Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/NjU6E2GjKMifiwQvRwMGney7f2I.roa
File:                     NjU6E2GjKMifiwQvRwMGney7f2I.roa (raw, json)
Hash identifier:          qYmW97zWwGVcp75TCfkQ97lAtCCTY1LDL+IUA1O4GkA=
Subject key identifier:   36:35:3A:13:61:A3:28:C8:9F:8B:04:2F:47:03:06:9D:EC:BB:7F:62
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       018CC871497C73A2AD4942DAC834F9EFAB81
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/NjU6E2GjKMifiwQvRwMGney7f2I.roa
Signing time:             Tue 02 Jan 2024 04:31:56 +0000
ROA not before:           Tue 02 Jan 2024 04:31:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202044
IP address blocks:        2a13:1880::/31 maxlen: 31
                          2a13:1884::/31 maxlen: 31
                          2a13:1886::/31 maxlen: 31
                          2a13:1882::/31 maxlen: 31

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:49:7c:73:a2:ad:49:42:da:c8:34:f9:ef:ab:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Jan  2 04:31:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36353a1361a328c89f8b042f4703069decbb7f62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ad:84:7e:17:9c:e4:c9:e4:a6:56:43:19:ca:
                    f5:dc:b8:2a:ba:cb:a6:ca:fe:55:09:e4:7b:a3:04:
                    82:98:63:a7:d8:51:c9:14:b3:4c:40:a5:e0:7c:a0:
                    73:2f:08:49:4c:e3:5b:5c:fe:82:a7:bb:77:4f:6e:
                    83:cd:d7:d6:2c:dd:38:87:a7:95:79:63:9e:e5:8a:
                    24:6b:ab:0c:f0:5d:88:bd:d1:6d:63:28:b0:68:c2:
                    02:ea:c0:5c:93:4e:ad:03:21:e6:8a:20:a7:99:8b:
                    2a:3c:8d:d4:82:06:95:21:3f:d1:43:ee:a1:fa:ab:
                    08:2e:97:95:e8:69:9e:e0:f7:02:bd:5a:5c:1b:60:
                    b2:a6:6c:23:83:2f:e7:05:f1:98:d4:7d:22:e0:37:
                    35:6d:07:fc:e8:39:e0:42:23:2c:60:27:6c:ff:5b:
                    ca:fa:92:0c:3a:81:c7:3f:cc:d8:49:2b:f6:16:f4:
                    6b:9b:10:62:64:a6:15:8b:51:7c:5c:41:22:a8:2d:
                    60:be:46:34:bb:b0:19:6c:81:04:14:86:26:2e:90:
                    eb:61:35:93:7b:8e:d6:0f:ce:ee:c7:70:02:fa:2a:
                    0b:4d:09:83:5b:aa:68:79:a7:5c:6a:5f:a8:a8:f3:
                    86:34:f6:bc:f3:46:d5:fd:6f:b0:9b:97:af:a4:48:
                    67:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:35:3A:13:61:A3:28:C8:9F:8B:04:2F:47:03:06:9D:EC:BB:7F:62
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/NjU6E2GjKMifiwQvRwMGney7f2I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:1880::/29

    Signature Algorithm: sha256WithRSAEncryption
         2c:ef:7e:ec:02:5e:b5:d0:1c:95:c9:5b:40:2f:f7:c1:bd:8a:
         28:48:41:2f:04:2d:98:1e:17:d0:a0:cb:cf:0a:df:b0:89:11:
         61:b0:ef:0a:fe:42:c9:cd:7a:d3:f8:82:b3:1b:8a:fd:ff:38:
         e2:83:c0:cc:64:be:c2:f2:84:23:3f:8c:8d:66:e0:54:bc:43:
         6e:2c:39:e7:ef:dc:9c:f4:af:c8:b4:95:a7:47:be:c5:4e:54:
         4b:d2:58:90:6d:6f:03:c7:ba:bd:b4:2c:09:44:91:6e:67:d0:
         a5:d8:b3:3b:3d:5e:e4:8a:c8:f8:e8:69:56:ee:ee:93:3a:70:
         9f:01:1b:1e:ca:ce:b7:fe:4f:6a:46:74:83:8e:d3:e6:20:54:
         04:75:b7:37:36:4f:fb:34:11:a6:fe:33:e2:93:78:47:fc:4d:
         5c:56:4f:a6:dd:d2:ce:36:0f:81:64:5b:6d:7b:2b:03:cb:6b:
         36:d4:68:c6:7e:63:75:f1:f7:55:cc:4c:54:5a:67:62:fb:d4:
         ef:36:4c:7d:7d:d8:59:c4:66:5c:0c:fb:62:68:a6:fa:bc:a1:
         57:76:22:1c:9a:5d:32:96:75:0f:28:05:14:11:9a:9d:6e:9c:
         95:29:d8:c4:d5:f5:e8:0a:73:3e:b5:e4:b4:b9:93:29:14:48:
         df:e3:5f:22
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzIcUl8c6KtSULayDT576uBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjQwMTAyMDQzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjM1M2ExMzYxYTMyOGM4OWY4YjA0MmY0NzAzMDY5ZGVjYmI3ZjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsa2Efhec5MnkplZDGcr13Lgqusum
yv5VCeR7owSCmGOn2FHJFLNMQKXgfKBzLwhJTONbXP6Cp7t3T26DzdfWLN04h6eV
eWOe5Yoka6sM8F2IvdFtYyiwaMIC6sBck06tAyHmiiCnmYsqPI3UggaVIT/RQ+6h
+qsILpeV6Gme4PcCvVpcG2Cypmwjgy/nBfGY1H0i4Dc1bQf86DngQiMsYCds/1vK
+pIMOoHHP8zYSSv2FvRrmxBiZKYVi1F8XEEiqC1gvkY0u7AZbIEEFIYmLpDrYTWT
e47WD87ux3AC+ioLTQmDW6poeadcal+oqPOGNPa880bV/W+wm5evpEhnbQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDY1OhNhoyjIn4sEL0cDBp3su39iMB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvTmpVNkUyR2pLTWlmaXdRdlJ3TUduZXk3ZjJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhMYgDAN
BgkqhkiG9w0BAQsFAAOCAQEALO9+7AJetdAclclbQC/3wb2KKEhBLwQtmB4X0KDL
zwrfsIkRYbDvCv5Cyc160/iCsxuK/f844oPAzGS+wvKEIz+MjWbgVLxDbiw55+/c
nPSvyLSVp0e+xU5US9JYkG1vA8e6vbQsCUSRbmfQpdizOz1e5IrI+OhpVu7ukzpw
nwEbHsrOt/5PakZ0g47T5iBUBHW3NzZP+zQRpv4z4pN4R/xNXFZPpt3SzjYPgWRb
bXsrA8trNtRoxn5jdfH3VcxMVFpnYvvU7zZMfX3YWcRmXAz7Ymim+ryhV3YiHJpd
MpZ1DygFFBGanW6clSnYxNX16ApzPrXktLmTKRRI3+NfIg==
-----END CERTIFICATE-----