Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/97e463-3519-40df-bebc-4ebc0cffaa1d/1/6HHdUKHYHPnbA09JoN7QRu0qcHo.roa
File:                     6HHdUKHYHPnbA09JoN7QRu0qcHo.roa (raw, json)
Hash identifier:          521zPzZstep0lFsfXMjd9To7oUxOZi/9LFzG+afKsUY=
Subject key identifier:   E8:71:DD:50:A1:D8:1C:F9:DB:03:4F:49:A0:DE:D0:46:ED:2A:70:7A
Certificate issuer:       /CN=0f107eacdd0dd2e6169d0fd31303f6c8b0304b66
Certificate serial:       018CCB5339589F5963582A1B99700D5AE30F
Authority key identifier: 0F:10:7E:AC:DD:0D:D2:E6:16:9D:0F:D3:13:03:F6:C8:B0:30:4B:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DxB-rN0N0uYWnQ_TEwP2yLAwS2Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/97e463-3519-40df-bebc-4ebc0cffaa1d/1/6HHdUKHYHPnbA09JoN7QRu0qcHo.roa
Signing time:             Tue 02 Jan 2024 17:57:58 +0000
ROA not before:           Tue 02 Jan 2024 17:57:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216156
IP address blocks:        2a13:ef47::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/97e463-3519-40df-bebc-4ebc0cffaa1d/1/DxB-rN0N0uYWnQ_TEwP2yLAwS2Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/97e463-3519-40df-bebc-4ebc0cffaa1d/1/DxB-rN0N0uYWnQ_TEwP2yLAwS2Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DxB-rN0N0uYWnQ_TEwP2yLAwS2Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 17:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:cb:53:39:58:9f:59:63:58:2a:1b:99:70:0d:5a:e3:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f107eacdd0dd2e6169d0fd31303f6c8b0304b66
        Validity
            Not Before: Jan  2 17:57:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e871dd50a1d81cf9db034f49a0ded046ed2a707a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:3e:35:31:b8:36:61:34:21:e8:57:c8:ec:e4:
                    6c:d8:8f:7e:0d:84:e2:43:d4:04:ba:71:9a:5f:87:
                    10:f7:ca:2e:dc:d1:31:c9:23:39:88:f1:10:aa:e3:
                    31:93:e7:03:34:c7:c2:6f:3f:29:8a:8d:17:5a:3c:
                    e2:36:c0:e5:4a:14:fa:e4:2b:18:76:0e:a6:1a:d7:
                    e6:85:08:30:ce:d7:12:53:ee:6a:f3:9f:33:8e:e2:
                    f5:23:3a:99:37:ca:44:45:c5:cf:31:9c:a9:5d:a8:
                    33:5d:35:ac:57:9f:08:e5:2c:56:0c:7d:69:b3:1b:
                    5f:4d:22:2f:87:e8:68:bc:1d:46:f6:29:17:3f:ef:
                    30:52:55:b6:5f:d0:92:b1:5a:01:d2:ca:3e:91:c5:
                    ee:88:68:8f:6c:12:bb:2b:63:26:2d:a4:25:14:bb:
                    cc:52:2d:6c:af:41:04:9e:58:bf:09:4e:80:61:39:
                    71:9e:d9:12:2a:5e:c8:c5:48:30:56:ad:a5:82:50:
                    04:11:bf:d8:77:4e:29:c5:f6:72:35:11:5d:6d:65:
                    0e:17:ee:66:d4:db:34:0d:71:e0:c1:0b:ca:b0:c2:
                    87:76:7e:0f:55:16:48:d7:08:75:73:cf:b6:94:56:
                    1b:9f:78:22:f4:54:1d:0e:8c:95:ce:2a:a2:b8:56:
                    14:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:71:DD:50:A1:D8:1C:F9:DB:03:4F:49:A0:DE:D0:46:ED:2A:70:7A
            X509v3 Authority Key Identifier:
                keyid:0F:10:7E:AC:DD:0D:D2:E6:16:9D:0F:D3:13:03:F6:C8:B0:30:4B:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DxB-rN0N0uYWnQ_TEwP2yLAwS2Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/97e463-3519-40df-bebc-4ebc0cffaa1d/1/6HHdUKHYHPnbA09JoN7QRu0qcHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/97e463-3519-40df-bebc-4ebc0cffaa1d/1/DxB-rN0N0uYWnQ_TEwP2yLAwS2Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:ef47::/32

    Signature Algorithm: sha256WithRSAEncryption
         95:3d:a9:5c:25:88:04:b2:ce:94:cf:a7:be:72:ec:16:99:22:
         4d:3e:ae:cf:63:bd:b8:89:dc:db:41:91:99:d8:4c:61:39:3f:
         6b:92:04:14:21:e5:29:1c:b5:99:a3:2f:f3:d0:ac:e2:16:92:
         c6:02:24:fc:94:cc:63:57:49:66:2a:81:c6:b8:59:67:cf:f4:
         43:5c:27:ce:24:ef:58:26:b1:a9:11:b9:c8:46:8e:e1:6b:73:
         fc:2d:a6:7a:c1:90:4c:39:4d:c9:a1:06:35:c2:38:5e:56:8d:
         79:fd:76:fd:6c:49:d5:5e:77:f8:ab:a1:35:3d:c3:43:08:84:
         59:33:70:e2:23:ce:a8:4b:70:90:a9:f9:5d:6d:05:80:ff:44:
         b4:59:dc:4a:84:9e:a5:0b:6f:75:b9:02:19:8e:52:64:f5:47:
         d1:a7:fe:d7:06:1e:ac:e1:c2:17:2a:26:78:e0:99:10:88:a2:
         70:6b:d9:df:c1:39:63:14:67:7d:2e:24:7a:d9:21:0c:98:f1:
         44:20:5d:b7:a3:27:ee:b6:90:04:d3:9b:a5:6d:88:45:0e:86:
         96:da:dc:f4:17:5a:c8:07:b9:a1:ae:ef:7c:16:9f:44:a7:11:
         ee:fe:c3:cd:f9:1a:e1:0a:82:6f:9a:4e:fe:4a:27:4f:84:fc:
         c2:28:38:a6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzLUzlYn1ljWCobmXANWuMPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmMTA3ZWFjZGQwZGQyZTYxNjlkMGZkMzEzMDNmNmM4YjAz
MDRiNjYwHhcNMjQwMTAyMTc1NzU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODcxZGQ1MGExZDgxY2Y5ZGIwMzRmNDlhMGRlZDA0NmVkMmE3MDdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiz41Mbg2YTQh6FfI7ORs2I9+DYTi
Q9QEunGaX4cQ98ou3NExySM5iPEQquMxk+cDNMfCbz8pio0XWjziNsDlShT65CsY
dg6mGtfmhQgwztcSU+5q858zjuL1IzqZN8pERcXPMZypXagzXTWsV58I5SxWDH1p
sxtfTSIvh+hovB1G9ikXP+8wUlW2X9CSsVoB0so+kcXuiGiPbBK7K2MmLaQlFLvM
Ui1sr0EEnli/CU6AYTlxntkSKl7IxUgwVq2lglAEEb/Yd04pxfZyNRFdbWUOF+5m
1Ns0DXHgwQvKsMKHdn4PVRZI1wh1c8+2lFYbn3gi9FQdDoyVziqiuFYU0QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOhx3VCh2Bz52wNPSaDe0EbtKnB6MB8GA1UdIwQY
MBaAFA8QfqzdDdLmFp0P0xMD9siwMEtmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHhCLXJOME4wdVlXblFfVEV3UDJ5TEF3UzJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi85N2U0NjMtMzUxOS00MGRmLWJlYmMt
NGViYzBjZmZhYTFkLzEvNkhIZFVLSFlIUG5iQTA5Sm9ON1FSdTBxY0hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi85N2U0NjMtMzUxOS00MGRmLWJlYmMtNGViYzBjZmZhYTFk
LzEvRHhCLXJOME4wdVlXblFfVEV3UDJ5TEF3UzJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhPvRzAN
BgkqhkiG9w0BAQsFAAOCAQEAlT2pXCWIBLLOlM+nvnLsFpkiTT6uz2O9uInc20GR
mdhMYTk/a5IEFCHlKRy1maMv89Cs4haSxgIk/JTMY1dJZiqBxrhZZ8/0Q1wnziTv
WCaxqRG5yEaO4Wtz/C2mesGQTDlNyaEGNcI4XlaNef12/WxJ1V53+KuhNT3DQwiE
WTNw4iPOqEtwkKn5XW0FgP9EtFncSoSepQtvdbkCGY5SZPVH0af+1wYerOHCFyom
eOCZEIiicGvZ38E5YxRnfS4ketkhDJjxRCBdt6Mn7raQBNObpW2IRQ6Gltrc9Bda
yAe5oa7vfBafRKcR7v7Dzfka4QqCb5pO/konT4T8wig4pg==
-----END CERTIFICATE-----