Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/2vAIfONyk_eheGC-kkhm-tqHVoc.roa
File:                     2vAIfONyk_eheGC-kkhm-tqHVoc.roa (raw, json)
Hash identifier:          WSA+qsp0X5mO1gCL3dySuJ6QQBCQnrgRe5xPpp3k7zM=
Subject key identifier:   DA:F0:08:7C:E3:72:93:F7:A1:78:60:BE:92:48:66:FA:DA:87:56:87
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       018CD3B715A746611121836A71B63B67F9F7
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/2vAIfONyk_eheGC-kkhm-tqHVoc.roa
Signing time:             Thu 04 Jan 2024 09:04:00 +0000
ROA not before:           Thu 04 Jan 2024 09:04:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44324
IP address blocks:        2a13:a5c3::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d3:b7:15:a7:46:61:11:21:83:6a:71:b6:3b:67:f9:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jan  4 09:04:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=daf0087ce37293f7a17860be924866fada875687
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:06:25:e5:7c:40:c5:7d:c9:78:d7:91:20:9b:
                    2e:1c:44:09:99:f1:1d:99:1a:91:80:45:18:00:e8:
                    50:89:97:8d:11:34:8b:df:c4:fc:d0:02:fd:9c:3c:
                    31:a0:c8:b0:b4:7b:09:c8:7b:f7:d3:37:40:76:d2:
                    d3:40:46:fa:92:34:c2:29:8e:c9:97:ec:05:11:ff:
                    2d:65:a1:38:e2:7e:fa:92:2d:05:97:c2:ab:8a:e4:
                    27:c6:33:ed:f3:43:45:86:bc:e0:0f:87:71:a8:49:
                    59:bf:97:d5:a6:bb:bc:b1:3c:7d:0f:25:38:d1:da:
                    19:4c:ae:ef:95:b9:4a:24:dd:73:a2:c4:c6:a3:5c:
                    0e:bc:ce:5d:98:3e:04:42:10:51:8c:be:dd:86:00:
                    71:8f:44:4e:f2:6d:32:bf:2c:d4:0b:e8:12:cd:75:
                    57:68:bd:93:fe:88:a4:42:ce:f2:d2:c7:ba:c4:38:
                    4d:44:85:37:88:05:0f:82:42:3f:cf:32:08:c4:01:
                    98:a7:97:40:2b:c3:43:d2:34:35:4e:5e:be:c5:f5:
                    71:01:0c:f9:33:19:50:83:1a:3c:bb:fe:d8:dd:38:
                    39:63:9c:36:65:b4:42:b2:f6:cc:e7:9f:9b:b7:f6:
                    4c:b5:3f:27:8c:57:56:21:0a:8d:e0:82:04:c4:34:
                    a3:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:F0:08:7C:E3:72:93:F7:A1:78:60:BE:92:48:66:FA:DA:87:56:87
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/2vAIfONyk_eheGC-kkhm-tqHVoc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c3::/32

    Signature Algorithm: sha256WithRSAEncryption
         65:8c:e2:a9:a6:ff:40:17:d1:cb:d1:37:ee:da:34:eb:dc:6f:
         77:4b:65:26:ab:19:58:9a:eb:8a:ed:ee:54:cf:04:3a:a7:01:
         bf:2b:68:70:ca:93:ec:b6:d1:18:95:fe:b2:05:39:44:6e:49:
         92:a4:d5:87:6d:b7:48:9f:df:6d:65:0c:46:c4:89:69:3f:1d:
         89:07:54:f2:8d:35:e6:d2:94:59:f7:dd:5e:41:d0:9d:46:31:
         e0:99:0b:9e:fe:6d:a9:45:1a:fb:06:7a:6c:8d:be:f0:af:74:
         ec:e3:6f:38:de:65:48:65:f1:fb:e4:07:ea:99:3d:32:c6:12:
         66:9d:3e:5f:4c:3a:cc:d9:79:87:8f:75:13:80:e2:ef:06:de:
         e7:09:75:df:b1:12:a4:13:2c:29:a1:fe:f1:7b:76:f5:50:46:
         26:40:c8:87:58:30:bb:48:eb:5b:e5:f4:66:49:c6:72:8c:d3:
         f6:59:c0:b1:a1:40:04:3e:02:c6:f6:79:96:78:b3:c8:bd:1e:
         08:b8:11:db:82:92:39:72:b1:42:b7:c4:1b:fb:2b:8a:2a:05:
         ea:40:93:57:08:8a:b8:cc:01:c9:1e:66:ac:87:38:b0:d4:44:
         64:9b:15:c8:80:8d:4e:85:81:b6:5b:84:f7:98:12:6e:c6:0c:
         f1:c9:77:f3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzTtxWnRmERIYNqcbY7Z/n3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjQwMTA0MDkwNDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWYwMDg3Y2UzNzI5M2Y3YTE3ODYwYmU5MjQ4NjZmYWRhODc1Njg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3AYl5XxAxX3JeNeRIJsuHEQJmfEd
mRqRgEUYAOhQiZeNETSL38T80AL9nDwxoMiwtHsJyHv30zdAdtLTQEb6kjTCKY7J
l+wFEf8tZaE44n76ki0Fl8KriuQnxjPt80NFhrzgD4dxqElZv5fVpru8sTx9DyU4
0doZTK7vlblKJN1zosTGo1wOvM5dmD4EQhBRjL7dhgBxj0RO8m0yvyzUC+gSzXVX
aL2T/oikQs7y0se6xDhNRIU3iAUPgkI/zzIIxAGYp5dAK8ND0jQ1Tl6+xfVxAQz5
MxlQgxo8u/7Y3Tg5Y5w2ZbRCsvbM55+bt/ZMtT8njFdWIQqN4IIExDSjkwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNrwCHzjcpP3oXhgvpJIZvrah1aHMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvMnZBSWZPTnlrX2VoZUdDLWtraG0tdHFIVm9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhOlwzAN
BgkqhkiG9w0BAQsFAAOCAQEAZYziqab/QBfRy9E37to069xvd0tlJqsZWJrriu3u
VM8EOqcBvytocMqT7LbRGJX+sgU5RG5JkqTVh223SJ/fbWUMRsSJaT8diQdU8o01
5tKUWffdXkHQnUYx4JkLnv5tqUUa+wZ6bI2+8K907ONvON5lSGXx++QH6pk9MsYS
Zp0+X0w6zNl5h491E4Di7wbe5wl137ESpBMsKaH+8Xt29VBGJkDIh1gwu0jrW+X0
ZknGcozT9lnAsaFABD4CxvZ5lnizyL0eCLgR24KSOXKxQrfEG/sriioF6kCTVwiK
uMwByR5mrIc4sNREZJsVyICNToWBtluE95gSbsYM8cl38w==
-----END CERTIFICATE-----