Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/CKVmpcm9wJBsfrZ7uSn9Qdm762k.roa
File:                     CKVmpcm9wJBsfrZ7uSn9Qdm762k.roa (raw, json)
Hash identifier:          Y53bfQ3OMqDJoPCseHSZYA/zeKJ2eyU9Jq13pjZcZIY=
Subject key identifier:   08:A5:66:A5:C9:BD:C0:90:6C:7E:B6:7B:B9:29:FD:41:D9:BB:EB:69
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       018CCEFF5181FBA87A8ED35FD32AF669D3B3
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/CKVmpcm9wJBsfrZ7uSn9Qdm762k.roa
Signing time:             Wed 03 Jan 2024 11:04:48 +0000
ROA not before:           Wed 03 Jan 2024 11:04:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215786
IP address blocks:        2a13:a5c7:1800::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ce:ff:51:81:fb:a8:7a:8e:d3:5f:d3:2a:f6:69:d3:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jan  3 11:04:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08a566a5c9bdc0906c7eb67bb929fd41d9bbeb69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:a8:df:b3:73:45:2a:53:de:18:41:0f:c7:67:
                    62:ac:c0:68:1f:7a:7a:d5:fa:8f:5b:ef:20:77:12:
                    3b:a1:a1:95:e8:3f:96:e2:c7:a8:31:6a:0c:b1:ed:
                    57:95:5f:a7:72:06:c3:8a:56:be:5f:b1:b6:7b:f8:
                    af:f8:48:bf:e4:fd:c2:0e:a2:30:8b:3d:6d:cd:a2:
                    09:ce:9a:d9:8f:a5:6a:eb:af:2c:47:db:c1:5c:10:
                    82:fd:9d:5f:6d:8d:9b:04:10:5d:7b:e6:25:ee:6f:
                    57:52:3d:fc:f9:ac:1a:fb:5e:09:dd:54:14:9e:26:
                    48:28:c7:1c:5c:93:df:5b:c1:72:60:c7:ad:7c:12:
                    7c:dd:19:bb:bd:d0:f5:1b:ae:68:af:45:f0:67:c9:
                    56:d0:70:a3:53:66:a3:44:03:da:4b:aa:2c:03:0c:
                    6b:59:24:d3:84:09:e0:a8:40:3f:26:1b:a9:7a:fe:
                    20:0d:db:42:c5:ec:73:bd:19:80:ba:11:33:92:a2:
                    03:6b:da:63:c4:48:4c:d5:f7:fc:58:34:4d:63:2f:
                    71:4b:7c:f7:3b:85:ae:29:b1:3c:61:39:b2:af:7b:
                    f7:9e:c3:f9:7b:a5:9e:d2:56:d2:61:06:c6:a3:d1:
                    d5:21:74:de:d4:1c:23:5f:cd:9c:d6:71:dd:cf:b9:
                    2f:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:A5:66:A5:C9:BD:C0:90:6C:7E:B6:7B:B9:29:FD:41:D9:BB:EB:69
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/CKVmpcm9wJBsfrZ7uSn9Qdm762k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c7:1800::/40

    Signature Algorithm: sha256WithRSAEncryption
         42:77:1a:d7:3b:d3:da:ea:de:d0:d1:1e:55:39:45:2c:5e:5c:
         42:19:da:2a:f7:47:4b:41:d6:43:85:fd:df:0e:04:22:89:bd:
         e1:0b:c5:a0:e9:80:1d:9f:f7:36:bc:df:5e:7c:b0:10:f7:f0:
         4d:f0:fc:4e:25:66:8e:70:52:48:65:bc:ae:9c:8b:1c:29:ad:
         c3:3c:da:35:3b:37:60:d2:68:ab:fe:fe:89:1e:49:d8:6a:9c:
         f1:8b:07:f9:be:04:3b:c0:1e:63:38:31:3f:30:54:c3:bd:54:
         3f:01:3a:55:63:c9:be:4f:da:e6:ee:66:02:81:b5:76:74:96:
         c0:76:6c:be:c0:0b:0a:f7:4f:fe:0f:6c:69:9f:5d:15:d7:8c:
         a1:23:65:db:01:c4:70:1f:ab:2f:21:55:c1:b3:e1:64:a2:c3:
         5e:63:1b:5c:bc:d9:40:f0:cc:8a:86:72:aa:b7:51:87:8f:4b:
         db:9e:32:10:92:19:7e:ed:53:3f:ab:7e:e5:93:46:65:eb:d2:
         94:74:5b:ba:13:7d:59:d6:96:72:fc:04:64:fe:6d:b3:9b:64:
         97:41:9e:0e:39:75:06:7b:21:24:53:b0:e9:d7:23:b2:f7:48:
         23:ca:81:51:95:29:7a:f4:ed:a8:8c:c6:55:52:69:cb:f9:81:
         15:6b:14:0d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzO/1GB+6h6jtNf0yr2adOzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjQwMTAzMTEwNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGE1NjZhNWM5YmRjMDkwNmM3ZWI2N2JiOTI5ZmQ0MWQ5YmJlYjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6jfs3NFKlPeGEEPx2dirMBoH3p6
1fqPW+8gdxI7oaGV6D+W4seoMWoMse1XlV+ncgbDila+X7G2e/iv+Ei/5P3CDqIw
iz1tzaIJzprZj6Vq668sR9vBXBCC/Z1fbY2bBBBde+Yl7m9XUj38+awa+14J3VQU
niZIKMccXJPfW8FyYMetfBJ83Rm7vdD1G65or0XwZ8lW0HCjU2ajRAPaS6osAwxr
WSTThAngqEA/Jhupev4gDdtCxexzvRmAuhEzkqIDa9pjxEhM1ff8WDRNYy9xS3z3
O4WuKbE8YTmyr3v3nsP5e6We0lbSYQbGo9HVIXTe1BwjX82c1nHdz7kvtQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFAilZqXJvcCQbH62e7kp/UHZu+tpMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvQ0tWbXBjbTl3SkJzZnJaN3VTbjlRZG03NjJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhOlxxgw
DQYJKoZIhvcNAQELBQADggEBAEJ3Gtc709rq3tDRHlU5RSxeXEIZ2ir3R0tB1kOF
/d8OBCKJveELxaDpgB2f9za83158sBD38E3w/E4lZo5wUkhlvK6cixwprcM82jU7
N2DSaKv+/okeSdhqnPGLB/m+BDvAHmM4MT8wVMO9VD8BOlVjyb5P2ubuZgKBtXZ0
lsB2bL7ACwr3T/4PbGmfXRXXjKEjZdsBxHAfqy8hVcGz4WSiw15jG1y82UDwzIqG
cqq3UYePS9ueMhCSGX7tUz+rfuWTRmXr0pR0W7oTfVnWlnL8BGT+bbObZJdBng45
dQZ7ISRTsOnXI7L3SCPKgVGVKXr07aiMxlVSacv5gRVrFA0=
-----END CERTIFICATE-----