Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/0r3ZOs3tSGQOAwKzjx9H3w3zD1I.roa
File:                     0r3ZOs3tSGQOAwKzjx9H3w3zD1I.roa (raw, json)
Hash identifier:          ImJALobce0VudmZQsXxpxY8sBnoTPMqNKew3nU3/sEU=
Subject key identifier:   D2:BD:D9:3A:CD:ED:48:64:0E:03:02:B3:8F:1F:47:DF:0D:F3:0F:52
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       01997D5FA3642251C5FF308E714B6AEA1F2D
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/0r3ZOs3tSGQOAwKzjx9H3w3zD1I.roa
Signing time:             Wed 24 Sep 2025 20:17:23 +0000
ROA not before:           Wed 24 Sep 2025 20:17:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206592
IP address blocks:        2a13:a440:6::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 19:01:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:7d:5f:a3:64:22:51:c5:ff:30:8e:71:4b:6a:ea:1f:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: Sep 24 20:17:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d2bdd93acded48640e0302b38f1f47df0df30f52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:ea:3d:c3:d9:30:17:43:29:44:b0:69:fb:20:
                    b9:b9:48:a9:9c:42:09:65:59:5f:ba:d5:26:4c:94:
                    a4:eb:a6:dc:8b:01:a1:40:55:19:5a:e4:fc:b3:0d:
                    76:44:ff:b0:57:bf:23:3f:ec:29:a4:f7:54:cd:72:
                    d0:4c:65:2a:47:b6:28:54:47:60:43:4e:17:f7:f6:
                    40:5a:33:1d:2d:de:bd:05:94:98:9d:4d:d8:da:08:
                    5b:a5:13:a6:30:c2:88:6b:76:d5:34:b4:83:da:3a:
                    6f:ea:56:b7:11:45:4a:c9:63:50:18:e8:ec:aa:64:
                    85:30:5d:c2:ae:a4:c9:59:2c:3e:92:15:79:47:8d:
                    34:45:f3:44:64:ef:6d:f6:16:f0:74:23:61:68:d5:
                    d7:d2:ae:78:eb:56:e0:0a:c8:23:c1:f6:80:7a:a6:
                    58:b0:a6:db:31:70:21:d3:40:b7:39:51:b2:91:50:
                    7c:d5:e5:ad:6e:ad:69:4d:b7:d0:d0:2f:01:b7:a8:
                    99:e9:89:68:ba:3c:42:3b:0e:35:e0:ec:37:29:bc:
                    b9:6a:3a:11:6c:5c:2c:c8:22:f6:bd:98:c5:a5:60:
                    9e:fd:6e:2a:c9:8b:00:bb:7c:f5:b4:d0:04:d3:4c:
                    80:88:4d:35:df:16:13:d9:ba:2d:37:30:3a:d9:7c:
                    29:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:BD:D9:3A:CD:ED:48:64:0E:03:02:B3:8F:1F:47:DF:0D:F3:0F:52
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/0r3ZOs3tSGQOAwKzjx9H3w3zD1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a440:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         08:a1:57:c5:52:05:71:dc:bf:56:0e:b5:a7:e2:7f:96:5c:93:
         c6:f9:8c:79:4b:ae:97:c6:33:09:57:eb:2f:1d:fe:92:30:36:
         0f:1b:bb:c2:85:5d:4c:63:81:1a:85:31:98:c0:6f:67:24:56:
         32:58:70:26:f3:65:1d:b0:1c:8d:ab:1a:1a:be:7a:0c:4e:89:
         91:fa:32:af:b6:ca:4d:28:ab:76:14:36:2d:e2:f7:85:22:97:
         a1:ca:aa:7c:9a:8a:60:53:4d:e4:54:40:7b:ca:b3:cd:1d:e5:
         d2:cf:21:4f:35:95:bd:52:ab:38:aa:5c:86:23:ba:a6:ff:6a:
         b5:65:58:43:ef:2c:9a:4c:e4:f0:62:6d:1c:04:af:61:67:4b:
         11:e2:7b:76:ff:25:c6:bd:ab:01:b2:0c:4e:9a:57:aa:7f:4e:
         e6:1b:0b:48:4e:87:ff:bd:4c:b3:56:50:96:1e:c5:c1:2d:30:
         47:d9:07:1e:4a:4a:d7:87:f6:9f:ad:76:46:1b:18:db:ab:5a:
         b0:33:04:d3:8a:20:c7:ab:28:4b:80:a2:c5:c1:1b:b8:21:9c:
         11:b6:27:24:ee:e2:ca:d0:c0:8f:74:b8:07:de:09:41:37:d7:
         63:47:45:63:12:f6:9b:42:0a:3e:46:3f:d6:d3:99:05:8b:5e:
         b2:26:40:0e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZl9X6NkIlHF/zCOcUtq6h8tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjUwOTI0MjAxNzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmJkZDkzYWNkZWQ0ODY0MGUwMzAyYjM4ZjFmNDdkZjBkZjMwZjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy+o9w9kwF0MpRLBp+yC5uUipnEIJ
ZVlfutUmTJSk66bciwGhQFUZWuT8sw12RP+wV78jP+wppPdUzXLQTGUqR7YoVEdg
Q04X9/ZAWjMdLd69BZSYnU3Y2ghbpROmMMKIa3bVNLSD2jpv6la3EUVKyWNQGOjs
qmSFMF3CrqTJWSw+khV5R400RfNEZO9t9hbwdCNhaNXX0q5461bgCsgjwfaAeqZY
sKbbMXAh00C3OVGykVB81eWtbq1pTbfQ0C8Bt6iZ6YloujxCOw414Ow3Kby5ajoR
bFwsyCL2vZjFpWCe/W4qyYsAu3z1tNAE00yAiE013xYT2botNzA62XwpmQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNK92TrN7UhkDgMCs48fR98N8w9SMB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvMHIzWk9zM3RTR1FPQXdLemp4OUgzdzN6RDFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOkQAAG
MA0GCSqGSIb3DQEBCwUAA4IBAQAIoVfFUgVx3L9WDrWn4n+WXJPG+Yx5S66XxjMJ
V+svHf6SMDYPG7vChV1MY4EahTGYwG9nJFYyWHAm82UdsByNqxoavnoMTomR+jKv
tspNKKt2FDYt4veFIpehyqp8mopgU03kVEB7yrPNHeXSzyFPNZW9Uqs4qlyGI7qm
/2q1ZVhD7yyaTOTwYm0cBK9hZ0sR4nt2/yXGvasBsgxOmleqf07mGwtITof/vUyz
VlCWHsXBLTBH2QceSkrXh/afrXZGGxjbq1qwMwTTiiDHqyhLgKLFwRu4IZwRtick
7uLK0MCPdLgH3glBN9djR0VjEvabQgo+Rj/W05kFi16yJkAO
-----END CERTIFICATE-----