Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/rh2WmdY3dr_psVHK8khaWy0_S0Y.roa
File:                     rh2WmdY3dr_psVHK8khaWy0_S0Y.roa (raw, json)
Hash identifier:          pDRgDaAstfQItPNLEd/BzOevQclNk3wATtMkVQqKhCw=
Subject key identifier:   AE:1D:96:99:D6:37:76:BF:E9:B1:51:CA:F2:48:5A:5B:2D:3F:4B:46
Certificate issuer:       /CN=30d58e40c6d91f3729e57e3344d308b5992fe46e
Certificate serial:       018CC80126C6C29D858ED14736C25E6A0D8A
Authority key identifier: 30:D5:8E:40:C6:D9:1F:37:29:E5:7E:33:44:D3:08:B5:99:2F:E4:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MNWOQMbZHzcp5X4zRNMItZkv5G4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/rh2WmdY3dr_psVHK8khaWy0_S0Y.roa
Signing time:             Tue 02 Jan 2024 02:29:27 +0000
ROA not before:           Tue 02 Jan 2024 02:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2a13:141:3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/MNWOQMbZHzcp5X4zRNMItZkv5G4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/MNWOQMbZHzcp5X4zRNMItZkv5G4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MNWOQMbZHzcp5X4zRNMItZkv5G4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 07:03:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:26:c6:c2:9d:85:8e:d1:47:36:c2:5e:6a:0d:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=30d58e40c6d91f3729e57e3344d308b5992fe46e
        Validity
            Not Before: Jan  2 02:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ae1d9699d63776bfe9b151caf2485a5b2d3f4b46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:40:5e:cf:5c:e3:ad:af:bb:7b:a3:2e:dc:c4:
                    6a:35:db:07:27:61:65:d8:f6:33:34:50:65:4c:77:
                    6d:93:b3:6e:92:05:da:28:e3:cd:46:05:ae:a9:b3:
                    e2:17:73:ac:2c:d3:66:51:c2:59:6a:b9:e4:31:0c:
                    36:50:b6:72:4f:04:55:65:0f:be:a7:32:db:83:2e:
                    16:85:08:ef:70:26:e9:62:82:b6:2d:29:c6:7b:32:
                    01:01:6e:b9:f2:a5:d4:09:f2:ed:a5:28:8e:29:6e:
                    14:b6:99:c9:b4:98:d5:75:eb:58:94:42:22:0d:f8:
                    7a:1b:05:01:eb:d2:83:0b:d9:8b:76:dc:99:e6:ff:
                    d7:4e:30:76:dc:4d:18:15:5e:1f:a2:48:fd:01:6d:
                    d0:c0:b2:87:01:a4:8e:02:e2:1e:d9:a1:40:3f:80:
                    13:1b:94:13:25:cb:07:be:c5:68:29:69:18:67:24:
                    2d:e6:81:06:01:81:86:bc:e7:b9:eb:da:a0:e9:b6:
                    b5:dc:75:60:5d:6c:4d:53:a8:c0:1a:bf:ed:6a:13:
                    bf:82:41:0e:d1:56:64:5f:25:4b:9b:41:55:27:7c:
                    a7:a2:a5:9b:ce:97:35:fa:85:10:e9:2e:59:2f:ad:
                    ca:c5:8c:04:4f:fe:19:a2:b3:66:18:76:36:b1:4a:
                    c2:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:1D:96:99:D6:37:76:BF:E9:B1:51:CA:F2:48:5A:5B:2D:3F:4B:46
            X509v3 Authority Key Identifier:
                keyid:30:D5:8E:40:C6:D9:1F:37:29:E5:7E:33:44:D3:08:B5:99:2F:E4:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MNWOQMbZHzcp5X4zRNMItZkv5G4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/rh2WmdY3dr_psVHK8khaWy0_S0Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/625a30-3a6b-4661-840a-f82b70d8a0a7/1/MNWOQMbZHzcp5X4zRNMItZkv5G4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:141:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         05:99:c7:ab:f4:78:cc:d8:1f:be:52:7d:c7:b6:75:98:12:7d:
         92:be:9d:c3:31:eb:cd:8c:62:ab:55:10:26:44:a8:9a:bb:3e:
         42:52:07:03:46:dc:92:a4:61:74:6f:5b:00:9a:00:a3:64:c0:
         3e:dc:34:2b:f3:57:49:13:98:d1:52:3d:b1:98:2c:2d:4a:c8:
         fc:66:e9:63:0b:01:35:24:f4:79:30:50:fb:ad:6e:74:04:6c:
         69:ae:5d:f0:7f:24:c1:9b:69:79:29:76:88:38:7a:18:2e:32:
         9a:da:e1:17:11:81:7d:97:85:65:bd:da:8b:93:32:a6:42:42:
         a6:5a:e5:77:5f:8a:d4:d4:8c:a6:40:65:db:88:af:22:f0:f5:
         64:93:4c:78:03:1e:b0:3d:65:dc:ce:3c:80:88:77:7c:9c:ce:
         6c:d5:12:6b:73:17:27:ed:c4:4c:13:a6:8b:a5:7a:69:e3:10:
         e0:bd:06:c3:0b:cf:cc:24:21:8c:41:68:17:cc:a0:73:5f:66:
         b6:19:84:62:af:c5:dc:9a:61:71:92:bb:c0:c9:84:a5:ae:37:
         e6:9d:47:db:b1:8a:a9:da:5c:72:5f:29:e1:b6:13:a2:c1:62:
         25:2e:c7:aa:e0:66:b7:3d:1c:8d:96:c6:23:51:8f:cb:b1:45:
         64:af:7a:e6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIASbGwp2FjtFHNsJeag2KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwZDU4ZTQwYzZkOTFmMzcyOWU1N2UzMzQ0ZDMwOGI1OTky
ZmU0NmUwHhcNMjQwMTAyMDIyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTFkOTY5OWQ2Mzc3NmJmZTliMTUxY2FmMjQ4NWE1YjJkM2Y0YjQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkEBez1zjra+7e6Mu3MRqNdsHJ2Fl
2PYzNFBlTHdtk7NukgXaKOPNRgWuqbPiF3OsLNNmUcJZarnkMQw2ULZyTwRVZQ++
pzLbgy4WhQjvcCbpYoK2LSnGezIBAW658qXUCfLtpSiOKW4UtpnJtJjVdetYlEIi
Dfh6GwUB69KDC9mLdtyZ5v/XTjB23E0YFV4fokj9AW3QwLKHAaSOAuIe2aFAP4AT
G5QTJcsHvsVoKWkYZyQt5oEGAYGGvOe569qg6ba13HVgXWxNU6jAGr/tahO/gkEO
0VZkXyVLm0FVJ3ynoqWbzpc1+oUQ6S5ZL63KxYwET/4ZorNmGHY2sUrCrwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK4dlpnWN3a/6bFRyvJIWlstP0tGMB8GA1UdIwQY
MBaAFDDVjkDG2R83KeV+M0TTCLWZL+RuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTU5XT1FNYlpIemNwNVg0elJOTUl0Wmt2NUc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy82MjVhMzAtM2E2Yi00NjYxLTg0MGEt
ZjgyYjcwZDhhMGE3LzEvcmgyV21kWTNkcl9wc1ZISzhraGFXeTBfUzBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy82MjVhMzAtM2E2Yi00NjYxLTg0MGEtZjgyYjcwZDhhMGE3
LzEvTU5XT1FNYlpIemNwNVg0elJOTUl0Wmt2NUc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhMBQQAD
MA0GCSqGSIb3DQEBCwUAA4IBAQAFmcer9HjM2B++Un3HtnWYEn2Svp3DMevNjGKr
VRAmRKiauz5CUgcDRtySpGF0b1sAmgCjZMA+3DQr81dJE5jRUj2xmCwtSsj8Zulj
CwE1JPR5MFD7rW50BGxprl3wfyTBm2l5KXaIOHoYLjKa2uEXEYF9l4VlvdqLkzKm
QkKmWuV3X4rU1IymQGXbiK8i8PVkk0x4Ax6wPWXczjyAiHd8nM5s1RJrcxcn7cRM
E6aLpXpp4xDgvQbDC8/MJCGMQWgXzKBzX2a2GYRir8XcmmFxkrvAyYSlrjfmnUfb
sYqp2lxyXynhthOiwWIlLseq4Ga3PRyNlsYjUY/LsUVkr3rm
-----END CERTIFICATE-----