Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/0jr3_c2HLM0VfPJCN3cuyT51DeU.roa
File:                     0jr3_c2HLM0VfPJCN3cuyT51DeU.roa (raw, json)
Hash identifier:          lgPO5pxT+7UoDXxq6bYr+6nfwJYhZ0tZoudgLx/7EoE=
Subject key identifier:   D2:3A:F7:FD:CD:87:2C:CD:15:7C:F2:42:37:77:2E:C9:3E:75:0D:E5
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       018CC94DD0ABECC0C96D0F9EB3CDAB7587B1
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/0jr3_c2HLM0VfPJCN3cuyT51DeU.roa
Signing time:             Tue 02 Jan 2024 08:32:49 +0000
ROA not before:           Tue 02 Jan 2024 08:32:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210000
IP address blocks:        2a13:a5c6:5030::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:d0:ab:ec:c0:c9:6d:0f:9e:b3:cd:ab:75:87:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jan  2 08:32:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d23af7fdcd872ccd157cf24237772ec93e750de5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:69:a7:2e:a2:9a:3f:81:b6:79:3e:41:7c:56:
                    37:ab:4e:8b:5e:3f:b1:29:b6:6e:b4:17:9e:79:e2:
                    07:3f:87:c8:d5:db:be:c9:ea:56:bc:25:1b:59:59:
                    3d:ac:fe:42:62:ed:fc:72:08:b8:a6:eb:c4:76:9a:
                    87:0e:26:bd:9c:c6:0e:b1:29:c8:91:d3:42:af:49:
                    2f:f0:41:36:0c:ec:06:1d:6e:e4:fc:e4:d5:5e:dd:
                    f0:b2:64:0f:35:31:7f:ea:8d:da:ef:dc:16:e3:79:
                    63:43:b8:31:2f:cc:37:b0:35:78:59:99:11:df:d0:
                    54:a5:cc:cf:3f:eb:58:95:95:c9:91:f0:65:fb:1b:
                    eb:4e:a2:e9:3c:41:b5:06:3c:b5:bc:3c:a1:19:54:
                    c4:39:d4:f6:e9:4a:0e:fd:d0:10:9e:70:48:07:1a:
                    19:76:6b:cb:eb:1b:9d:09:d7:95:38:2e:b0:e8:19:
                    8d:9c:8c:46:0a:9a:68:86:c7:12:7f:50:1b:ff:79:
                    6a:9b:4b:03:5f:aa:e8:42:05:59:2b:62:91:b7:54:
                    66:22:be:72:89:0e:a2:ea:17:2a:24:89:b6:d9:d1:
                    82:46:93:8f:46:41:69:bf:77:7b:0d:34:52:00:28:
                    91:76:03:84:ae:ba:99:b9:74:29:b4:81:fe:22:6c:
                    ad:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:3A:F7:FD:CD:87:2C:CD:15:7C:F2:42:37:77:2E:C9:3E:75:0D:E5
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/0jr3_c2HLM0VfPJCN3cuyT51DeU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c6:5030::/44

    Signature Algorithm: sha256WithRSAEncryption
         47:bb:e7:a1:53:8b:30:64:84:3c:97:5a:86:48:35:c4:45:38:
         6b:59:5c:1f:fb:9a:f5:c8:f4:68:29:8b:8a:b2:cf:8d:50:ec:
         d3:c5:aa:45:dd:8d:f9:2d:2e:c5:bb:2f:68:50:a0:22:57:32:
         96:f1:19:07:60:a6:b3:61:d7:4d:0e:95:81:78:92:27:8e:a2:
         6c:b3:23:1b:b2:76:20:b4:95:f8:aa:3c:56:52:ec:4a:96:5b:
         86:4e:15:6f:96:8a:99:2d:6b:41:34:a1:a1:0b:66:a6:29:2a:
         8e:50:8f:a7:58:5b:6b:d3:e8:9d:0f:99:2f:de:07:43:8f:b5:
         58:b5:92:34:c6:11:81:e8:aa:42:71:57:8b:5c:5b:e8:b3:81:
         c7:a9:44:df:21:5f:7e:72:f2:13:ce:6b:cd:8a:02:7f:c9:3b:
         7f:01:ee:b5:28:9c:1e:a3:48:57:52:1c:81:a0:b1:c4:83:c5:
         18:7d:f3:d8:f9:7f:be:77:3c:be:07:77:6e:14:f6:fc:85:41:
         06:89:95:18:0a:ac:be:2a:11:af:f1:31:67:b0:97:2b:08:f9:
         ff:a9:a9:0e:33:46:d1:85:af:c0:60:90:4c:05:4f:3b:e2:c8:
         ad:f9:ca:19:eb:80:5f:89:94:18:b3:f6:fa:dc:2a:d4:76:5e:
         8d:e7:7b:23
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJTdCr7MDJbQ+es82rdYexMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjQwMTAyMDgzMjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjNhZjdmZGNkODcyY2NkMTU3Y2YyNDIzNzc3MmVjOTNlNzUwZGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiGmnLqKaP4G2eT5BfFY3q06LXj+x
KbZutBeeeeIHP4fI1du+yepWvCUbWVk9rP5CYu38cgi4puvEdpqHDia9nMYOsSnI
kdNCr0kv8EE2DOwGHW7k/OTVXt3wsmQPNTF/6o3a79wW43ljQ7gxL8w3sDV4WZkR
39BUpczPP+tYlZXJkfBl+xvrTqLpPEG1Bjy1vDyhGVTEOdT26UoO/dAQnnBIBxoZ
dmvL6xudCdeVOC6w6BmNnIxGCppohscSf1Ab/3lqm0sDX6roQgVZK2KRt1RmIr5y
iQ6i6hcqJIm22dGCRpOPRkFpv3d7DTRSACiRdgOErrqZuXQptIH+ImytmQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNI69/3NhyzNFXzyQjd3Lsk+dQ3lMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvMGpyM19jMkhMTTBWZlBKQ04zY3V5VDUxRGVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhOlxlAw
MA0GCSqGSIb3DQEBCwUAA4IBAQBHu+ehU4swZIQ8l1qGSDXERThrWVwf+5r1yPRo
KYuKss+NUOzTxapF3Y35LS7Fuy9oUKAiVzKW8RkHYKazYddNDpWBeJInjqJssyMb
snYgtJX4qjxWUuxKlluGThVvloqZLWtBNKGhC2amKSqOUI+nWFtr0+idD5kv3gdD
j7VYtZI0xhGB6KpCcVeLXFvos4HHqUTfIV9+cvITzmvNigJ/yTt/Ae61KJweo0hX
UhyBoLHEg8UYffPY+X++dzy+B3duFPb8hUEGiZUYCqy+KhGv8TFnsJcrCPn/qakO
M0bRha/AYJBMBU874sit+coZ64BfiZQYs/b63CrUdl6N53sj
-----END CERTIFICATE-----