Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/7dXC-hkge0H4SOrjlCk1xFHWw8U.roa
File:                     7dXC-hkge0H4SOrjlCk1xFHWw8U.roa (raw, json)
Hash identifier:          Fv3L9KsADEPnVWxrZ7KT3btIpKM9bZT63ylJbPal16k=
Subject key identifier:   ED:D5:C2:FA:19:20:7B:41:F8:48:EA:E3:94:29:35:C4:51:D6:C3:C5
Certificate issuer:       /CN=ea2d102b6112b0d9a8b8eebac4b97c819f97c606
Certificate serial:       0196CD057A35B5D55B4AD2A27E794C014D8A
Authority key identifier: EA:2D:10:2B:61:12:B0:D9:A8:B8:EE:BA:C4:B9:7C:81:9F:97:C6:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6i0QK2ESsNmouO66xLl8gZ-XxgY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/7dXC-hkge0H4SOrjlCk1xFHWw8U.roa
Signing time:             Wed 14 May 2025 04:20:10 +0000
ROA not before:           Wed 14 May 2025 04:20:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200213
IP address blocks:        2a13:2200:4::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/6i0QK2ESsNmouO66xLl8gZ-XxgY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/6i0QK2ESsNmouO66xLl8gZ-XxgY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6i0QK2ESsNmouO66xLl8gZ-XxgY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 May 2025 14:31:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:cd:05:7a:35:b5:d5:5b:4a:d2:a2:7e:79:4c:01:4d:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea2d102b6112b0d9a8b8eebac4b97c819f97c606
        Validity
            Not Before: May 14 04:20:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=edd5c2fa19207b41f848eae3942935c451d6c3c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:7a:6e:8e:64:91:02:32:9b:1d:2e:ae:88:b8:
                    7d:66:28:31:53:85:a6:9a:50:bd:71:ec:42:b7:ef:
                    ba:9a:16:2b:65:df:3d:05:ac:14:da:08:ff:bd:ad:
                    36:1b:51:e6:8d:be:08:55:ea:4a:fe:2a:4a:92:94:
                    f0:74:c0:3c:bd:7a:78:23:06:fc:bd:4d:6a:89:3e:
                    a2:6c:ca:94:37:65:24:93:a1:77:86:64:37:52:a6:
                    92:4b:58:ee:80:5d:32:b1:45:48:40:6e:31:54:2d:
                    a9:50:dc:9c:08:b2:35:2b:9e:88:a5:19:03:52:3d:
                    24:b2:c6:0d:b7:7f:06:0b:7e:e4:62:6c:e8:12:ed:
                    09:a8:54:50:df:b3:26:3c:49:43:f9:96:00:b1:2f:
                    0e:df:20:89:26:04:f5:0f:ab:33:1d:4f:0f:eb:31:
                    55:64:d2:6b:cc:87:0c:70:b5:a4:32:b6:1b:02:70:
                    27:d8:22:82:b2:e7:f7:75:dc:ac:54:c0:67:5c:cb:
                    9c:2b:4f:80:fa:62:43:6e:88:1c:f5:ea:5e:35:f6:
                    eb:6b:e5:f1:7e:79:eb:a0:cb:0a:a0:58:27:5c:f6:
                    8b:20:98:50:f6:93:80:eb:42:47:29:b9:3c:f2:d0:
                    3e:a3:52:99:d4:bb:31:fd:35:c9:a5:45:47:e3:e4:
                    b0:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:D5:C2:FA:19:20:7B:41:F8:48:EA:E3:94:29:35:C4:51:D6:C3:C5
            X509v3 Authority Key Identifier:
                keyid:EA:2D:10:2B:61:12:B0:D9:A8:B8:EE:BA:C4:B9:7C:81:9F:97:C6:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6i0QK2ESsNmouO66xLl8gZ-XxgY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/7dXC-hkge0H4SOrjlCk1xFHWw8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/6i0QK2ESsNmouO66xLl8gZ-XxgY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:2200:4::/46

    Signature Algorithm: sha256WithRSAEncryption
         77:d5:28:54:4b:ce:d6:87:84:52:33:59:32:76:13:85:c1:2f:
         bd:a6:b1:ca:ae:dc:89:6b:c4:d7:5f:90:3d:96:ca:c8:b5:13:
         ed:76:13:42:6f:ac:e6:9f:bc:57:6c:e3:76:2e:b9:e8:b1:29:
         ac:99:43:ae:5f:6f:ea:c8:8f:1f:cc:ec:90:bd:b4:c2:26:0f:
         99:da:88:9e:6d:26:44:03:b4:10:28:3f:d4:82:5e:30:29:f4:
         36:a2:0d:2b:45:0b:80:d6:4a:b4:17:82:21:6d:92:86:b4:57:
         3b:01:45:91:c8:0d:4b:14:88:25:03:c3:81:76:24:d0:38:f6:
         b9:a0:52:c7:b8:31:8f:61:3d:3b:c8:08:a4:16:c5:4b:a1:68:
         e7:39:61:7d:38:57:4f:de:75:0c:a9:54:21:ce:96:c3:83:95:
         c8:2c:06:83:93:6d:f6:e8:72:9e:c3:19:06:a4:50:5e:06:a2:
         d0:66:b6:49:30:af:fb:c5:06:ff:77:d9:b2:9e:0d:30:30:da:
         71:ae:04:ef:bf:d2:48:e2:7f:b3:44:6d:44:a0:a4:59:59:53:
         78:05:e0:12:3a:b0:92:b2:57:17:7d:5f:09:ff:8f:07:da:0f:
         61:4b:7e:28:e8:db:9b:a1:6e:89:02:ae:9f:c1:77:85:40:86:
         99:7f:48:e6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZbNBXo1tdVbStKifnlMAU2KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhMmQxMDJiNjExMmIwZDlhOGI4ZWViYWM0Yjk3YzgxOWY5
N2M2MDYwHhcNMjUwNTE0MDQyMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGQ1YzJmYTE5MjA3YjQxZjg0OGVhZTM5NDI5MzVjNDUxZDZjM2M1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3pujmSRAjKbHS6uiLh9ZigxU4Wm
mlC9cexCt++6mhYrZd89BawU2gj/va02G1Hmjb4IVepK/ipKkpTwdMA8vXp4Iwb8
vU1qiT6ibMqUN2Ukk6F3hmQ3UqaSS1jugF0ysUVIQG4xVC2pUNycCLI1K56IpRkD
Uj0kssYNt38GC37kYmzoEu0JqFRQ37MmPElD+ZYAsS8O3yCJJgT1D6szHU8P6zFV
ZNJrzIcMcLWkMrYbAnAn2CKCsuf3ddysVMBnXMucK0+A+mJDbogc9epeNfbra+Xx
fnnroMsKoFgnXPaLIJhQ9pOA60JHKbk88tA+o1KZ1Lsx/TXJpUVH4+SwSQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFO3VwvoZIHtB+Ejq45QpNcRR1sPFMB8GA1UdIwQY
MBaAFOotECthErDZqLjuusS5fIGfl8YGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmkwUUsyRVNzTm1vdU82NnhMbDhnWi1YeGdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80Y2RlZmEtNWVlMi00NzE5LWE3ZTEt
YjgyOWNjNDAxMDMxLzEvN2RYQy1oa2dlMEg0U09yamxDazF4RkhXdzhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80Y2RlZmEtNWVlMi00NzE5LWE3ZTEtYjgyOWNjNDAxMDMx
LzEvNmkwUUsyRVNzTm1vdU82NnhMbDhnWi1YeGdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKhMiAAAE
MA0GCSqGSIb3DQEBCwUAA4IBAQB31ShUS87Wh4RSM1kydhOFwS+9prHKrtyJa8TX
X5A9lsrItRPtdhNCb6zmn7xXbON2LrnosSmsmUOuX2/qyI8fzOyQvbTCJg+Z2oie
bSZEA7QQKD/Ugl4wKfQ2og0rRQuA1kq0F4IhbZKGtFc7AUWRyA1LFIglA8OBdiTQ
OPa5oFLHuDGPYT07yAikFsVLoWjnOWF9OFdP3nUMqVQhzpbDg5XILAaDk2326HKe
wxkGpFBeBqLQZrZJMK/7xQb/d9myng0wMNpxrgTvv9JI4n+zRG1EoKRZWVN4BeAS
OrCSslcXfV8J/48H2g9hS34o6NuboW6JAq6fwXeFQIaZf0jm
-----END CERTIFICATE-----