Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/iXd5toBVtsOl3EHCQL8k9PaiVFA.roa
File:                     iXd5toBVtsOl3EHCQL8k9PaiVFA.roa (raw, json)
Hash identifier:          VsV4O93IFYM4iuWmUBn+14FWXeZdVTvOEszhUcG6B1Y=
Subject key identifier:   89:77:79:B6:80:55:B6:C3:A5:DC:41:C2:40:BF:24:F4:F6:A2:54:50
Certificate issuer:       /CN=30d58e40c6d91f3729e57e3344d308b5992fe46e
Certificate serial:       018CC801265DF50E521C8DB3EE0791C6C176
Authority key identifier: 30:D5:8E:40:C6:D9:1F:37:29:E5:7E:33:44:D3:08:B5:99:2F:E4:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MNWOQMbZHzcp5X4zRNMItZkv5G4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/iXd5toBVtsOl3EHCQL8k9PaiVFA.roa
Signing time:             Tue 02 Jan 2024 02:29:27 +0000
ROA not before:           Tue 02 Jan 2024 02:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        2a13:141:3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/MNWOQMbZHzcp5X4zRNMItZkv5G4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/MNWOQMbZHzcp5X4zRNMItZkv5G4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MNWOQMbZHzcp5X4zRNMItZkv5G4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:02:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:26:5d:f5:0e:52:1c:8d:b3:ee:07:91:c6:c1:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30d58e40c6d91f3729e57e3344d308b5992fe46e
        Validity
            Not Before: Jan  2 02:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=897779b68055b6c3a5dc41c240bf24f4f6a25450
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:b4:82:9d:0b:40:c2:d0:fe:0e:e4:79:92:56:
                    b6:13:db:64:b4:f4:c5:8d:82:74:7b:a9:e7:ff:c2:
                    d0:7b:77:75:8d:df:bf:23:fc:cf:74:79:be:2b:8a:
                    94:5e:a6:4b:8e:98:e6:f8:e3:70:5a:90:16:dd:7d:
                    3a:86:02:12:0a:5f:61:d7:2e:a0:e7:05:07:a4:b9:
                    7a:8c:28:12:08:59:7e:08:69:96:2a:ab:5e:eb:21:
                    02:37:b4:ee:c2:72:87:eb:da:78:47:c0:64:b2:b9:
                    c4:5c:99:c3:f1:c3:fe:fa:94:0e:55:88:a8:30:92:
                    a5:37:24:80:72:ec:fb:cc:97:95:f1:74:fa:58:25:
                    48:67:0f:6d:b9:e3:16:53:f9:96:22:a8:d0:97:fe:
                    c5:ba:00:d8:de:44:fe:d0:3a:e4:68:e9:bd:7f:7a:
                    9f:7a:cc:c5:00:99:d5:b9:e8:32:b5:2c:c3:0b:85:
                    54:62:7c:1d:08:db:83:42:60:98:2d:4b:75:00:fb:
                    cc:dc:a8:6f:2c:69:4a:75:f2:81:36:26:a9:34:93:
                    52:11:a4:3d:4b:64:f3:5b:1f:40:57:90:41:13:34:
                    6a:dd:69:a7:04:47:cc:2f:d4:58:92:b3:d8:88:70:
                    bd:8f:89:85:18:ec:52:99:d1:cb:68:d3:de:69:8a:
                    a7:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:77:79:B6:80:55:B6:C3:A5:DC:41:C2:40:BF:24:F4:F6:A2:54:50
            X509v3 Authority Key Identifier:
                keyid:30:D5:8E:40:C6:D9:1F:37:29:E5:7E:33:44:D3:08:B5:99:2F:E4:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MNWOQMbZHzcp5X4zRNMItZkv5G4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/iXd5toBVtsOl3EHCQL8k9PaiVFA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/MNWOQMbZHzcp5X4zRNMItZkv5G4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:141:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         5b:ea:af:e6:c8:6d:25:68:e9:a6:42:db:a6:93:d7:52:8e:70:
         de:f3:0b:a7:7d:a0:d4:93:1c:35:93:db:f8:13:21:9c:7c:a0:
         b7:0c:de:c2:ee:95:1c:a8:82:ea:e6:c0:47:44:4d:80:5f:c8:
         6d:d0:9a:af:17:10:4d:a7:07:08:a9:e9:62:8f:81:6f:89:08:
         f0:0e:c5:7c:27:4b:86:cd:66:b5:4a:78:3f:89:b3:65:4e:83:
         5a:4a:3b:4d:98:54:57:95:55:88:8b:71:2e:20:1f:5d:88:37:
         bd:2b:db:c6:52:4c:13:e5:54:3d:f1:77:c8:64:5f:40:70:aa:
         75:b0:53:dd:c8:a0:a0:eb:38:42:03:14:e3:a6:38:e8:7e:54:
         7b:61:81:f1:ff:6b:66:2f:dd:45:f2:8c:b0:d7:68:b9:d7:5b:
         3a:70:c9:10:a0:16:1c:65:3d:79:e8:9d:db:1c:27:f6:d1:fa:
         75:b7:d2:37:4b:ed:57:d7:ea:a5:86:85:af:96:03:43:82:d6:
         8f:e8:71:75:78:f6:7d:c7:3e:71:9f:e7:2f:5f:78:3c:06:46:
         df:c4:17:78:42:09:ba:f8:9b:23:9c:a6:55:f3:d3:33:d2:00:
         84:c7:53:f7:18:d6:67:0f:27:5d:0b:4a:e1:5a:0e:50:4e:b0:
         be:80:31:07
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIASZd9Q5SHI2z7geRxsF2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwZDU4ZTQwYzZkOTFmMzcyOWU1N2UzMzQ0ZDMwOGI1OTky
ZmU0NmUwHhcNMjQwMTAyMDIyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTc3NzliNjgwNTViNmMzYTVkYzQxYzI0MGJmMjRmNGY2YTI1NDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjrSCnQtAwtD+DuR5kla2E9tktPTF
jYJ0e6nn/8LQe3d1jd+/I/zPdHm+K4qUXqZLjpjm+ONwWpAW3X06hgISCl9h1y6g
5wUHpLl6jCgSCFl+CGmWKqte6yECN7TuwnKH69p4R8BksrnEXJnD8cP++pQOVYio
MJKlNySAcuz7zJeV8XT6WCVIZw9tueMWU/mWIqjQl/7FugDY3kT+0DrkaOm9f3qf
eszFAJnVuegytSzDC4VUYnwdCNuDQmCYLUt1APvM3KhvLGlKdfKBNiapNJNSEaQ9
S2TzWx9AV5BBEzRq3WmnBEfML9RYkrPYiHC9j4mFGOxSmdHLaNPeaYqneQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIl3ebaAVbbDpdxBwkC/JPT2olRQMB8GA1UdIwQY
MBaAFDDVjkDG2R83KeV+M0TTCLWZL+RuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU5XT1FNYlpIemNwNVg0elJOTUl0Wmt2NUc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy82MjVhMzAtM2E2Yi00NjYxLTg0MGEt
ZjgyYjcwZDhhMGE3LzEvaVhkNXRvQlZ0c09sM0VIQ1FMOGs5UGFpVkZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy82MjVhMzAtM2E2Yi00NjYxLTg0MGEtZjgyYjcwZDhhMGE3
LzEvTU5XT1FNYlpIemNwNVg0elJOTUl0Wmt2NUc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhMBQQAD
MA0GCSqGSIb3DQEBCwUAA4IBAQBb6q/myG0laOmmQtumk9dSjnDe8wunfaDUkxw1
k9v4EyGcfKC3DN7C7pUcqILq5sBHRE2AX8ht0JqvFxBNpwcIqelij4FviQjwDsV8
J0uGzWa1Sng/ibNlToNaSjtNmFRXlVWIi3EuIB9diDe9K9vGUkwT5VQ98XfIZF9A
cKp1sFPdyKCg6zhCAxTjpjjoflR7YYHx/2tmL91F8oyw12i511s6cMkQoBYcZT15
6J3bHCf20fp1t9I3S+1X1+qlhoWvlgNDgtaP6HF1ePZ9xz5xn+cvX3g8BkbfxBd4
Qgm6+JsjnKZV89Mz0gCEx1P3GNZnDyddC0rhWg5QTrC+gDEH
-----END CERTIFICATE-----