4d:c8:70:
                    89:c5:07:f0:13:eb:b0:71:e7:37:75:2b:b7:f6:49:
                    da:58:30:0b:44:ba:d1:c4:30:de:b2:82:ee:e7:3c:
                    c6:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:8B:70:37:46:92:6B:42:BD:79:08:FD:FD:4E:51:5F:5F:F7:38:DD
            X509v3 Authority Key Identifier:
                keyid:92:2A:1A:67:E2:DA:71:12:D4:55:9C:D8:DB:D8:14:1F:8F:32:77:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kioaZ-LacRLUVZzY29gUH48yd-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5dac30-8570-47b2-b26a-7f3a428171c7/1/t4twN0aSa0K9eQj9_U5RX1_3ON0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5dac30-8570-47b2-b26a-7f3a428171c7/1/kioaZ-LacRLUVZzY29gUH48yd-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:5a07:ff::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:c2:a6:47:da:e3:33:71:fd:f3:b7:b6:32:b4:ad:3d:12:a4:
         5a:4c:f2:16:a2:87:8f:d4:51:70:4c:70:2b:de:90:f8:3d:81:
         96:36:be:9d:13:ba:e1:98:d1:d9:54:8a:7d:fe:0a:2c:44:18:
         85:ff:a1:b9:27:ca:32:cb:51:c0:c6:b7:c9:3c:1f:6f:41:0b:
         6a:f4:07:d3:93:65:9c:57:44:67:f6:87:5e:05:90:82:49:43:
         c2:e0:81:13:de:cc:cf:02:4d:5f:68:19:48:cb:5e:4c:e3:ae:
         d1:35:c2:6f:b5:9a:ee:03:fc:fe:a9:45:8d:0a:a8:cc:71:e4:
         4e:c9:79:f7:c2:e3:c9:6c:4e:d7:55:f5:40:9e:79:21:41:21:
         e8:7e:88:94:35:8f:b9:d8:cd:cb:fc:6f:fc:0c:b8:76:03:b1:
         c9:46:5a:b3:20:fb:b1:57:9f:a4:45:c3:38:60:37:59:2a:14:
         66:44:6b:c2:a0:71:34:ca:6c:e1:8b:cf:93:32:9b:e5:49:64:
         17:b4:25:c1:dc:20:0f:18:ed:e3:4a:17:7c:b7:3b:d8:32:3c:
         c3:db:45:1c:97:f1:97:39:6a:09:63:73:6c:51:fe:dc:e1:fe:
         ff:17:f0:4e:24:97:f9:38:b9:12:7a:99:a3:2b:25:0f:58:95:
         20:de:25:46
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZlu2poFuEDRv9H0CNNHDNiyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyMmExYTY3ZTJkYTcxMTJkNDU1OWNkOGRiZDgxNDFmOGYz
Mjc3ZTgwHhcNMjUwOTIyMDAzNzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzhiNzAzNzQ2OTI2YjQyYmQ3OTA4ZmRmZDRlNTE1ZjVmZjczOGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2xlG5AL2PnO5J8cLHgapGZm3mwZG
H+Xjxca67R2gaLWflc9hDhmbB7mX/hswOhGFjhb9XSlP02ittS5++0felI/Th49l
te79bJeYexsfWjePwm4g1ECJghfKB6zzN2Nj6wWT1twHMM81JfMudx6r4DMh21Ik
QnArqHnYnIcwb38awdhAeU0lPOBckSsW4SXIn5SWhoOjI0CbHECus6DkWbdMc95w
vvkHcIKdDXexeVT0uGeAMDMteA7zvBAmg3F+AEB28IfPwvXqdr16SyljYmmRaAKo
/8DfossiBptNyHCJxQfwE+uwcec3dSu39knaWDALRLrRxDDesoLu5zzGsQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLeLcDdGkmtCvXkI/f1OUV9f9zjdMB8GA1UdIwQY
MBaAFJIqGmfi2nES1FWc2NvYFB+PMnfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2lvYVotTGFjUkxVVlp6WTI5Z1VINDh5ZC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZGFjMzAtODU3MC00N2IyLWIyNmEt
N2YzYTQyODE3MWM3LzEvdDR0d04wYVNhMEs5ZVFqOV9VNVJYMV8zT04wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZGFjMzAtODU3MC00N2IyLWIyNmEtN2YzYTQyODE3MWM3
LzEva2lvYVotTGFjUkxVVlp6WTI5Z1VINDh5ZC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhNaBwD/
MA0GCSqGSIb3DQEBCwUAA4IBAQCRwqZH2uMzcf3zt7YytK09EqRaTPIWooeP1FFw
THAr3pD4PYGWNr6dE7rhmNHZVIp9/gosRBiF/6G5J8oyy1HAxrfJPB9vQQtq9AfT
k2WcV0Rn9odeBZCCSUPC4IET3szPAk1faBlIy15M467RNcJvtZruA/z+qUWNCqjM
ceROyXn3wuPJbE7XVfVAnnkhQSHofoiUNY+52M3L/G/8DLh2A7HJRlqzIPuxV5+k
RcM4YDdZKhRmRGvCoHE0ymzhi8+TMpvlSWQXtCXB3CAPGO3jShd8tzvYMjzD20Uc
l/GXOWoJY3NsUf7c4f7/F/BOJJf5OLkSepmjKyUPWJUg3iVG
-----END CERTIFICATE-----