Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/ETym3QMMYsA6NHfS5rhEm6mRrmQ.roa
File:                     ETym3QMMYsA6NHfS5rhEm6mRrmQ.roa (raw, json)
Hash identifier:          2Lae7QETOfsKK2be8B8VQ+bXSaJLtFR8xlNUI9hM0rc=
Subject key identifier:   11:3C:A6:DD:03:0C:62:C0:3A:34:77:D2:E6:B8:44:9B:A9:91:AE:64
Certificate issuer:       /CN=5524b2e26dd3afcc5c1eac01f90263d201fbe099
Certificate serial:       01905EF7D461E82C8AE9261D5DE97E907088
Authority key identifier: 55:24:B2:E2:6D:D3:AF:CC:5C:1E:AC:01:F9:02:63:D2:01:FB:E0:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/ETym3QMMYsA6NHfS5rhEm6mRrmQ.roa
Signing time:             Fri 28 Jun 2024 13:10:18 +0000
ROA not before:           Fri 28 Jun 2024 13:10:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215568
IP address blocks:        2a13:cd40::/29 maxlen: 30
                          2a13:d840::/29 maxlen: 29
                          2a13:e140::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jul 2024 20:41:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:5e:f7:d4:61:e8:2c:8a:e9:26:1d:5d:e9:7e:90:70:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5524b2e26dd3afcc5c1eac01f90263d201fbe099
        Validity
            Not Before: Jun 28 13:10:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=113ca6dd030c62c03a3477d2e6b8449ba991ae64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:14:ea:bb:12:ec:ce:50:dd:66:c1:a3:c4:b6:
                    b4:7e:33:17:74:5a:92:eb:af:f8:56:fd:b1:a6:c2:
                    e2:ef:18:3d:ed:76:57:b6:a9:17:d0:53:3f:ae:b5:
                    0c:82:d2:49:99:f4:9f:99:40:bb:5c:f3:5b:31:1c:
                    d6:fc:83:7e:35:d3:51:fa:4b:31:2e:fe:4c:e6:be:
                    4d:eb:3d:26:13:90:6e:52:69:08:55:73:31:8c:eb:
                    12:83:e2:63:54:c8:96:ac:da:97:fb:6c:a3:92:1c:
                    ab:88:c1:a5:1f:2e:ce:4a:6d:da:29:5c:60:ad:b6:
                    24:25:92:31:2d:a5:78:03:e4:86:eb:08:af:70:27:
                    f8:54:aa:75:81:c1:3c:b9:06:b2:64:68:d7:03:4b:
                    66:99:0c:a0:d7:43:47:a9:f7:5c:e5:f4:13:47:9e:
                    ba:6b:24:ea:79:a7:2f:81:c8:06:bf:8c:9e:70:2b:
                    f3:30:b3:db:f0:57:10:8d:d7:90:8b:38:08:8d:22:
                    b3:ba:f7:28:e5:e6:38:bc:9f:3e:01:bd:90:73:f2:
                    a2:48:7a:5c:76:42:ab:f6:d5:1a:18:ae:0e:dd:f6:
                    93:ae:3b:16:e4:8b:5d:0b:41:81:69:45:2c:8c:82:
                    0c:f6:8b:8e:19:4c:f5:1a:58:43:a4:48:55:a4:0c:
                    51:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:3C:A6:DD:03:0C:62:C0:3A:34:77:D2:E6:B8:44:9B:A9:91:AE:64
            X509v3 Authority Key Identifier:
                keyid:55:24:B2:E2:6D:D3:AF:CC:5C:1E:AC:01:F9:02:63:D2:01:FB:E0:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/ETym3QMMYsA6NHfS5rhEm6mRrmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/143392-d868-4a26-8543-3aa2227badfe/1/VSSy4m3Tr8xcHqwB-QJj0gH74Jk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:cd40::/29
                  2a13:d840::/29
                  2a13:e140::/29

    Signature Algorithm: sha256WithRSAEncryption
         2a:59:35:8e:91:87:e0:49:c0:af:ee:72:60:19:df:52:ba:61:
         5f:d4:bb:e9:9b:85:e4:a4:58:14:2c:7b:4b:d9:a7:e9:6a:9e:
         bd:a3:41:76:59:fa:8e:08:6b:cb:7f:2e:90:c7:a0:a2:22:bd:
         ca:a5:92:56:63:a3:de:c8:b9:6b:87:75:f3:79:d2:0c:a3:d2:
         e5:94:df:24:10:67:77:03:6c:26:16:32:2e:f8:fa:a9:9b:85:
         72:fb:28:52:11:83:7c:16:92:9f:a6:d0:fe:56:7b:82:a4:f0:
         c7:2f:49:3b:ef:38:e8:ac:64:44:7f:b4:18:7f:43:35:75:8f:
         e0:c0:b0:9c:53:82:11:22:e0:3a:91:be:2e:7e:75:37:97:ca:
         62:ab:cc:eb:2c:a5:03:d7:97:23:18:ab:ef:b7:20:10:67:9c:
         25:8b:fc:2f:e4:b8:93:2f:3e:18:6a:8a:b1:3b:e6:71:74:5f:
         92:e1:d1:51:3e:43:d3:bc:e0:a2:d4:d2:9f:96:20:54:1f:19:
         15:39:ff:1d:06:24:ae:a6:ac:ed:98:0d:dc:81:85:77:ae:40:
         fb:9a:1e:6f:a6:23:43:56:18:ee:58:5b:2d:3c:6b:b3:57:d2:
         e5:1b:49:d9:94:7c:7c:c0:be:63:29:9d:46:7e:83:4e:c6:61:
         71:da:51:40
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZBe99Rh6CyK6SYdXel+kHCIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1MjRiMmUyNmRkM2FmY2M1YzFlYWMwMWY5MDI2M2QyMDFm
YmUwOTkwHhcNMjQwNjI4MTMxMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTNjYTZkZDAzMGM2MmMwM2EzNDc3ZDJlNmI4NDQ5YmE5OTFhZTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzBTquxLszlDdZsGjxLa0fjMXdFqS
66/4Vv2xpsLi7xg97XZXtqkX0FM/rrUMgtJJmfSfmUC7XPNbMRzW/IN+NdNR+ksx
Lv5M5r5N6z0mE5BuUmkIVXMxjOsSg+JjVMiWrNqX+2yjkhyriMGlHy7OSm3aKVxg
rbYkJZIxLaV4A+SG6wivcCf4VKp1gcE8uQayZGjXA0tmmQyg10NHqfdc5fQTR566
ayTqeacvgcgGv4yecCvzMLPb8FcQjdeQizgIjSKzuvco5eY4vJ8+Ab2Qc/KiSHpc
dkKr9tUaGK4O3faTrjsW5ItdC0GBaUUsjIIM9ouOGUz1GlhDpEhVpAxRvwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBE8pt0DDGLAOjR30ua4RJupka5kMB8GA1UdIwQY
MBaAFFUksuJt06/MXB6sAfkCY9IB++CZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlNTeTRtM1RyOHhjSHF3Qi1RSmowZ0g3NEprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS8xNDMzOTItZDg2OC00YTI2LTg1NDMt
M2FhMjIyN2JhZGZlLzEvRVR5bTNRTU1Zc0E2TkhmUzVyaEVtNm1Scm1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS8xNDMzOTItZDg2OC00YTI2LTg1NDMtM2FhMjIyN2JhZGZl
LzEvVlNTeTRtM1RyOHhjSHF3Qi1RSmowZ0g3NEprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAAjAVAwUDKhPNQAMF
AyoT2EADBQMqE+FAMA0GCSqGSIb3DQEBCwUAA4IBAQAqWTWOkYfgScCv7nJgGd9S
umFf1Lvpm4XkpFgULHtL2afpap69o0F2WfqOCGvLfy6Qx6CiIr3KpZJWY6PeyLlr
h3XzedIMo9LllN8kEGd3A2wmFjIu+Pqpm4Vy+yhSEYN8FpKfptD+VnuCpPDHL0k7
7zjorGREf7QYf0M1dY/gwLCcU4IRIuA6kb4ufnU3l8piq8zrLKUD15cjGKvvtyAQ
Z5wli/wv5LiTLz4YaoqxO+ZxdF+S4dFRPkPTvOCi1NKfliBUHxkVOf8dBiSupqzt
mA3cgYV3rkD7mh5vpiNDVhjuWFstPGuzV9LlG0nZlHx8wL5jKZ1GfoNOxmFx2lFA
-----END CERTIFICATE-----