Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/54b678-b2fe-449d-b326-dcae70f1c93b/1/XApSrPPh0xEKpII2BnSxyJpIjck.roa
File:                     XApSrPPh0xEKpII2BnSxyJpIjck.roa (raw, json)
Hash identifier:          K+Kosijw24JgwN/TN/xC07F9APyTUmCCejIFJmCAL+4=
Subject key identifier:   5C:0A:52:AC:F3:E1:D3:11:0A:A4:82:36:06:74:B1:C8:9A:48:8D:C9
Certificate issuer:       /CN=8261a42bf2264cb5ebcec6e190d02a6d553b6233
Certificate serial:       018CC3496079293A712C9A8A07FE1FE595EE
Authority key identifier: 82:61:A4:2B:F2:26:4C:B5:EB:CE:C6:E1:90:D0:2A:6D:55:3B:62:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmGkK_ImTLXrzsbhkNAqbVU7YjM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/54b678-b2fe-449d-b326-dcae70f1c93b/1/XApSrPPh0xEKpII2BnSxyJpIjck.roa
Signing time:             Mon 01 Jan 2024 04:30:15 +0000
ROA not before:           Mon 01 Jan 2024 04:30:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49703
IP address blocks:        2a13:f700::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/54b678-b2fe-449d-b326-dcae70f1c93b/1/gmGkK_ImTLXrzsbhkNAqbVU7YjM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/54b678-b2fe-449d-b326-dcae70f1c93b/1/gmGkK_ImTLXrzsbhkNAqbVU7YjM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gmGkK_ImTLXrzsbhkNAqbVU7YjM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:60:79:29:3a:71:2c:9a:8a:07:fe:1f:e5:95:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8261a42bf2264cb5ebcec6e190d02a6d553b6233
        Validity
            Not Before: Jan  1 04:30:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c0a52acf3e1d3110aa482360674b1c89a488dc9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:29:24:3c:43:22:af:d2:42:01:64:4c:05:0d:
                    1f:0c:76:8e:5d:a2:81:b7:0f:17:8d:af:7e:29:64:
                    21:62:26:5f:69:1f:a2:24:51:5e:18:26:08:2c:f2:
                    9d:dc:e7:75:2c:24:6b:d8:f0:88:20:d0:ed:2c:8b:
                    dd:85:ca:ef:5d:da:74:be:10:a9:11:57:4e:1f:f3:
                    07:d9:2f:8e:66:ee:5a:59:9b:ec:30:a9:fa:e6:d4:
                    24:66:99:8a:ba:53:a0:d9:5f:bc:1f:0b:b2:a6:40:
                    11:d2:85:90:9d:b1:23:9f:1b:e5:3f:55:25:32:73:
                    15:0f:7e:81:18:c3:f5:7d:47:84:07:b1:49:00:f3:
                    2f:f7:ff:97:eb:02:ac:b7:56:15:72:45:e3:8a:d5:
                    d5:75:6f:e5:55:a9:87:f0:0a:40:9b:70:f1:7c:e4:
                    7f:de:ce:18:1b:f6:55:5c:af:f2:d3:ec:bf:79:fc:
                    93:af:29:dd:fe:28:3f:7c:64:89:c5:2b:c9:e5:69:
                    e2:dd:89:1b:4f:ed:9a:c2:f0:e1:6f:6e:a2:0e:cd:
                    c4:e8:50:a5:8c:d9:b2:51:34:d3:e9:d9:82:4a:c3:
                    76:f3:9b:bf:ed:9f:e7:4b:cf:ce:25:2c:9c:8e:57:
                    d5:3e:5f:bf:b5:92:41:0a:0a:60:a9:66:86:c5:c3:
                    da:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:0A:52:AC:F3:E1:D3:11:0A:A4:82:36:06:74:B1:C8:9A:48:8D:C9
            X509v3 Authority Key Identifier:
                keyid:82:61:A4:2B:F2:26:4C:B5:EB:CE:C6:E1:90:D0:2A:6D:55:3B:62:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmGkK_ImTLXrzsbhkNAqbVU7YjM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/54b678-b2fe-449d-b326-dcae70f1c93b/1/XApSrPPh0xEKpII2BnSxyJpIjck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/54b678-b2fe-449d-b326-dcae70f1c93b/1/gmGkK_ImTLXrzsbhkNAqbVU7YjM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:f700::/29

    Signature Algorithm: sha256WithRSAEncryption
         04:f7:02:14:65:35:9b:f7:00:a8:a7:be:2e:b2:bc:de:8c:03:
         fc:4e:8c:3f:ed:f2:0d:b7:0b:57:5b:d6:b0:67:45:5b:93:fe:
         5b:85:68:0c:b1:0b:fc:5d:bd:f2:98:7f:a4:84:ab:2f:ae:d4:
         be:90:eb:ec:b7:ab:5a:ec:af:95:8a:ce:84:69:ac:87:be:c1:
         ce:04:89:a6:bd:4a:77:81:07:3e:82:63:93:cc:7a:88:ac:1c:
         c5:a1:9b:62:d9:d6:17:98:7a:64:90:31:6e:31:dd:d4:cc:56:
         30:5e:a3:33:bc:f3:27:22:82:b2:04:61:75:48:44:97:16:fc:
         50:47:b1:8a:d7:d3:03:1c:41:2e:02:12:e0:04:f3:3b:14:01:
         e7:3b:91:97:e5:bf:ae:b4:b9:10:a7:ae:cf:10:af:67:82:5a:
         db:bb:29:43:84:4c:0e:42:7e:2d:77:01:73:ed:cf:b1:b3:31:
         1c:82:a3:21:75:a1:36:e5:53:44:0d:31:68:3b:e6:ec:20:78:
         d4:f7:f6:93:f8:33:d9:a8:29:e1:e3:e6:f9:a7:a8:47:bf:ca:
         2e:6b:f0:38:dc:ef:6e:b6:4f:80:17:07:18:7e:29:38:33:b4:
         ae:27:37:c6:79:af:9a:39:2b:25:23:5e:d8:60:d8:62:9b:19:
         06:a8:87:cc
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzDSWB5KTpxLJqKB/4f5ZXuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNjFhNDJiZjIyNjRjYjVlYmNlYzZlMTkwZDAyYTZkNTUz
YjYyMzMwHhcNMjQwMTAxMDQzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzBhNTJhY2YzZTFkMzExMGFhNDgyMzYwNjc0YjFjODlhNDg4ZGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ykkPEMir9JCAWRMBQ0fDHaOXaKB
tw8Xja9+KWQhYiZfaR+iJFFeGCYILPKd3Od1LCRr2PCIINDtLIvdhcrvXdp0vhCp
EVdOH/MH2S+OZu5aWZvsMKn65tQkZpmKulOg2V+8HwuypkAR0oWQnbEjnxvlP1Ul
MnMVD36BGMP1fUeEB7FJAPMv9/+X6wKst1YVckXjitXVdW/lVamH8ApAm3DxfOR/
3s4YG/ZVXK/y0+y/efyTrynd/ig/fGSJxSvJ5Wni3YkbT+2awvDhb26iDs3E6FCl
jNmyUTTT6dmCSsN285u/7Z/nS8/OJSycjlfVPl+/tZJBCgpgqWaGxcPa+QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFwKUqzz4dMRCqSCNgZ0sciaSI3JMB8GA1UdIwQY
MBaAFIJhpCvyJky1687G4ZDQKm1VO2IzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ21Ha0tfSW1UTFhyenNiaGtOQXFiVlU3WWpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS81NGI2NzgtYjJmZS00NDlkLWIzMjYt
ZGNhZTcwZjFjOTNiLzEvWEFwU3JQUGgweEVLcElJMkJuU3h5SnBJamNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS81NGI2NzgtYjJmZS00NDlkLWIzMjYtZGNhZTcwZjFjOTNi
LzEvZ21Ha0tfSW1UTFhyenNiaGtOQXFiVlU3WWpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhP3ADAN
BgkqhkiG9w0BAQsFAAOCAQEABPcCFGU1m/cAqKe+LrK83owD/E6MP+3yDbcLV1vW
sGdFW5P+W4VoDLEL/F298ph/pISrL67UvpDr7LerWuyvlYrOhGmsh77BzgSJpr1K
d4EHPoJjk8x6iKwcxaGbYtnWF5h6ZJAxbjHd1MxWMF6jM7zzJyKCsgRhdUhElxb8
UEexitfTAxxBLgIS4ATzOxQB5zuRl+W/rrS5EKeuzxCvZ4Ja27spQ4RMDkJ+LXcB
c+3PsbMxHIKjIXWhNuVTRA0xaDvm7CB41Pf2k/gz2agp4ePm+aeoR7/KLmvwONzv
brZPgBcHGH4pODO0ric3xnmvmjkrJSNe2GDYYpsZBqiHzA==
-----END CERTIFICATE-----