Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/A7mynkj7XlUC2f6KTXwoCm5hX4k.roa
File:                     A7mynkj7XlUC2f6KTXwoCm5hX4k.roa (raw, json)
Hash identifier:          WlNNcd/sadqiP74WWi3bP3fycEiGSlUPiEL0leTSfNw=
Subject key identifier:   03:B9:B2:9E:48:FB:5E:55:02:D9:FE:8A:4D:7C:28:0A:6E:61:5F:89
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       018CC94DCF44BBBA2CBB3E59F3B1288F9B4E
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/A7mynkj7XlUC2f6KTXwoCm5hX4k.roa
Signing time:             Tue 02 Jan 2024 08:32:48 +0000
ROA not before:           Tue 02 Jan 2024 08:32:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201217
IP address blocks:        2a13:a5c6::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:cf:44:bb:ba:2c:bb:3e:59:f3:b1:28:8f:9b:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jan  2 08:32:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03b9b29e48fb5e5502d9fe8a4d7c280a6e615f89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:47:ad:b4:c1:96:d5:be:2f:87:31:60:89:55:
                    f1:ad:93:28:09:9c:3b:5b:62:c8:e0:63:59:d5:e5:
                    47:37:3a:97:29:a2:7f:e7:cf:fe:b8:57:8c:98:a3:
                    52:30:8f:dc:b9:fd:f3:61:a1:05:5c:ab:02:a9:b7:
                    f3:44:f2:67:93:66:07:37:87:05:91:2e:95:24:98:
                    fa:8d:87:66:6e:e8:0c:02:62:09:82:e2:27:57:24:
                    46:12:c3:47:9a:4d:bc:bd:a7:ff:28:83:0b:ab:69:
                    b3:41:8d:41:3a:39:18:5a:fc:89:fd:5f:7a:72:4a:
                    62:a6:a2:ab:fd:e1:5c:d6:4f:31:27:bf:72:e1:5c:
                    0f:9e:64:b9:4a:73:ce:08:b6:69:61:12:13:62:47:
                    67:f8:d5:33:88:8c:43:9a:f6:e4:de:cf:08:7a:5f:
                    77:f7:18:21:05:d9:f0:97:f3:ff:36:ed:76:3f:8e:
                    10:62:c9:f6:05:6d:10:99:a5:72:fa:bf:77:8e:08:
                    e1:10:1d:18:c0:b2:8f:5b:7c:0b:bd:2e:22:83:7e:
                    3e:b1:90:f8:c5:a3:9d:e7:c7:5c:6c:b6:7b:81:76:
                    e4:1e:55:05:ed:f7:04:30:7c:1f:32:89:0e:b0:0e:
                    04:4c:da:37:a3:75:da:c6:7b:ad:c2:9a:3d:4a:7f:
                    39:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:B9:B2:9E:48:FB:5E:55:02:D9:FE:8A:4D:7C:28:0A:6E:61:5F:89
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/A7mynkj7XlUC2f6KTXwoCm5hX4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c6::/32

    Signature Algorithm: sha256WithRSAEncryption
         9d:95:75:f2:83:6c:f6:52:05:78:fc:7d:ad:02:ed:6e:f3:7c:
         10:ac:45:a3:1b:10:6c:a9:c5:fa:f2:7a:3b:e2:2c:fc:f1:aa:
         f3:f7:84:7a:7d:4c:6e:c6:d1:06:c7:e6:55:44:a8:ef:bc:ec:
         9f:69:fe:1a:fd:d1:3b:3c:d0:49:e4:f6:ec:92:79:df:b0:6c:
         74:b0:84:6a:01:d2:6c:72:38:b3:0e:35:f5:7d:d3:31:c1:cc:
         e2:f6:51:76:55:7a:95:19:95:38:7b:16:6f:fd:f9:31:12:6a:
         77:45:d6:e4:18:62:02:03:64:50:5f:45:0c:6b:98:0f:d7:bb:
         4d:59:39:39:b1:1a:79:ef:3b:7f:e2:96:ef:c2:39:81:19:c3:
         8f:8c:4f:a3:7a:4a:8e:6a:31:1b:d4:c4:10:ea:ba:a3:27:e0:
         7d:80:4b:22:ac:a3:29:4b:cb:04:f4:d4:79:d3:85:2c:42:b7:
         b3:5d:24:3b:45:92:ab:67:0c:46:ae:34:d8:19:d4:69:d1:2a:
         5d:5a:8f:1d:74:5f:80:83:2d:a3:af:f9:92:01:2b:c9:16:76:
         7c:35:0a:4d:2b:55:d0:c4:28:0e:44:dc:54:93:29:90:44:97:
         96:39:c1:24:b3:c6:17:17:4f:22:d8:8f:dd:93:64:ab:93:06:
         a5:06:ac:d2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJTc9Eu7osuz5Z87Eoj5tOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjQwMTAyMDgzMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2I5YjI5ZTQ4ZmI1ZTU1MDJkOWZlOGE0ZDdjMjgwYTZlNjE1Zjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhEettMGW1b4vhzFgiVXxrZMoCZw7
W2LI4GNZ1eVHNzqXKaJ/58/+uFeMmKNSMI/cuf3zYaEFXKsCqbfzRPJnk2YHN4cF
kS6VJJj6jYdmbugMAmIJguInVyRGEsNHmk28vaf/KIMLq2mzQY1BOjkYWvyJ/V96
ckpipqKr/eFc1k8xJ79y4VwPnmS5SnPOCLZpYRITYkdn+NUziIxDmvbk3s8Iel93
9xghBdnwl/P/Nu12P44QYsn2BW0QmaVy+r93jgjhEB0YwLKPW3wLvS4ig34+sZD4
xaOd58dcbLZ7gXbkHlUF7fcEMHwfMokOsA4ETNo3o3Xaxnutwpo9Sn85KwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAO5sp5I+15VAtn+ik18KApuYV+JMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvQTdteW5rajdYbFVDMmY2S1RYd29DbTVoWDRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhOlxjAN
BgkqhkiG9w0BAQsFAAOCAQEAnZV18oNs9lIFePx9rQLtbvN8EKxFoxsQbKnF+vJ6
O+Is/PGq8/eEen1MbsbRBsfmVUSo77zsn2n+Gv3ROzzQSeT27JJ537BsdLCEagHS
bHI4sw419X3TMcHM4vZRdlV6lRmVOHsWb/35MRJqd0XW5BhiAgNkUF9FDGuYD9e7
TVk5ObEaee87f+KW78I5gRnDj4xPo3pKjmoxG9TEEOq6oyfgfYBLIqyjKUvLBPTU
edOFLEK3s10kO0WSq2cMRq402BnUadEqXVqPHXRfgIMto6/5kgEryRZ2fDUKTStV
0MQoDkTcVJMpkESXljnBJLPGFxdPItiP3ZNkq5MGpQas0g==
-----END CERTIFICATE-----