Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/8c0c00-5fce-45cb-bbb7-01d9e9d31943/1/RCaErgrQ9kyeE_6EewwG82XLtXs.roa
File:                     RCaErgrQ9kyeE_6EewwG82XLtXs.roa (raw, json)
Hash identifier:          sUsO8UvO/7cpcYIWpa/xp0IGOXcwIhijsSjc2fHm5zU=
Subject key identifier:   44:26:84:AE:0A:D0:F6:4C:9E:13:FE:84:7B:0C:06:F3:65:CB:B5:7B
Certificate issuer:       /CN=cff5dc76eb6f814ed601568fdd2c8110edef8c17
Certificate serial:       018F9F15EB47B212C3F8425CA703832789D6
Authority key identifier: CF:F5:DC:76:EB:6F:81:4E:D6:01:56:8F:DD:2C:81:10:ED:EF:8C:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z_XcdutvgU7WAVaP3SyBEO3vjBc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/8c0c00-5fce-45cb-bbb7-01d9e9d31943/1/RCaErgrQ9kyeE_6EewwG82XLtXs.roa
Signing time:             Wed 22 May 2024 06:56:04 +0000
ROA not before:           Wed 22 May 2024 06:56:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215672
IP address blocks:        2a13:82c4:fc00::/40 maxlen: 48
                          2a13:82c4:fd00::/40 maxlen: 48
                          2a13:82c4:fe00::/40 maxlen: 48
                          2a13:82c4:ff00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/8c0c00-5fce-45cb-bbb7-01d9e9d31943/1/z_XcdutvgU7WAVaP3SyBEO3vjBc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/8c0c00-5fce-45cb-bbb7-01d9e9d31943/1/z_XcdutvgU7WAVaP3SyBEO3vjBc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z_XcdutvgU7WAVaP3SyBEO3vjBc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 21:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:9f:15:eb:47:b2:12:c3:f8:42:5c:a7:03:83:27:89:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cff5dc76eb6f814ed601568fdd2c8110edef8c17
        Validity
            Not Before: May 22 06:56:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=442684ae0ad0f64c9e13fe847b0c06f365cbb57b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:ae:64:69:78:41:d2:40:f8:f7:74:95:36:69:
                    86:6a:f7:02:71:94:db:b1:79:5c:ca:45:7f:e7:08:
                    b5:47:e5:ee:37:92:83:f4:e6:49:5d:08:c1:ec:5a:
                    0d:e2:82:dc:fc:22:72:47:aa:6b:1c:ab:0e:f9:64:
                    a8:e2:c2:63:41:bf:d9:02:2e:e8:6e:9a:70:c5:e0:
                    03:6e:c1:75:30:4b:4e:ff:0e:ce:ca:3f:9f:cc:84:
                    23:e0:67:3a:70:b1:7f:93:7a:a8:ac:97:e5:98:b4:
                    0e:b4:6d:d5:ee:ce:91:c0:3d:6a:d8:ec:18:79:39:
                    3f:03:ba:fd:95:ad:43:e0:32:46:02:4b:7d:e1:98:
                    51:9d:f5:2e:8e:f8:5b:5e:a0:71:c7:ad:48:b4:37:
                    34:fa:19:e4:c8:d9:20:aa:9b:1b:df:d2:6b:07:56:
                    db:8d:61:00:5d:7b:2f:16:13:fc:7a:60:52:7c:c0:
                    e2:b2:a8:c3:49:fc:86:b5:8b:33:84:2d:83:a5:d7:
                    db:4c:4b:56:92:c9:47:cc:c1:23:cc:20:9e:51:0b:
                    ab:bc:83:57:22:d9:67:72:16:d9:ab:a5:20:48:49:
                    ef:c2:0a:c0:de:78:ff:81:75:4b:5f:f1:4a:6c:5c:
                    47:bb:98:66:53:83:b1:a3:4d:7f:92:52:02:30:a9:
                    77:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:26:84:AE:0A:D0:F6:4C:9E:13:FE:84:7B:0C:06:F3:65:CB:B5:7B
            X509v3 Authority Key Identifier:
                keyid:CF:F5:DC:76:EB:6F:81:4E:D6:01:56:8F:DD:2C:81:10:ED:EF:8C:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z_XcdutvgU7WAVaP3SyBEO3vjBc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/8c0c00-5fce-45cb-bbb7-01d9e9d31943/1/RCaErgrQ9kyeE_6EewwG82XLtXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/8c0c00-5fce-45cb-bbb7-01d9e9d31943/1/z_XcdutvgU7WAVaP3SyBEO3vjBc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:82c4:fc00::/38

    Signature Algorithm: sha256WithRSAEncryption
         dc:6b:81:dc:64:c4:e3:6d:a9:ed:77:5f:59:19:4b:b6:32:e0:
         2d:1c:a3:64:83:de:bd:c3:81:8d:dd:fe:9e:2e:e0:69:69:cc:
         c9:c5:f9:e0:bc:53:04:d6:dd:2b:d5:23:75:15:09:fc:04:2f:
         27:e9:f9:0c:f0:92:eb:2a:ae:45:d6:c6:b9:a5:c6:e5:79:ab:
         67:10:18:a2:25:00:f1:c1:77:6d:f0:bb:b6:ed:11:88:48:23:
         86:83:8e:55:88:3f:c8:34:09:ec:e8:a0:fa:9b:71:1a:35:74:
         9f:e7:09:0f:be:12:ed:13:f0:f0:bd:72:cb:53:14:41:9d:ef:
         3f:bf:4d:aa:13:5e:48:bd:02:13:dd:06:fa:59:b1:c9:0e:37:
         1b:94:3a:5d:73:50:cf:44:82:30:82:f1:f9:eb:f4:be:e3:e4:
         99:66:ab:33:99:7e:d6:6b:97:8a:c2:d1:6b:4a:9c:b5:e0:b0:
         34:29:8a:c7:95:86:51:a4:5a:4e:0c:30:06:cc:3f:b4:14:e3:
         a7:8d:b6:33:64:97:21:86:54:c8:17:22:33:97:3a:26:6a:b3:
         cd:70:46:d4:af:a8:2e:77:54:68:9f:dc:72:76:3f:33:6e:95:
         df:3c:14:33:16:42:bd:58:ef:ef:11:0c:0d:26:81:0b:fb:10:
         58:ad:ea:d2
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY+fFetHshLD+EJcpwODJ4nWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmZjVkYzc2ZWI2ZjgxNGVkNjAxNTY4ZmRkMmM4MTEwZWRl
ZjhjMTcwHhcNMjQwNTIyMDY1NjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDI2ODRhZTBhZDBmNjRjOWUxM2ZlODQ3YjBjMDZmMzY1Y2JiNTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiK5kaXhB0kD493SVNmmGavcCcZTb
sXlcykV/5wi1R+XuN5KD9OZJXQjB7FoN4oLc/CJyR6prHKsO+WSo4sJjQb/ZAi7o
bppwxeADbsF1MEtO/w7Oyj+fzIQj4Gc6cLF/k3qorJflmLQOtG3V7s6RwD1q2OwY
eTk/A7r9la1D4DJGAkt94ZhRnfUujvhbXqBxx61ItDc0+hnkyNkgqpsb39JrB1bb
jWEAXXsvFhP8emBSfMDisqjDSfyGtYszhC2DpdfbTEtWkslHzMEjzCCeUQurvINX
ItlnchbZq6UgSEnvwgrA3nj/gXVLX/FKbFxHu5hmU4Oxo01/klICMKl3/QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFEQmhK4K0PZMnhP+hHsMBvNly7V7MB8GA1UdIwQY
MBaAFM/13Hbrb4FO1gFWj90sgRDt74wXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvel9YY2R1dHZnVTdXQVZhUDNTeUJFTzN2akJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny84YzBjMDAtNWZjZS00NWNiLWJiYjct
MDFkOWU5ZDMxOTQzLzEvUkNhRXJnclE5a3llRV82RWV3d0c4MlhMdFhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny84YzBjMDAtNWZjZS00NWNiLWJiYjctMDFkOWU5ZDMxOTQz
LzEvel9YY2R1dHZnVTdXQVZhUDNTeUJFTzN2akJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKhOCxPww
DQYJKoZIhvcNAQELBQADggEBANxrgdxkxONtqe13X1kZS7Yy4C0co2SD3r3DgY3d
/p4u4GlpzMnF+eC8UwTW3SvVI3UVCfwELyfp+QzwkusqrkXWxrmlxuV5q2cQGKIl
APHBd23wu7btEYhII4aDjlWIP8g0CezooPqbcRo1dJ/nCQ++Eu0T8PC9cstTFEGd
7z+/TaoTXki9AhPdBvpZsckONxuUOl1zUM9EgjCC8fnr9L7j5JlmqzOZftZrl4rC
0WtKnLXgsDQpiseVhlGkWk4MMAbMP7QU46eNtjNklyGGVMgXIjOXOiZqs81wRtSv
qC53VGif3HJ2PzNuld88FDMWQr1Y7+8RDA0mgQv7EFit6tI=
-----END CERTIFICATE-----