Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/0FWrdSn1bdO6qEYv7gvn_Pk1Ngo.roa
File:                     0FWrdSn1bdO6qEYv7gvn_Pk1Ngo.roa (raw, json)
Hash identifier:          ZIyEf9hHTLjI9MCMLnNTtT1WuSNg8mpIFyyGgo/ZsZA=
Subject key identifier:   D0:55:AB:75:29:F5:6D:D3:BA:A8:46:2F:EE:0B:E7:FC:F9:35:36:0A
Certificate issuer:       /CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
Certificate serial:       01906FD3A2F3A56C82760E08277E0C63D173
Authority key identifier: 88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/0FWrdSn1bdO6qEYv7gvn_Pk1Ngo.roa
Signing time:             Mon 01 Jul 2024 19:44:19 +0000
ROA not before:           Mon 01 Jul 2024 19:44:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215462
IP address blocks:        2a13:a702::/31 maxlen: 31

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:6f:d3:a2:f3:a5:6c:82:76:0e:08:27:7e:0c:63:d1:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
        Validity
            Not Before: Jul  1 19:44:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d055ab7529f56dd3baa8462fee0be7fcf935360a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:25:83:89:36:cf:1f:37:f6:67:58:b5:db:9f:
                    0d:48:2f:15:57:44:31:65:2f:f9:a4:fc:00:3e:41:
                    a8:41:e2:0c:32:65:28:e4:99:a8:a7:7d:fa:19:b1:
                    bc:71:ff:41:a4:49:ce:7c:48:5c:c7:8b:9a:35:8d:
                    48:9f:1b:d7:61:3b:62:84:21:2a:5d:db:6e:14:93:
                    51:f1:e6:59:7f:e9:8b:26:96:26:54:a8:dd:61:a3:
                    fc:0f:17:ba:41:92:65:2d:b2:a4:42:70:85:ba:2d:
                    33:3a:ff:6a:f2:2d:4e:7b:99:d1:53:07:ff:45:60:
                    da:dd:e2:34:3a:e8:c1:40:ca:3d:b2:56:91:ad:30:
                    28:f2:12:e8:18:89:c1:1b:bc:38:b8:ac:24:ae:5f:
                    fe:53:fb:0a:be:5d:28:26:8f:53:ed:d3:86:f2:6c:
                    83:67:ee:f9:3c:15:a8:e1:cc:a2:0d:f9:c6:bd:e7:
                    c1:cc:e3:aa:b8:1e:a7:c2:96:81:93:88:f1:8b:20:
                    6b:4a:63:af:6d:b7:53:d9:ab:2b:5f:88:fd:3e:d2:
                    9e:d5:35:0c:da:7a:1a:c3:73:b1:90:3a:49:d7:9c:
                    f2:20:8f:34:2e:c1:45:54:b4:f2:17:b2:3a:ba:b1:
                    7b:91:61:c5:43:47:61:16:8e:a7:b8:50:04:e4:b8:
                    e9:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:55:AB:75:29:F5:6D:D3:BA:A8:46:2F:EE:0B:E7:FC:F9:35:36:0A
            X509v3 Authority Key Identifier:
                keyid:88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/0FWrdSn1bdO6qEYv7gvn_Pk1Ngo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a702::/31

    Signature Algorithm: sha256WithRSAEncryption
         b8:21:11:3f:ac:fd:c1:11:20:85:54:c1:b8:b8:32:83:af:54:
         c3:5c:68:fe:e3:b7:d8:81:31:7f:c7:d3:7b:f2:74:1c:d8:a4:
         62:46:21:c6:9f:a4:78:ce:b3:76:36:a7:28:51:68:0b:38:e3:
         8d:cf:67:14:e9:a7:ca:11:40:67:ee:9a:c4:c1:3e:74:35:52:
         db:33:3e:3c:e0:c5:df:d1:fe:16:b0:a2:21:59:2f:29:0a:a0:
         b2:b8:18:55:63:2b:e4:ba:bd:7a:b2:89:61:60:3c:1f:88:c3:
         b0:b6:e5:0a:db:85:22:ed:c1:11:d3:e7:c6:38:66:e6:84:2b:
         c4:e0:91:a9:ec:76:00:ce:2f:35:39:0c:bb:29:05:e2:0a:d4:
         a6:4b:be:92:f6:a0:f2:41:b1:7c:71:47:ac:de:58:bd:4e:cc:
         f1:68:eb:39:a3:47:6f:4a:3f:6b:bc:07:0f:47:ad:83:0e:90:
         8e:6d:fa:3d:a0:c8:8f:83:8d:95:43:85:86:b0:a5:8f:99:0c:
         03:79:00:c4:4d:48:7d:f2:76:b3:1b:24:7c:40:d1:9b:6b:75:
         01:ae:fe:ac:16:a0:d4:ce:2d:b2:cd:30:8a:16:90:21:5a:6e:
         04:93:a9:1d:e3:1c:12:bd:1d:2b:81:93:9b:9c:78:08:44:b4:
         fa:d9:e4:a3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBv06LzpWyCdg4IJ34MY9FzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YjIxM2JmMTYyNzU0OGVmZGZiMWIyZTI2NDViYWFmMWQ5
ODNhYTAwHhcNMjQwNzAxMTk0NDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDU1YWI3NTI5ZjU2ZGQzYmFhODQ2MmZlZTBiZTdmY2Y5MzUzNjBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyyWDiTbPHzf2Z1i1258NSC8VV0Qx
ZS/5pPwAPkGoQeIMMmUo5Jmop336GbG8cf9BpEnOfEhcx4uaNY1InxvXYTtihCEq
XdtuFJNR8eZZf+mLJpYmVKjdYaP8Dxe6QZJlLbKkQnCFui0zOv9q8i1Oe5nRUwf/
RWDa3eI0OujBQMo9slaRrTAo8hLoGInBG7w4uKwkrl/+U/sKvl0oJo9T7dOG8myD
Z+75PBWo4cyiDfnGvefBzOOquB6nwpaBk4jxiyBrSmOvbbdT2asrX4j9PtKe1TUM
2noaw3OxkDpJ15zyII80LsFFVLTyF7I6urF7kWHFQ0dhFo6nuFAE5LjpdwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNBVq3Up9W3TuqhGL+4L5/z5NTYKMB8GA1UdIwQY
MBaAFIiyE78WJ1SO/fsbLiZFuq8dmDqgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2Ut
NzI3MzVlMTE4ZDUxLzEvMEZXcmRTbjFiZE82cUVZdjdndm5fUGsxTmdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2UtNzI3MzVlMTE4ZDUx
LzEvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBKhOnAjAN
BgkqhkiG9w0BAQsFAAOCAQEAuCERP6z9wREghVTBuLgyg69Uw1xo/uO32IExf8fT
e/J0HNikYkYhxp+keM6zdjanKFFoCzjjjc9nFOmnyhFAZ+6axME+dDVS2zM+PODF
39H+FrCiIVkvKQqgsrgYVWMr5Lq9erKJYWA8H4jDsLblCtuFIu3BEdPnxjhm5oQr
xOCRqex2AM4vNTkMuykF4grUpku+kvag8kGxfHFHrN5YvU7M8WjrOaNHb0o/a7wH
D0etgw6Qjm36PaDIj4ONlUOFhrClj5kMA3kAxE1IffJ2sxskfEDRm2t1Aa7+rBag
1M4tss0wihaQIVpuBJOpHeMcEr0dK4GTm5x4CES0+tnkow==
-----END CERTIFICATE-----