Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/8P-W7ZJtdsOyTkcsVlBPIseILg8.roa
File:                     8P-W7ZJtdsOyTkcsVlBPIseILg8.roa (raw, json)
Hash identifier:          opA5lp72Wr0VMos327O0oe90VPCTLRKYEskUq7GxajM=
Subject key identifier:   F0:FF:96:ED:92:6D:76:C3:B2:4E:47:2C:56:50:4F:22:C7:88:2E:0F
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       018CC94DCD1945283926EAA277B2D42C4FE4
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/8P-W7ZJtdsOyTkcsVlBPIseILg8.roa
Signing time:             Tue 02 Jan 2024 08:32:48 +0000
ROA not before:           Tue 02 Jan 2024 08:32:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     151187
IP address blocks:        2a13:a5c5::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:cd:19:45:28:39:26:ea:a2:77:b2:d4:2c:4f:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jan  2 08:32:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0ff96ed926d76c3b24e472c56504f22c7882e0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:d4:b8:ad:b4:0a:0f:4f:15:f8:9d:8e:02:ea:
                    fa:03:d5:5b:d9:de:b2:53:c7:88:ce:f4:ad:8f:02:
                    a7:57:f5:b1:8e:c3:2f:45:51:da:2f:0f:d9:69:f4:
                    fa:48:e2:3a:a9:21:39:8e:d4:b8:e0:0a:e5:ea:e1:
                    26:a0:f6:7b:e6:76:af:cb:77:23:76:ce:92:39:54:
                    80:82:09:c7:4e:d1:ae:a8:d9:2f:6a:2c:ba:45:99:
                    d8:68:6d:d4:f4:59:fc:70:77:58:cd:42:bd:6a:2b:
                    cd:40:de:35:03:8f:d3:ff:00:38:cf:3d:94:80:07:
                    99:61:06:bc:8f:c6:16:cf:5a:5a:8e:7d:bf:61:36:
                    85:88:c2:d0:ab:d2:06:81:bc:fe:9f:b2:26:2a:d9:
                    b9:d2:83:bf:48:b5:83:55:ce:30:35:c6:c8:a2:33:
                    77:64:bd:8e:10:58:26:ad:96:46:d4:8a:ac:ee:9d:
                    1e:9e:12:8a:27:1c:4f:b5:f5:f1:9b:4a:7a:53:55:
                    7a:82:52:a4:c3:02:7c:54:5b:ff:dd:e4:ff:68:dc:
                    e7:22:bb:e1:44:8e:ca:c7:7d:07:24:7e:c6:3b:be:
                    e3:de:a4:b9:25:e9:fc:a7:50:7c:da:c5:fe:d2:10:
                    d7:39:16:40:92:48:8f:f7:ff:94:c3:a4:a2:8d:93:
                    f1:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:FF:96:ED:92:6D:76:C3:B2:4E:47:2C:56:50:4F:22:C7:88:2E:0F
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/8P-W7ZJtdsOyTkcsVlBPIseILg8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c5::/48

    Signature Algorithm: sha256WithRSAEncryption
         a7:a7:58:38:9d:6f:48:6a:2b:2b:d9:5a:97:fc:7b:ba:67:14:
         9b:35:1c:45:cc:dd:26:20:76:4b:c7:cc:07:bb:1c:74:99:4a:
         23:55:c5:c3:4a:11:55:fb:76:8b:e7:7b:c0:07:70:c4:ee:8e:
         0b:ff:7a:28:6e:07:77:0b:2f:56:31:63:2d:86:f7:7c:82:bc:
         d2:3a:c8:5a:07:5a:1f:df:38:1b:b0:e5:6f:bc:ed:81:04:20:
         29:31:59:d4:d5:85:11:54:e4:af:81:32:77:e1:b8:a1:9d:1a:
         fd:ec:63:05:b7:90:ce:9e:c2:d2:87:1b:05:ac:34:5c:9c:eb:
         1d:2d:51:b1:21:6d:d6:28:ce:24:75:bf:de:1a:dd:5f:2e:e2:
         bd:c2:93:c4:5e:f4:09:46:a0:89:da:9b:34:ea:86:eb:aa:71:
         16:09:c3:fd:dd:c7:94:57:60:6c:8f:5f:d9:2a:8e:03:d5:a9:
         13:4e:8f:fa:8a:05:29:49:ac:81:84:76:0a:36:7a:4d:f2:2e:
         ef:8b:70:56:52:36:20:18:a7:31:65:0d:56:1c:00:11:8b:72:
         bb:8b:1c:d4:49:48:80:f1:31:b2:29:28:72:56:cc:d0:58:34:
         f8:68:bd:08:19:d5:28:f7:64:1e:d6:e0:86:e9:ba:57:2b:8b:
         7c:57:46:fe
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJTc0ZRSg5Juqid7LULE/kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjQwMTAyMDgzMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGZmOTZlZDkyNmQ3NmMzYjI0ZTQ3MmM1NjUwNGYyMmM3ODgyZTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9S4rbQKD08V+J2OAur6A9Vb2d6y
U8eIzvStjwKnV/WxjsMvRVHaLw/ZafT6SOI6qSE5jtS44Arl6uEmoPZ75navy3cj
ds6SOVSAggnHTtGuqNkvaiy6RZnYaG3U9Fn8cHdYzUK9aivNQN41A4/T/wA4zz2U
gAeZYQa8j8YWz1pajn2/YTaFiMLQq9IGgbz+n7ImKtm50oO/SLWDVc4wNcbIojN3
ZL2OEFgmrZZG1Iqs7p0enhKKJxxPtfXxm0p6U1V6glKkwwJ8VFv/3eT/aNznIrvh
RI7Kx30HJH7GO77j3qS5Jen8p1B82sX+0hDXORZAkkiP9/+Uw6SijZPxHQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPD/lu2SbXbDsk5HLFZQTyLHiC4PMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvOFAtVzdaSnRkc095VGtjc1ZsQlBJc2VJTGc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOlxQAA
MA0GCSqGSIb3DQEBCwUAA4IBAQCnp1g4nW9Iaisr2VqX/Hu6ZxSbNRxFzN0mIHZL
x8wHuxx0mUojVcXDShFV+3aL53vAB3DE7o4L/3oobgd3Cy9WMWMthvd8grzSOsha
B1of3zgbsOVvvO2BBCApMVnU1YURVOSvgTJ34bihnRr97GMFt5DOnsLShxsFrDRc
nOsdLVGxIW3WKM4kdb/eGt1fLuK9wpPEXvQJRqCJ2ps06obrqnEWCcP93ceUV2Bs
j1/ZKo4D1akTTo/6igUpSayBhHYKNnpN8i7vi3BWUjYgGKcxZQ1WHAARi3K7ixzU
SUiA8TGyKShyVszQWDT4aL0IGdUo92Qe1uCG6bpXK4t8V0b+
-----END CERTIFICATE-----