Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/2d2570-ab91-4c27-9cb3-5fd716d67e4c/1/rlhPxcWiiuEOf6fa-qnnGG4NNMc.roa
File:                     rlhPxcWiiuEOf6fa-qnnGG4NNMc.roa (raw, json)
Hash identifier:          5UgFphAUkQ7dAI//QWWgkJf1uSl5Ox4PtfJiij8zG6M=
Subject key identifier:   AE:58:4F:C5:C5:A2:8A:E1:0E:7F:A7:DA:FA:A9:E7:18:6E:0D:34:C7
Certificate issuer:       /CN=fee1be40bd4c10a02c78371af313d4e7da3d44a1
Certificate serial:       018CC6B89D90BAD471EC6FE0E2CB9026EBAD
Authority key identifier: FE:E1:BE:40:BD:4C:10:A0:2C:78:37:1A:F3:13:D4:E7:DA:3D:44:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_uG-QL1MEKAseDca8xPU59o9RKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/2d2570-ab91-4c27-9cb3-5fd716d67e4c/1/rlhPxcWiiuEOf6fa-qnnGG4NNMc.roa
Signing time:             Mon 01 Jan 2024 20:30:36 +0000
ROA not before:           Mon 01 Jan 2024 20:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48652
IP address blocks:        2a13:d080::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/2d2570-ab91-4c27-9cb3-5fd716d67e4c/1/_uG-QL1MEKAseDca8xPU59o9RKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/2d2570-ab91-4c27-9cb3-5fd716d67e4c/1/_uG-QL1MEKAseDca8xPU59o9RKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_uG-QL1MEKAseDca8xPU59o9RKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:9d:90:ba:d4:71:ec:6f:e0:e2:cb:90:26:eb:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fee1be40bd4c10a02c78371af313d4e7da3d44a1
        Validity
            Not Before: Jan  1 20:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae584fc5c5a28ae10e7fa7dafaa9e7186e0d34c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:4f:a5:55:5d:2a:29:f6:35:36:e9:73:a8:fc:
                    1b:82:b7:bb:fa:ed:15:e4:0f:9d:d5:e2:15:3f:2e:
                    6d:8c:3e:58:b1:04:47:29:b8:9d:14:88:19:08:30:
                    43:d9:f2:6c:91:19:bf:7d:fb:2b:18:16:40:bf:ea:
                    c4:22:2e:86:9a:32:86:d9:25:49:4d:8a:55:3a:50:
                    58:67:45:ea:d3:83:1a:a4:8f:be:b4:c2:0c:86:1a:
                    ac:ce:2e:b2:0e:0f:5c:3c:ea:56:5d:7e:c9:bc:54:
                    58:50:53:3d:d2:b2:bf:c2:a4:6c:3f:2f:ca:f2:4e:
                    38:57:1d:6a:2a:b8:f6:bf:8d:16:f9:f3:43:80:68:
                    02:4c:9e:bd:72:e7:f5:5e:27:97:a1:34:55:90:f1:
                    66:35:9a:bc:75:20:8e:22:6f:3a:3b:55:eb:8f:c7:
                    f4:17:1b:24:96:25:a3:8c:a3:4d:df:26:de:89:0a:
                    61:66:7a:b4:2b:a7:da:f7:e8:33:96:d9:ea:f4:23:
                    c9:1d:32:b3:dc:39:c3:cb:f8:dc:3a:78:f5:38:49:
                    7e:fa:0f:2b:e1:96:03:af:b9:33:c1:ed:2c:07:88:
                    1e:65:38:95:60:15:b6:79:7e:d0:c3:cb:51:09:6b:
                    98:51:c2:d8:9b:4b:5d:1b:a3:f6:ac:73:5c:3f:ba:
                    bf:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:58:4F:C5:C5:A2:8A:E1:0E:7F:A7:DA:FA:A9:E7:18:6E:0D:34:C7
            X509v3 Authority Key Identifier:
                keyid:FE:E1:BE:40:BD:4C:10:A0:2C:78:37:1A:F3:13:D4:E7:DA:3D:44:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_uG-QL1MEKAseDca8xPU59o9RKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/2d2570-ab91-4c27-9cb3-5fd716d67e4c/1/rlhPxcWiiuEOf6fa-qnnGG4NNMc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/2d2570-ab91-4c27-9cb3-5fd716d67e4c/1/_uG-QL1MEKAseDca8xPU59o9RKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:d080::/29

    Signature Algorithm: sha256WithRSAEncryption
         14:7d:ab:9d:97:fa:c4:fd:6e:d3:32:db:9d:33:04:b6:70:64:
         c6:93:4b:8f:f9:a3:cc:2e:00:a6:d7:a2:47:f5:1d:f3:b5:d6:
         12:c4:ff:1d:47:74:ca:05:df:1c:d1:d0:1e:02:5b:ce:ff:84:
         a0:ae:45:87:59:fc:af:6f:0e:23:9d:f6:78:95:ed:c8:94:01:
         16:fe:5c:4a:91:d0:6b:ae:54:36:27:8b:70:f4:ca:8a:c2:d6:
         14:26:97:a7:98:1a:b8:d8:4a:d8:8a:b1:51:41:1a:ab:fb:41:
         3e:e7:26:b4:12:61:19:ad:30:dd:2e:71:80:b8:10:3f:20:99:
         4b:e6:de:97:08:cd:d2:aa:ff:ef:f5:3a:18:59:a6:c2:58:5f:
         dd:1d:f0:b9:4c:12:c9:6c:23:6d:c4:2f:66:21:c8:02:c8:fd:
         32:d4:0b:e5:58:ec:d6:61:48:b6:a6:9d:c4:81:69:c1:48:e6:
         83:32:5f:08:60:06:54:d5:19:d8:a2:45:23:e9:e0:59:80:7d:
         fd:64:b9:f5:63:3e:d8:ec:00:ab:4e:e6:2f:5d:38:bc:c0:02:
         eb:b3:bd:e6:ff:8b:ae:8a:96:87:00:93:38:13:d7:71:c4:bf:
         0b:11:2e:e7:91:8c:ab:f4:41:12:b7:1a:2d:56:e6:b9:7e:7c:
         44:01:06:ab
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGuJ2QutRx7G/g4suQJuutMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlZTFiZTQwYmQ0YzEwYTAyYzc4MzcxYWYzMTNkNGU3ZGEz
ZDQ0YTEwHhcNMjQwMTAxMjAzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTU4NGZjNWM1YTI4YWUxMGU3ZmE3ZGFmYWE5ZTcxODZlMGQzNGM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3k+lVV0qKfY1NulzqPwbgre7+u0V
5A+d1eIVPy5tjD5YsQRHKbidFIgZCDBD2fJskRm/ffsrGBZAv+rEIi6GmjKG2SVJ
TYpVOlBYZ0Xq04MapI++tMIMhhqszi6yDg9cPOpWXX7JvFRYUFM90rK/wqRsPy/K
8k44Vx1qKrj2v40W+fNDgGgCTJ69cuf1XieXoTRVkPFmNZq8dSCOIm86O1Xrj8f0
FxskliWjjKNN3ybeiQphZnq0K6fa9+gzltnq9CPJHTKz3DnDy/jcOnj1OEl++g8r
4ZYDr7kzwe0sB4geZTiVYBW2eX7Qw8tRCWuYUcLYm0tdG6P2rHNcP7q/hQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFK5YT8XFoorhDn+n2vqp5xhuDTTHMB8GA1UdIwQY
MBaAFP7hvkC9TBCgLHg3GvMT1OfaPUShMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3VHLVFMMU1FS0FzZURjYTh4UFU1OW85UktFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS8yZDI1NzAtYWI5MS00YzI3LTljYjMt
NWZkNzE2ZDY3ZTRjLzEvcmxoUHhjV2lpdUVPZjZmYS1xbm5HRzROTk1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS8yZDI1NzAtYWI5MS00YzI3LTljYjMtNWZkNzE2ZDY3ZTRj
LzEvX3VHLVFMMU1FS0FzZURjYTh4UFU1OW85UktFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPQgDAN
BgkqhkiG9w0BAQsFAAOCAQEAFH2rnZf6xP1u0zLbnTMEtnBkxpNLj/mjzC4Aptei
R/Ud87XWEsT/HUd0ygXfHNHQHgJbzv+EoK5Fh1n8r28OI532eJXtyJQBFv5cSpHQ
a65UNieLcPTKisLWFCaXp5gauNhK2IqxUUEaq/tBPucmtBJhGa0w3S5xgLgQPyCZ
S+belwjN0qr/7/U6GFmmwlhf3R3wuUwSyWwjbcQvZiHIAsj9MtQL5Vjs1mFItqad
xIFpwUjmgzJfCGAGVNUZ2KJFI+ngWYB9/WS59WM+2OwAq07mL104vMAC67O95v+L
roqWhwCTOBPXccS/CxEu55GMq/RBErcaLVbmuX58RAEGqw==
-----END CERTIFICATE-----