Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/2a5574-7b12-4da2-a064-5e1b0788923b/1/36Z4NHiJjkw8u1gyM3uXav3N_q0.roa
File:                     36Z4NHiJjkw8u1gyM3uXav3N_q0.roa (raw, json)
Hash identifier:          70s5MhzaUieFgzIl5DGANPhyAqGePXS0Qqfq6VhTm+o=
Subject key identifier:   DF:A6:78:34:78:89:8E:4C:3C:BB:58:32:33:7B:97:6A:FD:CD:FE:AD
Certificate issuer:       /CN=3d6c2958145f45fad5daeeb38b75b52c09661046
Certificate serial:       018F30C158185CB63AE50CE537ED7B66ACF1
Authority key identifier: 3D:6C:29:58:14:5F:45:FA:D5:DA:EE:B3:8B:75:B5:2C:09:66:10:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PWwpWBRfRfrV2u6zi3W1LAlmEEY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/2a5574-7b12-4da2-a064-5e1b0788923b/1/36Z4NHiJjkw8u1gyM3uXav3N_q0.roa
Signing time:             Tue 30 Apr 2024 20:45:28 +0000
ROA not before:           Tue 30 Apr 2024 20:45:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215466
IP address blocks:        2a13:7706:1::/48 maxlen: 48
                          2a13:7706:6666::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/2a5574-7b12-4da2-a064-5e1b0788923b/1/PWwpWBRfRfrV2u6zi3W1LAlmEEY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/2a5574-7b12-4da2-a064-5e1b0788923b/1/PWwpWBRfRfrV2u6zi3W1LAlmEEY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PWwpWBRfRfrV2u6zi3W1LAlmEEY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:30:c1:58:18:5c:b6:3a:e5:0c:e5:37:ed:7b:66:ac:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3d6c2958145f45fad5daeeb38b75b52c09661046
        Validity
            Not Before: Apr 30 20:45:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dfa6783478898e4c3cbb5832337b976afdcdfead
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:d2:e8:07:d2:ff:b8:ec:ec:f5:c6:f1:21:5d:
                    c9:4c:4f:9c:9a:60:11:2c:71:02:86:23:6a:b8:e2:
                    12:b0:5c:0f:5e:25:86:ae:15:e7:5a:c6:c7:41:3c:
                    61:0d:a7:14:48:d4:6e:5e:51:78:1a:50:3a:b9:30:
                    e5:4d:19:58:31:ec:6e:6e:55:39:df:1a:31:cf:36:
                    0b:ee:6e:f3:91:9a:13:a2:f0:62:65:91:c4:2e:40:
                    a4:28:de:42:4c:5e:d5:82:77:63:d1:6e:83:52:ad:
                    7d:5b:8d:04:fa:f5:cd:62:bd:66:64:31:93:3e:9f:
                    29:fc:41:8c:9c:a7:db:1d:0f:15:9a:a0:58:31:61:
                    78:4d:71:18:09:dc:a8:06:de:1d:e4:c7:c7:e0:5f:
                    49:bd:21:df:01:f8:bb:8c:c0:f5:0d:71:31:10:94:
                    ff:6a:d0:4c:ea:de:09:1b:fd:40:ef:c9:c0:b2:6b:
                    7e:92:e0:ed:0f:8d:8d:53:79:19:c8:6a:2e:b9:6a:
                    81:e5:94:f2:7d:ca:34:28:37:99:6e:a3:3d:36:21:
                    39:f9:d6:05:1a:e8:97:3a:42:41:f0:13:24:92:f6:
                    08:a8:77:e8:3b:87:b1:da:c4:cd:7c:4f:7c:63:f6:
                    d1:1d:ad:79:82:e7:e2:0b:d3:2e:b9:72:c4:d7:fc:
                    28:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:A6:78:34:78:89:8E:4C:3C:BB:58:32:33:7B:97:6A:FD:CD:FE:AD
            X509v3 Authority Key Identifier:
                keyid:3D:6C:29:58:14:5F:45:FA:D5:DA:EE:B3:8B:75:B5:2C:09:66:10:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PWwpWBRfRfrV2u6zi3W1LAlmEEY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/2a5574-7b12-4da2-a064-5e1b0788923b/1/36Z4NHiJjkw8u1gyM3uXav3N_q0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/2a5574-7b12-4da2-a064-5e1b0788923b/1/PWwpWBRfRfrV2u6zi3W1LAlmEEY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:7706:1::/48
                  2a13:7706:6666::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:4b:f6:4b:98:de:94:8d:eb:f3:de:fa:16:24:e9:eb:2d:a6:
         06:e1:bc:59:64:67:46:95:8a:7c:dd:41:3d:92:0e:b4:14:93:
         18:bd:94:45:2d:cf:65:8e:f1:24:3c:0c:3f:88:ae:d1:e5:42:
         cb:c2:b9:9f:bf:8d:82:03:b1:66:cb:90:d1:2a:ba:bd:f6:14:
         45:93:c9:4a:6c:40:98:0d:ec:1c:3c:fc:a2:70:02:5b:62:d1:
         ff:ec:cb:76:0e:bb:b9:37:de:87:52:db:4d:90:71:ed:a6:31:
         bc:78:fd:ac:bb:a6:ca:2d:4e:d8:bd:f2:af:bd:52:8b:22:78:
         33:16:8c:76:8a:2e:36:50:15:4b:55:08:ae:fc:37:0a:4b:f1:
         84:92:c8:69:13:08:23:6c:90:a7:42:29:4d:30:45:46:c6:48:
         4c:0a:eb:66:32:31:ae:4f:c0:27:ca:55:18:f7:49:74:57:0c:
         ed:30:ff:60:a4:14:a0:82:a8:04:62:73:63:7b:ab:7c:f4:b0:
         56:5d:9c:6b:d8:a7:74:d6:ad:92:e4:9e:98:6d:58:68:22:d6:
         94:77:02:56:73:bd:90:8d:0f:5b:8c:e0:03:3c:ad:61:60:73:
         cb:a3:54:9d:79:35:4a:88:8a:35:85:96:5b:8b:de:3e:98:be:
         9b:1b:d2:10
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY8wwVgYXLY65QzlN+17ZqzxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkNmMyOTU4MTQ1ZjQ1ZmFkNWRhZWViMzhiNzViNTJjMDk2
NjEwNDYwHhcNMjQwNDMwMjA0NTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmE2NzgzNDc4ODk4ZTRjM2NiYjU4MzIzMzdiOTc2YWZkY2RmZWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2NLoB9L/uOzs9cbxIV3JTE+cmmAR
LHEChiNquOISsFwPXiWGrhXnWsbHQTxhDacUSNRuXlF4GlA6uTDlTRlYMexublU5
3xoxzzYL7m7zkZoTovBiZZHELkCkKN5CTF7Vgndj0W6DUq19W40E+vXNYr1mZDGT
Pp8p/EGMnKfbHQ8VmqBYMWF4TXEYCdyoBt4d5MfH4F9JvSHfAfi7jMD1DXExEJT/
atBM6t4JG/1A78nAsmt+kuDtD42NU3kZyGouuWqB5ZTyfco0KDeZbqM9NiE5+dYF
GuiXOkJB8BMkkvYIqHfoO4ex2sTNfE98Y/bRHa15gufiC9MuuXLE1/wokQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFN+meDR4iY5MPLtYMjN7l2r9zf6tMB8GA1UdIwQY
MBaAFD1sKVgUX0X61drus4t1tSwJZhBGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUFd3cFdCUmZSZnJWMnU2emkzVzFMQWxtRUVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS8yYTU1NzQtN2IxMi00ZGEyLWEwNjQt
NWUxYjA3ODg5MjNiLzEvMzZaNE5IaUpqa3c4dTFneU0zdVhhdjNOX3EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS8yYTU1NzQtN2IxMi00ZGEyLWEwNjQtNWUxYjA3ODg5MjNi
LzEvUFd3cFdCUmZSZnJWMnU2emkzVzFMQWxtRUVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhN3BgAB
AwcAKhN3BmZmMA0GCSqGSIb3DQEBCwUAA4IBAQAYS/ZLmN6Ujevz3voWJOnrLaYG
4bxZZGdGlYp83UE9kg60FJMYvZRFLc9ljvEkPAw/iK7R5ULLwrmfv42CA7Fmy5DR
Krq99hRFk8lKbECYDewcPPyicAJbYtH/7Mt2Dru5N96HUttNkHHtpjG8eP2su6bK
LU7YvfKvvVKLIngzFox2ii42UBVLVQiu/DcKS/GEkshpEwgjbJCnQilNMEVGxkhM
CutmMjGuT8AnylUY90l0VwztMP9gpBSggqgEYnNje6t89LBWXZxr2Kd01q2S5J6Y
bVhoItaUdwJWc72QjQ9bjOADPK1hYHPLo1SdeTVKiIo1hZZbi94+mL6bG9IQ
-----END CERTIFICATE-----