Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/5qXhzmxW1o635AtywFIHW2jkvsc.roa
File:                     5qXhzmxW1o635AtywFIHW2jkvsc.roa (raw, json)
Hash identifier:          sUASMgD/g5KA7JOZDk+BlffMoT86DMbbjutxcLbpfVE=
Subject key identifier:   E6:A5:E1:CE:6C:56:D6:8E:B7:E4:0B:72:C0:52:07:5B:68:E4:BE:C7
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       018CC94DCC54E8F4726C5E970F6026AC3B36
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/5qXhzmxW1o635AtywFIHW2jkvsc.roa
Signing time:             Tue 02 Jan 2024 08:32:48 +0000
ROA not before:           Tue 02 Jan 2024 08:32:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142551
IP address blocks:        2a13:a5c7:1200::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:cc:54:e8:f4:72:6c:5e:97:0f:60:26:ac:3b:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jan  2 08:32:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e6a5e1ce6c56d68eb7e40b72c052075b68e4bec7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:0e:75:f9:70:62:e0:b8:4b:0a:a3:f8:59:82:
                    cc:72:47:ab:cd:75:cf:b3:92:b3:25:17:d5:14:41:
                    5b:07:cd:1b:fc:92:f2:5d:64:40:c7:9d:61:a9:4e:
                    d1:bb:90:ef:54:ac:27:6c:ba:e3:cb:29:6f:0f:39:
                    35:1f:87:51:13:11:24:cb:d7:26:b5:9a:be:45:35:
                    89:77:fe:5c:59:d1:b3:42:79:c6:0b:b7:07:76:70:
                    a0:a5:c7:e2:fc:ea:4a:64:62:d8:6e:db:d5:96:53:
                    95:f5:88:03:33:03:15:f1:8c:51:ab:68:c2:e8:08:
                    99:d0:9c:5c:1f:d3:72:e5:c8:dd:79:01:7b:a1:99:
                    7e:b2:41:e3:bb:38:3a:6b:15:64:52:05:66:f0:10:
                    2f:f5:d8:4c:b9:2e:69:07:dd:18:de:c1:f3:4d:57:
                    3d:9b:5f:70:6f:16:8c:17:55:24:46:2a:a5:88:e0:
                    84:f3:46:a6:08:ff:48:84:7b:76:8b:4a:26:c0:a8:
                    78:8a:82:e8:5c:cc:ff:2d:2c:8c:35:72:09:87:8f:
                    2b:52:a0:0a:a1:19:98:e9:22:30:b4:f9:b3:c5:5f:
                    8f:3e:0e:f8:38:bb:be:1b:b6:6e:06:3c:2b:10:79:
                    ee:3a:2f:45:f0:2d:eb:18:40:a0:31:79:ce:54:38:
                    ea:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:A5:E1:CE:6C:56:D6:8E:B7:E4:0B:72:C0:52:07:5B:68:E4:BE:C7
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/5qXhzmxW1o635AtywFIHW2jkvsc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c7:1200::/40

    Signature Algorithm: sha256WithRSAEncryption
         39:dd:25:8d:a7:25:d6:9f:09:35:dc:75:46:15:e8:5e:59:e2:
         ae:d0:e1:5b:ef:de:4e:c5:41:a8:7c:06:47:f1:cc:4a:5e:54:
         61:05:d4:fd:03:ce:0f:21:02:69:0d:cd:e4:70:ba:2c:a7:4d:
         02:92:bc:95:7c:38:ba:ef:83:10:fb:e0:53:71:03:56:3d:03:
         9a:d8:95:8d:ba:79:af:a3:cd:ff:c7:83:22:75:aa:63:25:54:
         50:2e:d5:17:38:06:a4:65:53:91:1c:c7:93:96:4f:c6:53:0b:
         81:fa:70:62:88:06:63:26:ef:11:44:2c:24:5c:78:93:d0:ea:
         23:c3:61:37:7a:9a:68:15:01:e7:84:14:dc:da:1f:2c:8b:0b:
         a8:fe:0d:7c:e0:5a:94:98:16:3c:a3:ee:88:91:52:10:ae:d2:
         8e:83:f7:1e:37:5a:ba:51:47:8a:9d:9f:c6:19:a1:fe:fa:b7:
         67:cd:e2:e1:51:1d:d2:4a:07:ab:13:a4:dc:64:9a:a4:b7:b7:
         bb:64:bc:a2:f7:82:b7:cd:34:95:a9:d1:72:3d:a5:32:d6:67:
         59:fe:b6:d4:22:22:4b:24:50:9d:00:7b:f2:fb:3c:67:7b:af:
         f8:18:c9:41:af:52:d5:8a:f7:99:9c:f1:ce:07:f4:ad:ef:b6:
         eb:5c:1a:63
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTcxU6PRybF6XD2AmrDs2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjQwMTAyMDgzMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmE1ZTFjZTZjNTZkNjhlYjdlNDBiNzJjMDUyMDc1YjY4ZTRiZWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmg51+XBi4LhLCqP4WYLMckerzXXP
s5KzJRfVFEFbB80b/JLyXWRAx51hqU7Ru5DvVKwnbLrjyylvDzk1H4dRExEky9cm
tZq+RTWJd/5cWdGzQnnGC7cHdnCgpcfi/OpKZGLYbtvVllOV9YgDMwMV8YxRq2jC
6AiZ0JxcH9Ny5cjdeQF7oZl+skHjuzg6axVkUgVm8BAv9dhMuS5pB90Y3sHzTVc9
m19wbxaMF1UkRiqliOCE80amCP9IhHt2i0omwKh4ioLoXMz/LSyMNXIJh48rUqAK
oRmY6SIwtPmzxV+PPg74OLu+G7ZuBjwrEHnuOi9F8C3rGECgMXnOVDjq2QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFOal4c5sVtaOt+QLcsBSB1to5L7HMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvNXFYaHpteFcxbzYzNUF0eXdGSUhXMmprdnNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhOlxxIw
DQYJKoZIhvcNAQELBQADggEBADndJY2nJdafCTXcdUYV6F5Z4q7Q4Vvv3k7FQah8
BkfxzEpeVGEF1P0Dzg8hAmkNzeRwuiynTQKSvJV8OLrvgxD74FNxA1Y9A5rYlY26
ea+jzf/HgyJ1qmMlVFAu1Rc4BqRlU5Ecx5OWT8ZTC4H6cGKIBmMm7xFELCRceJPQ
6iPDYTd6mmgVAeeEFNzaHyyLC6j+DXzgWpSYFjyj7oiRUhCu0o6D9x43WrpRR4qd
n8YZof76t2fN4uFRHdJKB6sTpNxkmqS3t7tkvKL3grfNNJWp0XI9pTLWZ1n+ttQi
IkskUJ0Ae/L7PGd7r/gYyUGvUtWK95mc8c4H9K3vtutcGmM=
-----END CERTIFICATE-----