Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/6lpemoQeCgWCN5S1uLn9IdT8BtM.roa
File:                     6lpemoQeCgWCN5S1uLn9IdT8BtM.roa (raw, json)
Hash identifier:          jTVTd4h+TpKoxxRvNxcV2pUMHDbKVQgyHPop3LKCOPk=
Subject key identifier:   EA:5A:5E:9A:84:1E:0A:05:82:37:94:B5:B8:B9:FD:21:D4:FC:06:D3
Certificate issuer:       /CN=a38b176a7d92e501eedaef6c60e8ce3a68d75224
Certificate serial:       018CC801C4DC534D2DD419724A58D2F62DEF
Authority key identifier: A3:8B:17:6A:7D:92:E5:01:EE:DA:EF:6C:60:E8:CE:3A:68:D7:52:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o4sXan2S5QHu2u9sYOjOOmjXUiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/6lpemoQeCgWCN5S1uLn9IdT8BtM.roa
Signing time:             Tue 02 Jan 2024 02:30:08 +0000
ROA not before:           Tue 02 Jan 2024 02:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49132
IP address blocks:        2a13:1500:2200::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/o4sXan2S5QHu2u9sYOjOOmjXUiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/o4sXan2S5QHu2u9sYOjOOmjXUiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o4sXan2S5QHu2u9sYOjOOmjXUiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:c4:dc:53:4d:2d:d4:19:72:4a:58:d2:f6:2d:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a38b176a7d92e501eedaef6c60e8ce3a68d75224
        Validity
            Not Before: Jan  2 02:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea5a5e9a841e0a05823794b5b8b9fd21d4fc06d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:a1:f2:c0:ef:93:9a:b2:0d:cc:ab:ab:45:91:
                    b6:f0:e2:61:24:62:4c:37:85:8c:7c:61:ab:a0:56:
                    9a:78:15:0a:38:29:75:b8:fc:08:bc:48:f2:c1:de:
                    5c:e1:3f:9b:69:e5:eb:7c:b6:82:a5:f1:e6:82:d6:
                    f9:da:4e:15:a5:df:16:cd:71:bc:4f:10:d4:22:68:
                    aa:2c:2b:66:09:34:f4:05:ae:7a:6c:d5:bf:b9:6f:
                    c8:7c:a2:af:92:ab:3c:c8:6b:e3:56:54:b5:0e:e1:
                    55:25:24:4c:18:a0:9a:bc:54:48:22:9c:17:6f:c0:
                    e0:ec:b7:ed:96:c3:4c:d9:75:d1:38:e5:1c:d8:db:
                    a4:58:b0:a2:43:7f:75:4c:ca:81:f0:2e:a4:7f:76:
                    b2:e5:59:6a:75:48:a9:1a:92:b6:18:f3:15:21:b4:
                    33:2c:30:23:81:7d:a4:97:27:a9:7b:73:88:f5:05:
                    a8:60:f0:ba:e7:bb:5c:ba:e8:c9:cf:58:f3:e7:07:
                    fc:66:ec:87:42:9d:56:38:ff:ad:6b:eb:e4:c3:54:
                    9f:3f:2d:65:19:fa:55:b5:5e:85:5b:59:ff:b9:53:
                    5d:c3:be:aa:c7:d9:7c:52:12:09:3a:1f:54:17:e7:
                    c5:6e:22:e3:5d:c0:0f:46:5c:30:5b:66:ea:76:e9:
                    23:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:5A:5E:9A:84:1E:0A:05:82:37:94:B5:B8:B9:FD:21:D4:FC:06:D3
            X509v3 Authority Key Identifier:
                keyid:A3:8B:17:6A:7D:92:E5:01:EE:DA:EF:6C:60:E8:CE:3A:68:D7:52:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o4sXan2S5QHu2u9sYOjOOmjXUiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/6lpemoQeCgWCN5S1uLn9IdT8BtM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/o4sXan2S5QHu2u9sYOjOOmjXUiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:1500:2200::/40

    Signature Algorithm: sha256WithRSAEncryption
         24:14:9b:8d:ee:30:31:8f:76:9f:16:cf:e7:1d:bf:f1:2f:fc:
         92:d6:41:e0:f0:c2:3c:7d:e8:b3:50:42:23:42:5a:07:cc:d8:
         bf:dc:2b:e7:9e:83:c5:71:37:52:5a:17:9d:ef:70:9d:d3:01:
         81:12:3f:e6:43:8c:76:70:04:64:4c:6d:18:e2:97:76:82:16:
         16:ff:fa:f3:75:87:06:d4:5d:93:bd:03:dc:b0:1f:14:c3:b9:
         99:79:35:3c:7f:82:f2:3a:6f:15:1b:20:39:31:f8:80:97:05:
         4e:7b:eb:7e:a6:55:64:fd:bd:65:26:62:b9:3e:07:76:73:02:
         8a:45:41:3b:70:07:ab:60:ff:52:02:eb:ab:58:e0:ef:16:fc:
         88:1e:69:13:1c:19:3e:34:0c:98:36:03:51:f3:b1:36:94:d7:
         5d:e9:bc:03:6c:f6:4d:e4:0f:69:03:34:d9:fd:ff:81:64:b1:
         e3:00:4e:8e:0f:a0:b8:f3:25:ae:f6:93:1b:21:e4:f3:7c:0f:
         e8:22:77:4c:4d:eb:d0:3a:75:76:fe:96:dd:ba:b2:8c:9d:88:
         65:44:9a:8c:ba:bd:3d:8b:ba:d9:aa:29:65:0b:35:54:06:ab:
         ed:7f:8b:b4:ad:13:34:f6:75:42:c8:c2:d1:f6:aa:ac:00:81:
         df:57:c9:d4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzIAcTcU00t1BlySljS9i3vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzOGIxNzZhN2Q5MmU1MDFlZWRhZWY2YzYwZThjZTNhNjhk
NzUyMjQwHhcNMjQwMTAyMDIzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTVhNWU5YTg0MWUwYTA1ODIzNzk0YjViOGI5ZmQyMWQ0ZmMwNmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkaHywO+TmrINzKurRZG28OJhJGJM
N4WMfGGroFaaeBUKOCl1uPwIvEjywd5c4T+baeXrfLaCpfHmgtb52k4Vpd8WzXG8
TxDUImiqLCtmCTT0Ba56bNW/uW/IfKKvkqs8yGvjVlS1DuFVJSRMGKCavFRIIpwX
b8Dg7LftlsNM2XXROOUc2NukWLCiQ391TMqB8C6kf3ay5VlqdUipGpK2GPMVIbQz
LDAjgX2klyepe3OI9QWoYPC657tcuujJz1jz5wf8ZuyHQp1WOP+ta+vkw1SfPy1l
GfpVtV6FW1n/uVNdw76qx9l8UhIJOh9UF+fFbiLjXcAPRlwwW2bqdukjjwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFOpaXpqEHgoFgjeUtbi5/SHU/AbTMB8GA1UdIwQY
MBaAFKOLF2p9kuUB7trvbGDozjpo11IkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzRzWGFuMlM1UUh1MnU5c1lPak9PbWpYVWlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi84MTAwZGItNDQzYS00YzdlLWJiZTIt
ZWZlNzljMjU0ZTI1LzEvNmxwZW1vUWVDZ1dDTjVTMXVMbjlJZFQ4QnRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi84MTAwZGItNDQzYS00YzdlLWJiZTItZWZlNzljMjU0ZTI1
LzEvbzRzWGFuMlM1UUh1MnU5c1lPak9PbWpYVWlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhMVACIw
DQYJKoZIhvcNAQELBQADggEBACQUm43uMDGPdp8Wz+cdv/Ev/JLWQeDwwjx96LNQ
QiNCWgfM2L/cK+eeg8VxN1JaF53vcJ3TAYESP+ZDjHZwBGRMbRjil3aCFhb/+vN1
hwbUXZO9A9ywHxTDuZl5NTx/gvI6bxUbIDkx+ICXBU57636mVWT9vWUmYrk+B3Zz
AopFQTtwB6tg/1IC66tY4O8W/IgeaRMcGT40DJg2A1HzsTaU113pvANs9k3kD2kD
NNn9/4FkseMATo4PoLjzJa72kxsh5PN8D+gid0xN69A6dXb+lt26soydiGVEmoy6
vT2LutmqKWULNVQGq+1/i7StEzT2dULIwtH2qqwAgd9XydQ=
-----END CERTIFICATE-----