Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/2D17ohCPVe90y3s4VEYYmaYHSfY.roa
File:                     2D17ohCPVe90y3s4VEYYmaYHSfY.roa (raw, json)
Hash identifier:          i07Nf6xrXRBL2bqhlezBY7gd+bqgfRHDixPtF+j0GjE=
Subject key identifier:   D8:3D:7B:A2:10:8F:55:EF:74:CB:7B:38:54:46:18:99:A6:07:49:F6
Certificate issuer:       /CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
Certificate serial:       01906FD3A1C9E4C97F7884C786C8230957FC
Authority key identifier: 88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/2D17ohCPVe90y3s4VEYYmaYHSfY.roa
Signing time:             Mon 01 Jul 2024 19:44:18 +0000
ROA not before:           Mon 01 Jul 2024 19:44:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214967
IP address blocks:        2a13:9306::/31 maxlen: 31

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jul 2024 23:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:6f:d3:a1:c9:e4:c9:7f:78:84:c7:86:c8:23:09:57:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
        Validity
            Not Before: Jul  1 19:44:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d83d7ba2108f55ef74cb7b3854461899a60749f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:55:e6:96:f6:28:a3:76:3b:92:8d:7d:18:61:
                    a1:ea:40:99:ea:ee:77:e6:2d:9a:e3:6f:5f:2b:56:
                    16:63:2d:18:c1:2d:e7:82:f2:f1:ca:4a:2e:97:8e:
                    3f:e5:bd:8d:68:e3:14:f4:53:10:80:09:96:f3:01:
                    83:cb:00:92:d7:3a:b5:de:97:2c:b7:7a:14:de:a9:
                    46:50:a0:7e:39:5e:c8:87:8f:c9:e0:cf:0d:29:7d:
                    04:07:03:f3:11:9f:a9:cb:f7:dc:2d:85:fc:24:f6:
                    94:4c:0e:20:1c:bf:f1:f4:52:0f:83:3d:65:50:ad:
                    d6:38:1d:12:36:3a:4c:dd:5d:71:8e:3e:da:cc:fb:
                    70:f9:20:f8:47:33:22:3b:c6:75:f0:94:ac:23:73:
                    47:ee:ff:87:20:8e:fa:f8:65:0a:5c:77:3c:d1:b5:
                    b5:c9:af:3a:98:ec:25:03:06:0a:0a:58:1c:02:7a:
                    38:e8:4d:f8:83:eb:fc:e8:0c:e6:b7:5c:ee:28:ce:
                    a4:94:d4:48:63:8a:8f:d4:0d:55:c3:77:8b:b8:d8:
                    cc:6a:51:52:58:57:89:a6:96:89:bd:25:6f:e7:74:
                    6d:e2:41:ea:32:9d:d3:3a:23:bb:44:7b:76:dc:37:
                    83:d4:91:79:2b:d0:ac:93:d8:f2:68:94:6c:d4:ca:
                    87:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:3D:7B:A2:10:8F:55:EF:74:CB:7B:38:54:46:18:99:A6:07:49:F6
            X509v3 Authority Key Identifier:
                keyid:88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/2D17ohCPVe90y3s4VEYYmaYHSfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9306::/31

    Signature Algorithm: sha256WithRSAEncryption
         88:a3:b1:33:cd:77:8c:22:ae:1b:b9:4b:8d:83:6b:18:62:a8:
         92:68:cf:29:5f:fa:ea:c1:75:8f:c6:41:95:c8:be:36:e3:10:
         56:7f:fd:77:4b:9a:53:52:d4:19:42:24:aa:1b:19:93:a8:77:
         d6:6d:10:f4:c2:2f:ee:9b:e2:e4:fe:67:0d:f4:87:73:e4:c1:
         af:3a:bc:6f:3f:dc:ee:bf:61:f7:2c:26:ca:12:4c:76:2b:2a:
         47:c2:b1:bd:c7:71:1b:18:05:4a:a9:dd:6c:47:a0:55:5f:7b:
         95:91:3e:65:99:77:8b:da:0d:06:26:d4:64:8a:86:6c:71:f3:
         40:9b:c1:09:00:df:e5:57:d6:79:e9:0a:12:ea:36:f6:d1:b6:
         15:ca:be:9a:9c:a9:5b:87:97:48:3e:02:a2:b8:2f:aa:31:e3:
         60:72:0f:07:59:5c:89:d2:12:42:4e:04:65:db:98:87:20:41:
         8d:b9:d9:74:04:cd:36:66:e6:03:43:0f:24:3c:26:1b:9c:f5:
         7c:06:aa:10:f7:b4:59:17:2a:ad:f8:7c:42:9c:c9:31:d1:ab:
         6f:ce:8d:95:ac:c1:62:9c:5f:18:b1:d9:2b:55:7a:e9:ad:ea:
         7e:b6:19:5d:88:08:e6:a7:af:b8:e5:90:b0:ef:1a:8f:53:56:
         7c:36:a9:a7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBv06HJ5Ml/eITHhsgjCVf8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YjIxM2JmMTYyNzU0OGVmZGZiMWIyZTI2NDViYWFmMWQ5
ODNhYTAwHhcNMjQwNzAxMTk0NDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODNkN2JhMjEwOGY1NWVmNzRjYjdiMzg1NDQ2MTg5OWE2MDc0OWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsVXmlvYoo3Y7ko19GGGh6kCZ6u53
5i2a429fK1YWYy0YwS3ngvLxykoul44/5b2NaOMU9FMQgAmW8wGDywCS1zq13pcs
t3oU3qlGUKB+OV7Ih4/J4M8NKX0EBwPzEZ+py/fcLYX8JPaUTA4gHL/x9FIPgz1l
UK3WOB0SNjpM3V1xjj7azPtw+SD4RzMiO8Z18JSsI3NH7v+HII76+GUKXHc80bW1
ya86mOwlAwYKClgcAno46E34g+v86Azmt1zuKM6klNRIY4qP1A1Vw3eLuNjMalFS
WFeJppaJvSVv53Rt4kHqMp3TOiO7RHt23DeD1JF5K9Csk9jyaJRs1MqH9QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNg9e6IQj1XvdMt7OFRGGJmmB0n2MB8GA1UdIwQY
MBaAFIiyE78WJ1SO/fsbLiZFuq8dmDqgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2Ut
NzI3MzVlMTE4ZDUxLzEvMkQxN29oQ1BWZTkweTNzNFZFWVltYVlIU2ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2UtNzI3MzVlMTE4ZDUx
LzEvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBKhOTBjAN
BgkqhkiG9w0BAQsFAAOCAQEAiKOxM813jCKuG7lLjYNrGGKokmjPKV/66sF1j8ZB
lci+NuMQVn/9d0uaU1LUGUIkqhsZk6h31m0Q9MIv7pvi5P5nDfSHc+TBrzq8bz/c
7r9h9ywmyhJMdisqR8KxvcdxGxgFSqndbEegVV97lZE+ZZl3i9oNBibUZIqGbHHz
QJvBCQDf5VfWeekKEuo29tG2Fcq+mpypW4eXSD4CorgvqjHjYHIPB1lcidISQk4E
ZduYhyBBjbnZdATNNmbmA0MPJDwmG5z1fAaqEPe0WRcqrfh8QpzJMdGrb86NlazB
YpxfGLHZK1V66a3qfrYZXYgI5qevuOWQsO8aj1NWfDappw==
-----END CERTIFICATE-----