Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/86qI8bwkdnCHQ5moUQZ_3ZvEYCw.roa
File:                     86qI8bwkdnCHQ5moUQZ_3ZvEYCw.roa (raw, json)
Hash identifier:          ZtFF6n15mm4L/kmQRoha3OP1imk2mGcTulDHnRxPfBc=
Subject key identifier:   F3:AA:88:F1:BC:24:76:70:87:43:99:A8:51:06:7F:DD:9B:C4:60:2C
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       018F1019C5BE615A4EC536706DA9E3C1A76A
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/86qI8bwkdnCHQ5moUQZ_3ZvEYCw.roa
Signing time:             Wed 24 Apr 2024 12:34:35 +0000
ROA not before:           Wed 24 Apr 2024 12:34:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215568
IP address blocks:        2a13:c3c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 03:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:10:19:c5:be:61:5a:4e:c5:36:70:6d:a9:e3:c1:a7:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Apr 24 12:34:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3aa88f1bc247670874399a851067fdd9bc4602c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:92:e5:bc:7d:ce:b8:31:ff:e6:0a:36:b3:fe:
                    34:58:a9:00:a5:11:69:2e:c6:ff:ec:58:56:57:8d:
                    15:cc:20:dd:d3:e5:41:a2:5d:ee:eb:bb:11:13:1c:
                    63:ca:2f:bf:76:74:f3:df:0b:28:5b:15:b6:ff:fb:
                    33:23:2c:47:6e:70:45:db:b6:a4:b7:3f:a8:1a:26:
                    05:d7:3e:25:60:0e:f6:b5:08:88:e8:ca:30:a2:78:
                    43:f5:84:db:18:15:97:9d:20:01:40:ff:73:93:3b:
                    6a:e7:af:f0:50:aa:a8:fa:2f:29:63:e6:8d:f5:be:
                    46:94:c7:1a:a6:d8:40:cb:e0:59:ad:47:9a:1d:6c:
                    c4:16:01:67:01:36:7b:92:6f:ed:54:3e:b7:29:bf:
                    0e:3d:23:71:02:25:0a:c9:ba:94:ef:b9:e6:0d:50:
                    1c:0b:69:d2:87:f7:ea:4f:45:08:15:46:59:ef:e9:
                    d1:76:10:a2:23:21:86:91:3e:f8:fe:e7:4a:b8:ce:
                    6a:4f:f6:b0:45:15:7a:fe:99:13:47:e1:4e:a0:89:
                    b9:ae:8f:17:eb:c7:d2:e5:56:c7:2c:19:a3:6a:ae:
                    d5:89:da:bb:cf:de:48:be:7a:7f:0f:ec:5e:41:a5:
                    5b:79:44:6d:32:57:b0:f2:a2:7a:ea:a3:c6:f5:4e:
                    07:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:AA:88:F1:BC:24:76:70:87:43:99:A8:51:06:7F:DD:9B:C4:60:2C
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/86qI8bwkdnCHQ5moUQZ_3ZvEYCw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c3c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         ab:5d:25:4f:0e:6d:9c:89:d0:66:d2:8b:88:21:0a:f9:3c:f0:
         9f:02:55:2c:ed:3e:47:7c:c6:39:67:ea:c1:9a:bf:78:c9:ea:
         99:6c:c1:53:78:72:9c:50:36:7d:c6:f5:19:3e:ed:50:04:2e:
         01:fe:35:f1:ac:a8:cd:f8:70:15:09:2c:ef:2b:b4:34:fb:0e:
         db:c6:9b:d5:ec:97:0a:30:fb:d1:96:82:23:99:2a:4a:9d:92:
         77:4b:8a:f7:88:a8:80:cd:aa:c0:27:f0:cd:6e:75:27:4a:38:
         62:e4:f3:e2:4a:55:f7:5f:35:5a:27:0e:06:c9:15:9c:49:44:
         9a:0c:a6:85:b3:ff:44:a3:41:81:2d:f4:3a:d0:b1:07:c1:70:
         1e:3f:5f:cf:9a:39:bc:db:9b:c9:36:da:bd:1a:11:be:5c:d7:
         5a:cd:c9:81:bd:3d:1b:7f:df:91:b5:2f:52:b8:93:cb:a0:83:
         e3:cd:2a:91:62:51:bb:70:8c:8e:8e:57:b3:d4:cb:d3:cf:fb:
         ff:6f:62:75:ed:5e:a1:39:8b:3d:b3:46:3f:c3:32:06:10:8b:
         f5:5d:a1:5f:0f:e0:37:b8:50:ef:66:25:80:f9:65:22:cb:11:
         46:3f:18:53:44:d9:c6:7b:c9:1b:9e:f2:dd:2a:c2:b4:84:17:
         3c:87:73:e9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY8QGcW+YVpOxTZwbanjwadqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQwNDI0MTIzNDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2FhODhmMWJjMjQ3NjcwODc0Mzk5YTg1MTA2N2ZkZDliYzQ2MDJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgJLlvH3OuDH/5go2s/40WKkApRFp
Lsb/7FhWV40VzCDd0+VBol3u67sRExxjyi+/dnTz3wsoWxW2//szIyxHbnBF27ak
tz+oGiYF1z4lYA72tQiI6MowonhD9YTbGBWXnSABQP9zkztq56/wUKqo+i8pY+aN
9b5GlMcapthAy+BZrUeaHWzEFgFnATZ7km/tVD63Kb8OPSNxAiUKybqU77nmDVAc
C2nSh/fqT0UIFUZZ7+nRdhCiIyGGkT74/udKuM5qT/awRRV6/pkTR+FOoIm5ro8X
68fS5VbHLBmjaq7Vidq7z95Ivnp/D+xeQaVbeURtMlew8qJ66qPG9U4HswIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPOqiPG8JHZwh0OZqFEGf92bxGAsMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvODZxSThid2tkbkNIUTVtb1VRWl8zWnZFWUN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPDwDAN
BgkqhkiG9w0BAQsFAAOCAQEAq10lTw5tnInQZtKLiCEK+TzwnwJVLO0+R3zGOWfq
wZq/eMnqmWzBU3hynFA2fcb1GT7tUAQuAf418ayozfhwFQks7yu0NPsO28ab1eyX
CjD70ZaCI5kqSp2Sd0uK94iogM2qwCfwzW51J0o4YuTz4kpV9181WicOBskVnElE
mgymhbP/RKNBgS30OtCxB8FwHj9fz5o5vNubyTbavRoRvlzXWs3Jgb09G3/fkbUv
UriTy6CD480qkWJRu3CMjo5Xs9TL08/7/29ide1eoTmLPbNGP8MyBhCL9V2hXw/g
N7hQ72YlgPllIssRRj8YU0TZxnvJG57y3SrCtIQXPIdz6Q==
-----END CERTIFICATE-----