Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/d5e9f6-3f6d-4694-89b8-a093d100874c/1/ac35NdTArdMXkOziPkrkl62j-Z8.roa
File:                     ac35NdTArdMXkOziPkrkl62j-Z8.roa (raw, json)
Hash identifier:          OBRZQ+4mckGe8vnfqqmuN6ZSZjQRvT/YhHndd6VUCR8=
Subject key identifier:   69:CD:F9:35:D4:C0:AD:D3:17:90:EC:E2:3E:4A:E4:97:AD:A3:F9:9F
Certificate issuer:       /CN=57c0bd9f8331ea8438fd2a2f671b71af4a2dec17
Certificate serial:       018CC86FA18C4327FE67700940C68BDD2188
Authority key identifier: 57:C0:BD:9F:83:31:EA:84:38:FD:2A:2F:67:1B:71:AF:4A:2D:EC:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V8C9n4Mx6oQ4_SovZxtxr0ot7Bc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/d5e9f6-3f6d-4694-89b8-a093d100874c/1/ac35NdTArdMXkOziPkrkl62j-Z8.roa
Signing time:             Tue 02 Jan 2024 04:30:08 +0000
ROA not before:           Tue 02 Jan 2024 04:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50245
IP address blocks:        2a13:f980::/29 maxlen: 48
                          2a13:f980::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/d5e9f6-3f6d-4694-89b8-a093d100874c/1/V8C9n4Mx6oQ4_SovZxtxr0ot7Bc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/d5e9f6-3f6d-4694-89b8-a093d100874c/1/V8C9n4Mx6oQ4_SovZxtxr0ot7Bc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V8C9n4Mx6oQ4_SovZxtxr0ot7Bc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:a1:8c:43:27:fe:67:70:09:40:c6:8b:dd:21:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57c0bd9f8331ea8438fd2a2f671b71af4a2dec17
        Validity
            Not Before: Jan  2 04:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69cdf935d4c0add31790ece23e4ae497ada3f99f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:59:a7:1c:12:e2:55:99:ff:69:7e:4b:c9:67:
                    45:32:e4:b4:02:41:1e:e7:a1:7b:d7:26:ac:e0:00:
                    23:a8:7a:db:ad:03:58:09:25:75:7d:f2:62:35:96:
                    67:4a:b9:5e:ab:30:93:cf:0b:8a:69:ea:44:f4:3d:
                    69:ce:40:ce:d9:0d:49:02:de:4a:3c:6c:57:bf:63:
                    4f:cb:d7:e0:18:1c:05:de:d8:ed:4d:04:5d:4f:96:
                    99:c9:93:a3:61:53:91:77:85:e0:27:97:f8:31:37:
                    35:59:29:da:be:fd:dc:a4:87:68:f5:a7:b4:3b:1b:
                    0c:b2:f2:70:90:4a:0f:d8:17:de:df:9f:0b:26:69:
                    f4:fc:a6:22:bf:66:ab:88:0c:72:2f:a5:5f:6e:4e:
                    9b:84:ce:06:1d:05:a1:f9:f7:b5:6e:ae:a5:03:ec:
                    ae:c7:49:c7:c5:69:99:b6:96:fd:6f:a2:f3:15:9b:
                    07:80:6e:24:99:c6:8c:9c:47:85:61:79:26:fc:a6:
                    fa:9e:ef:31:21:14:5d:aa:7b:e5:94:3e:6b:6b:51:
                    75:96:13:77:35:a2:cc:66:b3:ba:fb:1a:6d:5a:93:
                    92:d8:50:3c:42:ea:b1:d0:5d:60:c5:34:02:23:f3:
                    97:8c:2f:9c:cb:7c:a6:b6:dd:8e:ed:18:57:39:84:
                    97:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:CD:F9:35:D4:C0:AD:D3:17:90:EC:E2:3E:4A:E4:97:AD:A3:F9:9F
            X509v3 Authority Key Identifier:
                keyid:57:C0:BD:9F:83:31:EA:84:38:FD:2A:2F:67:1B:71:AF:4A:2D:EC:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8C9n4Mx6oQ4_SovZxtxr0ot7Bc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/d5e9f6-3f6d-4694-89b8-a093d100874c/1/ac35NdTArdMXkOziPkrkl62j-Z8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/d5e9f6-3f6d-4694-89b8-a093d100874c/1/V8C9n4Mx6oQ4_SovZxtxr0ot7Bc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:f980::/29

    Signature Algorithm: sha256WithRSAEncryption
         94:87:24:d2:39:1c:13:09:e0:f7:b9:1d:ac:b8:0d:14:05:49:
         25:1c:0b:f9:3c:35:a7:a8:8c:b6:9f:3a:76:17:e1:1e:26:67:
         7e:f8:87:84:5c:95:bd:1c:5b:16:13:fb:10:2f:0d:44:5e:33:
         39:cb:7c:ad:ab:78:13:72:99:a3:0f:f1:e8:b6:3e:7c:3d:6b:
         fd:13:f0:3d:06:f2:21:7d:00:f6:83:9e:c4:f0:3b:6c:3a:6d:
         22:f3:9f:a0:6a:ef:a9:67:dc:f0:bc:72:b3:3a:3d:64:05:8c:
         d5:61:74:74:4f:e9:90:a6:56:8a:1e:94:e8:11:3f:4f:91:40:
         17:e7:7c:34:29:cc:30:fa:78:1e:db:33:01:40:e1:18:04:f0:
         7f:0b:a2:f9:23:2a:ed:16:24:bf:3a:fb:aa:75:7e:d8:38:0f:
         ff:7a:a4:9f:99:d8:41:1c:9d:99:55:af:7a:2e:9b:9d:4d:da:
         d3:c7:62:19:38:6b:ab:f7:e7:3e:a1:b5:4b:a6:62:f7:d8:d4:
         09:fe:03:66:a1:cb:ed:99:63:f6:66:6e:77:9e:de:00:dc:b6:
         13:f3:43:9b:75:d0:79:3a:ee:25:21:fe:e6:4a:88:e4:7c:35:
         f2:d4:1d:ec:d0:2c:6a:e0:7c:05:74:59:fb:c6:60:24:24:36:
         e1:8d:dc:83
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzIb6GMQyf+Z3AJQMaL3SGIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzBiZDlmODMzMWVhODQzOGZkMmEyZjY3MWI3MWFmNGEy
ZGVjMTcwHhcNMjQwMTAyMDQzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWNkZjkzNWQ0YzBhZGQzMTc5MGVjZTIzZTRhZTQ5N2FkYTNmOTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgVmnHBLiVZn/aX5LyWdFMuS0AkEe
56F71yas4AAjqHrbrQNYCSV1ffJiNZZnSrleqzCTzwuKaepE9D1pzkDO2Q1JAt5K
PGxXv2NPy9fgGBwF3tjtTQRdT5aZyZOjYVORd4XgJ5f4MTc1WSnavv3cpIdo9ae0
OxsMsvJwkEoP2Bfe358LJmn0/KYiv2ariAxyL6Vfbk6bhM4GHQWh+fe1bq6lA+yu
x0nHxWmZtpb9b6LzFZsHgG4kmcaMnEeFYXkm/Kb6nu8xIRRdqnvllD5ra1F1lhN3
NaLMZrO6+xptWpOS2FA8Quqx0F1gxTQCI/OXjC+cy3ymtt2O7RhXOYSXrwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGnN+TXUwK3TF5Ds4j5K5Jeto/mfMB8GA1UdIwQY
MBaAFFfAvZ+DMeqEOP0qL2cbca9KLewXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhDOW40TXg2b1E0X1Nvdlp4dHhyMG90N0JjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC9kNWU5ZjYtM2Y2ZC00Njk0LTg5Yjgt
YTA5M2QxMDA4NzRjLzEvYWMzNU5kVEFyZE1Ya096aVBrcmtsNjJqLVo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC9kNWU5ZjYtM2Y2ZC00Njk0LTg5YjgtYTA5M2QxMDA4NzRj
LzEvVjhDOW40TXg2b1E0X1Nvdlp4dHhyMG90N0JjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhP5gDAN
BgkqhkiG9w0BAQsFAAOCAQEAlIck0jkcEwng97kdrLgNFAVJJRwL+Tw1p6iMtp86
dhfhHiZnfviHhFyVvRxbFhP7EC8NRF4zOct8rat4E3KZow/x6LY+fD1r/RPwPQby
IX0A9oOexPA7bDptIvOfoGrvqWfc8Lxyszo9ZAWM1WF0dE/pkKZWih6U6BE/T5FA
F+d8NCnMMPp4HtszAUDhGATwfwui+SMq7RYkvzr7qnV+2DgP/3qkn5nYQRydmVWv
ei6bnU3a08diGThrq/fnPqG1S6Zi99jUCf4DZqHL7Zlj9mZud57eANy2E/NDm3XQ
eTruJSH+5kqI5Hw18tQd7NAsauB8BXRZ+8ZgJCQ24Y3cgw==
-----END CERTIFICATE-----