Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/bcrEnD85V3cvkTO-IV7ZuPtgm-o.roa
File:                     bcrEnD85V3cvkTO-IV7ZuPtgm-o.roa (raw, json)
Hash identifier:          7D3T4o/msYYRPBj7CzIV84pvFlfjTKbqboacK948yFE=
Subject key identifier:   6D:CA:C4:9C:3F:39:57:77:2F:91:33:BE:21:5E:D9:B8:FB:60:9B:EA
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       018CC94DCE126BAF0977EB3A0CDF4FA27795
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/bcrEnD85V3cvkTO-IV7ZuPtgm-o.roa
Signing time:             Tue 02 Jan 2024 08:32:48 +0000
ROA not before:           Tue 02 Jan 2024 08:32:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199310
IP address blocks:        2a13:a5c3:f000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:ce:12:6b:af:09:77:eb:3a:0c:df:4f:a2:77:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jan  2 08:32:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6dcac49c3f3957772f9133be215ed9b8fb609bea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:69:2b:a1:ba:6a:0a:f9:58:c7:9a:30:13:22:
                    b8:77:04:07:f3:24:ea:2a:1d:c5:14:c9:83:60:60:
                    dd:8e:a0:39:1e:0c:ef:8d:4e:77:0b:cf:11:b9:81:
                    bb:69:fb:d0:51:b1:e3:c9:99:83:71:29:18:5a:b9:
                    9b:ba:3d:fa:38:27:4b:e6:48:2b:70:6b:c2:9e:c8:
                    15:d4:4b:ad:0a:6e:32:7f:08:28:71:a2:76:60:7b:
                    6a:4d:21:57:25:60:7b:d1:f6:84:e5:19:04:f8:d4:
                    54:b7:f6:17:3f:21:8f:b1:65:e0:33:1d:8c:99:07:
                    6d:08:4f:38:1c:20:e3:61:59:70:8a:69:82:f9:29:
                    84:52:cb:c5:35:2f:36:86:ad:60:0c:5b:1a:cd:11:
                    e8:a1:fd:e4:ae:c0:ec:af:6c:33:8c:46:dc:64:cc:
                    a1:81:74:65:33:a9:cd:b7:45:16:cf:8d:28:2a:b4:
                    01:e9:fe:d5:d9:50:63:6e:3a:bd:23:7c:57:78:63:
                    23:79:7d:63:31:5e:77:6f:f5:36:63:da:c6:47:3a:
                    7b:f9:63:6b:a9:d4:64:8c:47:f9:60:c5:e4:e9:01:
                    17:28:5a:cb:46:39:5f:a8:53:bc:44:dd:37:01:28:
                    17:1e:4c:70:b4:26:44:4d:b0:4f:7b:bd:83:86:92:
                    7c:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:CA:C4:9C:3F:39:57:77:2F:91:33:BE:21:5E:D9:B8:FB:60:9B:EA
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/bcrEnD85V3cvkTO-IV7ZuPtgm-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c3:f000::/40

    Signature Algorithm: sha256WithRSAEncryption
         a5:b2:7a:d0:7f:30:64:2a:ee:2c:2d:83:79:c9:b2:5c:89:10:
         e6:d9:27:6c:01:ce:21:83:99:6b:d0:b7:44:72:73:51:b1:ad:
         c9:b0:05:f6:38:b8:b6:0b:db:09:dd:bf:bc:92:1c:6a:b8:18:
         90:83:bd:9d:08:30:35:7b:7d:0f:47:d4:93:bd:33:15:e5:85:
         6a:83:e6:c0:8f:bd:35:b3:b5:70:e5:45:85:7e:14:cc:60:be:
         91:47:21:5c:bf:ee:a8:74:6e:05:9d:ca:70:0e:52:85:bc:ad:
         7d:11:3b:0b:f5:1e:b1:8d:7a:42:d4:0c:fa:51:5f:e9:e2:c7:
         9f:76:cc:13:a9:55:7b:41:81:34:86:66:01:04:16:f0:1a:ed:
         4f:63:6a:24:27:8f:cc:1e:e4:03:bd:b9:a4:0d:14:28:ee:1b:
         4e:c2:76:a1:22:39:96:02:b9:50:cb:0b:b1:a1:44:cc:13:70:
         11:5d:93:c5:13:2c:42:68:96:eb:ea:76:59:6e:dd:71:17:2f:
         fb:41:bb:eb:42:55:33:13:1f:38:84:7b:92:9e:5e:21:d5:15:
         ef:97:25:3b:1a:4f:06:46:16:13:ee:62:d1:4b:66:67:99:50:
         7e:d8:fc:91:7a:7e:e0:05:07:96:1f:49:fa:8f:57:5b:60:94:
         31:59:df:0d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTc4Sa68Jd+s6DN9PoneVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjQwMTAyMDgzMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGNhYzQ5YzNmMzk1Nzc3MmY5MTMzYmUyMTVlZDliOGZiNjA5YmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkGkrobpqCvlYx5owEyK4dwQH8yTq
Kh3FFMmDYGDdjqA5HgzvjU53C88RuYG7afvQUbHjyZmDcSkYWrmbuj36OCdL5kgr
cGvCnsgV1EutCm4yfwgocaJ2YHtqTSFXJWB70faE5RkE+NRUt/YXPyGPsWXgMx2M
mQdtCE84HCDjYVlwimmC+SmEUsvFNS82hq1gDFsazRHoof3krsDsr2wzjEbcZMyh
gXRlM6nNt0UWz40oKrQB6f7V2VBjbjq9I3xXeGMjeX1jMV53b/U2Y9rGRzp7+WNr
qdRkjEf5YMXk6QEXKFrLRjlfqFO8RN03ASgXHkxwtCZETbBPe72DhpJ8gQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFG3KxJw/OVd3L5EzviFe2bj7YJvqMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvYmNyRW5EODVWM2N2a1RPLUlWN1p1UHRnbS1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhOlw/Aw
DQYJKoZIhvcNAQELBQADggEBAKWyetB/MGQq7iwtg3nJslyJEObZJ2wBziGDmWvQ
t0Ryc1GxrcmwBfY4uLYL2wndv7ySHGq4GJCDvZ0IMDV7fQ9H1JO9MxXlhWqD5sCP
vTWztXDlRYV+FMxgvpFHIVy/7qh0bgWdynAOUoW8rX0ROwv1HrGNekLUDPpRX+ni
x592zBOpVXtBgTSGZgEEFvAa7U9jaiQnj8we5AO9uaQNFCjuG07CdqEiOZYCuVDL
C7GhRMwTcBFdk8UTLEJoluvqdllu3XEXL/tBu+tCVTMTHziEe5KeXiHVFe+XJTsa
TwZGFhPuYtFLZmeZUH7Y/JF6fuAFB5YfSfqPV1tglDFZ3w0=
-----END CERTIFICATE-----