Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/KkkbCmwpEpxK9lZfqRQ2K7yO9tc.roa
File:                     KkkbCmwpEpxK9lZfqRQ2K7yO9tc.roa (raw, json)
Hash identifier:          GpP2DopneteujzEEOHS0l63zrA+1806B4mLxg5RJFyg=
Subject key identifier:   2A:49:1B:0A:6C:29:12:9C:4A:F6:56:5F:A9:14:36:2B:BC:8E:F6:D7
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       018CD3B716332A6BF58E0D68BBC5A2CD2260
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/KkkbCmwpEpxK9lZfqRQ2K7yO9tc.roa
Signing time:             Thu 04 Jan 2024 09:04:00 +0000
ROA not before:           Thu 04 Jan 2024 09:04:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198304
IP address blocks:        2a13:a5c5:f000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d3:b7:16:33:2a:6b:f5:8e:0d:68:bb:c5:a2:cd:22:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jan  4 09:04:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2a491b0a6c29129c4af6565fa914362bbc8ef6d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:90:42:5e:6b:a1:b8:ef:33:f8:8e:1c:82:30:
                    73:83:40:65:b4:41:5d:43:63:a1:39:cb:91:50:72:
                    19:da:98:5e:65:b2:8f:db:4c:1f:70:71:7a:86:96:
                    5f:e4:d7:ee:49:4c:5d:14:01:c3:8a:be:1b:df:a2:
                    f5:88:8d:ba:4b:3c:95:10:e4:6c:5b:d6:53:48:0c:
                    eb:f4:2e:ab:c4:f6:c4:e2:ef:51:8e:f7:8f:84:5e:
                    b8:cc:2e:c0:f8:59:23:08:d7:fd:97:a0:2a:1f:2b:
                    4a:c4:cf:65:cc:d6:df:e1:7c:02:56:af:5f:42:ad:
                    10:ed:0b:90:a8:03:8c:7e:d9:74:9c:a9:8e:c9:65:
                    1b:38:90:d6:7c:ee:3e:b6:61:53:9c:67:38:93:11:
                    d8:ce:51:c1:4f:3c:97:95:95:86:0f:f6:f5:b1:49:
                    dc:d7:df:00:99:07:3c:80:74:57:ed:59:08:03:a0:
                    06:a6:7a:0d:cc:f8:95:55:e1:93:3f:e8:2c:fd:d0:
                    18:d3:ee:1b:1b:58:d8:55:77:f1:f0:18:cc:46:84:
                    ac:bc:29:56:c6:14:e3:ab:6e:44:8d:37:25:f7:31:
                    44:a8:b9:95:92:e7:a4:be:97:49:e1:0c:f0:3d:5a:
                    3a:2e:05:3f:2a:67:ba:57:ca:4f:d6:2e:0e:6b:4b:
                    f0:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:49:1B:0A:6C:29:12:9C:4A:F6:56:5F:A9:14:36:2B:BC:8E:F6:D7
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/KkkbCmwpEpxK9lZfqRQ2K7yO9tc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c5:f000::/40

    Signature Algorithm: sha256WithRSAEncryption
         11:6b:bf:26:90:c4:73:51:ed:39:bc:9c:84:fd:33:cf:31:43:
         de:9e:d3:05:f3:94:a6:f6:e9:00:d1:ba:87:94:71:0d:d3:af:
         34:09:8e:7d:68:37:5c:24:dc:14:d7:48:74:59:81:fb:32:b2:
         cd:0e:3b:d2:97:9e:e9:1d:d6:69:2a:40:26:1c:44:32:eb:2f:
         3e:e9:05:aa:08:b8:58:f3:47:a5:48:66:6a:65:b8:da:67:a8:
         c6:77:5f:ff:d9:a9:80:d9:d0:18:6e:4f:7d:07:7f:ed:e2:12:
         ef:81:1f:01:40:34:d6:53:ad:ed:79:10:ad:09:06:b9:e7:49:
         e6:1b:dd:b9:3b:ba:77:71:02:f0:29:c5:18:12:2c:c3:53:12:
         ea:7f:ba:99:3e:83:e5:9d:f1:f4:f2:81:d4:32:06:8c:04:79:
         60:f9:3b:aa:08:83:90:48:c8:4e:4e:7a:23:5d:eb:d0:5b:3e:
         eb:8d:1a:51:cd:a1:fb:13:04:bd:58:61:5c:42:c0:04:06:6a:
         30:08:f0:f7:5d:91:ab:fe:65:64:e0:80:34:0c:01:76:41:8a:
         45:05:e9:c5:d2:64:0d:7a:23:99:5a:0c:f1:74:75:87:f4:8c:
         65:ca:d5:ca:77:9e:ff:66:44:a7:2f:d1:35:7a:1b:95:5c:c5:
         ce:e8:46:cc
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzTtxYzKmv1jg1ou8WizSJgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjQwMTA0MDkwNDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTQ5MWIwYTZjMjkxMjljNGFmNjU2NWZhOTE0MzYyYmJjOGVmNmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJBCXmuhuO8z+I4cgjBzg0BltEFd
Q2OhOcuRUHIZ2pheZbKP20wfcHF6hpZf5NfuSUxdFAHDir4b36L1iI26SzyVEORs
W9ZTSAzr9C6rxPbE4u9RjvePhF64zC7A+FkjCNf9l6AqHytKxM9lzNbf4XwCVq9f
Qq0Q7QuQqAOMftl0nKmOyWUbOJDWfO4+tmFTnGc4kxHYzlHBTzyXlZWGD/b1sUnc
198AmQc8gHRX7VkIA6AGpnoNzPiVVeGTP+gs/dAY0+4bG1jYVXfx8BjMRoSsvClW
xhTjq25EjTcl9zFEqLmVkuekvpdJ4QzwPVo6LgU/Kme6V8pP1i4Oa0vwGwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCpJGwpsKRKcSvZWX6kUNiu8jvbXMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvS2trYkNtd3BFcHhLOWxaZnFSUTJLN3lPOXRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhOlxfAw
DQYJKoZIhvcNAQELBQADggEBABFrvyaQxHNR7Tm8nIT9M88xQ96e0wXzlKb26QDR
uoeUcQ3TrzQJjn1oN1wk3BTXSHRZgfsyss0OO9KXnukd1mkqQCYcRDLrLz7pBaoI
uFjzR6VIZmpluNpnqMZ3X//ZqYDZ0BhuT30Hf+3iEu+BHwFANNZTre15EK0JBrnn
SeYb3bk7undxAvApxRgSLMNTEup/upk+g+Wd8fTygdQyBowEeWD5O6oIg5BIyE5O
eiNd69BbPuuNGlHNofsTBL1YYVxCwAQGajAI8Pddkav+ZWTggDQMAXZBikUF6cXS
ZA16I5laDPF0dYf0jGXK1cp3nv9mRKcv0TV6G5Vcxc7oRsw=
-----END CERTIFICATE-----