Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/aMu4ZVgggk35fhr9UpaZLSFzaEg.roa
File:                     aMu4ZVgggk35fhr9UpaZLSFzaEg.roa (raw, json)
Hash identifier:          xse+Ht7uW88NbEYBr1xhkcFhFUQ7ilizNVKycR3E6OQ=
Subject key identifier:   68:CB:B8:65:58:20:82:4D:F9:7E:1A:FD:52:96:99:2D:21:73:68:48
Certificate issuer:       /CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
Certificate serial:       01906FD3A05F6E43A19086CCE1A620A718B2
Authority key identifier: 88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/aMu4ZVgggk35fhr9UpaZLSFzaEg.roa
Signing time:             Mon 01 Jul 2024 19:44:18 +0000
ROA not before:           Mon 01 Jul 2024 19:44:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50580
IP address blocks:        2a13:9302::/31 maxlen: 31

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:6f:d3:a0:5f:6e:43:a1:90:86:cc:e1:a6:20:a7:18:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
        Validity
            Not Before: Jul  1 19:44:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68cbb8655820824df97e1afd5296992d21736848
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:38:99:46:2f:40:c7:91:10:fb:03:46:48:93:
                    c0:2e:4f:3a:1f:fe:fd:4a:2e:73:a2:a2:3e:80:24:
                    4d:77:07:b4:c5:ea:4b:ee:2e:31:12:82:b7:a2:69:
                    76:6c:96:77:14:73:79:b0:e7:b4:06:f3:2c:0a:c4:
                    38:e4:72:82:34:d1:e9:0a:9e:8d:72:91:29:5b:06:
                    0f:31:61:85:1c:69:7b:a0:7a:50:09:94:78:2e:49:
                    b8:a9:0b:c5:f2:71:23:e0:d8:68:b4:f6:6c:61:d4:
                    40:28:4a:6b:77:e9:63:8e:a0:91:84:f1:a1:84:14:
                    33:dd:6c:2c:ff:6b:aa:48:7d:f8:3f:59:d2:c4:5e:
                    49:33:ae:f4:47:ef:b6:89:88:89:35:21:db:fe:5c:
                    cc:a6:93:36:79:29:59:93:e6:54:3c:a9:cb:0a:ab:
                    05:13:0f:72:9a:6e:fd:98:69:dd:4d:88:73:cc:be:
                    85:71:e9:27:42:48:5c:14:5f:44:c9:f2:25:df:13:
                    59:32:00:2c:5e:93:66:30:ee:fb:bf:f4:08:6d:f9:
                    3c:c2:31:6b:61:81:7b:7d:5e:36:e5:5e:50:18:a9:
                    46:97:76:57:8a:d5:0a:31:58:d2:ad:36:6c:f2:14:
                    ad:d3:6c:cb:68:32:5c:33:d6:2e:e5:8a:4d:e4:49:
                    d2:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:CB:B8:65:58:20:82:4D:F9:7E:1A:FD:52:96:99:2D:21:73:68:48
            X509v3 Authority Key Identifier:
                keyid:88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/aMu4ZVgggk35fhr9UpaZLSFzaEg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9302::/31

    Signature Algorithm: sha256WithRSAEncryption
         b6:7c:2b:c4:f2:f5:39:cc:f2:bc:6a:67:04:1b:d0:9b:d0:bb:
         2f:9c:a7:dc:d3:f4:2a:08:2c:99:d9:e8:7d:4c:c3:60:49:e0:
         16:18:23:94:ef:2d:32:5b:3e:e8:f1:87:72:00:3e:d2:2e:27:
         55:ba:e4:8b:06:ea:e3:9b:16:56:93:3f:64:d9:1e:e2:bb:a0:
         1f:46:3b:83:83:32:eb:74:d7:8b:43:e3:91:25:8f:96:ed:89:
         0d:10:5c:4f:9b:35:74:62:23:fd:a7:d5:e4:11:7a:d8:7e:c8:
         f6:d8:e8:7c:f8:ae:48:ab:87:2a:66:0f:fd:f5:d1:84:b2:72:
         8a:31:1f:5e:ea:b6:84:f5:1b:e7:88:5d:79:a9:05:80:ee:c9:
         76:43:37:c0:41:27:78:c2:6d:94:77:8f:5b:0d:8f:dd:b4:9d:
         24:37:a6:4c:6e:ce:ff:b5:b8:c5:de:2d:bf:46:4b:75:43:07:
         fd:8c:e5:13:75:66:95:cb:84:9f:d7:36:2b:0b:39:76:16:16:
         cb:a7:56:7f:34:54:ab:04:4b:0e:d6:83:32:2f:89:90:d4:1b:
         7e:70:81:81:c9:f7:1f:34:cd:96:d8:08:d7:a7:ab:a4:d8:30:
         18:81:7d:1b:5f:be:18:fe:27:d5:f0:fe:1e:33:b2:6f:f1:20:
         ce:36:e4:d7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZBv06BfbkOhkIbM4aYgpxiyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YjIxM2JmMTYyNzU0OGVmZGZiMWIyZTI2NDViYWFmMWQ5
ODNhYTAwHhcNMjQwNzAxMTk0NDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGNiYjg2NTU4MjA4MjRkZjk3ZTFhZmQ1Mjk2OTkyZDIxNzM2ODQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5DiZRi9Ax5EQ+wNGSJPALk86H/79
Si5zoqI+gCRNdwe0xepL7i4xEoK3oml2bJZ3FHN5sOe0BvMsCsQ45HKCNNHpCp6N
cpEpWwYPMWGFHGl7oHpQCZR4Lkm4qQvF8nEj4NhotPZsYdRAKEprd+ljjqCRhPGh
hBQz3Wws/2uqSH34P1nSxF5JM670R++2iYiJNSHb/lzMppM2eSlZk+ZUPKnLCqsF
Ew9ymm79mGndTYhzzL6FceknQkhcFF9EyfIl3xNZMgAsXpNmMO77v/QIbfk8wjFr
YYF7fV425V5QGKlGl3ZXitUKMVjSrTZs8hSt02zLaDJcM9Yu5YpN5EnS9wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGjLuGVYIIJN+X4a/VKWmS0hc2hIMB8GA1UdIwQY
MBaAFIiyE78WJ1SO/fsbLiZFuq8dmDqgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2Ut
NzI3MzVlMTE4ZDUxLzEvYU11NFpWZ2dnazM1ZmhyOVVwYVpMU0Z6YUVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2UtNzI3MzVlMTE4ZDUx
LzEvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBKhOTAjAN
BgkqhkiG9w0BAQsFAAOCAQEAtnwrxPL1OczyvGpnBBvQm9C7L5yn3NP0Kggsmdno
fUzDYEngFhgjlO8tMls+6PGHcgA+0i4nVbrkiwbq45sWVpM/ZNke4rugH0Y7g4My
63TXi0PjkSWPlu2JDRBcT5s1dGIj/afV5BF62H7I9tjofPiuSKuHKmYP/fXRhLJy
ijEfXuq2hPUb54hdeakFgO7JdkM3wEEneMJtlHePWw2P3bSdJDemTG7O/7W4xd4t
v0ZLdUMH/YzlE3VmlcuEn9c2Kws5dhYWy6dWfzRUqwRLDtaDMi+JkNQbfnCBgcn3
HzTNltgI16erpNgwGIF9G1++GP4n1fD+HjOyb/Egzjbk1w==
-----END CERTIFICATE-----