Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/CHPWZuB6y_2mYz-do3PdLWyzlHo.roa
File:                     CHPWZuB6y_2mYz-do3PdLWyzlHo.roa (raw, json)
Hash identifier:          QU3V7M/vetejZYr9Y061GTjB0EoV3Goq6n9KOK4hPIU=
Subject key identifier:   08:73:D6:66:E0:7A:CB:FD:A6:63:3F:9D:A3:73:DD:2D:6C:B3:94:7A
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       018CC94DCFD717B5C0A5F41E284EEBED7170
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/CHPWZuB6y_2mYz-do3PdLWyzlHo.roa
Signing time:             Tue 02 Jan 2024 08:32:48 +0000
ROA not before:           Tue 02 Jan 2024 08:32:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208747
IP address blocks:        2a13:a5c7:1100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:cf:d7:17:b5:c0:a5:f4:1e:28:4e:eb:ed:71:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jan  2 08:32:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0873d666e07acbfda6633f9da373dd2d6cb3947a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:8b:f3:10:17:44:8a:7c:42:52:a0:0b:9e:63:
                    a4:9e:cc:29:a4:e3:dd:9d:5a:ca:b8:c0:9c:58:4e:
                    fd:22:db:9c:c2:89:84:38:11:e0:58:7e:6a:da:ba:
                    9b:f4:f5:3f:2f:84:f3:4f:2f:d8:de:ec:3e:cc:c4:
                    01:72:b8:38:83:98:a2:99:44:fa:48:8c:f9:93:b8:
                    88:bf:d7:8b:14:7e:9c:72:e3:38:4d:85:f0:f8:e1:
                    60:d2:b8:dc:a4:d8:d0:b2:b6:f4:79:f8:bc:44:c5:
                    a8:b8:3f:64:83:7f:29:af:14:cc:6d:f9:cf:59:51:
                    87:95:30:21:cd:7f:e2:9f:d9:23:22:0d:cb:04:58:
                    c9:29:31:9a:10:fe:3c:84:be:33:d7:33:45:cb:2f:
                    fe:14:e0:eb:fc:72:59:f6:f2:fd:6f:05:74:1b:81:
                    11:2a:a9:a9:f2:06:9c:07:c0:68:2b:7f:ca:99:63:
                    45:b3:87:8f:b1:56:4d:9b:02:f0:4e:ca:2f:04:6b:
                    fc:03:f3:c4:95:58:29:75:07:01:a3:b4:ea:a6:7b:
                    94:a2:8e:19:0e:44:bb:33:a0:73:8f:b3:a5:c9:81:
                    7a:ef:d4:52:5c:f0:19:ed:17:a6:59:01:61:a5:e7:
                    e0:a3:ab:89:df:35:e8:d0:02:a5:e2:7f:c9:67:67:
                    d6:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:73:D6:66:E0:7A:CB:FD:A6:63:3F:9D:A3:73:DD:2D:6C:B3:94:7A
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/CHPWZuB6y_2mYz-do3PdLWyzlHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c7:1100::/40

    Signature Algorithm: sha256WithRSAEncryption
         90:36:99:43:ec:af:ce:7b:08:f7:9e:2e:8a:34:a6:49:e0:a5:
         cd:8a:50:3d:8b:c0:56:01:42:72:8a:c0:9c:1f:6f:fa:c6:60:
         c6:21:0b:47:98:7a:5e:08:ff:97:fa:90:7b:db:59:61:c2:fa:
         15:a3:ba:b5:e7:7b:84:d3:8a:47:f5:eb:f6:62:16:50:ed:14:
         ec:55:8b:f9:98:d8:3b:7e:74:f8:21:4a:ec:aa:36:b8:7f:03:
         93:52:db:97:d3:40:32:9e:17:a0:05:04:ea:ac:ff:c4:1c:58:
         9e:3e:13:8e:97:24:80:fc:e7:d0:be:89:dd:d3:78:21:18:38:
         82:0f:86:97:6f:3a:61:a4:c5:9f:73:ce:9f:37:a9:b0:1a:e0:
         99:ec:93:1e:8f:6c:49:f8:9a:c1:a1:78:ae:96:ed:53:d0:0a:
         15:5e:e8:79:6a:57:ec:8e:8b:a3:57:ab:59:b6:19:7c:e2:ca:
         fa:c3:50:99:31:13:82:f9:42:8b:fa:84:67:f2:d7:12:16:78:
         3e:55:17:93:d9:41:0f:eb:6b:1d:aa:d8:0b:08:78:2b:38:19:
         b5:bd:ab:eb:32:83:9b:18:0c:7c:1d:47:f6:15:e9:a4:35:e6:
         3c:d9:e7:18:0b:53:1f:ed:a4:de:cd:e6:51:dc:4d:a3:28:7e:
         20:a5:a3:7a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTc/XF7XApfQeKE7r7XFwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjQwMTAyMDgzMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODczZDY2NmUwN2FjYmZkYTY2MzNmOWRhMzczZGQyZDZjYjM5NDdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4vzEBdEinxCUqALnmOknswppOPd
nVrKuMCcWE79ItucwomEOBHgWH5q2rqb9PU/L4TzTy/Y3uw+zMQBcrg4g5iimUT6
SIz5k7iIv9eLFH6ccuM4TYXw+OFg0rjcpNjQsrb0efi8RMWouD9kg38prxTMbfnP
WVGHlTAhzX/in9kjIg3LBFjJKTGaEP48hL4z1zNFyy/+FODr/HJZ9vL9bwV0G4ER
Kqmp8gacB8BoK3/KmWNFs4ePsVZNmwLwTsovBGv8A/PElVgpdQcBo7TqpnuUoo4Z
DkS7M6Bzj7OlyYF679RSXPAZ7RemWQFhpefgo6uJ3zXo0AKl4n/JZ2fWRwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFAhz1mbgesv9pmM/naNz3S1ss5R6MB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvQ0hQV1p1QjZ5XzJtWXotZG8zUGRMV3l6bEhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhOlxxEw
DQYJKoZIhvcNAQELBQADggEBAJA2mUPsr857CPeeLoo0pkngpc2KUD2LwFYBQnKK
wJwfb/rGYMYhC0eYel4I/5f6kHvbWWHC+hWjurXne4TTikf16/ZiFlDtFOxVi/mY
2Dt+dPghSuyqNrh/A5NS25fTQDKeF6AFBOqs/8QcWJ4+E46XJID859C+id3TeCEY
OIIPhpdvOmGkxZ9zzp83qbAa4Jnskx6PbEn4msGheK6W7VPQChVe6HlqV+yOi6NX
q1m2GXziyvrDUJkxE4L5Qov6hGfy1xIWeD5VF5PZQQ/rax2q2AsIeCs4GbW9q+sy
g5sYDHwdR/YV6aQ15jzZ5xgLUx/tpN7N5lHcTaMofiClo3o=
-----END CERTIFICATE-----