Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/W28akvFoj_AE9MGse-3jZf04Yd8.roa
File:                     W28akvFoj_AE9MGse-3jZf04Yd8.roa (raw, json)
Hash identifier:          m3/4fDxNK66E5TxNY9TXv7LG0dkoDxGnKkbgubAZ1Lg=
Subject key identifier:   5B:6F:1A:92:F1:68:8F:F0:04:F4:C1:AC:7B:ED:E3:65:FD:38:61:DF
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       018CC94DCC213940AE6B791D43E7CB9349B6
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/W28akvFoj_AE9MGse-3jZf04Yd8.roa
Signing time:             Tue 02 Jan 2024 08:32:48 +0000
ROA not before:           Tue 02 Jan 2024 08:32:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62246
IP address blocks:        2a13:a5c0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:cc:21:39:40:ae:6b:79:1d:43:e7:cb:93:49:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jan  2 08:32:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b6f1a92f1688ff004f4c1ac7bede365fd3861df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:97:76:d0:f8:96:f4:df:b0:46:d4:8a:98:8b:
                    e4:f8:eb:e4:27:76:cb:56:d7:67:98:0e:1a:a3:1f:
                    c5:70:18:06:fa:70:fd:2c:16:95:f8:22:21:65:32:
                    59:ee:35:22:6e:a5:44:3b:14:2e:56:05:6b:ca:55:
                    60:d1:37:0f:bb:95:76:28:52:72:11:62:02:62:c8:
                    08:73:63:8c:78:41:82:86:39:9d:4f:73:fc:29:56:
                    6c:51:e3:8f:5e:65:aa:ff:a9:35:b4:6e:55:02:57:
                    16:6d:c5:2c:ff:16:85:fe:97:de:9d:02:73:81:f9:
                    e7:7f:08:f0:8c:f3:41:62:46:36:11:68:23:ad:f9:
                    2e:7e:e0:b3:14:84:37:47:33:17:5e:a0:f7:27:f8:
                    43:32:ad:47:e2:30:eb:72:bb:aa:7f:d5:ed:6a:ce:
                    86:3c:ab:d9:f1:c6:96:39:68:db:7e:4d:eb:41:31:
                    58:8e:6e:e1:54:36:97:2d:19:59:df:e9:8f:9e:bb:
                    d0:b5:b5:91:72:67:85:1e:db:77:ea:5c:42:ee:0f:
                    7f:a7:96:01:e0:87:9c:fd:d4:e1:3f:53:63:4c:eb:
                    7b:4f:97:4d:18:f3:a5:6f:57:7d:21:ec:74:0e:4d:
                    42:a2:10:e0:91:83:86:57:66:cd:c7:d4:ca:70:fa:
                    25:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:6F:1A:92:F1:68:8F:F0:04:F4:C1:AC:7B:ED:E3:65:FD:38:61:DF
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/W28akvFoj_AE9MGse-3jZf04Yd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         15:87:47:59:d5:c7:8b:ba:18:4e:7e:c0:93:1d:30:2d:5f:12:
         a6:1f:e2:f7:fa:f3:4a:78:f0:af:2b:15:8b:86:da:51:8d:46:
         b0:17:3d:21:01:8d:ed:79:95:f1:13:22:67:91:54:3d:50:b5:
         0e:45:6c:19:3a:54:18:a7:9d:88:1d:54:c0:a5:a9:33:a5:a7:
         63:bb:e8:25:04:c4:d0:18:53:0a:90:71:eb:a5:17:71:cc:d2:
         94:de:53:f3:e1:fe:5a:df:c6:c0:96:24:31:5b:93:0b:a0:c9:
         b4:ba:f6:de:a4:63:87:47:75:1b:7d:11:7f:d1:ee:30:bd:9a:
         77:ed:54:1b:92:f7:27:d9:10:65:49:6a:c9:91:40:44:93:66:
         3b:b1:d0:c6:ab:fd:19:04:b3:33:56:3c:0c:59:47:d8:a5:e6:
         0a:4d:f5:12:58:19:bb:f2:cd:7f:12:d1:de:86:50:90:c4:0a:
         06:26:3d:53:ef:cd:a1:c4:c6:11:64:ca:8a:7c:4e:29:22:bc:
         e0:bb:c3:bb:9c:c5:f8:13:10:ee:77:94:0a:3f:e2:b1:c9:21:
         ca:63:8c:41:27:0a:21:1c:94:74:60:ae:db:a8:6f:ca:16:a7:
         e2:b8:9d:9d:43:91:f3:29:ef:52:7d:0a:f1:aa:14:4f:83:b6:
         dc:51:1f:a3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJTcwhOUCua3kdQ+fLk0m2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjQwMTAyMDgzMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjZmMWE5MmYxNjg4ZmYwMDRmNGMxYWM3YmVkZTM2NWZkMzg2MWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmJd20PiW9N+wRtSKmIvk+OvkJ3bL
VtdnmA4aox/FcBgG+nD9LBaV+CIhZTJZ7jUibqVEOxQuVgVrylVg0TcPu5V2KFJy
EWICYsgIc2OMeEGChjmdT3P8KVZsUeOPXmWq/6k1tG5VAlcWbcUs/xaF/pfenQJz
gfnnfwjwjPNBYkY2EWgjrfkufuCzFIQ3RzMXXqD3J/hDMq1H4jDrcruqf9Xtas6G
PKvZ8caWOWjbfk3rQTFYjm7hVDaXLRlZ3+mPnrvQtbWRcmeFHtt36lxC7g9/p5YB
4Iec/dThP1NjTOt7T5dNGPOlb1d9Iex0Dk1CohDgkYOGV2bNx9TKcPolxQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFtvGpLxaI/wBPTBrHvt42X9OGHfMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvVzI4YWt2Rm9qX0FFOU1Hc2UtM2paZjA0WWQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhOlwDAN
BgkqhkiG9w0BAQsFAAOCAQEAFYdHWdXHi7oYTn7Akx0wLV8Sph/i9/rzSnjwrysV
i4baUY1GsBc9IQGN7XmV8RMiZ5FUPVC1DkVsGTpUGKediB1UwKWpM6WnY7voJQTE
0BhTCpBx66UXcczSlN5T8+H+Wt/GwJYkMVuTC6DJtLr23qRjh0d1G30Rf9HuML2a
d+1UG5L3J9kQZUlqyZFARJNmO7HQxqv9GQSzM1Y8DFlH2KXmCk31ElgZu/LNfxLR
3oZQkMQKBiY9U+/NocTGEWTKinxOKSK84LvDu5zF+BMQ7neUCj/isckhymOMQScK
IRyUdGCu26hvyhan4ridnUOR8ynvUn0K8aoUT4O23FEfow==
-----END CERTIFICATE-----