Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/RVMJJP-FsMoUPkYshkJcGxxWiB4.roa
File:                     RVMJJP-FsMoUPkYshkJcGxxWiB4.roa (raw, json)
Hash identifier:          lMw4KUTUDrMByFT8JSXUP02YiqvnFLlov4+wD37A5to=
Subject key identifier:   45:53:09:24:FF:85:B0:CA:14:3E:46:2C:86:42:5C:1B:1C:56:88:1E
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       018FFDAFCC12DE17515E14FBE0D1155A14B4
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/RVMJJP-FsMoUPkYshkJcGxxWiB4.roa
Signing time:             Sun 09 Jun 2024 15:48:27 +0000
ROA not before:           Sun 09 Jun 2024 15:48:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215575
IP address blocks:        2a13:a5c3:ff00::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:fd:af:cc:12:de:17:51:5e:14:fb:e0:d1:15:5a:14:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jun  9 15:48:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45530924ff85b0ca143e462c86425c1b1c56881e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:c4:e0:8c:cd:e2:7b:71:a2:34:9b:21:58:7d:
                    be:9d:7c:1a:40:5f:d8:79:dd:f9:5e:7a:d8:c3:6d:
                    a3:92:a2:b5:2a:46:7b:e7:c7:47:c4:ed:17:d7:e6:
                    15:ef:9d:2a:43:2c:b8:60:54:b1:33:23:ca:a9:78:
                    7a:6d:78:4b:79:cb:1c:1b:38:21:a7:07:a5:e8:b4:
                    5f:98:26:49:22:93:d4:10:6a:47:52:7b:4f:36:3c:
                    4e:77:ea:04:7e:5e:c9:7c:d5:f5:08:b1:07:c5:07:
                    d6:56:00:d7:5a:67:a2:0a:0b:67:cf:3d:cd:1c:ab:
                    9f:2b:ee:98:5f:7f:30:e2:f2:ca:d7:36:53:34:cd:
                    c1:e5:c2:c3:89:e6:b8:33:3c:4d:52:84:29:55:e7:
                    bb:7d:40:6e:a6:d6:88:03:1c:e0:98:6b:c3:b6:df:
                    76:99:fb:b3:79:65:62:0a:8b:a2:01:0f:e2:8c:6b:
                    e5:39:59:2a:21:8d:36:a1:c6:ac:fe:99:37:04:dc:
                    50:4e:42:ce:1d:f9:bb:a3:64:44:26:ed:cd:25:69:
                    ff:5c:dc:bf:b1:c9:f9:59:59:3e:4e:5e:0e:7d:98:
                    2d:3c:3a:e3:8e:b6:31:d2:b7:b3:6c:f6:18:9b:e6:
                    17:54:cc:6a:81:e5:c6:c9:63:5f:ca:6b:83:45:65:
                    7a:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:53:09:24:FF:85:B0:CA:14:3E:46:2C:86:42:5C:1B:1C:56:88:1E
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/RVMJJP-FsMoUPkYshkJcGxxWiB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c3:ff00::/44

    Signature Algorithm: sha256WithRSAEncryption
         4c:fd:27:a4:16:58:93:7c:dc:fc:fb:fa:bf:0e:02:3b:67:33:
         93:27:2a:a3:10:8c:e4:ee:d2:f4:df:67:e4:8d:66:f6:11:56:
         3d:85:6e:a4:19:34:1b:c7:28:54:99:54:f8:b6:ab:9c:4a:d5:
         25:da:d2:cc:b4:6b:6b:be:d3:0d:6b:d2:28:e7:7f:b1:d1:86:
         7d:fa:71:09:e7:4b:a9:51:cf:20:93:cc:8c:a4:da:08:df:5c:
         28:cc:37:22:34:33:69:ff:94:e7:50:e7:1f:ed:dd:89:e0:8f:
         59:f8:2b:09:03:bf:ad:8f:eb:1b:cb:09:c4:ab:48:a8:2b:f1:
         63:2e:c0:e2:98:dc:63:82:2f:00:4a:36:fe:21:c6:9d:ea:7f:
         53:2f:d0:f1:b4:3d:06:2d:0b:14:9d:cc:c1:dc:93:a1:c7:10:
         97:df:92:30:57:93:6f:5a:a7:2b:cb:e2:78:bf:fe:60:c3:e3:
         87:43:80:cf:0e:17:0f:76:20:ed:79:92:d4:98:42:48:8e:bf:
         bd:19:cc:40:5d:45:4a:cd:c0:40:8b:1a:48:eb:a0:2b:c3:3c:
         52:95:b1:64:08:2b:f6:22:32:71:75:9c:83:82:4d:11:3d:7b:
         a1:77:f9:c3:9a:14:0d:e2:6e:5e:4d:5f:55:e8:e3:af:f8:35:
         d4:44:6e:b5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY/9r8wS3hdRXhT74NEVWhS0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjQwNjA5MTU0ODI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTUzMDkyNGZmODViMGNhMTQzZTQ2MmM4NjQyNWMxYjFjNTY4ODFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAssTgjM3ie3GiNJshWH2+nXwaQF/Y
ed35XnrYw22jkqK1KkZ758dHxO0X1+YV750qQyy4YFSxMyPKqXh6bXhLecscGzgh
pwel6LRfmCZJIpPUEGpHUntPNjxOd+oEfl7JfNX1CLEHxQfWVgDXWmeiCgtnzz3N
HKufK+6YX38w4vLK1zZTNM3B5cLDiea4MzxNUoQpVee7fUBuptaIAxzgmGvDtt92
mfuzeWViCouiAQ/ijGvlOVkqIY02ocas/pk3BNxQTkLOHfm7o2REJu3NJWn/XNy/
scn5WVk+Tl4OfZgtPDrjjrYx0rezbPYYm+YXVMxqgeXGyWNfymuDRWV6hwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEVTCST/hbDKFD5GLIZCXBscVogeMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvUlZNSkpQLUZzTW9VUGtZc2hrSmNHeHhXaUI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhOlw/8A
MA0GCSqGSIb3DQEBCwUAA4IBAQBM/SekFliTfNz8+/q/DgI7ZzOTJyqjEIzk7tL0
32fkjWb2EVY9hW6kGTQbxyhUmVT4tqucStUl2tLMtGtrvtMNa9Io53+x0YZ9+nEJ
50upUc8gk8yMpNoI31wozDciNDNp/5TnUOcf7d2J4I9Z+CsJA7+tj+sbywnEq0io
K/FjLsDimNxjgi8ASjb+Icad6n9TL9DxtD0GLQsUnczB3JOhxxCX35IwV5NvWqcr
y+J4v/5gw+OHQ4DPDhcPdiDteZLUmEJIjr+9GcxAXUVKzcBAixpI66ArwzxSlbFk
CCv2IjJxdZyDgk0RPXuhd/nDmhQN4m5eTV9V6OOv+DXURG61
-----END CERTIFICATE-----