Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/d39416-f46a-4f82-b1e1-e0d1f7cacff1/1/ywKfxzhG0RGFAIc7pf65wk-s-1A.roa
File:                     ywKfxzhG0RGFAIc7pf65wk-s-1A.roa (raw, json)
Hash identifier:          41YViB5v+RIK/mCyrvLOjA25aDijWupvsBr+X6RCDXY=
Subject key identifier:   CB:02:9F:C7:38:46:D1:11:85:00:87:3B:A5:FE:B9:C2:4F:AC:FB:50
Certificate issuer:       /CN=27873afe6330b7ae9ee562e0c988e9fd5ea8f567
Certificate serial:       01919431E1710DF3B516B1A19F9B3397BDDE
Authority key identifier: 27:87:3A:FE:63:30:B7:AE:9E:E5:62:E0:C9:88:E9:FD:5E:A8:F5:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J4c6_mMwt66e5WLgyYjp_V6o9Wc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/d39416-f46a-4f82-b1e1-e0d1f7cacff1/1/ywKfxzhG0RGFAIc7pf65wk-s-1A.roa
Signing time:             Tue 27 Aug 2024 14:16:22 +0000
ROA not before:           Tue 27 Aug 2024 14:16:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57087
IP address blocks:        2a13:8cc0:1f00::/48 maxlen: 48
                          2a13:8cc0:1f01::/48 maxlen: 48
                          2a13:8cc0:1f02::/48 maxlen: 48
                          2a13:8cc0:1f03::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/d39416-f46a-4f82-b1e1-e0d1f7cacff1/1/J4c6_mMwt66e5WLgyYjp_V6o9Wc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/d39416-f46a-4f82-b1e1-e0d1f7cacff1/1/J4c6_mMwt66e5WLgyYjp_V6o9Wc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J4c6_mMwt66e5WLgyYjp_V6o9Wc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 17:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:94:31:e1:71:0d:f3:b5:16:b1:a1:9f:9b:33:97:bd:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27873afe6330b7ae9ee562e0c988e9fd5ea8f567
        Validity
            Not Before: Aug 27 14:16:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb029fc73846d1118500873ba5feb9c24facfb50
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:68:e5:2e:9f:1a:b4:16:92:e6:cf:4a:3e:92:
                    e7:82:73:47:73:8f:20:99:bc:c7:f8:1e:28:9e:b1:
                    54:f0:3c:14:df:87:af:47:e2:40:dd:25:18:b7:2e:
                    8b:d4:2c:35:a1:25:bb:57:61:86:c0:10:ed:f8:19:
                    25:2e:de:39:fc:70:e2:4f:8d:f1:f1:00:45:fb:81:
                    60:57:42:de:10:35:a9:af:04:0d:a5:c0:0c:58:92:
                    69:ce:1c:d4:d4:91:68:1c:ab:70:ef:a8:3b:72:80:
                    f0:fe:53:3c:71:9a:e2:be:c9:38:9f:f0:3e:68:04:
                    65:bb:a0:aa:3c:4f:0f:ab:b5:f1:6e:59:aa:a1:78:
                    75:48:26:14:7c:03:bc:7c:47:23:ce:66:dc:17:c0:
                    26:a7:3f:c4:74:49:55:0a:b8:c9:18:19:63:fb:dd:
                    49:37:63:88:3d:86:77:63:4f:ff:75:d1:dd:bc:a5:
                    95:81:26:63:dd:62:31:94:12:be:af:32:98:40:e6:
                    df:57:65:9a:c2:08:b5:ed:5d:75:0d:fb:8c:3c:6d:
                    41:cb:f0:80:d0:46:f8:c1:f9:01:45:ca:14:a4:6d:
                    55:e0:85:3a:66:c7:d2:3a:76:d8:0a:dd:9c:6c:00:
                    43:d6:2e:9e:07:4f:cf:6d:6a:45:b5:9d:83:15:4b:
                    78:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:02:9F:C7:38:46:D1:11:85:00:87:3B:A5:FE:B9:C2:4F:AC:FB:50
            X509v3 Authority Key Identifier:
                keyid:27:87:3A:FE:63:30:B7:AE:9E:E5:62:E0:C9:88:E9:FD:5E:A8:F5:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J4c6_mMwt66e5WLgyYjp_V6o9Wc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/d39416-f46a-4f82-b1e1-e0d1f7cacff1/1/ywKfxzhG0RGFAIc7pf65wk-s-1A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/d39416-f46a-4f82-b1e1-e0d1f7cacff1/1/J4c6_mMwt66e5WLgyYjp_V6o9Wc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:8cc0:1f00::/46

    Signature Algorithm: sha256WithRSAEncryption
         9d:7b:5b:36:95:26:00:1d:11:97:cf:ad:b0:08:0d:7e:b2:a6:
         eb:41:dc:df:73:f4:c5:e4:39:1e:5f:9c:ec:d4:af:fc:4a:3e:
         b9:55:f2:1c:b3:08:f7:66:e6:3d:41:77:b1:5a:f9:ca:61:96:
         74:03:4d:40:5b:8c:13:0c:c2:23:cd:14:b4:82:c0:7e:40:25:
         11:36:7d:89:de:76:04:c5:05:19:88:fb:40:fa:c2:06:86:cb:
         94:b3:44:65:be:c8:e4:d0:1e:45:cb:20:1f:67:fb:74:f5:bc:
         36:35:b9:80:6f:30:86:0f:19:cb:66:2b:2e:19:22:f8:ae:a2:
         74:d3:49:9b:c7:85:a1:42:42:63:4b:db:a2:c3:23:b5:76:c0:
         18:b7:ea:8a:51:63:3b:2e:78:33:88:c0:0f:79:72:16:ca:f8:
         85:a2:e2:ff:af:50:75:d1:85:cd:d9:8a:ae:6b:45:fa:92:a7:
         f1:16:be:a5:d0:d0:24:ed:32:f6:76:25:9f:7b:36:23:d8:5d:
         77:4c:41:c1:5f:41:0b:c9:9d:b4:77:15:87:bb:47:1e:a7:7e:
         6d:40:8a:8e:f7:90:02:fc:67:5e:b7:8e:96:d2:54:a3:10:f5:
         97:3f:03:85:61:07:99:8e:e8:8c:20:90:39:a9:f4:36:ea:73:
         cc:d0:72:5c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZGUMeFxDfO1FrGhn5szl73eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3ODczYWZlNjMzMGI3YWU5ZWU1NjJlMGM5ODhlOWZkNWVh
OGY1NjcwHhcNMjQwODI3MTQxNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjAyOWZjNzM4NDZkMTExODUwMDg3M2JhNWZlYjljMjRmYWNmYjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApGjlLp8atBaS5s9KPpLngnNHc48g
mbzH+B4onrFU8DwU34evR+JA3SUYty6L1Cw1oSW7V2GGwBDt+BklLt45/HDiT43x
8QBF+4FgV0LeEDWprwQNpcAMWJJpzhzU1JFoHKtw76g7coDw/lM8cZrivsk4n/A+
aARlu6CqPE8Pq7XxblmqoXh1SCYUfAO8fEcjzmbcF8Ampz/EdElVCrjJGBlj+91J
N2OIPYZ3Y0//ddHdvKWVgSZj3WIxlBK+rzKYQObfV2Wawgi17V11DfuMPG1By/CA
0Eb4wfkBRcoUpG1V4IU6ZsfSOnbYCt2cbABD1i6eB0/PbWpFtZ2DFUt4TQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMsCn8c4RtERhQCHO6X+ucJPrPtQMB8GA1UdIwQY
MBaAFCeHOv5jMLeunuVi4MmI6f1eqPVnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjRjNl9tTXd0NjZlNVdMZ3lZanBfVjZvOVdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9kMzk0MTYtZjQ2YS00ZjgyLWIxZTEt
ZTBkMWY3Y2FjZmYxLzEveXdLZnh6aEcwUkdGQUljN3BmNjV3ay1zLTFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9kMzk0MTYtZjQ2YS00ZjgyLWIxZTEtZTBkMWY3Y2FjZmYx
LzEvSjRjNl9tTXd0NjZlNVdMZ3lZanBfVjZvOVdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKhOMwB8A
MA0GCSqGSIb3DQEBCwUAA4IBAQCde1s2lSYAHRGXz62wCA1+sqbrQdzfc/TF5Dke
X5zs1K/8Sj65VfIcswj3ZuY9QXexWvnKYZZ0A01AW4wTDMIjzRS0gsB+QCURNn2J
3nYExQUZiPtA+sIGhsuUs0Rlvsjk0B5FyyAfZ/t09bw2NbmAbzCGDxnLZisuGSL4
rqJ000mbx4WhQkJjS9uiwyO1dsAYt+qKUWM7LngziMAPeXIWyviFouL/r1B10YXN
2Yqua0X6kqfxFr6l0NAk7TL2diWfezYj2F13TEHBX0ELyZ20dxWHu0cep35tQIqO
95AC/Gdet46W0lSjEPWXPwOFYQeZjuiMIJA5qfQ26nPM0HJc
-----END CERTIFICATE-----