Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/3b11de-900f-4378-84eb-7870c645e219/1/rhQc5qUM2MDBH4p36Kio4nVEz6k.roa
File:                     rhQc5qUM2MDBH4p36Kio4nVEz6k.roa (raw, json)
Hash identifier:          awMdOXUFz2DrxlzCVZjnG6myrcErsUVUML7kWjxlY24=
Subject key identifier:   AE:14:1C:E6:A5:0C:D8:C0:C1:1F:8A:77:E8:A8:A8:E2:75:44:CF:A9
Certificate issuer:       /CN=8f1cb9737524c437f6fa7521176bb0ab71fbee63
Certificate serial:       01941F8C865D1DC3FA440F440530BB20AB21
Authority key identifier: 8F:1C:B9:73:75:24:C4:37:F6:FA:75:21:17:6B:B0:AB:71:FB:EE:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jxy5c3UkxDf2-nUhF2uwq3H77mM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5e/3b11de-900f-4378-84eb-7870c645e219/1/rhQc5qUM2MDBH4p36Kio4nVEz6k.roa
Signing time:             Wed 01 Jan 2025 01:48:10 +0000
ROA not before:           Wed 01 Jan 2025 01:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60021
IP address blocks:        2a13:96c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5e/3b11de-900f-4378-84eb-7870c645e219/1/jxy5c3UkxDf2-nUhF2uwq3H77mM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5e/3b11de-900f-4378-84eb-7870c645e219/1/jxy5c3UkxDf2-nUhF2uwq3H77mM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jxy5c3UkxDf2-nUhF2uwq3H77mM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:86:5d:1d:c3:fa:44:0f:44:05:30:bb:20:ab:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f1cb9737524c437f6fa7521176bb0ab71fbee63
        Validity
            Not Before: Jan  1 01:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ae141ce6a50cd8c0c11f8a77e8a8a8e27544cfa9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:68:44:a9:25:1f:56:b2:93:1b:96:e9:b7:9c:
                    ca:eb:b1:dc:4a:ea:9b:ce:01:41:cd:f8:2a:07:ad:
                    1d:65:de:e9:e4:f3:80:25:e8:eb:20:d0:2c:6f:7a:
                    5e:9f:af:50:2b:7f:a2:56:d2:10:f7:98:7e:7a:c6:
                    bf:49:17:f5:93:5e:d9:99:12:23:c7:7c:16:53:8b:
                    dc:cb:07:7f:41:e9:f7:47:21:bc:e5:b8:d5:8e:4c:
                    e1:8f:56:74:b8:22:00:dd:43:c4:63:8e:ac:0d:60:
                    cd:f2:89:f9:65:46:e4:26:ff:16:f2:d0:85:8e:3e:
                    dd:06:0b:d1:aa:0f:b6:94:09:5a:fb:0a:25:10:9b:
                    b2:0d:18:dd:b6:6d:7f:15:77:8d:4d:7a:3e:6c:ef:
                    be:3e:4b:0f:bc:96:5c:3f:64:06:03:60:4c:f8:09:
                    a0:28:53:8c:c9:ab:17:e0:c1:7a:ef:55:79:85:37:
                    3f:0e:7f:9c:e3:42:4f:e7:a6:72:dc:dc:6e:de:13:
                    77:8b:99:ab:1d:cc:7a:80:f3:05:e9:e1:81:79:56:
                    4c:65:b9:b9:d4:0b:f6:7b:d1:6c:1a:c2:36:3d:0b:
                    91:61:b1:0f:0c:b4:a1:60:c7:fd:cd:55:c2:c5:c0:
                    48:87:37:f5:c9:cf:e2:82:f5:40:3e:c4:6c:6b:d8:
                    35:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:14:1C:E6:A5:0C:D8:C0:C1:1F:8A:77:E8:A8:A8:E2:75:44:CF:A9
            X509v3 Authority Key Identifier:
                keyid:8F:1C:B9:73:75:24:C4:37:F6:FA:75:21:17:6B:B0:AB:71:FB:EE:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jxy5c3UkxDf2-nUhF2uwq3H77mM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/3b11de-900f-4378-84eb-7870c645e219/1/rhQc5qUM2MDBH4p36Kio4nVEz6k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/3b11de-900f-4378-84eb-7870c645e219/1/jxy5c3UkxDf2-nUhF2uwq3H77mM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:96c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         14:2d:ab:4c:0e:19:e1:5f:e4:cb:a5:75:3a:a7:e5:de:fd:cd:
         5a:e4:57:8d:e8:b1:60:8f:a7:a5:96:f2:2d:f5:ed:54:01:61:
         50:c3:9e:19:90:b5:b1:45:fe:39:ca:5d:ef:54:59:98:63:b8:
         23:8f:b8:ca:be:0b:36:f6:bc:f1:a5:69:21:dd:e6:22:7b:dc:
         df:53:03:4b:90:b0:4f:69:07:8a:3d:02:b8:bb:76:d8:59:1a:
         3f:02:d3:bf:d4:7b:73:88:34:a4:91:c1:53:20:c1:87:bb:bc:
         86:57:59:dc:93:ab:9d:54:b6:ab:52:9f:8f:f3:7d:e3:fd:a1:
         db:28:61:f9:68:04:59:90:5f:8b:c8:6f:9e:d3:f5:35:fe:40:
         51:1e:ef:d0:c2:6b:4f:0e:04:65:8f:ff:f8:f7:61:00:e2:c3:
         54:40:66:7d:0a:16:7a:14:b9:4a:9c:38:02:02:de:22:70:d3:
         69:b1:ec:7e:4f:64:cd:eb:74:7b:5c:b0:20:af:13:90:ed:27:
         d3:a6:9c:70:af:b6:b7:fb:9d:95:77:74:7c:14:eb:b2:19:d3:
         b0:7c:b9:24:f6:8a:77:06:fe:05:c7:ff:03:89:b1:f5:0f:50:
         ee:a6:d9:27:d7:c9:25:98:f7:51:15:d1:8c:e6:c6:de:66:e2:
         ed:e7:7d:b1
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQfjIZdHcP6RA9EBTC7IKshMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMWNiOTczNzUyNGM0MzdmNmZhNzUyMTE3NmJiMGFiNzFm
YmVlNjMwHhcNMjUwMTAxMDE0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTE0MWNlNmE1MGNkOGMwYzExZjhhNzdlOGE4YThlMjc1NDRjZmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA32hEqSUfVrKTG5bpt5zK67HcSuqb
zgFBzfgqB60dZd7p5POAJejrINAsb3pen69QK3+iVtIQ95h+esa/SRf1k17ZmRIj
x3wWU4vcywd/Qen3RyG85bjVjkzhj1Z0uCIA3UPEY46sDWDN8on5ZUbkJv8W8tCF
jj7dBgvRqg+2lAla+wolEJuyDRjdtm1/FXeNTXo+bO++PksPvJZcP2QGA2BM+Amg
KFOMyasX4MF671V5hTc/Dn+c40JP56Zy3Nxu3hN3i5mrHcx6gPMF6eGBeVZMZbm5
1Av2e9FsGsI2PQuRYbEPDLShYMf9zVXCxcBIhzf1yc/igvVAPsRsa9g1CwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFK4UHOalDNjAwR+Kd+ioqOJ1RM+pMB8GA1UdIwQY
MBaAFI8cuXN1JMQ39vp1IRdrsKtx++5jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanh5NWMzVWt4RGYyLW5VaEYydXdxM0g3N21NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS8zYjExZGUtOTAwZi00Mzc4LTg0ZWIt
Nzg3MGM2NDVlMjE5LzEvcmhRYzVxVU0yTURCSDRwMzZLaW80blZFejZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS8zYjExZGUtOTAwZi00Mzc4LTg0ZWItNzg3MGM2NDVlMjE5
LzEvanh5NWMzVWt4RGYyLW5VaEYydXdxM0g3N21NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhOWwDAN
BgkqhkiG9w0BAQsFAAOCAQEAFC2rTA4Z4V/ky6V1Oqfl3v3NWuRXjeixYI+npZby
LfXtVAFhUMOeGZC1sUX+Ocpd71RZmGO4I4+4yr4LNva88aVpId3mInvc31MDS5Cw
T2kHij0CuLt22FkaPwLTv9R7c4g0pJHBUyDBh7u8hldZ3JOrnVS2q1Kfj/N94/2h
2yhh+WgEWZBfi8hvntP1Nf5AUR7v0MJrTw4EZY//+PdhAOLDVEBmfQoWehS5Spw4
AgLeInDTabHsfk9kzet0e1ywIK8TkO0n06accK+2t/udlXd0fBTrshnTsHy5JPaK
dwb+Bcf/A4mx9Q9Q7qbZJ9fJJZj3URXRjObG3mbi7ed9sQ==
-----END CERTIFICATE-----