Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/8IS2SGLZvuejfiILX_HZy4EbxZ8.roa
File:                     8IS2SGLZvuejfiILX_HZy4EbxZ8.roa (raw, json)
Hash identifier:          rsd4qoWJU7YOxhWnkiEgm/sIgrMf/LleiBk2mG4ubQg=
Subject key identifier:   F0:84:B6:48:62:D9:BE:E7:A3:7E:22:0B:5F:F1:D9:CB:81:1B:C5:9F
Certificate issuer:       /CN=6aa8fa75c5020cd6218cf7f109de420265204bac
Certificate serial:       0194266B68CB24659B69F76B5588FF3D1F2C
Authority key identifier: 6A:A8:FA:75:C5:02:0C:D6:21:8C:F7:F1:09:DE:42:02:65:20:4B:AC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aqj6dcUCDNYhjPfxCd5CAmUgS6w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/8IS2SGLZvuejfiILX_HZy4EbxZ8.roa
Signing time:             Thu 02 Jan 2025 09:49:20 +0000
ROA not before:           Thu 02 Jan 2025 09:49:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     131631
IP address blocks:        2a13:d040:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/aqj6dcUCDNYhjPfxCd5CAmUgS6w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/aqj6dcUCDNYhjPfxCd5CAmUgS6w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aqj6dcUCDNYhjPfxCd5CAmUgS6w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 06:01:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:68:cb:24:65:9b:69:f7:6b:55:88:ff:3d:1f:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6aa8fa75c5020cd6218cf7f109de420265204bac
        Validity
            Not Before: Jan  2 09:49:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f084b64862d9bee7a37e220b5ff1d9cb811bc59f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:79:1f:1e:04:c0:fa:e9:b9:6b:0e:5d:6a:f7:
                    7f:79:a7:48:66:af:5b:d9:6e:72:06:46:22:1e:52:
                    41:d5:ee:25:fe:4d:7c:53:21:d6:97:bb:2f:13:75:
                    a8:ae:97:67:1f:b5:98:9c:31:31:60:7c:d5:67:7f:
                    10:29:9b:bc:c1:50:00:07:2a:00:38:39:d6:96:8f:
                    5d:21:1c:15:0c:1d:46:f1:42:41:4f:54:bf:ee:3a:
                    39:89:67:5c:3c:d7:61:d0:1a:16:cc:72:99:ad:97:
                    8d:6c:95:3c:a3:79:27:6a:2b:65:90:99:0e:c4:d3:
                    52:3c:cf:33:1e:fd:b1:a0:1a:7f:dc:a8:3a:f1:b9:
                    18:86:c0:1d:ed:ab:c8:27:47:be:90:8b:e9:e3:50:
                    72:27:a9:ab:97:24:43:73:fd:9b:0b:08:e8:6f:76:
                    6b:aa:00:59:00:92:f0:bc:71:f2:35:50:08:e8:08:
                    7f:25:b7:0f:02:25:0e:27:f0:e4:9d:60:7e:9a:30:
                    3e:cd:8f:0c:a5:38:1e:8c:a3:50:e1:62:1b:02:7b:
                    c3:c4:3d:33:b1:1c:76:fa:64:87:ca:61:31:9a:c7:
                    f4:55:ea:86:a4:f9:6b:c0:8d:5c:25:a3:bc:bf:49:
                    af:b2:42:e8:a6:89:4e:e5:52:cb:44:50:e1:1a:cd:
                    13:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:84:B6:48:62:D9:BE:E7:A3:7E:22:0B:5F:F1:D9:CB:81:1B:C5:9F
            X509v3 Authority Key Identifier:
                keyid:6A:A8:FA:75:C5:02:0C:D6:21:8C:F7:F1:09:DE:42:02:65:20:4B:AC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aqj6dcUCDNYhjPfxCd5CAmUgS6w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/8IS2SGLZvuejfiILX_HZy4EbxZ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/7012d8-afa1-419b-8b60-35c63fa765a2/1/aqj6dcUCDNYhjPfxCd5CAmUgS6w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:d040:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         83:a0:46:63:25:08:78:e9:33:7b:7a:d7:64:1e:e9:51:9d:3f:
         47:66:5b:c4:38:22:99:01:60:6b:e1:55:a3:3a:78:d2:ba:2a:
         70:49:74:f9:46:1f:50:c4:62:85:b7:e1:8b:57:cc:bd:9f:cb:
         3a:fe:7d:7d:2f:cb:15:7a:6a:39:50:bf:cf:a3:e4:ab:e1:20:
         69:97:3c:7a:f3:b4:29:f8:e0:7d:f0:02:5e:aa:62:ed:49:c3:
         17:43:ab:aa:58:df:f8:9f:b1:d7:c4:43:9b:49:aa:8b:e5:b8:
         aa:81:bf:03:45:2d:32:cb:42:a8:64:8f:dd:f1:64:bb:d5:56:
         d4:22:0e:f4:20:2c:e1:d0:6a:97:f7:5e:3f:27:3b:80:29:2c:
         d3:45:02:48:8c:e0:3e:df:16:87:0b:0b:11:5d:f7:63:56:86:
         d8:53:30:03:36:5e:69:ce:af:3c:c9:15:53:3f:1f:76:6b:68:
         dc:3f:03:e1:a5:a4:a4:5b:a6:25:6a:dc:f0:db:fa:07:7d:a4:
         25:73:fc:40:56:44:92:0b:6f:21:da:7a:7b:be:34:eb:6d:7a:
         9d:6a:92:f6:db:d9:07:1e:ee:3d:8d:8f:f4:ce:44:9e:07:7b:
         61:da:4b:f6:57:70:b6:f8:17:96:c5:97:fb:33:50:7f:4e:3f:
         9f:d3:b9:c0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQma2jLJGWbafdrVYj/PR8sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhYThmYTc1YzUwMjBjZDYyMThjZjdmMTA5ZGU0MjAyNjUy
MDRiYWMwHhcNMjUwMTAyMDk0OTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDg0YjY0ODYyZDliZWU3YTM3ZTIyMGI1ZmYxZDljYjgxMWJjNTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsnkfHgTA+um5aw5davd/eadIZq9b
2W5yBkYiHlJB1e4l/k18UyHWl7svE3WorpdnH7WYnDExYHzVZ38QKZu8wVAAByoA
ODnWlo9dIRwVDB1G8UJBT1S/7jo5iWdcPNdh0BoWzHKZrZeNbJU8o3knaitlkJkO
xNNSPM8zHv2xoBp/3Kg68bkYhsAd7avIJ0e+kIvp41ByJ6mrlyRDc/2bCwjob3Zr
qgBZAJLwvHHyNVAI6Ah/JbcPAiUOJ/DknWB+mjA+zY8MpTgejKNQ4WIbAnvDxD0z
sRx2+mSHymExmsf0VeqGpPlrwI1cJaO8v0mvskLopolO5VLLRFDhGs0TVwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPCEtkhi2b7no34iC1/x2cuBG8WfMB8GA1UdIwQY
MBaAFGqo+nXFAgzWIYz38QneQgJlIEusMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXFqNmRjVUNETlloalBmeENkNUNBbVVnUzZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy83MDEyZDgtYWZhMS00MTliLThiNjAt
MzVjNjNmYTc2NWEyLzEvOElTMlNHTFp2dWVqZmlJTFhfSFp5NEVieFo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy83MDEyZDgtYWZhMS00MTliLThiNjAtMzVjNjNmYTc2NWEy
LzEvYXFqNmRjVUNETlloalBmeENkNUNBbVVnUzZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhPQQAAC
MA0GCSqGSIb3DQEBCwUAA4IBAQCDoEZjJQh46TN7etdkHulRnT9HZlvEOCKZAWBr
4VWjOnjSuipwSXT5Rh9QxGKFt+GLV8y9n8s6/n19L8sVemo5UL/Po+Sr4SBplzx6
87Qp+OB98AJeqmLtScMXQ6uqWN/4n7HXxEObSaqL5biqgb8DRS0yy0KoZI/d8WS7
1VbUIg70ICzh0GqX914/JzuAKSzTRQJIjOA+3xaHCwsRXfdjVobYUzADNl5pzq88
yRVTPx92a2jcPwPhpaSkW6Ylatzw2/oHfaQlc/xAVkSSC28h2np7vjTrbXqdapL2
29kHHu49jY/0zkSeB3th2kv2V3C2+BeWxZf7M1B/Tj+f07nA
-----END CERTIFICATE-----