Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/FcXfTxFxWBdvphakfc-_9776o70.roa
File:                     FcXfTxFxWBdvphakfc-_9776o70.roa (raw, json)
Hash identifier:          Q6Evz6/w58rY6wpIzJ1/jfH2CUAhIfdS4zo5WUygnIk=
Subject key identifier:   15:C5:DF:4F:11:71:58:17:6F:A6:16:A4:7D:CF:BF:F7:BE:FA:A3:BD
Certificate issuer:       /CN=a4327c56e941171ea3beba26ebb9e23f4df5bcf3
Certificate serial:       018FC359F0E50FBFCD41C3FF8CCDBF44B16E
Authority key identifier: A4:32:7C:56:E9:41:17:1E:A3:BE:BA:26:EB:B9:E2:3F:4D:F5:BC:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pDJ8VulBFx6jvrom67niP031vPM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/FcXfTxFxWBdvphakfc-_9776o70.roa
Signing time:             Wed 29 May 2024 07:56:42 +0000
ROA not before:           Wed 29 May 2024 07:56:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2a13:cb42:8013::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/pDJ8VulBFx6jvrom67niP031vPM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/pDJ8VulBFx6jvrom67niP031vPM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pDJ8VulBFx6jvrom67niP031vPM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:c3:59:f0:e5:0f:bf:cd:41:c3:ff:8c:cd:bf:44:b1:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4327c56e941171ea3beba26ebb9e23f4df5bcf3
        Validity
            Not Before: May 29 07:56:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15c5df4f117158176fa616a47dcfbff7befaa3bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:d0:b5:c2:f7:0c:82:16:08:c3:1e:1f:6a:46:
                    e5:41:c1:9a:92:09:b3:8c:2d:b9:cb:36:5c:c8:da:
                    c8:85:b7:3a:17:2b:7d:e8:67:cf:d0:04:e2:85:57:
                    6b:94:bb:ea:cf:fe:78:72:80:92:c6:d5:17:1b:8b:
                    42:7f:d7:4c:57:b6:bc:82:78:30:2e:0a:1d:1b:5f:
                    61:19:6f:44:ff:4d:9f:8d:65:8a:fa:01:0d:c0:2e:
                    5a:2b:fa:a8:43:61:63:e6:9d:f8:36:b0:f3:19:6c:
                    12:c2:a0:f0:56:1f:8d:4a:78:a7:12:dc:32:48:32:
                    09:f3:3c:6c:9f:19:61:fe:c1:bc:46:82:7b:6f:e0:
                    01:d5:de:5f:6e:ee:51:85:f0:bb:5e:1d:a7:ce:d9:
                    97:0c:62:ed:84:2f:89:ab:f4:5a:35:f3:f5:90:9d:
                    9d:10:47:63:63:8a:04:3b:02:6c:c2:16:3a:89:84:
                    eb:78:fc:d9:af:62:61:bc:4f:cd:26:c2:ba:20:0c:
                    0b:8e:e2:55:02:ac:b5:5b:a2:48:24:41:90:e2:5f:
                    2f:41:7b:24:a6:f8:56:74:95:f5:62:82:d0:db:f1:
                    b1:d4:35:3b:47:04:65:04:de:a1:db:05:b0:46:8b:
                    6b:fe:68:85:2a:aa:6d:09:2b:a5:f7:da:9d:c5:bc:
                    9e:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:C5:DF:4F:11:71:58:17:6F:A6:16:A4:7D:CF:BF:F7:BE:FA:A3:BD
            X509v3 Authority Key Identifier:
                keyid:A4:32:7C:56:E9:41:17:1E:A3:BE:BA:26:EB:B9:E2:3F:4D:F5:BC:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pDJ8VulBFx6jvrom67niP031vPM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/FcXfTxFxWBdvphakfc-_9776o70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/9a4833-6da4-4dda-b7ab-28c343ce9d5d/1/pDJ8VulBFx6jvrom67niP031vPM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:cb42:8013::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:19:b3:40:5d:75:d8:09:27:39:10:03:fa:98:9c:f3:0a:60:
         8e:b2:07:33:e8:4f:80:02:e0:be:64:7c:42:57:88:19:56:e2:
         f8:2a:c9:56:e3:79:8e:0f:8c:0b:dc:f1:87:81:1d:9a:cd:44:
         c2:e0:b0:3c:f8:64:b1:2c:86:3f:4c:4c:92:6f:97:0d:90:9b:
         ac:2a:7f:4b:15:e5:93:2c:98:d1:f9:cd:68:0a:f4:ed:53:c0:
         ff:9f:32:2b:e9:4a:7d:be:1b:fb:09:2c:a5:c5:86:4f:73:0d:
         3b:67:8c:9c:c2:f8:72:a5:17:09:8e:1c:ee:c1:45:74:0c:8d:
         83:93:bb:e2:7d:c2:c5:a7:cf:68:a6:1a:54:d2:c2:d9:94:f7:
         2e:c5:77:0d:39:b1:06:42:24:56:02:8f:1a:a3:c3:ba:d3:95:
         04:48:cb:17:64:05:1a:f8:bd:79:ff:f4:b9:18:5b:df:33:4f:
         1e:47:4e:f4:2b:40:49:49:8e:25:8c:4e:1d:9b:03:5d:8d:d3:
         a2:75:fa:3e:59:84:ef:f8:c7:42:b6:c7:4e:e2:60:04:5b:fb:
         dc:2e:6f:38:31:77:17:0c:08:fd:b2:d2:f5:39:eb:30:48:69:
         7b:8c:0b:06:f3:ce:6e:95:42:1f:c2:83:77:54:27:d9:39:2c:
         b4:8a:32:65
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY/DWfDlD7/NQcP/jM2/RLFuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0MzI3YzU2ZTk0MTE3MWVhM2JlYmEyNmViYjllMjNmNGRm
NWJjZjMwHhcNMjQwNTI5MDc1NjQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWM1ZGY0ZjExNzE1ODE3NmZhNjE2YTQ3ZGNmYmZmN2JlZmFhM2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNC1wvcMghYIwx4fakblQcGakgmz
jC25yzZcyNrIhbc6Fyt96GfP0ATihVdrlLvqz/54coCSxtUXG4tCf9dMV7a8gngw
LgodG19hGW9E/02fjWWK+gENwC5aK/qoQ2Fj5p34NrDzGWwSwqDwVh+NSninEtwy
SDIJ8zxsnxlh/sG8RoJ7b+AB1d5fbu5RhfC7Xh2nztmXDGLthC+Jq/RaNfP1kJ2d
EEdjY4oEOwJswhY6iYTrePzZr2JhvE/NJsK6IAwLjuJVAqy1W6JIJEGQ4l8vQXsk
pvhWdJX1YoLQ2/Gx1DU7RwRlBN6h2wWwRotr/miFKqptCSul99qdxbyeBQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBXF308RcVgXb6YWpH3Pv/e++qO9MB8GA1UdIwQY
MBaAFKQyfFbpQRceo766Juu54j9N9bzzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcERKOFZ1bEJGeDZqdnJvbTY3bmlQMDMxdlBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS85YTQ4MzMtNmRhNC00ZGRhLWI3YWIt
MjhjMzQzY2U5ZDVkLzEvRmNYZlR4RnhXQmR2cGhha2ZjLV85Nzc2bzcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS85YTQ4MzMtNmRhNC00ZGRhLWI3YWItMjhjMzQzY2U5ZDVk
LzEvcERKOFZ1bEJGeDZqdnJvbTY3bmlQMDMxdlBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhPLQoAT
MA0GCSqGSIb3DQEBCwUAA4IBAQARGbNAXXXYCSc5EAP6mJzzCmCOsgcz6E+AAuC+
ZHxCV4gZVuL4KslW43mOD4wL3PGHgR2azUTC4LA8+GSxLIY/TEySb5cNkJusKn9L
FeWTLJjR+c1oCvTtU8D/nzIr6Up9vhv7CSylxYZPcw07Z4ycwvhypRcJjhzuwUV0
DI2Dk7vifcLFp89ophpU0sLZlPcuxXcNObEGQiRWAo8ao8O605UESMsXZAUa+L15
//S5GFvfM08eR070K0BJSY4ljE4dmwNdjdOidfo+WYTv+MdCtsdO4mAEW/vcLm84
MXcXDAj9stL1OeswSGl7jAsG885ulUIfwoN3VCfZOSy0ijJl
-----END CERTIFICATE-----