Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/EGhZ60IuudFIUbGDoypovdEuen0.roa
File:                     EGhZ60IuudFIUbGDoypovdEuen0.roa (raw, json)
Hash identifier:          kGmUO0opq8xl+SP38Jk3QhQ5G39kjWwEwb7tUZX+qSA=
Subject key identifier:   10:68:59:EB:42:2E:B9:D1:48:51:B1:83:A3:2A:68:BD:D1:2E:7A:7D
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       018F53F5506932DAE6829BD244FB2D4E681C
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/EGhZ60IuudFIUbGDoypovdEuen0.roa
Signing time:             Tue 07 May 2024 16:48:56 +0000
ROA not before:           Tue 07 May 2024 16:48:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214963
IP address blocks:        2a13:a5c7:2100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:53:f5:50:69:32:da:e6:82:9b:d2:44:fb:2d:4e:68:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: May  7 16:48:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=106859eb422eb9d14851b183a32a68bdd12e7a7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:71:e8:8c:a7:51:53:a8:60:89:19:3d:81:4a:
                    f9:36:11:4d:d2:e8:47:d3:53:3e:0f:4e:0c:0d:8e:
                    56:cd:20:15:2f:28:eb:7f:ae:d0:b4:e4:01:69:b7:
                    a5:9c:73:5d:f2:25:08:15:ff:75:54:a8:0e:08:3b:
                    18:7e:d4:c8:8b:33:3b:ae:ea:9f:11:46:c9:f8:76:
                    b4:f5:f7:05:24:4c:fb:4e:d3:5d:b2:61:e6:2f:aa:
                    a1:b6:f8:6c:66:2c:b1:2e:4a:f4:48:70:20:3f:7a:
                    2f:90:dd:e3:5f:31:c3:05:90:98:a8:7e:72:1c:0d:
                    40:96:17:f1:07:0a:7d:6e:d5:c5:ab:8d:42:b1:6a:
                    2f:e6:87:83:06:69:ce:a0:a8:f9:6e:f5:9d:20:4f:
                    d4:3d:d3:60:1c:87:45:7f:27:b4:47:a3:3b:94:7d:
                    48:db:08:a7:5c:66:38:17:99:ea:b0:23:f0:7d:2c:
                    00:fe:f5:b2:76:7d:ba:f2:af:20:43:33:ab:1b:be:
                    54:e2:c2:72:26:11:87:22:08:65:59:32:e9:f9:c7:
                    ee:bf:c5:fc:9f:c2:9a:e2:3f:e4:84:68:20:7f:cc:
                    22:06:62:c4:08:45:ed:0b:98:61:b5:99:1d:84:bc:
                    75:8a:b5:11:95:bc:f9:42:52:95:f1:44:e0:47:14:
                    ea:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:68:59:EB:42:2E:B9:D1:48:51:B1:83:A3:2A:68:BD:D1:2E:7A:7D
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/EGhZ60IuudFIUbGDoypovdEuen0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c7:2100::/40

    Signature Algorithm: sha256WithRSAEncryption
         09:37:85:d2:ac:ae:17:08:05:65:58:cf:85:71:25:3e:e5:fe:
         39:26:cc:fc:e2:ee:58:16:77:aa:11:8d:3a:94:b6:a5:10:3a:
         29:a0:e5:9d:14:f7:bb:85:7a:b1:88:86:7f:ee:e4:84:71:82:
         16:e5:d6:85:c1:9f:00:38:3f:7b:ed:f6:79:b4:a5:b7:5a:2b:
         cb:8d:73:0a:56:da:dd:44:64:44:62:2f:9b:71:be:b3:b6:43:
         35:48:0c:1f:ba:f6:0a:cd:95:2f:ef:0a:7b:3e:cc:bc:cc:8f:
         f1:18:ff:e0:ae:cf:ce:f1:36:22:04:82:06:3d:08:d9:84:de:
         05:d5:f0:f9:a9:69:6e:64:f2:93:74:22:a2:8e:cb:ba:7f:84:
         b7:33:74:92:3e:cc:0d:ed:5f:55:d3:92:33:b6:ab:c9:e4:8e:
         16:25:ba:94:54:fe:ff:25:fe:51:61:43:a0:4c:f8:2c:d2:73:
         c9:6e:d8:7d:79:31:14:62:dc:36:28:d6:5b:c8:48:57:19:b7:
         8d:3b:11:15:cc:a0:72:65:77:62:07:82:f9:2c:c9:bf:44:0f:
         f1:c9:72:f2:01:27:bd:48:7f:90:22:3a:5c:47:bd:27:a8:25:
         56:73:1b:1b:a3:14:da:91:2a:b9:ea:21:0c:97:09:7a:e8:2e:
         15:12:3e:28
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY9T9VBpMtrmgpvSRPstTmgcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjQwNTA3MTY0ODU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDY4NTllYjQyMmViOWQxNDg1MWIxODNhMzJhNjhiZGQxMmU3YTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjHHojKdRU6hgiRk9gUr5NhFN0uhH
01M+D04MDY5WzSAVLyjrf67QtOQBabelnHNd8iUIFf91VKgOCDsYftTIizM7ruqf
EUbJ+Ha09fcFJEz7TtNdsmHmL6qhtvhsZiyxLkr0SHAgP3ovkN3jXzHDBZCYqH5y
HA1AlhfxBwp9btXFq41CsWov5oeDBmnOoKj5bvWdIE/UPdNgHIdFfye0R6M7lH1I
2winXGY4F5nqsCPwfSwA/vWydn268q8gQzOrG75U4sJyJhGHIghlWTLp+cfuv8X8
n8Ka4j/khGggf8wiBmLECEXtC5hhtZkdhLx1irURlbz5QlKV8UTgRxTquwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFBBoWetCLrnRSFGxg6MqaL3RLnp9MB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvRUdoWjYwSXV1ZEZJVWJHRG95cG92ZEV1ZW4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhOlxyEw
DQYJKoZIhvcNAQELBQADggEBAAk3hdKsrhcIBWVYz4VxJT7l/jkmzPzi7lgWd6oR
jTqUtqUQOimg5Z0U97uFerGIhn/u5IRxghbl1oXBnwA4P3vt9nm0pbdaK8uNcwpW
2t1EZERiL5txvrO2QzVIDB+69grNlS/vCns+zLzMj/EY/+Cuz87xNiIEggY9CNmE
3gXV8PmpaW5k8pN0IqKOy7p/hLczdJI+zA3tX1XTkjO2q8nkjhYlupRU/v8l/lFh
Q6BM+CzSc8lu2H15MRRi3DYo1lvISFcZt407ERXMoHJld2IHgvksyb9ED/HJcvIB
J71If5AiOlxHvSeoJVZzGxujFNqRKrnqIQyXCXroLhUSPig=
-----END CERTIFICATE-----