Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/1Bsd96zKxl4WdEFJFoR2tbdogPI.roa
File:                     1Bsd96zKxl4WdEFJFoR2tbdogPI.roa (raw, json)
Hash identifier:          chEfQlOPyfEw1Ao+9pHWViKw/6UphN73TalSughSnyA=
Subject key identifier:   D4:1B:1D:F7:AC:CA:C6:5E:16:74:41:49:16:84:76:B5:B7:68:80:F2
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       018CC94DD2586CFC0B563824D41BBD7095D4
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/1Bsd96zKxl4WdEFJFoR2tbdogPI.roa
Signing time:             Tue 02 Jan 2024 08:32:49 +0000
ROA not before:           Tue 02 Jan 2024 08:32:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216056
IP address blocks:        2a13:a5c7:1600::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:d2:58:6c:fc:0b:56:38:24:d4:1b:bd:70:95:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jan  2 08:32:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d41b1df7accac65e16744149168476b5b76880f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:66:e0:30:2c:a5:3a:84:a7:69:bb:7f:1e:52:
                    41:c8:8b:b5:f6:9d:d9:a1:71:5f:9c:fc:0b:b3:32:
                    50:01:49:d5:f2:dd:05:73:f2:d5:ab:2f:58:6f:fd:
                    d3:35:dc:20:b0:34:6b:48:76:31:56:8f:f1:f4:22:
                    3a:64:b7:03:c7:22:7c:9a:03:0a:71:af:3d:14:4c:
                    18:ec:44:40:ec:9b:da:97:b5:27:62:0e:52:a8:0a:
                    4a:2b:6c:8f:29:cc:f5:f7:3d:9c:b5:28:47:bf:9f:
                    98:06:85:f4:48:fa:a0:ec:38:77:ab:2e:25:f3:5d:
                    55:d0:ec:62:49:c4:41:40:de:66:ff:85:93:e6:03:
                    44:c3:4d:bf:07:b1:59:5a:08:30:55:26:6b:1d:aa:
                    4b:6a:c9:54:a9:4e:4c:07:2e:7c:aa:4e:f2:29:ec:
                    e6:85:c8:bf:ba:16:a4:1b:fc:5e:cd:98:f1:d1:a4:
                    51:4d:af:12:87:b7:20:36:2f:93:d4:b6:05:97:ba:
                    6d:65:5d:4d:32:0d:13:cf:f6:bd:f9:8a:b4:1c:2b:
                    23:4e:c1:7c:1e:f0:43:19:1d:e6:87:f0:68:8d:f9:
                    4b:e3:8b:60:e7:24:d7:67:3b:16:69:dc:8b:cd:c0:
                    2e:94:81:3c:d1:91:05:d7:30:53:99:a6:39:13:ad:
                    48:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:1B:1D:F7:AC:CA:C6:5E:16:74:41:49:16:84:76:B5:B7:68:80:F2
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/1Bsd96zKxl4WdEFJFoR2tbdogPI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c7:1600::/40

    Signature Algorithm: sha256WithRSAEncryption
         7d:27:e9:92:34:f1:a6:bb:8b:5f:99:5d:79:a9:70:e2:a8:6c:
         52:b3:a8:ae:30:9b:b4:ba:ea:fc:4b:9c:49:f2:27:f3:5a:ca:
         dc:33:2c:52:fb:7a:61:72:cb:25:56:8e:76:fc:98:00:89:18:
         ca:23:39:64:a1:21:48:b5:27:26:61:25:67:f8:9e:20:d3:97:
         b6:fb:79:74:49:40:7b:9a:0c:64:3a:8e:8f:86:de:96:3b:19:
         81:49:46:15:2e:34:ef:84:23:96:fa:6e:7b:83:3b:eb:e4:2f:
         71:7c:c1:98:da:ab:f3:c0:de:bf:8d:00:21:89:93:ff:3f:ae:
         20:76:74:0c:65:ef:21:7f:86:f5:3f:6a:4a:15:e4:57:35:ff:
         f6:1a:e8:84:51:78:71:01:04:79:0e:3a:80:bd:ae:fa:27:22:
         7b:02:fa:3d:94:ac:7d:eb:ce:fc:73:c5:74:c9:37:7f:6e:c1:
         68:88:aa:dd:2f:0c:7d:b0:a5:ca:05:45:8b:00:3f:71:80:23:
         46:ef:8a:1c:16:16:d6:c0:dd:b7:64:61:19:d3:16:fd:6d:df:
         15:0d:99:b3:fc:e1:d2:a7:62:f0:d6:04:16:ff:8e:7f:0f:f8:
         49:22:c2:50:13:43:94:6f:90:eb:73:bf:a7:8e:6e:ee:35:4a:
         42:24:f6:0a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTdJYbPwLVjgk1Bu9cJXUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjQwMTAyMDgzMjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDFiMWRmN2FjY2FjNjVlMTY3NDQxNDkxNjg0NzZiNWI3Njg4MGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2bgMCylOoSnabt/HlJByIu19p3Z
oXFfnPwLszJQAUnV8t0Fc/LVqy9Yb/3TNdwgsDRrSHYxVo/x9CI6ZLcDxyJ8mgMK
ca89FEwY7ERA7Jval7UnYg5SqApKK2yPKcz19z2ctShHv5+YBoX0SPqg7Dh3qy4l
811V0OxiScRBQN5m/4WT5gNEw02/B7FZWggwVSZrHapLaslUqU5MBy58qk7yKezm
hci/uhakG/xezZjx0aRRTa8Sh7cgNi+T1LYFl7ptZV1NMg0Tz/a9+Yq0HCsjTsF8
HvBDGR3mh/BojflL44tg5yTXZzsWadyLzcAulIE80ZEF1zBTmaY5E61ITQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNQbHfesysZeFnRBSRaEdrW3aIDyMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvMUJzZDk2ekt4bDRXZEVGSkZvUjJ0YmRvZ1BJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhOlxxYw
DQYJKoZIhvcNAQELBQADggEBAH0n6ZI08aa7i1+ZXXmpcOKobFKzqK4wm7S66vxL
nEnyJ/NaytwzLFL7emFyyyVWjnb8mACJGMojOWShIUi1JyZhJWf4niDTl7b7eXRJ
QHuaDGQ6jo+G3pY7GYFJRhUuNO+EI5b6bnuDO+vkL3F8wZjaq/PA3r+NACGJk/8/
riB2dAxl7yF/hvU/akoV5Fc1//Ya6IRReHEBBHkOOoC9rvonInsC+j2UrH3rzvxz
xXTJN39uwWiIqt0vDH2wpcoFRYsAP3GAI0bvihwWFtbA3bdkYRnTFv1t3xUNmbP8
4dKnYvDWBBb/jn8P+EkiwlATQ5RvkOtzv6eObu41SkIk9go=
-----END CERTIFICATE-----