Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/f2d9e9-eeff-4633-a189-6bbb27081de2/1/xoLAOCgJn9_163D-thvkfzu0odU.roa
File:                     xoLAOCgJn9_163D-thvkfzu0odU.roa (raw, json)
Hash identifier:          lW+0bQwyYMZXVVqZgbPwK7YvgTUeD3EHWYpBgOoiNdQ=
Subject key identifier:   C6:82:C0:38:28:09:9F:DF:F5:EB:70:FE:B6:1B:E4:7F:3B:B4:A1:D5
Certificate issuer:       /CN=c946c4befe0fbbe3624bd748296b5fe2e7ec2d68
Certificate serial:       01922952DA611583F037FACF40AA9D3CBD62
Authority key identifier: C9:46:C4:BE:FE:0F:BB:E3:62:4B:D7:48:29:6B:5F:E2:E7:EC:2D:68
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yUbEvv4Pu-NiS9dIKWtf4ufsLWg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/f2d9e9-eeff-4633-a189-6bbb27081de2/1/xoLAOCgJn9_163D-thvkfzu0odU.roa
Signing time:             Wed 25 Sep 2024 13:15:48 +0000
ROA not before:           Wed 25 Sep 2024 13:15:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214258
IP address blocks:        2a13:4380:8010::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/f2d9e9-eeff-4633-a189-6bbb27081de2/1/yUbEvv4Pu-NiS9dIKWtf4ufsLWg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/f2d9e9-eeff-4633-a189-6bbb27081de2/1/yUbEvv4Pu-NiS9dIKWtf4ufsLWg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yUbEvv4Pu-NiS9dIKWtf4ufsLWg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:29:52:da:61:15:83:f0:37:fa:cf:40:aa:9d:3c:bd:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c946c4befe0fbbe3624bd748296b5fe2e7ec2d68
        Validity
            Not Before: Sep 25 13:15:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c682c03828099fdff5eb70feb61be47f3bb4a1d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:c3:49:fe:a5:1f:9c:36:ae:3b:ec:20:4b:d1:
                    13:f7:80:80:51:bb:10:53:a9:c9:25:37:de:2f:4f:
                    61:cf:8c:cf:2c:a5:a7:51:06:49:7c:49:43:41:ed:
                    62:46:79:ef:d0:db:eb:40:d9:af:d2:76:12:fc:5a:
                    c4:45:19:29:f2:81:c7:47:49:06:e8:94:06:b2:94:
                    7f:3e:4f:27:b5:01:c4:06:01:0a:51:5c:cf:43:e6:
                    1e:6b:47:0a:5b:86:7f:66:14:39:a2:29:47:a5:c4:
                    6e:ec:1b:20:0e:b0:8f:f3:05:d0:77:a7:1b:a0:57:
                    c0:10:79:0a:74:91:67:29:8c:80:c5:4a:ed:09:d8:
                    f4:3a:c0:a0:13:fa:71:72:2b:26:42:ba:23:a8:73:
                    56:9e:93:09:25:28:eb:78:b0:00:a8:63:05:1d:17:
                    2d:3c:c8:93:91:b0:02:ad:98:e7:a8:c8:2a:2b:4e:
                    98:51:0d:38:92:89:a8:7f:3e:05:33:4f:29:6a:13:
                    fa:64:ac:bb:58:34:02:4d:65:5f:45:c3:18:cc:1a:
                    ac:7b:84:a6:de:c4:2e:55:aa:3e:11:c1:83:62:0c:
                    92:da:72:b3:19:bb:a5:64:db:c3:04:dd:16:59:6a:
                    35:66:4f:5c:1c:91:ba:72:5b:34:90:68:a6:9b:e2:
                    b8:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:82:C0:38:28:09:9F:DF:F5:EB:70:FE:B6:1B:E4:7F:3B:B4:A1:D5
            X509v3 Authority Key Identifier:
                keyid:C9:46:C4:BE:FE:0F:BB:E3:62:4B:D7:48:29:6B:5F:E2:E7:EC:2D:68

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yUbEvv4Pu-NiS9dIKWtf4ufsLWg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/f2d9e9-eeff-4633-a189-6bbb27081de2/1/xoLAOCgJn9_163D-thvkfzu0odU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/f2d9e9-eeff-4633-a189-6bbb27081de2/1/yUbEvv4Pu-NiS9dIKWtf4ufsLWg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:4380:8010::/44

    Signature Algorithm: sha256WithRSAEncryption
         a0:06:4d:cb:75:4a:be:5a:8a:70:12:1b:c5:22:04:39:cc:2c:
         43:22:1a:44:87:96:05:80:28:d2:55:6f:2a:b7:e1:37:bf:72:
         ad:0d:53:84:e5:1d:11:d5:79:db:97:96:08:15:8e:8a:5d:a0:
         27:db:af:1a:b8:bd:bb:37:37:3d:e6:1d:6b:cf:7f:d5:98:b1:
         c1:38:56:49:cd:5f:f9:2f:60:6c:d3:03:e1:95:b7:26:be:bf:
         92:de:d6:16:92:9d:13:1c:fb:86:80:f1:f1:b3:f9:27:81:e8:
         c4:bd:f7:6d:a9:6d:e9:4e:42:f0:8c:68:bc:af:1b:3a:62:e8:
         17:d4:bc:ec:ab:70:d8:76:88:94:c4:98:6f:68:66:a8:13:60:
         90:ec:b4:58:25:9e:c7:48:18:72:77:aa:8d:c6:cd:46:71:e7:
         dc:4e:7a:8a:75:c1:1a:3a:1a:b2:99:f1:41:c2:10:82:2f:4b:
         51:e5:4d:69:ec:0e:1e:76:6d:a1:5d:0f:41:52:e5:f8:ea:6c:
         b2:00:42:bd:17:8d:44:16:11:7c:e6:2c:d2:aa:c2:01:aa:1c:
         09:17:c1:06:85:81:b0:5d:a7:dd:e5:3c:f5:80:a2:33:ba:c6:
         82:2e:40:b7:7b:15:11:a3:78:be:c7:12:3f:a6:e9:6e:21:64:
         ab:50:c0:3d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZIpUtphFYPwN/rPQKqdPL1iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5NDZjNGJlZmUwZmJiZTM2MjRiZDc0ODI5NmI1ZmUyZTdl
YzJkNjgwHhcNMjQwOTI1MTMxNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjgyYzAzODI4MDk5ZmRmZjVlYjcwZmViNjFiZTQ3ZjNiYjRhMWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8NJ/qUfnDauO+wgS9ET94CAUbsQ
U6nJJTfeL09hz4zPLKWnUQZJfElDQe1iRnnv0NvrQNmv0nYS/FrERRkp8oHHR0kG
6JQGspR/Pk8ntQHEBgEKUVzPQ+Yea0cKW4Z/ZhQ5oilHpcRu7BsgDrCP8wXQd6cb
oFfAEHkKdJFnKYyAxUrtCdj0OsCgE/pxcismQrojqHNWnpMJJSjreLAAqGMFHRct
PMiTkbACrZjnqMgqK06YUQ04komofz4FM08pahP6ZKy7WDQCTWVfRcMYzBqse4Sm
3sQuVao+EcGDYgyS2nKzGbulZNvDBN0WWWo1Zk9cHJG6cls0kGimm+K4awIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMaCwDgoCZ/f9etw/rYb5H87tKHVMB8GA1UdIwQY
MBaAFMlGxL7+D7vjYkvXSClrX+Ln7C1oMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVViRXZ2NFB1LU5pUzlkSUtXdGY0dWZzTFdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9mMmQ5ZTktZWVmZi00NjMzLWExODkt
NmJiYjI3MDgxZGUyLzEveG9MQU9DZ0puOV8xNjNELXRodmtmenUwb2RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9mMmQ5ZTktZWVmZi00NjMzLWExODktNmJiYjI3MDgxZGUy
LzEveVViRXZ2NFB1LU5pUzlkSUtXdGY0dWZzTFdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhNDgIAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCgBk3LdUq+WopwEhvFIgQ5zCxDIhpEh5YFgCjS
VW8qt+E3v3KtDVOE5R0R1Xnbl5YIFY6KXaAn268auL27Nzc95h1rz3/VmLHBOFZJ
zV/5L2Bs0wPhlbcmvr+S3tYWkp0THPuGgPHxs/kngejEvfdtqW3pTkLwjGi8rxs6
YugX1Lzsq3DYdoiUxJhvaGaoE2CQ7LRYJZ7HSBhyd6qNxs1GcefcTnqKdcEaOhqy
mfFBwhCCL0tR5U1p7A4edm2hXQ9BUuX46myyAEK9F41EFhF85izSqsIBqhwJF8EG
hYGwXafd5Tz1gKIzusaCLkC3exURo3i+xxI/puluIWSrUMA9
-----END CERTIFICATE-----