Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/466aab-a470-4344-a367-547be4cfa457/1/8Dc33QRVv1KYU9xYT0gRTckuORY.roa
File:                     8Dc33QRVv1KYU9xYT0gRTckuORY.roa (raw, json)
Hash identifier:          6kyGbkmcAgzjoNlgE7MpWc3R6PcHK3QipDK+Ks4i6Ak=
Subject key identifier:   F0:37:37:DD:04:55:BF:52:98:53:DC:58:4F:48:11:4D:C9:2E:39:16
Certificate issuer:       /CN=75b795066150a1c367dabccf69c970ab0c723215
Certificate serial:       018CC801AACA57C65750FB101EE7A699D768
Authority key identifier: 75:B7:95:06:61:50:A1:C3:67:DA:BC:CF:69:C9:70:AB:0C:72:32:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dbeVBmFQocNn2rzPaclwqwxyMhU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/466aab-a470-4344-a367-547be4cfa457/1/8Dc33QRVv1KYU9xYT0gRTckuORY.roa
Signing time:             Tue 02 Jan 2024 02:30:01 +0000
ROA not before:           Tue 02 Jan 2024 02:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58192
IP address blocks:        2a13:5e40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/466aab-a470-4344-a367-547be4cfa457/1/dbeVBmFQocNn2rzPaclwqwxyMhU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/466aab-a470-4344-a367-547be4cfa457/1/dbeVBmFQocNn2rzPaclwqwxyMhU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dbeVBmFQocNn2rzPaclwqwxyMhU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:aa:ca:57:c6:57:50:fb:10:1e:e7:a6:99:d7:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75b795066150a1c367dabccf69c970ab0c723215
        Validity
            Not Before: Jan  2 02:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f03737dd0455bf529853dc584f48114dc92e3916
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:2b:30:de:18:40:c1:a5:2a:d4:9c:7c:84:37:
                    90:d3:c4:69:21:1e:b1:43:20:a1:0d:80:06:5c:1c:
                    0b:2d:3a:1b:90:b2:b6:42:f8:a5:e1:e7:32:69:f8:
                    be:28:36:bc:b7:ef:4b:9c:df:23:a3:ca:f2:f8:a1:
                    91:3c:2d:9f:7b:3a:c8:02:64:e7:b3:db:c7:79:eb:
                    a2:65:70:29:67:dd:c4:ed:79:4d:e3:87:4b:05:1a:
                    11:c1:b8:bc:d5:d6:f6:32:38:84:3c:df:64:30:b7:
                    f8:85:d7:29:a1:c8:55:be:d5:32:15:3a:6b:f3:ee:
                    9a:0d:43:8b:b9:b2:41:12:fb:f6:d1:fb:c0:58:da:
                    41:85:e8:ba:c8:e3:ee:24:45:fa:ef:29:0a:59:c6:
                    c7:fa:bd:57:e6:65:1f:eb:59:06:ca:0a:9c:78:ce:
                    07:45:99:f6:bf:a4:74:e8:0f:21:dd:44:0c:4d:4c:
                    af:a0:aa:7b:cb:82:38:27:fd:19:ed:12:d8:f4:7a:
                    01:0d:d4:67:14:42:5e:32:02:9d:dd:53:69:90:64:
                    a3:ca:d7:9b:e9:32:3f:2f:fb:6d:0d:23:2c:7c:dc:
                    03:cd:f2:2e:24:35:e9:2c:db:57:d8:e7:ee:0e:25:
                    f7:40:c7:7b:1b:90:dc:d5:aa:76:0c:90:47:46:1b:
                    52:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:37:37:DD:04:55:BF:52:98:53:DC:58:4F:48:11:4D:C9:2E:39:16
            X509v3 Authority Key Identifier:
                keyid:75:B7:95:06:61:50:A1:C3:67:DA:BC:CF:69:C9:70:AB:0C:72:32:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dbeVBmFQocNn2rzPaclwqwxyMhU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/466aab-a470-4344-a367-547be4cfa457/1/8Dc33QRVv1KYU9xYT0gRTckuORY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/466aab-a470-4344-a367-547be4cfa457/1/dbeVBmFQocNn2rzPaclwqwxyMhU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:5e40::/29

    Signature Algorithm: sha256WithRSAEncryption
         8b:89:fb:42:a0:b0:5e:c1:3e:d8:a7:6b:d8:4a:fe:04:a1:6b:
         f0:b2:16:15:42:09:1e:e8:f3:8b:2b:b6:b1:3e:c1:95:3c:9f:
         38:32:7e:0e:b3:31:f0:ae:fe:fb:ac:f0:76:3c:2a:62:4c:a8:
         99:5a:5d:67:65:50:99:50:4c:c7:82:dd:db:45:37:e4:16:e7:
         02:b9:46:9d:6d:0e:e9:26:03:11:f7:a7:94:0a:a9:78:9d:0a:
         14:17:f0:33:30:88:ae:ec:30:cd:cc:b8:96:bf:39:e8:74:41:
         1a:2e:c5:30:be:7c:41:c1:ee:4a:b7:42:3c:41:61:61:5b:e2:
         ef:5d:e2:5a:07:b3:fb:08:67:39:60:16:43:e7:84:4c:51:d9:
         43:8f:9d:06:79:4d:93:1c:64:bb:57:30:95:67:ca:b0:58:9a:
         2f:f1:7b:95:70:c6:b1:ee:2f:c7:9f:95:d4:71:e3:f6:1b:d8:
         bf:b3:80:19:3a:94:55:8d:0c:86:b3:7f:fe:36:12:37:cc:ea:
         59:c4:4c:2e:e7:20:d9:be:0d:62:1e:b7:6b:1c:dc:e5:00:2a:
         17:06:b9:34:ce:d4:68:36:ab:50:c6:41:79:93:28:d1:96:84:
         a0:f9:f2:d3:82:63:ca:28:66:2e:22:66:c3:a3:19:41:1e:c6:
         fa:ea:51:a3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzIAarKV8ZXUPsQHuemmddoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1Yjc5NTA2NjE1MGExYzM2N2RhYmNjZjY5Yzk3MGFiMGM3
MjMyMTUwHhcNMjQwMTAyMDIzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDM3MzdkZDA0NTViZjUyOTg1M2RjNTg0ZjQ4MTE0ZGM5MmUzOTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCsw3hhAwaUq1Jx8hDeQ08RpIR6x
QyChDYAGXBwLLTobkLK2Qvil4ecyafi+KDa8t+9LnN8jo8ry+KGRPC2fezrIAmTn
s9vHeeuiZXApZ93E7XlN44dLBRoRwbi81db2MjiEPN9kMLf4hdcpochVvtUyFTpr
8+6aDUOLubJBEvv20fvAWNpBhei6yOPuJEX67ykKWcbH+r1X5mUf61kGygqceM4H
RZn2v6R06A8h3UQMTUyvoKp7y4I4J/0Z7RLY9HoBDdRnFEJeMgKd3VNpkGSjyteb
6TI/L/ttDSMsfNwDzfIuJDXpLNtX2OfuDiX3QMd7G5Dc1ap2DJBHRhtStwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPA3N90EVb9SmFPcWE9IEU3JLjkWMB8GA1UdIwQY
MBaAFHW3lQZhUKHDZ9q8z2nJcKsMcjIVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGJlVkJtRlFvY05uMnJ6UGFjbHdxd3h5TWhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS80NjZhYWItYTQ3MC00MzQ0LWEzNjct
NTQ3YmU0Y2ZhNDU3LzEvOERjMzNRUlZ2MUtZVTl4WVQwZ1JUY2t1T1JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS80NjZhYWItYTQ3MC00MzQ0LWEzNjctNTQ3YmU0Y2ZhNDU3
LzEvZGJlVkJtRlFvY05uMnJ6UGFjbHdxd3h5TWhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhNeQDAN
BgkqhkiG9w0BAQsFAAOCAQEAi4n7QqCwXsE+2Kdr2Er+BKFr8LIWFUIJHujziyu2
sT7BlTyfODJ+DrMx8K7++6zwdjwqYkyomVpdZ2VQmVBMx4Ld20U35BbnArlGnW0O
6SYDEfenlAqpeJ0KFBfwMzCIruwwzcy4lr856HRBGi7FML58QcHuSrdCPEFhYVvi
713iWgez+whnOWAWQ+eETFHZQ4+dBnlNkxxku1cwlWfKsFiaL/F7lXDGse4vx5+V
1HHj9hvYv7OAGTqUVY0MhrN//jYSN8zqWcRMLucg2b4NYh63axzc5QAqFwa5NM7U
aDarUMZBeZMo0ZaEoPny04JjyihmLiJmw6MZQR7G+upRow==
-----END CERTIFICATE-----