Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/8GO7Uvuob67zAldF29sFRccvQ1Q.roa
File:                     8GO7Uvuob67zAldF29sFRccvQ1Q.roa (raw, json)
Hash identifier:          zQ2FmN1F0XUTRDOCDAivJrKn048exg6CRAw65sOduU8=
Subject key identifier:   F0:63:BB:52:FB:A8:6F:AE:F3:02:57:45:DB:DB:05:45:C7:2F:43:54
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       0192064FD7D688BC42FF8543DF8C5A998FD8
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/8GO7Uvuob67zAldF29sFRccvQ1Q.roa
Signing time:             Wed 18 Sep 2024 18:05:48 +0000
ROA not before:           Wed 18 Sep 2024 18:05:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215750
IP address blocks:        2a13:a5c3:f100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:06:4f:d7:d6:88:bc:42:ff:85:43:df:8c:5a:99:8f:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Sep 18 18:05:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f063bb52fba86faef3025745dbdb0545c72f4354
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:a7:ed:fa:6f:fc:eb:3c:53:55:06:03:8c:5d:
                    f7:53:47:78:f7:81:97:c0:d3:f9:17:c2:17:7d:d1:
                    28:9e:b2:1a:83:90:e0:fd:d4:c6:d6:cc:3c:4d:70:
                    d7:c7:e5:b4:91:28:8a:3d:da:3c:a8:0c:12:ad:be:
                    94:5b:67:06:7d:83:53:db:ed:55:1f:7e:93:49:66:
                    18:86:28:c2:cd:22:ec:e1:a7:c2:fc:b8:96:d1:4a:
                    22:40:1e:e9:b6:cf:68:aa:06:e1:d8:60:d8:e1:d3:
                    b2:09:33:c6:1b:2f:94:c1:91:8c:34:51:e9:9c:ab:
                    07:0e:4c:2b:ef:0e:8d:5b:43:f2:4c:b2:0d:39:b2:
                    8e:9e:f8:5e:9b:60:81:8e:d5:ab:ec:bd:04:9f:f0:
                    4b:34:7b:10:04:03:b1:cd:34:45:cf:18:f3:9e:58:
                    73:3f:cd:f9:3a:b8:b5:a4:0d:cd:9f:62:5a:f6:ac:
                    6d:af:af:97:eb:02:67:55:e4:8e:28:67:e0:4c:96:
                    23:4a:2a:97:7f:a4:06:be:56:46:7b:23:0b:84:b9:
                    4c:8b:19:ee:f5:ff:d1:0a:d1:b0:8c:70:5f:60:8a:
                    5d:0f:fd:56:d6:8e:12:1c:3b:f8:da:d3:0f:93:75:
                    4d:80:e3:15:11:02:bf:9f:05:51:eb:ca:92:92:7b:
                    f3:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:63:BB:52:FB:A8:6F:AE:F3:02:57:45:DB:DB:05:45:C7:2F:43:54
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/8GO7Uvuob67zAldF29sFRccvQ1Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c3:f100::/40

    Signature Algorithm: sha256WithRSAEncryption
         11:e5:28:ba:f0:84:e7:0f:84:41:39:b1:94:e0:cb:cb:1a:e8:
         d5:ea:8b:e6:ff:56:9d:38:52:ea:a0:36:e9:62:e3:3e:67:a5:
         55:91:c5:c2:cc:4d:2c:61:d7:3c:b0:9d:0a:1f:1b:c8:0f:49:
         af:99:cf:5c:d7:c0:d2:eb:5a:a6:49:e7:3c:97:39:43:26:be:
         3f:61:75:0c:72:39:9f:32:00:ab:f1:e0:4b:65:6b:c0:22:aa:
         84:e2:55:eb:d8:4d:34:5b:3c:d0:61:17:63:d7:f8:54:6d:f8:
         ba:12:93:e6:a7:91:9e:a4:8d:0f:16:8f:9f:fc:9e:50:0a:bd:
         1e:ba:86:c4:41:0c:4b:fc:7f:f1:de:bf:3b:18:5f:36:9d:f9:
         a8:f8:59:67:78:d5:20:be:07:a9:15:32:d4:55:c3:2c:8b:0d:
         9e:d6:7f:b7:92:f9:08:03:24:2c:cf:a4:f3:bc:f7:14:4c:17:
         c4:16:d5:48:6b:cd:f4:d8:15:62:d8:1f:5c:a9:5c:eb:c9:71:
         53:47:d4:49:29:40:72:03:fe:e3:c6:5f:65:18:ab:72:e3:ee:
         91:ef:c9:ee:2f:c8:4e:e8:d0:83:2c:83:11:cf:76:4d:36:39:
         4a:aa:b1:1b:da:83:9e:19:60:79:ad:2a:58:9e:b9:63:65:40:
         45:4c:f6:17
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZIGT9fWiLxC/4VD34xamY/YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjQwOTE4MTgwNTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDYzYmI1MmZiYTg2ZmFlZjMwMjU3NDVkYmRiMDU0NWM3MmY0MzU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx6ft+m/86zxTVQYDjF33U0d494GX
wNP5F8IXfdEonrIag5Dg/dTG1sw8TXDXx+W0kSiKPdo8qAwSrb6UW2cGfYNT2+1V
H36TSWYYhijCzSLs4afC/LiW0UoiQB7pts9oqgbh2GDY4dOyCTPGGy+UwZGMNFHp
nKsHDkwr7w6NW0PyTLINObKOnvhem2CBjtWr7L0En/BLNHsQBAOxzTRFzxjznlhz
P835Ori1pA3Nn2Ja9qxtr6+X6wJnVeSOKGfgTJYjSiqXf6QGvlZGeyMLhLlMixnu
9f/RCtGwjHBfYIpdD/1W1o4SHDv42tMPk3VNgOMVEQK/nwVR68qSknvzhwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPBju1L7qG+u8wJXRdvbBUXHL0NUMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvOEdPN1V2dW9iNjd6QWxkRjI5c0ZSY2N2UTFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhOlw/Ew
DQYJKoZIhvcNAQELBQADggEBABHlKLrwhOcPhEE5sZTgy8sa6NXqi+b/Vp04Uuqg
Nuli4z5npVWRxcLMTSxh1zywnQofG8gPSa+Zz1zXwNLrWqZJ5zyXOUMmvj9hdQxy
OZ8yAKvx4Etla8AiqoTiVevYTTRbPNBhF2PX+FRt+LoSk+ankZ6kjQ8Wj5/8nlAK
vR66hsRBDEv8f/HevzsYXzad+aj4WWd41SC+B6kVMtRVwyyLDZ7Wf7eS+QgDJCzP
pPO89xRMF8QW1UhrzfTYFWLYH1ypXOvJcVNH1EkpQHID/uPGX2UYq3Lj7pHvye4v
yE7o0IMsgxHPdk02OUqqsRvag54ZYHmtKlieuWNlQEVM9hc=
-----END CERTIFICATE-----