Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/B9pfrr4dT8ncy9WGvqDXMkv-1oc.roa
File:                     B9pfrr4dT8ncy9WGvqDXMkv-1oc.roa (raw, json)
Hash identifier:          wG2SaloLfDdkAayYOEbyovMYcMTmwwhDP9DnG1EgPco=
Subject key identifier:   07:DA:5F:AE:BE:1D:4F:C9:DC:CB:D5:86:BE:A0:D7:32:4B:FE:D6:87
Certificate issuer:       /CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
Certificate serial:       01906FD3A3813D62FFF1921A3CD291B7C38F
Authority key identifier: 88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/B9pfrr4dT8ncy9WGvqDXMkv-1oc.roa
Signing time:             Mon 01 Jul 2024 19:44:19 +0000
ROA not before:           Mon 01 Jul 2024 19:44:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216289
IP address blocks:        2a13:9304::/31 maxlen: 31

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:6f:d3:a3:81:3d:62:ff:f1:92:1a:3c:d2:91:b7:c3:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
        Validity
            Not Before: Jul  1 19:44:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07da5faebe1d4fc9dccbd586bea0d7324bfed687
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:d9:aa:36:6b:fa:46:02:c6:76:48:a1:d3:2a:
                    4d:c9:16:21:a1:8b:65:ef:34:20:6d:ad:ad:4a:37:
                    18:3b:a1:08:67:76:af:93:9f:e9:19:b1:58:47:39:
                    4b:3b:10:90:b3:4f:7e:53:89:28:15:69:a8:2a:e4:
                    e3:7a:18:a2:83:ad:5f:eb:f5:02:20:38:5a:9d:3a:
                    a2:a0:40:dd:7e:b5:d5:1d:55:14:6f:1a:c2:13:35:
                    05:1d:00:30:8d:e4:7c:d5:81:00:86:72:34:3c:25:
                    c5:65:cf:04:c9:55:cf:bf:b1:c2:23:91:54:07:1f:
                    1b:ea:95:36:33:a8:31:ad:73:20:ad:7b:79:f2:00:
                    97:7d:33:07:ef:0c:4d:73:fe:95:e2:d9:c9:25:be:
                    3e:d5:e0:34:8f:ec:25:56:5c:4f:b0:00:14:05:ae:
                    16:61:22:b9:06:dc:8a:eb:19:a3:00:fb:a2:82:bb:
                    4a:d8:f7:2e:35:1a:e3:f8:7a:d7:2c:86:d5:db:84:
                    1c:77:e0:8f:59:1c:1e:08:a0:a0:57:4e:15:04:92:
                    f6:5e:95:d1:47:c0:99:e4:2b:08:1a:82:ad:61:c7:
                    5d:55:4f:10:a1:2b:c2:aa:4e:e7:8f:6e:0d:27:c3:
                    39:f5:23:3b:3b:71:db:d3:1b:4d:17:69:56:3d:90:
                    e2:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:DA:5F:AE:BE:1D:4F:C9:DC:CB:D5:86:BE:A0:D7:32:4B:FE:D6:87
            X509v3 Authority Key Identifier:
                keyid:88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/B9pfrr4dT8ncy9WGvqDXMkv-1oc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9304::/31

    Signature Algorithm: sha256WithRSAEncryption
         a5:14:ab:e1:74:4b:b5:02:8f:ae:7a:13:50:17:c1:1b:c0:ad:
         93:54:da:a6:3d:02:60:7a:d9:0b:71:84:7b:47:eb:e7:ba:c5:
         47:f2:f9:cd:6c:d1:3d:55:fd:cb:db:70:ca:47:91:0e:e2:31:
         80:9c:19:17:9c:fc:11:4e:85:1f:98:63:be:bf:26:27:0c:d2:
         18:1e:26:f9:35:42:c9:45:5a:71:72:15:9b:7b:3d:b1:2c:b0:
         8a:db:86:67:f7:7f:ec:03:72:0c:8e:a5:ff:ab:f0:16:4a:bc:
         6b:ea:7c:68:ee:55:08:18:40:05:17:ad:7a:94:dd:07:aa:aa:
         76:12:20:81:00:1a:11:e9:8c:47:91:3b:e7:57:8a:bb:86:b3:
         47:9b:53:9a:b9:9f:b6:1a:da:6a:67:e7:e7:03:f0:e4:7c:b8:
         ae:e4:1b:ae:fe:6a:e2:56:ee:bc:dd:33:a9:3d:08:17:18:33:
         62:e5:21:7a:1b:4e:c8:98:af:78:7b:c1:41:71:6e:a4:8d:ea:
         fb:75:52:9e:fe:f1:ba:02:0a:ae:d6:ab:04:31:1a:e6:ad:b2:
         b0:1a:5d:1d:21:4c:b4:31:e2:25:5f:de:cd:06:56:99:2b:2c:
         03:1d:12:ee:95:73:56:5c:09:5b:3b:ad:b7:8c:9e:87:4f:51:
         7f:8a:90:ce
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBv06OBPWL/8ZIaPNKRt8OPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YjIxM2JmMTYyNzU0OGVmZGZiMWIyZTI2NDViYWFmMWQ5
ODNhYTAwHhcNMjQwNzAxMTk0NDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2RhNWZhZWJlMWQ0ZmM5ZGNjYmQ1ODZiZWEwZDczMjRiZmVkNjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9mqNmv6RgLGdkih0ypNyRYhoYtl
7zQgba2tSjcYO6EIZ3avk5/pGbFYRzlLOxCQs09+U4koFWmoKuTjehiig61f6/UC
IDhanTqioEDdfrXVHVUUbxrCEzUFHQAwjeR81YEAhnI0PCXFZc8EyVXPv7HCI5FU
Bx8b6pU2M6gxrXMgrXt58gCXfTMH7wxNc/6V4tnJJb4+1eA0j+wlVlxPsAAUBa4W
YSK5BtyK6xmjAPuigrtK2PcuNRrj+HrXLIbV24Qcd+CPWRweCKCgV04VBJL2XpXR
R8CZ5CsIGoKtYcddVU8QoSvCqk7nj24NJ8M59SM7O3Hb0xtNF2lWPZDi5QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAfaX66+HU/J3MvVhr6g1zJL/taHMB8GA1UdIwQY
MBaAFIiyE78WJ1SO/fsbLiZFuq8dmDqgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2Ut
NzI3MzVlMTE4ZDUxLzEvQjlwZnJyNGRUOG5jeTlXR3ZxRFhNa3YtMW9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2UtNzI3MzVlMTE4ZDUx
LzEvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBKhOTBDAN
BgkqhkiG9w0BAQsFAAOCAQEApRSr4XRLtQKPrnoTUBfBG8Ctk1Tapj0CYHrZC3GE
e0fr57rFR/L5zWzRPVX9y9twykeRDuIxgJwZF5z8EU6FH5hjvr8mJwzSGB4m+TVC
yUVacXIVm3s9sSywituGZ/d/7ANyDI6l/6vwFkq8a+p8aO5VCBhABRetepTdB6qq
dhIggQAaEemMR5E751eKu4azR5tTmrmfthraamfn5wPw5Hy4ruQbrv5q4lbuvN0z
qT0IFxgzYuUhehtOyJiveHvBQXFupI3q+3VSnv7xugIKrtarBDEa5q2ysBpdHSFM
tDHiJV/ezQZWmSssAx0S7pVzVlwJWzutt4yeh09Rf4qQzg==
-----END CERTIFICATE-----