Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/JS0nNPXKAa_AbMSAdGYD2fPuiZs.roa
File:                     JS0nNPXKAa_AbMSAdGYD2fPuiZs.roa (raw, json)
Hash identifier:          qRQS2vRBeqcYQETncTwqu5+Puv5R78TAvzkelsZKCNk=
Subject key identifier:   25:2D:27:34:F5:CA:01:AF:C0:6C:C4:80:74:66:03:D9:F3:EE:89:9B
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       018CC94DD2CBAB621D7897A52676A44CB804
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/JS0nNPXKAa_AbMSAdGYD2fPuiZs.roa
Signing time:             Tue 02 Jan 2024 08:32:49 +0000
ROA not before:           Tue 02 Jan 2024 08:32:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216296
IP address blocks:        2a13:a5c5::/32 maxlen: 48
                          2a13:a5c7:1400::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:d2:cb:ab:62:1d:78:97:a5:26:76:a4:4c:b8:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jan  2 08:32:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=252d2734f5ca01afc06cc480746603d9f3ee899b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:7a:4f:25:70:5c:49:7a:d8:4b:1f:83:fa:d5:
                    3d:ef:63:2b:2f:bf:2f:c7:71:ab:cb:41:72:e9:64:
                    00:31:65:cd:98:32:15:7a:76:d0:cd:57:59:96:89:
                    c1:be:50:d9:ab:7d:cf:5d:ad:c4:a0:28:64:69:aa:
                    95:73:84:9c:f8:c9:1b:5b:f7:1a:fd:5b:85:db:e0:
                    18:4b:f1:4d:9c:dc:72:86:e3:dc:05:fc:36:d4:42:
                    15:5c:a1:0c:db:6f:3a:8e:4b:e1:d5:80:d7:37:81:
                    38:87:33:82:39:3a:83:f3:c9:dd:c3:07:c2:67:b3:
                    52:3c:90:8f:fc:98:23:dc:9e:08:40:a8:f8:ee:88:
                    93:9e:d0:60:1b:c0:78:82:1e:c5:de:cd:49:68:1d:
                    f6:11:cc:25:31:0a:30:a7:81:9c:45:eb:e3:6d:1a:
                    62:40:e8:ff:30:6a:31:39:31:95:d4:d5:be:70:d4:
                    7a:26:28:1f:1b:9e:5d:29:01:f6:90:f6:f1:45:56:
                    ba:9f:d7:c4:d8:a4:dc:5e:e8:15:20:09:74:c2:c0:
                    1a:b7:15:92:33:1a:ce:80:21:06:7f:29:22:9c:47:
                    0e:59:9d:b1:ba:7c:c9:ef:2b:50:b2:2e:0c:7c:b0:
                    2d:c7:62:21:02:ce:8a:97:30:19:96:8d:a8:9f:da:
                    c3:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:2D:27:34:F5:CA:01:AF:C0:6C:C4:80:74:66:03:D9:F3:EE:89:9B
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/JS0nNPXKAa_AbMSAdGYD2fPuiZs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c5::/32
                  2a13:a5c7:1400::/40

    Signature Algorithm: sha256WithRSAEncryption
         2f:3c:5b:0f:bc:36:e3:aa:ee:aa:c1:e7:f8:b3:b9:33:39:bf:
         e2:9a:ae:01:0f:2f:f1:54:cf:89:40:99:2b:18:c8:8b:22:33:
         0a:47:64:55:31:75:ed:22:e7:5d:65:72:3c:60:d5:10:eb:51:
         bf:a0:96:2e:6f:07:23:eb:0a:39:cf:61:b0:59:6d:9b:65:11:
         85:ce:a1:47:4f:d4:a4:10:d5:90:6c:0d:5e:a9:56:e1:18:61:
         2c:82:48:6e:c9:07:89:e7:58:4c:49:fc:c1:83:95:01:1f:0f:
         cf:87:30:0c:ef:06:a0:c9:9b:3e:86:26:a6:2e:0e:71:e2:ab:
         5b:3f:a3:76:5b:f0:d8:9f:b2:0e:f3:c9:b0:7b:53:24:c4:3a:
         0b:5a:56:13:8e:b2:12:74:5c:8d:8a:3a:5f:01:d8:3f:e1:59:
         d0:f6:60:73:9b:84:bc:bf:c4:92:9f:94:02:6f:eb:b5:09:40:
         fa:97:d1:ad:38:a1:e8:27:cb:13:0d:a9:22:99:1c:c3:85:47:
         c4:a0:69:07:ae:8e:c1:24:5b:79:3b:a8:c0:8f:41:43:36:fe:
         f2:a1:56:15:cf:67:cf:9b:37:98:4b:a4:dc:d4:03:40:fb:a2:
         61:9f:ea:9f:b8:78:bb:f5:a3:09:2a:61:67:99:b5:a9:9e:6b:
         c5:98:7f:27
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgISAYzJTdLLq2IdeJelJnakTLgEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjQwMTAyMDgzMjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTJkMjczNGY1Y2EwMWFmYzA2Y2M0ODA3NDY2MDNkOWYzZWU4OTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAknpPJXBcSXrYSx+D+tU972MrL78v
x3Gry0Fy6WQAMWXNmDIVenbQzVdZlonBvlDZq33PXa3EoChkaaqVc4Sc+MkbW/ca
/VuF2+AYS/FNnNxyhuPcBfw21EIVXKEM2286jkvh1YDXN4E4hzOCOTqD88ndwwfC
Z7NSPJCP/Jgj3J4IQKj47oiTntBgG8B4gh7F3s1JaB32EcwlMQowp4GcRevjbRpi
QOj/MGoxOTGV1NW+cNR6JigfG55dKQH2kPbxRVa6n9fE2KTcXugVIAl0wsAatxWS
MxrOgCEGfykinEcOWZ2xunzJ7ytQsi4MfLAtx2IhAs6KlzAZlo2on9rDqwIDAQAB
o4ICEjCCAg4wHQYDVR0OBBYEFCUtJzT1ygGvwGzEgHRmA9nz7ombMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvSlMwbk5QWEtBYV9BYk1TQWRHWUQyZlB1aVpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCgGCCsGAQUFBwEHAQH/BBkwFzAVBAIAAjAPAwUAKhOlxQMG
ACoTpccUMA0GCSqGSIb3DQEBCwUAA4IBAQAvPFsPvDbjqu6qwef4s7kzOb/imq4B
Dy/xVM+JQJkrGMiLIjMKR2RVMXXtIuddZXI8YNUQ61G/oJYubwcj6wo5z2GwWW2b
ZRGFzqFHT9SkENWQbA1eqVbhGGEsgkhuyQeJ51hMSfzBg5UBHw/PhzAM7wagyZs+
hiamLg5x4qtbP6N2W/DYn7IO88mwe1MkxDoLWlYTjrISdFyNijpfAdg/4VnQ9mBz
m4S8v8SSn5QCb+u1CUD6l9GtOKHoJ8sTDakimRzDhUfEoGkHro7BJFt5O6jAj0FD
Nv7yoVYVz2fPmzeYS6Tc1ANA+6Jhn+qfuHi79aMJKmFnmbWpnmvFmH8n
-----END CERTIFICATE-----