Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/8f2ad8-6a48-423c-be41-138a7117de36/1/C-xVAWonogCe9hR-gFCsuORZlu0.roa
File:                     C-xVAWonogCe9hR-gFCsuORZlu0.roa (raw, json)
Hash identifier:          oTUEmbElaXhqLv5RlpzLBmb+fHJr8yuDucHXNCnuqoo=
Subject key identifier:   0B:EC:55:01:6A:27:A2:00:9E:F6:14:7E:80:50:AC:B8:E4:59:96:ED
Certificate issuer:       /CN=8ef8c471e83b14fc6c6cc7cfc96c1ac3e3087eae
Certificate serial:       018CC49335D5F9CF99E40B678581F64CC7D6
Authority key identifier: 8E:F8:C4:71:E8:3B:14:FC:6C:6C:C7:CF:C9:6C:1A:C3:E3:08:7E:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jvjEceg7FPxsbMfPyWwaw-MIfq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/8f2ad8-6a48-423c-be41-138a7117de36/1/C-xVAWonogCe9hR-gFCsuORZlu0.roa
Signing time:             Mon 01 Jan 2024 10:30:31 +0000
ROA not before:           Mon 01 Jan 2024 10:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216238
IP address blocks:        2a13:f1c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/8f2ad8-6a48-423c-be41-138a7117de36/1/jvjEceg7FPxsbMfPyWwaw-MIfq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/8f2ad8-6a48-423c-be41-138a7117de36/1/jvjEceg7FPxsbMfPyWwaw-MIfq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jvjEceg7FPxsbMfPyWwaw-MIfq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:35:d5:f9:cf:99:e4:0b:67:85:81:f6:4c:c7:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ef8c471e83b14fc6c6cc7cfc96c1ac3e3087eae
        Validity
            Not Before: Jan  1 10:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0bec55016a27a2009ef6147e8050acb8e45996ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:d0:53:45:03:d5:31:6e:5e:c3:6c:b9:c1:3e:
                    33:2f:bf:96:ba:cd:88:05:3b:a6:6d:21:26:7e:fa:
                    32:14:24:64:d0:68:c6:b4:c4:fd:29:a5:c1:94:cd:
                    ef:e3:a3:2c:6f:5e:a9:6d:83:b8:9f:a4:55:bd:2d:
                    5f:bb:08:56:2f:9d:b1:6c:fb:a7:1c:05:0e:84:b3:
                    2d:48:2b:87:31:19:1d:b7:c2:58:02:9b:dd:8c:b1:
                    d9:ec:58:3a:38:56:16:0b:b1:ac:00:54:78:d3:f7:
                    a7:d6:6c:7c:8a:6f:94:4d:01:13:cd:07:06:b8:31:
                    51:60:3a:5d:bc:69:17:73:b2:af:ab:c6:55:a2:13:
                    e8:25:16:d0:5d:95:4a:ff:f9:9b:b5:fb:7b:13:ce:
                    1e:24:b1:d8:2d:e0:e9:e8:1c:c8:6c:02:fb:db:72:
                    c7:2b:17:fc:54:dd:96:21:e3:a4:c5:d2:a3:04:67:
                    92:ac:ca:e7:50:cf:5e:5c:64:d3:6c:4e:19:c4:af:
                    1b:62:fc:4c:8a:72:27:89:8d:b4:62:b2:0b:55:1e:
                    0f:96:ab:a8:70:8e:3e:23:50:ce:e9:3e:71:1d:cc:
                    36:6a:44:66:72:05:36:8c:98:07:80:b2:00:6b:01:
                    b8:97:11:d0:cf:8f:68:62:d2:b8:ce:20:e7:82:4d:
                    ba:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:EC:55:01:6A:27:A2:00:9E:F6:14:7E:80:50:AC:B8:E4:59:96:ED
            X509v3 Authority Key Identifier:
                keyid:8E:F8:C4:71:E8:3B:14:FC:6C:6C:C7:CF:C9:6C:1A:C3:E3:08:7E:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jvjEceg7FPxsbMfPyWwaw-MIfq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/8f2ad8-6a48-423c-be41-138a7117de36/1/C-xVAWonogCe9hR-gFCsuORZlu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/8f2ad8-6a48-423c-be41-138a7117de36/1/jvjEceg7FPxsbMfPyWwaw-MIfq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:f1c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         a1:ff:86:3d:9f:95:49:b5:65:82:16:e6:34:f9:30:1f:06:a5:
         40:5f:2c:05:51:31:bb:71:2f:d5:77:7e:0b:59:e1:99:9a:1f:
         a8:ce:2a:4c:b7:24:0c:30:25:bd:a3:9e:a7:3d:12:83:cc:ae:
         0e:84:d8:e7:99:6f:e7:f8:75:b0:bd:de:ef:13:49:92:b8:44:
         b3:7e:27:f3:82:1c:94:56:e2:1e:12:48:db:11:98:69:47:ca:
         a0:6e:01:42:28:d0:2e:22:87:82:97:cc:ab:35:ff:c5:15:18:
         f6:17:2c:a6:10:1e:eb:28:31:03:1b:e3:46:11:94:73:4f:6b:
         13:dc:e9:c0:eb:e1:0b:8b:e9:7f:02:ba:77:d2:01:5e:fa:20:
         dd:ac:5d:e8:4d:b0:45:73:e0:27:a9:2e:6b:11:90:86:7b:2d:
         4b:fe:b5:f9:3a:b7:c2:bd:38:26:70:5b:4b:81:4b:11:81:1f:
         d4:6a:e1:c3:5e:e2:16:41:22:2a:3d:66:5c:9b:92:8a:09:a8:
         05:2f:ed:83:a2:8e:92:3a:b9:64:03:23:57:22:ac:cd:be:33:
         da:d7:ad:17:41:e6:95:4e:62:d4:5a:c3:f0:c8:cd:7b:97:b6:
         26:e6:dc:54:d3:2e:cd:a3:a8:8b:c0:b4:2e:14:df:d8:8f:43:
         7a:44:58:c0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEkzXV+c+Z5AtnhYH2TMfWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlZjhjNDcxZTgzYjE0ZmM2YzZjYzdjZmM5NmMxYWMzZTMw
ODdlYWUwHhcNMjQwMTAxMTAzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmVjNTUwMTZhMjdhMjAwOWVmNjE0N2U4MDUwYWNiOGU0NTk5NmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmNBTRQPVMW5ew2y5wT4zL7+Wus2I
BTumbSEmfvoyFCRk0GjGtMT9KaXBlM3v46Msb16pbYO4n6RVvS1fuwhWL52xbPun
HAUOhLMtSCuHMRkdt8JYApvdjLHZ7Fg6OFYWC7GsAFR40/en1mx8im+UTQETzQcG
uDFRYDpdvGkXc7Kvq8ZVohPoJRbQXZVK//mbtft7E84eJLHYLeDp6BzIbAL723LH
Kxf8VN2WIeOkxdKjBGeSrMrnUM9eXGTTbE4ZxK8bYvxMinIniY20YrILVR4Plquo
cI4+I1DO6T5xHcw2akRmcgU2jJgHgLIAawG4lxHQz49oYtK4ziDngk262QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAvsVQFqJ6IAnvYUfoBQrLjkWZbtMB8GA1UdIwQY
MBaAFI74xHHoOxT8bGzHz8lsGsPjCH6uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanZqRWNlZzdGUHhzYk1mUHlXd2F3LU1JZnE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS84ZjJhZDgtNmE0OC00MjNjLWJlNDEt
MTM4YTcxMTdkZTM2LzEvQy14VkFXb25vZ0NlOWhSLWdGQ3N1T1JabHUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS84ZjJhZDgtNmE0OC00MjNjLWJlNDEtMTM4YTcxMTdkZTM2
LzEvanZqRWNlZzdGUHhzYk1mUHlXd2F3LU1JZnE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPxwDAN
BgkqhkiG9w0BAQsFAAOCAQEAof+GPZ+VSbVlghbmNPkwHwalQF8sBVExu3Ev1Xd+
C1nhmZofqM4qTLckDDAlvaOepz0Sg8yuDoTY55lv5/h1sL3e7xNJkrhEs34n84Ic
lFbiHhJI2xGYaUfKoG4BQijQLiKHgpfMqzX/xRUY9hcsphAe6ygxAxvjRhGUc09r
E9zpwOvhC4vpfwK6d9IBXvog3axd6E2wRXPgJ6kuaxGQhnstS/61+Tq3wr04JnBb
S4FLEYEf1Grhw17iFkEiKj1mXJuSigmoBS/tg6KOkjq5ZAMjVyKszb4z2tetF0Hm
lU5i1FrD8MjNe5e2JubcVNMuzaOoi8C0LhTf2I9DekRYwA==
-----END CERTIFICATE-----