Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/Rg87k_GA6D1eGo7HGOtZkbmHiUw.roa
File:                     Rg87k_GA6D1eGo7HGOtZkbmHiUw.roa (raw, json)
Hash identifier:          5STc3WN8FL/AvcYg5aUK9YNT1OqtkzDCKkUvB54cIhE=
Subject key identifier:   46:0F:3B:93:F1:80:E8:3D:5E:1A:8E:C7:18:EB:59:91:B9:87:89:4C
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       0192CEEDB2C75D8C337BD1056DC2153E8E12
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/Rg87k_GA6D1eGo7HGOtZkbmHiUw.roa
Signing time:             Sun 27 Oct 2024 17:02:17 +0000
ROA not before:           Sun 27 Oct 2024 17:02:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203314
IP address blocks:        2a13:a5c7:2500::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ce:ed:b2:c7:5d:8c:33:7b:d1:05:6d:c2:15:3e:8e:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Oct 27 17:02:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=460f3b93f180e83d5e1a8ec718eb5991b987894c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:c4:d2:20:de:9f:10:f5:86:20:46:25:20:7e:
                    e5:04:8b:d2:a3:f8:5f:7c:bf:47:30:da:72:ef:12:
                    ba:36:ce:a4:41:6d:74:52:89:58:0e:f5:0b:3f:9c:
                    50:37:8d:89:ee:03:37:03:e5:0a:0a:6a:cd:96:3c:
                    d7:68:1f:6b:6f:79:c2:88:af:86:fd:b4:4d:52:1b:
                    39:e9:5d:17:eb:14:42:16:d0:6f:e0:4c:f2:84:c3:
                    bc:c2:48:e5:30:67:5c:b2:15:13:79:16:b5:41:9f:
                    eb:4e:c7:60:4e:d7:1e:32:62:aa:fc:a3:0b:f5:e1:
                    8e:0a:f9:32:bb:be:ee:dc:57:5e:48:a4:ad:fc:ee:
                    59:9d:69:41:4b:1a:b9:9a:34:40:25:67:8c:d7:76:
                    3e:06:aa:d6:93:3c:71:3d:79:77:e9:8e:18:71:97:
                    53:02:45:2c:20:13:17:a8:04:e0:4f:4a:48:5e:82:
                    a8:9a:f8:cd:73:86:49:c1:1e:c7:08:5f:66:0b:0d:
                    2f:b1:11:37:cd:96:2b:6a:6f:9c:ce:99:7e:fe:c5:
                    8c:5e:14:db:fb:1d:18:5e:8f:c1:9f:d8:2e:c5:78:
                    5d:a5:14:ef:b6:8f:f3:03:9f:a8:b9:d3:4c:d2:b1:
                    fe:17:c9:33:89:8d:1f:7f:4d:4f:34:31:d4:c4:59:
                    e3:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:0F:3B:93:F1:80:E8:3D:5E:1A:8E:C7:18:EB:59:91:B9:87:89:4C
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/Rg87k_GA6D1eGo7HGOtZkbmHiUw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c7:2500::/40

    Signature Algorithm: sha256WithRSAEncryption
         ab:00:d4:c2:d6:4c:f9:d5:0e:bd:41:e3:9d:38:17:20:a0:1f:
         dd:2d:9e:14:0d:a2:33:c1:b4:87:dc:b5:a9:f2:d8:14:56:8c:
         4c:1f:1e:cb:28:15:e8:61:d1:f7:33:65:02:f5:cb:28:88:03:
         b7:90:11:9a:d3:7c:f5:b9:a7:9d:98:28:36:66:e4:7e:c6:30:
         57:52:8f:ce:77:5f:2f:bb:0a:26:0a:e3:8a:00:5c:ea:68:02:
         e5:ae:19:b4:c0:63:d3:71:82:28:f3:16:24:08:de:be:0e:db:
         1a:32:a7:b7:95:fa:81:4c:f0:0a:cd:a2:c8:e4:41:7f:6c:5e:
         33:f0:f6:a0:57:43:07:ce:9e:1e:6f:93:b2:57:b0:a1:d2:31:
         84:e8:27:3f:7e:91:13:ca:6c:e3:5a:5d:ad:0f:a9:55:68:92:
         87:f8:83:5f:b3:c8:bf:32:d9:3f:ea:4a:1a:6e:d9:75:7a:86:
         04:33:d5:b1:f1:f5:d6:33:e1:fd:ce:a9:37:b5:2f:d9:d3:7a:
         fc:eb:07:fa:5d:c9:0b:d6:0d:8c:99:cb:c1:6b:1c:cc:f4:d2:
         68:59:c9:30:7d:c3:41:86:74:f3:60:da:96:34:4d:a9:36:6d:
         89:33:d3:74:a4:55:69:12:27:44:2a:30:c3:a8:fc:23:4a:50:
         bd:0b:a0:4e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZLO7bLHXYwze9EFbcIVPo4SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjQxMDI3MTcwMjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjBmM2I5M2YxODBlODNkNWUxYThlYzcxOGViNTk5MWI5ODc4OTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxsTSIN6fEPWGIEYlIH7lBIvSo/hf
fL9HMNpy7xK6Ns6kQW10UolYDvULP5xQN42J7gM3A+UKCmrNljzXaB9rb3nCiK+G
/bRNUhs56V0X6xRCFtBv4EzyhMO8wkjlMGdcshUTeRa1QZ/rTsdgTtceMmKq/KML
9eGOCvkyu77u3FdeSKSt/O5ZnWlBSxq5mjRAJWeM13Y+BqrWkzxxPXl36Y4YcZdT
AkUsIBMXqATgT0pIXoKomvjNc4ZJwR7HCF9mCw0vsRE3zZYram+czpl+/sWMXhTb
+x0YXo/Bn9guxXhdpRTvto/zA5+oudNM0rH+F8kziY0ff01PNDHUxFnjJwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFEYPO5PxgOg9XhqOxxjrWZG5h4lMMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvUmc4N2tfR0E2RDFlR283SEdPdFprYm1IaVV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhOlxyUw
DQYJKoZIhvcNAQELBQADggEBAKsA1MLWTPnVDr1B4504FyCgH90tnhQNojPBtIfc
tany2BRWjEwfHssoFehh0fczZQL1yyiIA7eQEZrTfPW5p52YKDZm5H7GMFdSj853
Xy+7CiYK44oAXOpoAuWuGbTAY9NxgijzFiQI3r4O2xoyp7eV+oFM8ArNosjkQX9s
XjPw9qBXQwfOnh5vk7JXsKHSMYToJz9+kRPKbONaXa0PqVVokof4g1+zyL8y2T/q
Shpu2XV6hgQz1bHx9dYz4f3OqTe1L9nTevzrB/pdyQvWDYyZy8FrHMz00mhZyTB9
w0GGdPNg2pY0Tak2bYkz03SkVWkSJ0QqMMOo/CNKUL0LoE4=
-----END CERTIFICATE-----