Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/W2QuYy7gEf-hJ972tfV0kgoahlo.roa
File:                     W2QuYy7gEf-hJ972tfV0kgoahlo.roa (raw, json)
Hash identifier:          PDHdfwqID8v/nOZElUvn/AFGK7KoqLFHVb1jlg58FjM=
Subject key identifier:   5B:64:2E:63:2E:E0:11:FF:A1:27:DE:F6:B5:F5:74:92:0A:1A:86:5A
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       01932F71D74F4E503DD1A49FD7B06354D73C
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/W2QuYy7gEf-hJ972tfV0kgoahlo.roa
Signing time:             Fri 15 Nov 2024 10:50:10 +0000
ROA not before:           Fri 15 Nov 2024 10:50:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216296
IP address blocks:        2a13:a5c7:1400::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2f:71:d7:4f:4e:50:3d:d1:a4:9f:d7:b0:63:54:d7:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Nov 15 10:50:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b642e632ee011ffa127def6b5f574920a1a865a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:a5:4b:ab:04:87:6c:f2:47:6c:39:86:46:b4:
                    ec:ad:4f:97:36:d0:8b:e6:14:f7:72:70:65:19:3e:
                    c6:2e:3e:91:a8:99:58:b6:90:96:19:cc:9c:97:aa:
                    13:17:5b:8d:75:7c:24:65:9b:1e:26:ed:ab:73:ae:
                    11:59:75:b4:e4:91:f0:b4:ac:ef:21:f3:60:44:09:
                    e8:3c:02:0b:88:c4:12:10:4f:d6:76:f6:d3:86:9d:
                    fa:b8:52:92:cb:58:77:bd:a1:3e:8d:c7:29:ba:0b:
                    6d:1d:cc:12:a4:f1:df:20:48:5d:ae:5a:5c:95:59:
                    7a:70:ea:4c:d6:3f:21:76:ff:bf:b8:91:3f:5c:38:
                    71:68:02:f1:a1:98:80:10:78:66:9c:4e:2f:ed:86:
                    18:cb:57:81:1f:91:04:8a:ec:8a:32:5e:ed:a8:68:
                    04:b0:f1:22:2e:98:6c:6e:a2:3e:3d:cb:91:f0:2f:
                    23:2e:46:6b:c5:18:22:1c:69:4f:63:e2:90:6a:f5:
                    5e:12:16:82:43:09:da:c4:99:a0:5b:35:81:44:5a:
                    78:b2:ca:77:c8:39:be:26:d8:ca:d3:00:4e:92:f6:
                    2a:23:93:88:74:83:4d:9b:b1:a2:c0:6e:db:42:13:
                    0f:2f:0f:3a:ba:55:33:51:05:1e:86:10:27:dd:52:
                    62:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:64:2E:63:2E:E0:11:FF:A1:27:DE:F6:B5:F5:74:92:0A:1A:86:5A
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/W2QuYy7gEf-hJ972tfV0kgoahlo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c7:1400::/40

    Signature Algorithm: sha256WithRSAEncryption
         a6:f3:f5:fa:74:75:0d:4c:54:1d:d5:99:7d:29:22:5a:93:54:
         76:c1:34:e4:44:f7:34:44:b8:7f:89:6b:4d:68:eb:02:39:2a:
         2d:01:1b:cc:e3:6b:e3:2f:0a:2b:8d:2e:c6:aa:72:7d:a0:39:
         74:0f:d5:24:65:b1:85:15:1a:e9:e0:84:2a:02:b9:dc:98:36:
         24:0b:93:70:58:ea:3c:c9:b0:4f:f7:cd:ca:ed:2f:79:8f:b7:
         85:96:6f:d1:7e:a1:2d:f7:4f:1e:95:0a:81:34:08:49:f5:3e:
         c4:06:ce:8e:87:c3:53:82:be:74:f6:52:16:f9:a4:a9:6a:28:
         2a:71:aa:7e:64:61:6b:e8:f9:4c:4e:ab:b9:be:f1:ed:bc:6e:
         eb:7d:25:c5:f4:6d:b5:58:d0:44:cd:1a:1b:fd:10:b7:ad:3a:
         6f:9b:82:f3:a5:bc:c1:dd:61:e8:e8:d6:e3:bb:e0:e9:92:8d:
         12:6e:5f:51:13:fc:6c:b9:a2:d5:d9:9f:a7:94:36:48:95:77:
         a7:05:4d:01:9c:88:5d:6e:a6:1b:f7:5e:7e:e1:dc:8e:f3:b2:
         c3:57:94:f9:9d:7e:d4:53:56:a9:38:88:17:f3:b1:f7:7d:47:
         43:8f:3e:41:0d:bf:cf:b2:2b:d9:62:27:b7:1c:63:bf:10:18:
         42:92:8c:43
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZMvcddPTlA90aSf17BjVNc8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjQxMTE1MTA1MDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjY0MmU2MzJlZTAxMWZmYTEyN2RlZjZiNWY1NzQ5MjBhMWE4NjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0aVLqwSHbPJHbDmGRrTsrU+XNtCL
5hT3cnBlGT7GLj6RqJlYtpCWGcycl6oTF1uNdXwkZZseJu2rc64RWXW05JHwtKzv
IfNgRAnoPAILiMQSEE/WdvbThp36uFKSy1h3vaE+jccpugttHcwSpPHfIEhdrlpc
lVl6cOpM1j8hdv+/uJE/XDhxaALxoZiAEHhmnE4v7YYYy1eBH5EEiuyKMl7tqGgE
sPEiLphsbqI+PcuR8C8jLkZrxRgiHGlPY+KQavVeEhaCQwnaxJmgWzWBRFp4ssp3
yDm+JtjK0wBOkvYqI5OIdINNm7GiwG7bQhMPLw86ulUzUQUehhAn3VJi/wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFtkLmMu4BH/oSfe9rX1dJIKGoZaMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvVzJRdVl5N2dFZi1oSjk3MnRmVjBrZ29haGxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhOlxxQw
DQYJKoZIhvcNAQELBQADggEBAKbz9fp0dQ1MVB3VmX0pIlqTVHbBNORE9zREuH+J
a01o6wI5Ki0BG8zja+MvCiuNLsaqcn2gOXQP1SRlsYUVGunghCoCudyYNiQLk3BY
6jzJsE/3zcrtL3mPt4WWb9F+oS33Tx6VCoE0CEn1PsQGzo6Hw1OCvnT2Uhb5pKlq
KCpxqn5kYWvo+UxOq7m+8e28but9JcX0bbVY0ETNGhv9ELetOm+bgvOlvMHdYejo
1uO74OmSjRJuX1ET/Gy5otXZn6eUNkiVd6cFTQGciF1uphv3Xn7h3I7zssNXlPmd
ftRTVqk4iBfzsfd9R0OPPkENv8+yK9liJ7ccY78QGEKSjEM=
-----END CERTIFICATE-----