Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/CFyreRKdu-UuhcLcuXS_I2Vcqxs.roa
File:                     CFyreRKdu-UuhcLcuXS_I2Vcqxs.roa (raw, json)
Hash identifier:          ctEJwL/F+KcP8ef2uPLwsHUQYLkUqUkmlW8U9dtbbuQ=
Subject key identifier:   08:5C:AB:79:12:9D:BB:E5:2E:85:C2:DC:B9:74:BF:23:65:5C:AB:1B
Certificate issuer:       /CN=fc3ab55d57509cbfae798bd71aaa23b3444d8e5a
Certificate serial:       019880512AC2F84A18B27DC0661E722D71AD
Authority key identifier: FC:3A:B5:5D:57:50:9C:BF:AE:79:8B:D7:1A:AA:23:B3:44:4D:8E:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_Dq1XVdQnL-ueYvXGqojs0RNjlo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/CFyreRKdu-UuhcLcuXS_I2Vcqxs.roa
Signing time:             Wed 06 Aug 2025 16:57:39 +0000
ROA not before:           Wed 06 Aug 2025 16:57:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6079
IP address blocks:        2a13:80c0::/29 maxlen: 32
                          2a13:9240::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/_Dq1XVdQnL-ueYvXGqojs0RNjlo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/_Dq1XVdQnL-ueYvXGqojs0RNjlo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_Dq1XVdQnL-ueYvXGqojs0RNjlo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:80:51:2a:c2:f8:4a:18:b2:7d:c0:66:1e:72:2d:71:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc3ab55d57509cbfae798bd71aaa23b3444d8e5a
        Validity
            Not Before: Aug  6 16:57:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=085cab79129dbbe52e85c2dcb974bf23655cab1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:79:d0:8d:e4:10:ac:38:32:46:6b:3f:c3:85:
                    6f:88:e1:ed:6e:7a:63:7b:5d:fc:c6:82:db:95:66:
                    20:ba:03:a7:e9:75:1f:5b:6d:d5:a9:21:28:a6:a9:
                    72:56:db:4f:11:df:2d:9d:96:ad:3a:dc:36:55:71:
                    f8:dd:e1:e6:36:2d:f3:02:a1:56:c6:12:25:a3:d7:
                    7a:4b:c9:1c:fa:43:38:ce:1c:cc:d7:af:21:18:cd:
                    46:8d:d0:5a:08:b6:d0:88:be:c8:50:b5:85:a2:56:
                    98:29:49:71:34:61:c9:cf:96:46:44:86:3f:90:57:
                    3b:37:cc:a6:b1:bb:1f:66:2e:5f:73:12:c8:90:bb:
                    4a:17:20:45:9d:95:53:33:ff:db:ae:0e:82:38:5e:
                    4b:02:5d:fc:62:09:d6:d3:b1:4e:d9:10:b1:b8:71:
                    d0:e4:62:0c:67:2f:12:6e:8f:20:18:60:84:2b:47:
                    3d:72:28:e2:ac:a2:3c:36:c1:45:f2:d7:09:c6:2e:
                    4d:7d:e7:cd:ea:67:8c:70:93:32:f7:cd:1a:fb:a4:
                    e8:cd:c1:13:63:ad:cf:83:6d:49:dd:d7:cb:e4:1e:
                    c2:e1:76:9f:90:6f:87:c0:fc:5c:0a:21:d8:37:97:
                    0f:6e:68:56:0a:6b:82:2a:f6:04:92:e3:4b:82:80:
                    81:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:5C:AB:79:12:9D:BB:E5:2E:85:C2:DC:B9:74:BF:23:65:5C:AB:1B
            X509v3 Authority Key Identifier:
                keyid:FC:3A:B5:5D:57:50:9C:BF:AE:79:8B:D7:1A:AA:23:B3:44:4D:8E:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_Dq1XVdQnL-ueYvXGqojs0RNjlo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/CFyreRKdu-UuhcLcuXS_I2Vcqxs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/_Dq1XVdQnL-ueYvXGqojs0RNjlo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:80c0::/29
                  2a13:9240::/29

    Signature Algorithm: sha256WithRSAEncryption
         49:cd:cf:8d:44:f9:a6:de:18:61:73:fa:5f:c7:f1:96:55:31:
         98:72:70:0d:36:36:d8:74:4e:bc:c2:dc:82:6b:1a:09:67:68:
         39:ee:0b:54:44:79:c1:b5:a0:95:49:cd:13:5e:9b:5c:8d:db:
         24:a4:ad:0a:7c:40:e7:35:a3:21:58:73:a8:04:f0:54:86:f0:
         ff:f0:6b:16:f0:4c:66:e3:52:b0:b8:b0:b9:3a:43:a3:37:8d:
         df:b7:a7:ac:01:bb:94:e5:51:7e:4a:bb:3f:43:2b:32:3f:10:
         c6:32:84:c1:8a:f0:d8:bc:d1:d6:44:3b:0e:fa:0f:d7:9c:40:
         c5:2b:e2:35:44:70:0a:a5:b1:c7:23:2f:05:d5:4b:91:59:fb:
         f6:f2:ab:85:65:a5:4f:d8:53:cd:12:48:96:79:5b:14:1f:8c:
         9d:7c:36:d5:7d:00:39:5b:04:30:1b:f7:ec:cc:cb:0e:45:83:
         79:9f:e7:2e:4b:3c:53:dd:27:22:d9:00:00:ec:82:02:7c:95:
         0d:44:b4:9b:50:6a:93:3d:c7:03:6b:83:8b:88:76:01:0e:41:
         c9:79:fb:41:57:eb:d3:46:f9:bd:2f:6f:bf:18:05:b2:44:40:
         de:c4:d5:6a:b6:1d:d2:32:15:78:cc:30:28:42:b4:5e:fd:22:
         a0:db:e5:ec
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZiAUSrC+EoYsn3AZh5yLXGtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjM2FiNTVkNTc1MDljYmZhZTc5OGJkNzFhYWEyM2IzNDQ0
ZDhlNWEwHhcNMjUwODA2MTY1NzM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODVjYWI3OTEyOWRiYmU1MmU4NWMyZGNiOTc0YmYyMzY1NWNhYjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnnQjeQQrDgyRms/w4VviOHtbnpj
e138xoLblWYgugOn6XUfW23VqSEopqlyVttPEd8tnZatOtw2VXH43eHmNi3zAqFW
xhIlo9d6S8kc+kM4zhzM168hGM1GjdBaCLbQiL7IULWFolaYKUlxNGHJz5ZGRIY/
kFc7N8ymsbsfZi5fcxLIkLtKFyBFnZVTM//brg6COF5LAl38YgnW07FO2RCxuHHQ
5GIMZy8Sbo8gGGCEK0c9cijirKI8NsFF8tcJxi5NfefN6meMcJMy980a+6TozcET
Y63Pg21J3dfL5B7C4XafkG+HwPxcCiHYN5cPbmhWCmuCKvYEkuNLgoCBjwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFAhcq3kSnbvlLoXC3Ll0vyNlXKsbMB8GA1UdIwQY
MBaAFPw6tV1XUJy/rnmL1xqqI7NETY5aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0RxMVhWZFFuTC11ZVl2WEdxb2pzMFJOamxvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC83MjlkYTktZWIwMy00NTFiLWJmZWYt
MGM0NTIxOGU3OTgxLzEvQ0Z5cmVSS2R1LVV1aGNMY3VYU19JMlZjcXhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC83MjlkYTktZWIwMy00NTFiLWJmZWYtMGM0NTIxOGU3OTgx
LzEvX0RxMVhWZFFuTC11ZVl2WEdxb2pzMFJOamxvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhOAwAMF
AyoTkkAwDQYJKoZIhvcNAQELBQADggEBAEnNz41E+abeGGFz+l/H8ZZVMZhycA02
Nth0TrzC3IJrGglnaDnuC1REecG1oJVJzRNem1yN2ySkrQp8QOc1oyFYc6gE8FSG
8P/waxbwTGbjUrC4sLk6Q6M3jd+3p6wBu5TlUX5Kuz9DKzI/EMYyhMGK8Ni80dZE
Ow76D9ecQMUr4jVEcAqlsccjLwXVS5FZ+/byq4VlpU/YU80SSJZ5WxQfjJ18NtV9
ADlbBDAb9+zMyw5Fg3mf5y5LPFPdJyLZAADsggJ8lQ1EtJtQapM9xwNrg4uIdgEO
Qcl5+0FX69NG+b0vb78YBbJEQN7E1Wq2HdIyFXjMMChCtF79IqDb5ew=
-----END CERTIFICATE-----