Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/f9b3ca-04a0-4233-aed1-c6f9d0a8f36e/1/t-rY3Ovc2oV5Mh4YcOF_qt3LNVA.roa
File:                     t-rY3Ovc2oV5Mh4YcOF_qt3LNVA.roa (raw, json)
Hash identifier:          drGcwO6lJIt7eRINMj/Z+25yXFnwH4xolN9qnOj5CPo=
Subject key identifier:   B7:EA:D8:DC:EB:DC:DA:85:79:32:1E:18:70:E1:7F:AA:DD:CB:35:50
Certificate issuer:       /CN=aee8d6f56c5fbc904c9b913609013e5964865257
Certificate serial:       018FAA76C9D16AC49BD064F6766A4EF7F0D0
Authority key identifier: AE:E8:D6:F5:6C:5F:BC:90:4C:9B:91:36:09:01:3E:59:64:86:52:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rujW9WxfvJBMm5E2CQE-WWSGUlc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/23/f9b3ca-04a0-4233-aed1-c6f9d0a8f36e/1/t-rY3Ovc2oV5Mh4YcOF_qt3LNVA.roa
Signing time:             Fri 24 May 2024 11:57:42 +0000
ROA not before:           Fri 24 May 2024 11:57:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207713
IP address blocks:        2a13:49c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/23/f9b3ca-04a0-4233-aed1-c6f9d0a8f36e/1/rujW9WxfvJBMm5E2CQE-WWSGUlc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/23/f9b3ca-04a0-4233-aed1-c6f9d0a8f36e/1/rujW9WxfvJBMm5E2CQE-WWSGUlc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rujW9WxfvJBMm5E2CQE-WWSGUlc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:aa:76:c9:d1:6a:c4:9b:d0:64:f6:76:6a:4e:f7:f0:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aee8d6f56c5fbc904c9b913609013e5964865257
        Validity
            Not Before: May 24 11:57:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7ead8dcebdcda8579321e1870e17faaddcb3550
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:61:86:5d:8d:1c:e3:17:41:91:bd:05:4a:b8:
                    13:98:87:ab:56:2a:38:56:b3:34:84:eb:c1:4e:e5:
                    4a:13:e2:96:69:fa:84:e8:aa:65:4f:37:47:9c:29:
                    c5:ba:c5:a2:32:74:f3:01:78:11:0f:e8:95:2d:7a:
                    fd:93:2c:0d:c7:a7:d6:8a:d5:5f:1f:78:87:ef:13:
                    ee:f2:91:cc:51:88:9f:f9:94:cb:21:e6:e5:12:3f:
                    46:33:f8:58:30:c7:71:f0:c4:27:e4:18:61:93:03:
                    69:4d:14:5f:bf:f6:f6:c1:46:d2:74:68:82:e8:b7:
                    56:b4:16:bf:0e:b7:68:59:1d:17:94:3c:84:19:5f:
                    7e:09:b6:ad:91:25:8c:93:a8:75:7f:bd:cb:4c:fe:
                    67:7a:4e:88:66:40:bf:6f:51:0d:2b:06:33:99:93:
                    f4:77:f2:c7:88:8b:92:12:30:55:8e:4f:8e:43:32:
                    89:07:72:a5:cd:d5:18:78:fb:35:1a:d3:14:a7:5a:
                    a4:fe:00:bd:33:0b:a1:4b:2e:55:bb:5c:2b:72:37:
                    ff:e0:a4:5d:15:6d:75:56:22:4a:c9:8e:1e:52:f7:
                    d4:83:28:81:6b:7a:3c:62:c7:43:b1:d0:3c:c8:93:
                    a9:58:80:37:09:4d:59:f9:29:91:dd:0b:0d:7b:a3:
                    d7:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:EA:D8:DC:EB:DC:DA:85:79:32:1E:18:70:E1:7F:AA:DD:CB:35:50
            X509v3 Authority Key Identifier:
                keyid:AE:E8:D6:F5:6C:5F:BC:90:4C:9B:91:36:09:01:3E:59:64:86:52:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rujW9WxfvJBMm5E2CQE-WWSGUlc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/f9b3ca-04a0-4233-aed1-c6f9d0a8f36e/1/t-rY3Ovc2oV5Mh4YcOF_qt3LNVA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/23/f9b3ca-04a0-4233-aed1-c6f9d0a8f36e/1/rujW9WxfvJBMm5E2CQE-WWSGUlc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:49c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         70:ea:24:2d:38:20:f1:6d:31:e9:3e:cf:33:25:9e:6f:73:01:
         40:ff:6e:54:c0:e3:63:ad:8f:af:b8:23:e4:c1:bb:26:d3:ef:
         43:f3:f9:55:95:a7:b4:81:0b:7a:1d:d1:13:e5:9a:47:b5:2f:
         e6:fc:36:84:5f:1b:c7:71:46:4d:f1:97:cb:e4:4d:e8:30:b2:
         18:11:53:2d:6c:72:cb:07:f8:2b:ae:a7:88:e6:7b:b3:6d:9b:
         1f:84:bb:f6:b7:8b:c0:5e:2c:97:15:ff:57:48:d7:db:bc:f7:
         45:29:c9:c7:5b:67:b6:02:67:8a:59:32:ee:53:e5:d7:e7:7c:
         78:47:b2:09:82:24:54:b5:87:46:74:f6:72:55:97:18:f1:bb:
         2c:4b:46:f4:e1:cf:f9:e4:04:ec:40:89:de:f4:29:df:9f:7d:
         d4:39:bb:20:66:83:6b:a0:16:43:af:ea:1a:73:65:52:24:b7:
         e6:e0:e0:f4:91:4f:e1:0c:e4:21:62:8f:a1:3c:36:d2:3e:27:
         0e:9b:1a:05:c3:ff:fc:71:5e:41:17:61:07:77:a3:60:98:16:
         4e:87:da:74:19:ce:dd:56:1a:95:ff:a0:00:35:3e:60:b4:d9:
         76:2a:b0:42:6c:a8:64:10:98:16:3f:9e:07:48:97:52:89:73:
         ec:a2:88:25
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY+qdsnRasSb0GT2dmpO9/DQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlZThkNmY1NmM1ZmJjOTA0YzliOTEzNjA5MDEzZTU5NjQ4
NjUyNTcwHhcNMjQwNTI0MTE1NzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2VhZDhkY2ViZGNkYTg1NzkzMjFlMTg3MGUxN2ZhYWRkY2IzNTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsmGGXY0c4xdBkb0FSrgTmIerVio4
VrM0hOvBTuVKE+KWafqE6KplTzdHnCnFusWiMnTzAXgRD+iVLXr9kywNx6fWitVf
H3iH7xPu8pHMUYif+ZTLIeblEj9GM/hYMMdx8MQn5BhhkwNpTRRfv/b2wUbSdGiC
6LdWtBa/DrdoWR0XlDyEGV9+CbatkSWMk6h1f73LTP5nek6IZkC/b1ENKwYzmZP0
d/LHiIuSEjBVjk+OQzKJB3KlzdUYePs1GtMUp1qk/gC9MwuhSy5Vu1wrcjf/4KRd
FW11ViJKyY4eUvfUgyiBa3o8YsdDsdA8yJOpWIA3CU1Z+SmR3QsNe6PXgwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLfq2Nzr3NqFeTIeGHDhf6rdyzVQMB8GA1UdIwQY
MBaAFK7o1vVsX7yQTJuRNgkBPllkhlJXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnVqVzlXeGZ2SkJNbTVFMkNRRS1XV1NHVWxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy9mOWIzY2EtMDRhMC00MjMzLWFlZDEt
YzZmOWQwYThmMzZlLzEvdC1yWTNPdmMyb1Y1TWg0WWNPRl9xdDNMTlZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy9mOWIzY2EtMDRhMC00MjMzLWFlZDEtYzZmOWQwYThmMzZl
LzEvcnVqVzlXeGZ2SkJNbTVFMkNRRS1XV1NHVWxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhNJwDAN
BgkqhkiG9w0BAQsFAAOCAQEAcOokLTgg8W0x6T7PMyWeb3MBQP9uVMDjY62Pr7gj
5MG7JtPvQ/P5VZWntIELeh3RE+WaR7Uv5vw2hF8bx3FGTfGXy+RN6DCyGBFTLWxy
ywf4K66niOZ7s22bH4S79reLwF4slxX/V0jX27z3RSnJx1tntgJnilky7lPl1+d8
eEeyCYIkVLWHRnT2clWXGPG7LEtG9OHP+eQE7ECJ3vQp35991Dm7IGaDa6AWQ6/q
GnNlUiS35uDg9JFP4QzkIWKPoTw20j4nDpsaBcP//HFeQRdhB3ejYJgWTofadBnO
3VYalf+gADU+YLTZdiqwQmyoZBCYFj+eB0iXUolz7KKIJQ==
-----END CERTIFICATE-----