Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/LA2Kmva-LY3D6ibWlhaPya3flHI.roa
File:                     LA2Kmva-LY3D6ibWlhaPya3flHI.roa (raw, json)
Hash identifier:          SSazPXd2IzieJT/SCiym+GCiAhWwovYmDmVQBm1kq14=
Subject key identifier:   2C:0D:8A:9A:F6:BE:2D:8D:C3:EA:26:D6:96:16:8F:C9:AD:DF:94:72
Certificate issuer:       /CN=a38b176a7d92e501eedaef6c60e8ce3a68d75224
Certificate serial:       018CC801C492FCBC06A2D8F0C415C7AE4548
Authority key identifier: A3:8B:17:6A:7D:92:E5:01:EE:DA:EF:6C:60:E8:CE:3A:68:D7:52:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o4sXan2S5QHu2u9sYOjOOmjXUiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/LA2Kmva-LY3D6ibWlhaPya3flHI.roa
Signing time:             Tue 02 Jan 2024 02:30:08 +0000
ROA not before:           Tue 02 Jan 2024 02:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48925
IP address blocks:        2a13:1500:3a00::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/o4sXan2S5QHu2u9sYOjOOmjXUiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/o4sXan2S5QHu2u9sYOjOOmjXUiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o4sXan2S5QHu2u9sYOjOOmjXUiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:c4:92:fc:bc:06:a2:d8:f0:c4:15:c7:ae:45:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a38b176a7d92e501eedaef6c60e8ce3a68d75224
        Validity
            Not Before: Jan  2 02:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2c0d8a9af6be2d8dc3ea26d696168fc9addf9472
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:86:ba:cf:a5:02:89:78:f8:5c:87:36:7a:d2:
                    f3:44:07:8c:91:d8:39:e9:1b:8e:bf:c5:bd:d4:06:
                    37:31:04:c4:18:3e:ad:32:e7:fd:c5:35:a9:51:63:
                    c8:df:db:87:26:cf:0d:94:f7:d8:70:70:0e:23:29:
                    91:34:ea:bf:ba:b2:2e:bf:26:2d:a2:4d:15:9e:65:
                    37:52:80:5b:32:be:37:64:da:18:80:4f:93:97:d3:
                    f7:f2:4f:bf:be:ae:a8:5d:40:58:08:4e:96:91:13:
                    e7:38:f8:90:34:c5:14:d5:e6:87:e3:82:c7:a9:57:
                    a1:41:7e:41:98:36:7c:3d:d8:b0:58:1b:71:f3:ad:
                    39:80:24:d1:4b:c1:f2:28:ed:17:fe:b7:13:2c:2b:
                    b5:37:38:d8:35:30:de:98:75:bc:53:ba:7f:8e:65:
                    cd:1f:20:18:84:4a:31:8b:e8:e2:cc:cb:7f:0c:96:
                    8e:27:e3:f7:5b:9d:5a:80:85:7e:8f:f1:12:f6:ed:
                    a4:b5:c7:e0:7e:ca:56:c1:ae:cc:b0:c8:91:be:df:
                    77:9c:ad:c5:86:f2:e8:1a:ae:32:78:90:1e:d6:62:
                    38:76:7f:29:93:ee:36:e2:2c:4a:8a:4b:30:89:70:
                    b3:18:5f:9c:4c:fb:8b:5a:9a:45:cc:58:de:7b:1b:
                    03:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:0D:8A:9A:F6:BE:2D:8D:C3:EA:26:D6:96:16:8F:C9:AD:DF:94:72
            X509v3 Authority Key Identifier:
                keyid:A3:8B:17:6A:7D:92:E5:01:EE:DA:EF:6C:60:E8:CE:3A:68:D7:52:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o4sXan2S5QHu2u9sYOjOOmjXUiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/LA2Kmva-LY3D6ibWlhaPya3flHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/8100db-443a-4c7e-bbe2-efe79c254e25/1/o4sXan2S5QHu2u9sYOjOOmjXUiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:1500:3a00::/40

    Signature Algorithm: sha256WithRSAEncryption
         63:fa:67:6c:37:c2:e6:ab:f5:85:b9:5f:d8:18:70:e6:ff:c4:
         86:f0:34:73:63:18:c4:8c:af:68:2a:af:b5:6c:97:e7:b8:41:
         f2:99:c3:89:52:7f:62:0c:87:5d:ef:d6:07:08:04:80:bc:fa:
         cc:e7:77:49:a8:d0:56:f0:98:e0:39:65:ab:a7:d8:11:aa:f6:
         34:aa:aa:87:5e:1d:aa:66:50:e1:c2:92:fc:60:68:96:37:71:
         39:ec:37:15:9e:9b:7b:48:32:e7:1b:a9:81:0b:2e:16:61:d8:
         cd:1b:d9:10:b0:c8:b8:06:1c:e8:a0:87:82:55:32:b2:60:2b:
         7e:30:bf:d5:d9:46:eb:3d:63:b4:db:df:cd:30:de:67:07:4f:
         39:69:d7:5d:d8:12:cb:7d:20:4f:4b:15:12:c9:93:84:65:bd:
         a6:bd:ff:98:67:3a:eb:44:29:38:92:d6:79:fd:f6:82:50:a8:
         d3:27:d9:96:5a:c7:63:a8:15:fb:01:ed:fd:f2:2b:3c:94:45:
         95:df:a4:69:53:e6:2b:1a:42:49:cd:c0:83:cd:a2:25:db:97:
         a3:d7:d3:61:1a:54:54:f8:ea:96:41:e0:e3:a2:6b:d1:c4:3a:
         31:5d:f4:c0:16:41:a1:1f:d0:1f:cd:b7:73:7a:a2:82:5d:25:
         8f:39:38:c6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzIAcSS/LwGotjwxBXHrkVIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzOGIxNzZhN2Q5MmU1MDFlZWRhZWY2YzYwZThjZTNhNjhk
NzUyMjQwHhcNMjQwMTAyMDIzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzBkOGE5YWY2YmUyZDhkYzNlYTI2ZDY5NjE2OGZjOWFkZGY5NDcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4a6z6UCiXj4XIc2etLzRAeMkdg5
6RuOv8W91AY3MQTEGD6tMuf9xTWpUWPI39uHJs8NlPfYcHAOIymRNOq/urIuvyYt
ok0VnmU3UoBbMr43ZNoYgE+Tl9P38k+/vq6oXUBYCE6WkRPnOPiQNMUU1eaH44LH
qVehQX5BmDZ8PdiwWBtx8605gCTRS8HyKO0X/rcTLCu1NzjYNTDemHW8U7p/jmXN
HyAYhEoxi+jizMt/DJaOJ+P3W51agIV+j/ES9u2ktcfgfspWwa7MsMiRvt93nK3F
hvLoGq4yeJAe1mI4dn8pk+424ixKikswiXCzGF+cTPuLWppFzFjeexsDIQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCwNipr2vi2Nw+om1pYWj8mt35RyMB8GA1UdIwQY
MBaAFKOLF2p9kuUB7trvbGDozjpo11IkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzRzWGFuMlM1UUh1MnU5c1lPak9PbWpYVWlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi84MTAwZGItNDQzYS00YzdlLWJiZTIt
ZWZlNzljMjU0ZTI1LzEvTEEyS212YS1MWTNENmliV2xoYVB5YTNmbEhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi84MTAwZGItNDQzYS00YzdlLWJiZTItZWZlNzljMjU0ZTI1
LzEvbzRzWGFuMlM1UUh1MnU5c1lPak9PbWpYVWlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhMVADow
DQYJKoZIhvcNAQELBQADggEBAGP6Z2w3wuar9YW5X9gYcOb/xIbwNHNjGMSMr2gq
r7Vsl+e4QfKZw4lSf2IMh13v1gcIBIC8+sznd0mo0FbwmOA5Zaun2BGq9jSqqode
HapmUOHCkvxgaJY3cTnsNxWem3tIMucbqYELLhZh2M0b2RCwyLgGHOigh4JVMrJg
K34wv9XZRus9Y7Tb380w3mcHTzlp113YEst9IE9LFRLJk4Rlvaa9/5hnOutEKTiS
1nn99oJQqNMn2ZZax2OoFfsB7f3yKzyURZXfpGlT5isaQknNwIPNoiXbl6PX02Ea
VFT46pZB4OOia9HEOjFd9MAWQaEf0B/Nt3N6ooJdJY85OMY=
-----END CERTIFICATE-----