Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/920dc4-cd3c-4cac-acfc-4c85445a036a/1/HT5r7AHKguUWaHtFonv4hyOfXW0.roa
File:                     HT5r7AHKguUWaHtFonv4hyOfXW0.roa (raw, json)
Hash identifier:          +3alkQDEEBpmuAT2HXyUMgkKB0AKi0Hx7OmC4XCpNYU=
Subject key identifier:   1D:3E:6B:EC:01:CA:82:E5:16:68:7B:45:A2:7B:F8:87:23:9F:5D:6D
Certificate issuer:       /CN=d80b497d51bd9f47b84f693d687fbe8cf6cffb75
Certificate serial:       018CC5DC0E6F374B0D5DCBCCFB44567948CA
Authority key identifier: D8:0B:49:7D:51:BD:9F:47:B8:4F:69:3D:68:7F:BE:8C:F6:CF:FB:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2AtJfVG9n0e4T2k9aH--jPbP-3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/920dc4-cd3c-4cac-acfc-4c85445a036a/1/HT5r7AHKguUWaHtFonv4hyOfXW0.roa
Signing time:             Mon 01 Jan 2024 16:29:42 +0000
ROA not before:           Mon 01 Jan 2024 16:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216325
IP address blocks:        2a13:d940::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/920dc4-cd3c-4cac-acfc-4c85445a036a/1/2AtJfVG9n0e4T2k9aH--jPbP-3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/920dc4-cd3c-4cac-acfc-4c85445a036a/1/2AtJfVG9n0e4T2k9aH--jPbP-3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2AtJfVG9n0e4T2k9aH--jPbP-3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 13:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:0e:6f:37:4b:0d:5d:cb:cc:fb:44:56:79:48:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d80b497d51bd9f47b84f693d687fbe8cf6cffb75
        Validity
            Not Before: Jan  1 16:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d3e6bec01ca82e516687b45a27bf887239f5d6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:ab:e0:9b:8a:26:d7:eb:db:15:97:a6:7b:05:
                    13:bf:57:09:21:bb:26:6e:12:08:6e:26:ef:3f:2f:
                    1b:b3:e0:0c:10:62:b2:3a:65:90:e8:32:58:78:a3:
                    22:f3:55:10:39:c9:67:1f:4f:2e:d9:44:d9:28:70:
                    d0:06:d3:fd:0f:0d:50:e0:d4:14:10:2f:eb:b4:15:
                    dc:c4:ed:7f:28:6a:c2:20:9d:2a:97:1c:1d:d9:59:
                    99:e9:cb:2e:66:05:21:e9:b7:2e:57:9f:7d:5f:b2:
                    88:ea:04:3e:14:eb:61:39:b7:79:7e:da:4d:9d:81:
                    66:e6:30:55:e5:86:18:ab:64:1a:45:f6:44:58:76:
                    49:4e:45:6d:b7:2b:c3:0d:18:42:e2:ec:bc:32:89:
                    be:de:e5:e7:ab:16:88:8b:1f:d7:00:ff:ce:45:ac:
                    17:05:e4:c8:85:b5:28:50:bc:79:a2:04:5e:b9:e5:
                    20:21:a9:da:33:61:3a:93:c5:77:e0:18:dc:47:09:
                    c3:62:fe:c2:39:44:a0:0b:d9:f9:7d:e0:a5:9e:b0:
                    c5:cb:95:9a:06:ee:92:d3:6b:8f:25:ae:f6:da:eb:
                    d2:0a:a1:db:fb:fd:82:fb:d6:64:f3:3f:df:9c:70:
                    58:c3:47:c2:c2:de:52:f6:31:79:0d:e7:c8:2d:40:
                    c6:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:3E:6B:EC:01:CA:82:E5:16:68:7B:45:A2:7B:F8:87:23:9F:5D:6D
            X509v3 Authority Key Identifier:
                keyid:D8:0B:49:7D:51:BD:9F:47:B8:4F:69:3D:68:7F:BE:8C:F6:CF:FB:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2AtJfVG9n0e4T2k9aH--jPbP-3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/920dc4-cd3c-4cac-acfc-4c85445a036a/1/HT5r7AHKguUWaHtFonv4hyOfXW0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/920dc4-cd3c-4cac-acfc-4c85445a036a/1/2AtJfVG9n0e4T2k9aH--jPbP-3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:d940::/29

    Signature Algorithm: sha256WithRSAEncryption
         22:22:6b:f7:fb:ae:8e:8a:95:b7:b2:92:91:7c:5f:a7:4e:44:
         b2:ac:d2:b0:0d:c9:6d:ec:ad:64:a9:bf:bf:3b:23:9d:7f:7f:
         86:e2:79:46:6b:89:1e:80:02:b5:80:bc:92:da:ee:49:eb:80:
         02:c0:2e:fa:bb:1f:a9:2f:b0:d7:1a:55:59:40:43:56:37:a5:
         09:7a:43:58:d6:8c:dd:66:0f:1f:50:41:fb:d6:77:3c:73:4b:
         cb:2f:7b:48:5c:e9:70:22:6c:34:da:a6:87:ea:ba:87:08:25:
         60:2a:a5:59:a6:88:e9:48:88:10:cc:2b:5f:01:6b:e1:10:fe:
         fb:e9:62:8c:c0:38:2e:22:dc:e4:38:d3:84:b4:ee:7c:7c:6b:
         c1:78:cc:36:fd:1f:56:03:c6:d4:72:ea:97:bf:87:e0:15:48:
         d7:f9:0f:66:db:c5:24:52:ce:08:a5:55:90:c2:f5:be:00:30:
         e9:64:0e:a9:b8:7f:6b:24:8c:88:54:2b:b2:ad:e2:85:99:63:
         e4:4c:0f:f5:df:49:52:3e:b7:bf:26:a9:df:28:a2:16:73:6f:
         b8:a4:9d:98:70:33:a8:d4:ee:5c:39:8e:6a:f3:3a:59:12:f7:
         15:f0:f2:68:e5:1c:fe:a2:78:4a:9b:fd:e9:7f:05:ee:73:f7:
         12:5b:61:1f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzF3A5vN0sNXcvM+0RWeUjKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4MGI0OTdkNTFiZDlmNDdiODRmNjkzZDY4N2ZiZThjZjZj
ZmZiNzUwHhcNMjQwMTAxMTYyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDNlNmJlYzAxY2E4MmU1MTY2ODdiNDVhMjdiZjg4NzIzOWY1ZDZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA26vgm4om1+vbFZemewUTv1cJIbsm
bhIIbibvPy8bs+AMEGKyOmWQ6DJYeKMi81UQOclnH08u2UTZKHDQBtP9Dw1Q4NQU
EC/rtBXcxO1/KGrCIJ0qlxwd2VmZ6csuZgUh6bcuV599X7KI6gQ+FOthObd5ftpN
nYFm5jBV5YYYq2QaRfZEWHZJTkVttyvDDRhC4uy8Mom+3uXnqxaIix/XAP/ORawX
BeTIhbUoULx5ogReueUgIanaM2E6k8V34BjcRwnDYv7COUSgC9n5feClnrDFy5Wa
Bu6S02uPJa722uvSCqHb+/2C+9Zk8z/fnHBYw0fCwt5S9jF5DefILUDGkwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFB0+a+wByoLlFmh7RaJ7+Icjn11tMB8GA1UdIwQY
MBaAFNgLSX1RvZ9HuE9pPWh/voz2z/t1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkF0SmZWRzluMGU0VDJrOWFILS1qUGJQLTNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy85MjBkYzQtY2QzYy00Y2FjLWFjZmMt
NGM4NTQ0NWEwMzZhLzEvSFQ1cjdBSEtndVVXYUh0Rm9udjRoeU9mWFcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy85MjBkYzQtY2QzYy00Y2FjLWFjZmMtNGM4NTQ0NWEwMzZh
LzEvMkF0SmZWRzluMGU0VDJrOWFILS1qUGJQLTNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPZQDAN
BgkqhkiG9w0BAQsFAAOCAQEAIiJr9/uujoqVt7KSkXxfp05EsqzSsA3JbeytZKm/
vzsjnX9/huJ5RmuJHoACtYC8ktruSeuAAsAu+rsfqS+w1xpVWUBDVjelCXpDWNaM
3WYPH1BB+9Z3PHNLyy97SFzpcCJsNNqmh+q6hwglYCqlWaaI6UiIEMwrXwFr4RD+
++lijMA4LiLc5DjThLTufHxrwXjMNv0fVgPG1HLql7+H4BVI1/kPZtvFJFLOCKVV
kML1vgAw6WQOqbh/aySMiFQrsq3ihZlj5EwP9d9JUj63vyap3yiiFnNvuKSdmHAz
qNTuXDmOavM6WRL3FfDyaOUc/qJ4Spv96X8F7nP3ElthHw==
-----END CERTIFICATE-----