Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/zlkXUyhZ4IG5yixTeX8Zlu2XIc0.roa
File:                     zlkXUyhZ4IG5yixTeX8Zlu2XIc0.roa (raw, json)
Hash identifier:          cWgGeGhxrJ9rs3dRl4+QpI+uA8NpZSK53ZDqjWD1dvE=
Subject key identifier:   CE:59:17:53:28:59:E0:81:B9:CA:2C:53:79:7F:19:96:ED:97:21:CD
Certificate issuer:       /CN=ea2d102b6112b0d9a8b8eebac4b97c819f97c606
Certificate serial:       0197E8F96837A388448D1E2432F803C488D8
Authority key identifier: EA:2D:10:2B:61:12:B0:D9:A8:B8:EE:BA:C4:B9:7C:81:9F:97:C6:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6i0QK2ESsNmouO66xLl8gZ-XxgY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/zlkXUyhZ4IG5yixTeX8Zlu2XIc0.roa
Signing time:             Tue 08 Jul 2025 07:39:08 +0000
ROA not before:           Tue 08 Jul 2025 07:39:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216320
IP address blocks:        2a13:2200:11::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/6i0QK2ESsNmouO66xLl8gZ-XxgY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/6i0QK2ESsNmouO66xLl8gZ-XxgY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6i0QK2ESsNmouO66xLl8gZ-XxgY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 13:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e8:f9:68:37:a3:88:44:8d:1e:24:32:f8:03:c4:88:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea2d102b6112b0d9a8b8eebac4b97c819f97c606
        Validity
            Not Before: Jul  8 07:39:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ce5917532859e081b9ca2c53797f1996ed9721cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:c7:ca:08:1e:11:0b:6d:1c:f0:82:9c:6c:91:
                    c8:bd:00:83:b0:8f:c4:ff:9c:d1:cf:4e:57:bd:14:
                    f0:8f:5c:27:e0:4c:07:55:2f:fe:0a:bf:d0:10:f8:
                    61:2c:c4:c5:b4:9b:92:ea:ce:81:13:4b:eb:49:e5:
                    98:7c:f2:4d:a6:9a:e9:5d:9c:91:6f:9e:de:17:e2:
                    f2:71:2c:3f:ed:0c:c4:8b:48:6f:53:c8:39:24:65:
                    43:d6:9d:43:be:84:db:d3:9b:45:6b:ac:75:64:16:
                    c1:8b:a7:31:44:6b:42:98:99:b2:22:d7:d0:e4:f5:
                    06:fb:af:93:2f:44:0a:d6:5a:ea:be:38:15:15:21:
                    08:aa:1b:15:5b:f4:fb:6b:59:ae:b9:15:80:fa:9e:
                    9a:e3:aa:cb:e8:20:a0:8b:48:31:95:c4:4f:ef:30:
                    3d:d3:cc:28:31:5e:e9:ea:bf:c7:0f:04:01:fa:da:
                    7a:79:75:0d:77:23:20:2f:af:ba:38:48:a0:0f:46:
                    fd:9e:d4:50:ec:14:74:ce:d4:e3:e4:eb:a7:2b:c6:
                    6e:7f:92:dc:dd:46:50:50:ed:7e:dd:44:65:ad:22:
                    18:82:e4:73:f6:71:03:f4:80:57:84:ec:eb:7f:a2:
                    d5:0d:59:45:eb:c5:ef:c9:91:97:c8:e9:8e:17:ff:
                    5f:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:59:17:53:28:59:E0:81:B9:CA:2C:53:79:7F:19:96:ED:97:21:CD
            X509v3 Authority Key Identifier:
                keyid:EA:2D:10:2B:61:12:B0:D9:A8:B8:EE:BA:C4:B9:7C:81:9F:97:C6:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6i0QK2ESsNmouO66xLl8gZ-XxgY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/zlkXUyhZ4IG5yixTeX8Zlu2XIc0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/6i0QK2ESsNmouO66xLl8gZ-XxgY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:2200:11::/48

    Signature Algorithm: sha256WithRSAEncryption
         36:57:41:a3:70:a2:57:16:05:c1:8f:0a:dc:c0:0b:11:14:ac:
         d4:9f:13:50:a1:aa:53:96:ed:15:a8:f0:30:7b:2d:e4:8d:1d:
         6b:f7:04:bf:d8:f5:e4:c9:78:f2:64:4f:72:53:2e:b5:47:55:
         70:6b:74:3a:a4:9a:2f:8c:ff:86:16:48:03:2b:3f:ab:8e:31:
         f0:b3:d3:04:c8:14:8f:7e:98:89:11:66:de:e3:6b:75:55:2e:
         c2:81:9e:03:56:89:aa:49:1c:19:51:bf:f4:21:c6:9f:db:fd:
         ba:c4:e8:4d:e5:f8:0a:9f:38:0d:e2:20:f2:79:a7:4b:7e:42:
         b8:5d:08:5d:b3:be:ab:62:cc:f8:ca:a7:fe:14:ef:ac:e3:94:
         8c:1f:f0:78:1d:0c:ed:fb:80:ea:dc:56:65:93:25:eb:b3:3e:
         0d:22:0a:5c:aa:d5:90:9a:7e:88:f4:c7:85:c9:67:e1:45:b5:
         5d:a4:fc:d1:0a:7f:bf:ad:ea:de:c3:e7:a2:5b:95:06:ea:d3:
         20:ff:24:3d:c4:52:73:bd:b2:cd:89:4a:a5:9b:f8:d8:3e:0b:
         84:c0:b0:39:4a:44:99:18:07:74:90:45:06:14:20:60:fc:5f:
         8a:5b:de:b0:23:13:a5:54:ef:a2:64:53:57:1b:bf:c6:1c:aa:
         3a:21:27:75
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZfo+Wg3o4hEjR4kMvgDxIjYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhMmQxMDJiNjExMmIwZDlhOGI4ZWViYWM0Yjk3YzgxOWY5
N2M2MDYwHhcNMjUwNzA4MDczOTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTU5MTc1MzI4NTllMDgxYjljYTJjNTM3OTdmMTk5NmVkOTcyMWNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhsfKCB4RC20c8IKcbJHIvQCDsI/E
/5zRz05XvRTwj1wn4EwHVS/+Cr/QEPhhLMTFtJuS6s6BE0vrSeWYfPJNpprpXZyR
b57eF+LycSw/7QzEi0hvU8g5JGVD1p1DvoTb05tFa6x1ZBbBi6cxRGtCmJmyItfQ
5PUG+6+TL0QK1lrqvjgVFSEIqhsVW/T7a1muuRWA+p6a46rL6CCgi0gxlcRP7zA9
08woMV7p6r/HDwQB+tp6eXUNdyMgL6+6OEigD0b9ntRQ7BR0ztTj5OunK8Zuf5Lc
3UZQUO1+3URlrSIYguRz9nED9IBXhOzrf6LVDVlF68XvyZGXyOmOF/9fvwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFM5ZF1MoWeCBucosU3l/GZbtlyHNMB8GA1UdIwQY
MBaAFOotECthErDZqLjuusS5fIGfl8YGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmkwUUsyRVNzTm1vdU82NnhMbDhnWi1YeGdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80Y2RlZmEtNWVlMi00NzE5LWE3ZTEt
YjgyOWNjNDAxMDMxLzEvemxrWFV5aFo0SUc1eWl4VGVYOFpsdTJYSWMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80Y2RlZmEtNWVlMi00NzE5LWE3ZTEtYjgyOWNjNDAxMDMx
LzEvNmkwUUsyRVNzTm1vdU82NnhMbDhnWi1YeGdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhMiAAAR
MA0GCSqGSIb3DQEBCwUAA4IBAQA2V0GjcKJXFgXBjwrcwAsRFKzUnxNQoapTlu0V
qPAwey3kjR1r9wS/2PXkyXjyZE9yUy61R1Vwa3Q6pJovjP+GFkgDKz+rjjHws9ME
yBSPfpiJEWbe42t1VS7CgZ4DVomqSRwZUb/0Icaf2/26xOhN5fgKnzgN4iDyeadL
fkK4XQhds76rYsz4yqf+FO+s45SMH/B4HQzt+4Dq3FZlkyXrsz4NIgpcqtWQmn6I
9MeFyWfhRbVdpPzRCn+/rerew+eiW5UG6tMg/yQ9xFJzvbLNiUqlm/jYPguEwLA5
SkSZGAd0kEUGFCBg/F+KW96wIxOlVO+iZFNXG7/GHKo6ISd1
-----END CERTIFICATE-----