Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/d99fac-35dc-4f2c-8f95-f195223d03b3/1/ikxdhqADZGBPuTR3h49gphvr41E.roa
File:                     ikxdhqADZGBPuTR3h49gphvr41E.roa (raw, json)
Hash identifier:          crQ4eVW3u/IgVMXkpwgetqR3+LliJy7lZt83fT5ZXf8=
Subject key identifier:   8A:4C:5D:86:A0:03:64:60:4F:B9:34:77:87:8F:60:A6:1B:EB:E3:51
Certificate issuer:       /CN=7c29c2f5723f29ec5e0e793e73ab55b8a1c86ba9
Certificate serial:       018D59EAD99E3C0539DB6366E81C29B68DC1
Authority key identifier: 7C:29:C2:F5:72:3F:29:EC:5E:0E:79:3E:73:AB:55:B8:A1:C8:6B:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fCnC9XI_KexeDnk-c6tVuKHIa6k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/d99fac-35dc-4f2c-8f95-f195223d03b3/1/ikxdhqADZGBPuTR3h49gphvr41E.roa
Signing time:             Tue 30 Jan 2024 10:29:39 +0000
ROA not before:           Tue 30 Jan 2024 10:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57712
IP address blocks:        2a13:8e40:1000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/d99fac-35dc-4f2c-8f95-f195223d03b3/1/fCnC9XI_KexeDnk-c6tVuKHIa6k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/d99fac-35dc-4f2c-8f95-f195223d03b3/1/fCnC9XI_KexeDnk-c6tVuKHIa6k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fCnC9XI_KexeDnk-c6tVuKHIa6k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:59:ea:d9:9e:3c:05:39:db:63:66:e8:1c:29:b6:8d:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c29c2f5723f29ec5e0e793e73ab55b8a1c86ba9
        Validity
            Not Before: Jan 30 10:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a4c5d86a00364604fb93477878f60a61bebe351
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:70:91:40:44:0e:4f:a9:bd:d1:05:64:ac:17:
                    58:0c:9b:f2:dd:87:6e:47:02:f4:86:3e:c9:b4:33:
                    b5:78:cc:d0:a2:b1:13:fd:89:ca:b4:41:4b:31:b1:
                    aa:99:b0:5e:1e:44:b9:a9:56:28:b6:70:ca:a2:76:
                    b6:3d:80:65:30:2f:4e:ab:24:75:00:0e:d0:e9:fd:
                    78:46:42:72:6d:04:c9:29:fc:91:04:8a:da:4d:7e:
                    1d:46:d6:0c:92:d9:8f:d9:61:7f:77:6f:e1:d2:af:
                    a4:26:01:e5:e7:a2:77:8f:14:1c:a5:f1:e1:da:b8:
                    e5:3a:73:9a:2e:9b:76:3b:98:3f:d4:cd:93:be:f7:
                    e5:5e:a8:24:fa:c6:b1:e3:75:67:05:04:52:ce:80:
                    21:a1:5d:fb:74:c8:57:48:a4:5f:f6:77:5b:0d:52:
                    2a:92:7d:80:26:e5:10:5f:4d:22:af:23:91:a7:0b:
                    ef:e7:4d:69:3f:47:87:13:01:05:13:2a:86:8f:e0:
                    4a:1f:34:30:76:83:ab:be:1f:5a:8d:b2:0d:5f:5e:
                    6b:86:8c:85:bd:3a:df:96:27:94:dd:60:4d:82:ae:
                    8b:b8:86:63:1b:c6:58:ea:a5:90:bb:e5:44:05:16:
                    29:15:68:56:f4:b0:57:26:87:64:9a:01:97:5f:83:
                    55:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:4C:5D:86:A0:03:64:60:4F:B9:34:77:87:8F:60:A6:1B:EB:E3:51
            X509v3 Authority Key Identifier:
                keyid:7C:29:C2:F5:72:3F:29:EC:5E:0E:79:3E:73:AB:55:B8:A1:C8:6B:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fCnC9XI_KexeDnk-c6tVuKHIa6k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/d99fac-35dc-4f2c-8f95-f195223d03b3/1/ikxdhqADZGBPuTR3h49gphvr41E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/d99fac-35dc-4f2c-8f95-f195223d03b3/1/fCnC9XI_KexeDnk-c6tVuKHIa6k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:8e40:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         a9:b9:63:47:71:39:ba:87:02:85:a4:37:f6:16:93:6e:d6:52:
         35:b8:4e:d4:e7:e0:b6:71:03:67:17:58:96:32:e8:c9:1d:b9:
         01:d6:92:da:49:89:31:8c:37:0a:73:03:c8:ec:1b:77:f0:d1:
         5b:96:48:89:ee:89:b8:b4:1e:e5:5f:7d:8a:00:ef:ed:49:3d:
         e2:2e:c6:47:4b:d2:0c:e6:74:fd:f9:ad:a1:88:07:b9:8b:1c:
         d5:fd:c0:75:d2:f2:20:5f:d0:84:8b:65:49:dd:71:18:67:94:
         31:64:41:4c:3a:d2:ff:a4:cd:e8:29:97:8d:27:b6:2b:bd:f8:
         bb:c6:a7:ef:42:c1:85:65:15:67:3e:c9:2d:2a:46:0b:e3:b4:
         c2:0f:1d:50:d8:24:a6:86:ad:6d:06:70:85:91:12:b6:0c:c5:
         70:82:fb:1e:05:d2:f2:cd:54:ca:7e:7f:e9:57:65:3c:6c:d8:
         f7:b0:96:27:05:a6:d0:df:4c:2b:d0:39:68:26:bc:86:8b:00:
         09:d0:79:e8:6b:a7:8d:9c:6d:d1:4a:2e:ac:7c:58:1c:22:c8:
         b0:1a:ab:df:3e:d5:9f:83:95:bb:72:7c:05:28:ba:d4:40:2b:
         b1:90:f4:43:f6:ba:75:f7:e5:39:c1:d0:b5:18:04:d2:be:74:
         a8:b3:14:a8
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY1Z6tmePAU522Nm6Bwpto3BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjMjljMmY1NzIzZjI5ZWM1ZTBlNzkzZTczYWI1NWI4YTFj
ODZiYTkwHhcNMjQwMTMwMTAyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTRjNWQ4NmEwMDM2NDYwNGZiOTM0Nzc4NzhmNjBhNjFiZWJlMzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiHCRQEQOT6m90QVkrBdYDJvy3Ydu
RwL0hj7JtDO1eMzQorET/YnKtEFLMbGqmbBeHkS5qVYotnDKona2PYBlMC9OqyR1
AA7Q6f14RkJybQTJKfyRBIraTX4dRtYMktmP2WF/d2/h0q+kJgHl56J3jxQcpfHh
2rjlOnOaLpt2O5g/1M2TvvflXqgk+sax43VnBQRSzoAhoV37dMhXSKRf9ndbDVIq
kn2AJuUQX00iryORpwvv501pP0eHEwEFEyqGj+BKHzQwdoOrvh9ajbINX15rhoyF
vTrflieU3WBNgq6LuIZjG8ZY6qWQu+VEBRYpFWhW9LBXJodkmgGXX4NV5QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIpMXYagA2RgT7k0d4ePYKYb6+NRMB8GA1UdIwQY
MBaAFHwpwvVyPynsXg55PnOrVbihyGupMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkNuQzlYSV9LZXhlRG5rLWM2dFZ1S0hJYTZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9kOTlmYWMtMzVkYy00ZjJjLThmOTUt
ZjE5NTIyM2QwM2IzLzEvaWt4ZGhxQURaR0JQdVRSM2g0OWdwaHZyNDFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9kOTlmYWMtMzVkYy00ZjJjLThmOTUtZjE5NTIyM2QwM2Iz
LzEvZkNuQzlYSV9LZXhlRG5rLWM2dFZ1S0hJYTZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhOOQBAw
DQYJKoZIhvcNAQELBQADggEBAKm5Y0dxObqHAoWkN/YWk27WUjW4TtTn4LZxA2cX
WJYy6MkduQHWktpJiTGMNwpzA8jsG3fw0VuWSInuibi0HuVffYoA7+1JPeIuxkdL
0gzmdP35raGIB7mLHNX9wHXS8iBf0ISLZUndcRhnlDFkQUw60v+kzegpl40ntiu9
+LvGp+9CwYVlFWc+yS0qRgvjtMIPHVDYJKaGrW0GcIWRErYMxXCC+x4F0vLNVMp+
f+lXZTxs2PewlicFptDfTCvQOWgmvIaLAAnQeehrp42cbdFKLqx8WBwiyLAaq98+
1Z+DlbtyfAUoutRAK7GQ9EP2unX35TnB0LUYBNK+dKizFKg=
-----END CERTIFICATE-----