Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/mCG2I3N9VsTM9L_vpUsSZ14V_Dk.roa
File:                     mCG2I3N9VsTM9L_vpUsSZ14V_Dk.roa (raw, json)
Hash identifier:          kcTPbB79vnqb/kF61EARm4lF4jpfw7ar3kRAt79f8Xs=
Subject key identifier:   98:21:B6:23:73:7D:56:C4:CC:F4:BF:EF:A5:4B:12:67:5E:15:FC:39
Certificate issuer:       /CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
Certificate serial:       01914C21A8470156A822C4449EE67D23B29C
Authority key identifier: 88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/mCG2I3N9VsTM9L_vpUsSZ14V_Dk.roa
Signing time:             Tue 13 Aug 2024 14:25:59 +0000
ROA not before:           Tue 13 Aug 2024 14:25:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215310
IP address blocks:        2a13:a704::/31 maxlen: 31

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:4c:21:a8:47:01:56:a8:22:c4:44:9e:e6:7d:23:b2:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88b213bf1627548efdfb1b2e2645baaf1d983aa0
        Validity
            Not Before: Aug 13 14:25:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9821b623737d56c4ccf4bfefa54b12675e15fc39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:18:ef:61:f3:bd:1c:dd:38:c1:63:06:d8:fb:
                    cc:54:7f:ad:f0:f6:d7:3d:42:ff:ff:15:d3:dd:82:
                    87:a8:47:58:2e:5f:db:1d:71:33:53:7f:5c:2d:5c:
                    10:06:98:f7:33:09:ab:d3:c6:1b:af:03:48:f9:c7:
                    80:40:d7:9d:9b:e7:b2:8f:60:ab:c3:01:8b:e6:a0:
                    a4:d2:df:53:cd:76:00:8e:58:5d:ea:12:68:06:04:
                    53:de:02:bb:89:d1:32:57:d2:4c:6b:d1:85:fd:67:
                    11:47:77:22:ee:f0:b4:7b:60:4d:76:44:53:98:46:
                    63:fc:93:e4:74:3e:65:bb:19:61:77:d6:a7:19:3c:
                    c8:80:80:ad:78:85:16:b6:19:7f:3f:af:87:f1:50:
                    e2:69:ae:3a:b8:2a:26:ae:26:d0:78:f4:f8:d9:74:
                    79:35:e8:cc:2a:e2:18:7d:74:f3:f1:0c:ac:a0:25:
                    5a:8f:d9:7e:5d:79:17:d5:b2:55:a8:eb:19:3e:db:
                    9e:b0:4b:68:bf:d0:e3:84:ac:b4:e0:c2:11:2d:e6:
                    4d:35:3d:1a:a9:b2:19:f0:21:85:cd:a6:9e:6d:68:
                    d9:d6:9c:97:ae:cf:36:75:83:34:b1:fa:39:32:dc:
                    38:f0:05:00:a4:39:02:62:df:54:4d:98:af:8b:0a:
                    8b:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:21:B6:23:73:7D:56:C4:CC:F4:BF:EF:A5:4B:12:67:5E:15:FC:39
            X509v3 Authority Key Identifier:
                keyid:88:B2:13:BF:16:27:54:8E:FD:FB:1B:2E:26:45:BA:AF:1D:98:3A:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iLITvxYnVI79-xsuJkW6rx2YOqA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/mCG2I3N9VsTM9L_vpUsSZ14V_Dk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3c0269-c194-4e6d-abce-72735e118d51/1/iLITvxYnVI79-xsuJkW6rx2YOqA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a704::/31

    Signature Algorithm: sha256WithRSAEncryption
         8c:da:2a:ad:d5:ee:8e:a8:93:10:cc:93:6a:ea:13:b2:2f:6f:
         31:7c:8e:38:ad:28:4c:94:60:ad:6e:1a:13:cd:60:ce:68:9a:
         75:8e:67:4b:2f:53:34:2b:20:e5:7c:ba:e0:b1:ff:60:3e:25:
         ab:f2:b3:dd:f9:07:9e:69:ce:4d:b7:49:b7:3e:e8:6e:ef:26:
         32:77:66:cd:9e:df:11:11:e6:ef:ae:6b:a0:ca:3a:df:a9:39:
         64:2e:39:f2:09:e5:69:5a:e9:b8:ba:91:50:69:34:6c:15:3d:
         b9:2c:8e:46:5a:2e:2c:9c:e5:3a:fc:a1:8e:68:69:96:09:05:
         e4:e9:9d:af:e6:14:c5:26:65:bb:ba:1c:d2:2c:2c:58:ce:9f:
         f2:fc:ca:e2:b5:34:2f:71:29:43:0b:98:6f:49:2f:ee:4d:b5:
         f6:43:44:4c:13:cd:1d:e8:72:a6:a8:cd:e0:68:ff:8a:66:d4:
         ad:10:a5:ad:c9:a4:3d:de:c9:a8:61:0f:36:6f:77:7b:b3:16:
         8a:f1:80:a4:2d:e0:81:8f:c3:51:d2:52:51:ab:9e:d2:ce:50:
         1d:ca:48:00:22:69:61:9c:69:00:fc:4f:6c:90:41:d7:63:ff:
         a3:c1:5e:dd:9a:85:84:48:6a:ef:76:6a:57:8b:9e:95:0e:7a:
         cd:56:a4:68
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZFMIahHAVaoIsREnuZ9I7KcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YjIxM2JmMTYyNzU0OGVmZGZiMWIyZTI2NDViYWFmMWQ5
ODNhYTAwHhcNMjQwODEzMTQyNTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODIxYjYyMzczN2Q1NmM0Y2NmNGJmZWZhNTRiMTI2NzVlMTVmYzM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRjvYfO9HN04wWMG2PvMVH+t8PbX
PUL//xXT3YKHqEdYLl/bHXEzU39cLVwQBpj3Mwmr08YbrwNI+ceAQNedm+eyj2Cr
wwGL5qCk0t9TzXYAjlhd6hJoBgRT3gK7idEyV9JMa9GF/WcRR3ci7vC0e2BNdkRT
mEZj/JPkdD5luxlhd9anGTzIgICteIUWthl/P6+H8VDiaa46uComribQePT42XR5
NejMKuIYfXTz8QysoCVaj9l+XXkX1bJVqOsZPtuesEtov9DjhKy04MIRLeZNNT0a
qbIZ8CGFzaaebWjZ1pyXrs82dYM0sfo5Mtw48AUApDkCYt9UTZiviwqLZwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJghtiNzfVbEzPS/76VLEmdeFfw5MB8GA1UdIwQY
MBaAFIiyE78WJ1SO/fsbLiZFuq8dmDqgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2Ut
NzI3MzVlMTE4ZDUxLzEvbUNHMkkzTjlWc1RNOUxfdnBVc1NaMTRWX0RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8zYzAyNjktYzE5NC00ZTZkLWFiY2UtNzI3MzVlMTE4ZDUx
LzEvaUxJVHZ4WW5WSTc5LXhzdUprVzZyeDJZT3FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBKhOnBDAN
BgkqhkiG9w0BAQsFAAOCAQEAjNoqrdXujqiTEMyTauoTsi9vMXyOOK0oTJRgrW4a
E81gzmiadY5nSy9TNCsg5Xy64LH/YD4lq/Kz3fkHnmnOTbdJtz7obu8mMndmzZ7f
ERHm765roMo636k5ZC458gnlaVrpuLqRUGk0bBU9uSyORlouLJzlOvyhjmhplgkF
5Omdr+YUxSZlu7oc0iwsWM6f8vzK4rU0L3EpQwuYb0kv7k219kNETBPNHehypqjN
4Gj/imbUrRClrcmkPd7JqGEPNm93e7MWivGApC3ggY/DUdJSUaue0s5QHcpIACJp
YZxpAPxPbJBB12P/o8Fe3ZqFhEhq73ZqV4uelQ56zVakaA==
-----END CERTIFICATE-----