Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/ZCpAdA8CNGPfaEEsBlQVIsSgYcg.roa
File:                     ZCpAdA8CNGPfaEEsBlQVIsSgYcg.roa (raw, json)
Hash identifier:          M2IfjTFNy7LYcWPGdHvbq3RJXgrdTJPHe2arNm8/yPU=
Subject key identifier:   64:2A:40:74:0F:02:34:63:DF:68:41:2C:06:54:15:22:C4:A0:61:C8
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       01932F71D6CC2B0441121163FA1C8D808F66
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/ZCpAdA8CNGPfaEEsBlQVIsSgYcg.roa
Signing time:             Fri 15 Nov 2024 10:50:09 +0000
ROA not before:           Fri 15 Nov 2024 10:50:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213856
IP address blocks:        2a13:a5c5::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2f:71:d6:cc:2b:04:41:12:11:63:fa:1c:8d:80:8f:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Nov 15 10:50:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=642a40740f023463df68412c06541522c4a061c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:a7:77:d2:62:ab:42:06:6a:cf:67:15:20:36:
                    0f:18:bc:a3:72:5d:de:88:30:22:aa:57:78:b2:33:
                    93:ec:ab:72:01:7c:d4:ae:27:58:f3:96:5e:50:76:
                    12:b3:64:6b:4e:db:51:fd:4e:e1:a3:96:87:6b:20:
                    f2:af:f8:db:e4:92:9c:fa:c2:25:98:51:62:74:af:
                    45:d0:30:e9:80:24:50:73:28:af:c5:cc:fa:95:a5:
                    50:e2:ea:02:8f:6b:06:3b:c2:e0:08:67:37:b6:2c:
                    e1:b7:56:eb:b5:21:3a:31:7e:14:c2:5f:a8:8b:67:
                    88:de:ae:62:8a:9b:e5:40:70:61:8b:51:e4:3e:f4:
                    79:c9:8c:04:e5:c9:9d:e2:b2:7e:86:3d:79:ed:a7:
                    a6:12:2a:50:5c:e0:95:e2:29:66:d1:aa:89:5f:c0:
                    0a:e9:5d:82:bd:85:d1:b8:c5:de:9a:ae:9d:58:c0:
                    38:b4:e6:ef:ca:6a:07:98:bb:d8:79:a2:1a:be:bb:
                    41:84:c2:9b:e7:19:46:20:76:b0:0f:b2:cd:cf:11:
                    8d:8b:ff:69:7a:8c:e5:f9:14:4c:be:f2:84:c3:25:
                    c6:50:fe:6a:1e:6d:70:2e:5a:5d:5c:95:f6:07:25:
                    80:f2:38:a3:c8:c7:85:4b:1f:5c:a2:6f:ff:10:2f:
                    26:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:2A:40:74:0F:02:34:63:DF:68:41:2C:06:54:15:22:C4:A0:61:C8
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/ZCpAdA8CNGPfaEEsBlQVIsSgYcg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c5::/32

    Signature Algorithm: sha256WithRSAEncryption
         25:ac:01:e7:aa:a6:6d:c3:0d:30:d2:b1:78:54:0b:e3:05:77:
         bc:e0:e1:ba:24:c5:ba:ae:a9:b9:84:e6:d8:6b:6c:02:d8:82:
         42:52:89:c5:19:b4:6b:98:c0:18:1f:17:25:6e:12:cf:90:4d:
         97:bc:be:18:7b:c4:60:67:40:39:8f:83:9c:d2:97:32:32:39:
         e0:c0:c5:c8:9b:6d:22:cf:a7:68:50:b0:e9:d3:f0:f6:92:f3:
         b5:a0:26:03:51:54:4e:bb:4b:d5:48:de:a7:26:48:f9:63:72:
         c6:94:fc:1e:27:76:61:a0:e3:49:0c:1a:e9:0a:6c:e8:42:c8:
         c0:53:80:f3:f0:a0:40:7e:74:b3:6e:f5:1b:72:c3:94:6e:cf:
         f8:1f:6c:3c:de:4c:99:2d:9d:d4:09:4c:65:6c:91:a2:2a:6c:
         81:4c:62:67:b0:e3:82:2a:2d:23:c3:4d:1c:d2:ca:a1:8c:7a:
         be:57:a0:ac:89:d5:54:da:c3:73:40:9d:26:8b:86:fa:c0:9c:
         c0:4e:15:28:0a:af:95:3e:6f:1a:45:78:f4:b6:58:b5:b0:da:
         13:78:c5:77:90:bb:a6:3e:8e:9f:b1:23:b5:15:43:d6:3b:64:
         1b:22:02:e1:16:45:32:97:a6:28:8a:f6:fe:e4:09:3a:3b:5e:
         bd:34:d9:9e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZMvcdbMKwRBEhFj+hyNgI9mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjQxMTE1MTA1MDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDJhNDA3NDBmMDIzNDYzZGY2ODQxMmMwNjU0MTUyMmM0YTA2MWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApqd30mKrQgZqz2cVIDYPGLyjcl3e
iDAiqld4sjOT7KtyAXzUridY85ZeUHYSs2RrTttR/U7ho5aHayDyr/jb5JKc+sIl
mFFidK9F0DDpgCRQcyivxcz6laVQ4uoCj2sGO8LgCGc3tizht1brtSE6MX4Uwl+o
i2eI3q5iipvlQHBhi1HkPvR5yYwE5cmd4rJ+hj157aemEipQXOCV4ilm0aqJX8AK
6V2CvYXRuMXemq6dWMA4tObvymoHmLvYeaIavrtBhMKb5xlGIHawD7LNzxGNi/9p
eozl+RRMvvKEwyXGUP5qHm1wLlpdXJX2ByWA8jijyMeFSx9com//EC8m+wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGQqQHQPAjRj32hBLAZUFSLEoGHIMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvWkNwQWRBOENOR1BmYUVFc0JsUVZJc1NnWWNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhOlxTAN
BgkqhkiG9w0BAQsFAAOCAQEAJawB56qmbcMNMNKxeFQL4wV3vODhuiTFuq6puYTm
2GtsAtiCQlKJxRm0a5jAGB8XJW4Sz5BNl7y+GHvEYGdAOY+DnNKXMjI54MDFyJtt
Is+naFCw6dPw9pLztaAmA1FUTrtL1UjepyZI+WNyxpT8Hid2YaDjSQwa6Qps6ELI
wFOA8/CgQH50s271G3LDlG7P+B9sPN5MmS2d1AlMZWyRoipsgUxiZ7DjgiotI8NN
HNLKoYx6vlegrInVVNrDc0CdJouG+sCcwE4VKAqvlT5vGkV49LZYtbDaE3jFd5C7
pj6On7EjtRVD1jtkGyIC4RZFMpemKIr2/uQJOjtevTTZng==
-----END CERTIFICATE-----