Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/cXk5FwfFH-MCFOvr3bmK44YM9x4.roa
File:                     cXk5FwfFH-MCFOvr3bmK44YM9x4.roa (raw, json)
Hash identifier:          sbsLM9AUlNORpd5I9bqeWLDmfkQze9ja5kd2fNxivSs=
Subject key identifier:   71:79:39:17:07:C5:1F:E3:02:14:EB:EB:DD:B9:8A:E3:86:0C:F7:1E
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       018F53F5500BF7AF134BB6EF9143321BAD02
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/cXk5FwfFH-MCFOvr3bmK44YM9x4.roa
Signing time:             Tue 07 May 2024 16:48:56 +0000
ROA not before:           Tue 07 May 2024 16:48:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214962
IP address blocks:        2a13:a5c7:2000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:53:f5:50:0b:f7:af:13:4b:b6:ef:91:43:32:1b:ad:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: May  7 16:48:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7179391707c51fe30214ebebddb98ae3860cf71e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f5:95:7a:1e:5e:20:5c:2a:39:e1:b4:d6:cb:
                    90:80:d4:e7:3f:a7:6f:4f:30:b3:cc:e2:62:e3:0e:
                    93:1c:22:1e:31:6e:8b:d6:23:ac:f5:b4:20:7f:54:
                    72:5f:e1:a7:d9:f2:1d:5f:ff:6e:34:fc:4f:13:35:
                    b4:fc:51:2a:b5:40:f3:bd:b4:3a:e6:1d:66:14:86:
                    7a:0f:04:42:72:e2:6e:f1:7d:c6:ea:3b:e5:07:19:
                    97:8f:62:2f:3d:e4:4f:f7:71:03:73:65:28:30:d7:
                    e0:58:ec:1b:9a:13:60:d2:32:82:cc:16:28:8f:d2:
                    ca:83:02:c3:fd:6a:ca:cd:7e:12:ab:51:ee:1a:29:
                    d2:46:40:c2:a6:68:bb:14:04:76:ce:45:22:f3:45:
                    ce:dc:7f:43:a6:eb:97:10:91:b4:ef:50:42:38:e6:
                    ce:0a:75:51:a4:14:83:52:66:da:e3:39:c2:05:a1:
                    6f:56:10:86:ac:ae:7f:d6:e1:b0:4d:f8:64:b7:dc:
                    18:a4:03:e0:3b:dc:60:9c:9d:ea:d5:c3:bc:89:a4:
                    f9:17:4b:0a:44:7c:bb:df:4c:23:d2:d2:59:f8:87:
                    20:5c:cd:41:1e:24:bc:72:c9:40:db:d5:db:e8:aa:
                    7e:f5:4a:de:1e:3a:42:1f:3f:b2:43:1e:d9:d3:59:
                    54:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:79:39:17:07:C5:1F:E3:02:14:EB:EB:DD:B9:8A:E3:86:0C:F7:1E
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/cXk5FwfFH-MCFOvr3bmK44YM9x4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c7:2000::/40

    Signature Algorithm: sha256WithRSAEncryption
         0c:5a:aa:66:11:74:13:6a:57:8c:01:48:e6:a6:9f:fc:1b:39:
         60:a8:3f:d6:e5:82:1b:e1:13:05:3e:3f:01:52:1a:ae:04:1a:
         4f:74:86:49:0f:d5:d0:87:c4:ab:bd:f5:94:46:6e:50:b9:a4:
         cb:ac:eb:06:0a:dd:f5:81:2d:35:3a:63:2a:85:10:82:e7:30:
         88:0d:bb:72:35:3d:7f:fb:e0:61:72:b5:41:78:de:bc:f9:f6:
         e3:70:1d:97:b8:18:88:c6:c6:45:58:f3:1a:b1:32:7f:55:9e:
         d3:b1:11:99:81:38:fc:8c:61:23:29:9f:d4:64:fa:e9:19:fe:
         c0:9c:ab:50:b0:bf:b6:60:c6:cb:97:e3:aa:19:65:73:b2:b6:
         58:54:11:d7:8e:e7:15:91:51:7e:d6:5d:b0:85:3d:bc:9c:18:
         9f:a7:83:e7:b1:be:af:75:f5:67:55:fa:ca:34:dc:9b:a2:de:
         0f:f2:bf:b6:e0:8e:95:71:e1:05:fb:65:ac:3d:12:9d:7a:62:
         cd:3b:a6:d4:3e:e7:4c:56:ae:b9:26:d2:44:99:ed:5d:31:9d:
         51:a4:c4:2c:4a:42:1a:8e:cc:bf:be:16:71:d0:f4:92:80:fd:
         c5:08:29:a7:4b:3e:08:4e:66:eb:8d:cd:20:1f:b5:98:39:8a:
         46:78:85:e4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY9T9VAL968TS7bvkUMyG60CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjQwNTA3MTY0ODU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTc5MzkxNzA3YzUxZmUzMDIxNGViZWJkZGI5OGFlMzg2MGNmNzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfWVeh5eIFwqOeG01suQgNTnP6dv
TzCzzOJi4w6THCIeMW6L1iOs9bQgf1RyX+Gn2fIdX/9uNPxPEzW0/FEqtUDzvbQ6
5h1mFIZ6DwRCcuJu8X3G6jvlBxmXj2IvPeRP93EDc2UoMNfgWOwbmhNg0jKCzBYo
j9LKgwLD/WrKzX4Sq1HuGinSRkDCpmi7FAR2zkUi80XO3H9DpuuXEJG071BCOObO
CnVRpBSDUmba4znCBaFvVhCGrK5/1uGwTfhkt9wYpAPgO9xgnJ3q1cO8iaT5F0sK
RHy730wj0tJZ+IcgXM1BHiS8cslA29Xb6Kp+9UreHjpCHz+yQx7Z01lUJQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHF5ORcHxR/jAhTr6925iuOGDPceMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvY1hrNUZ3ZkZILU1DRk92cjNibUs0NFlNOXg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhOlxyAw
DQYJKoZIhvcNAQELBQADggEBAAxaqmYRdBNqV4wBSOamn/wbOWCoP9blghvhEwU+
PwFSGq4EGk90hkkP1dCHxKu99ZRGblC5pMus6wYK3fWBLTU6YyqFEILnMIgNu3I1
PX/74GFytUF43rz59uNwHZe4GIjGxkVY8xqxMn9VntOxEZmBOPyMYSMpn9Rk+ukZ
/sCcq1Cwv7ZgxsuX46oZZXOytlhUEdeO5xWRUX7WXbCFPbycGJ+ng+exvq919WdV
+so03Jui3g/yv7bgjpVx4QX7Zaw9Ep16Ys07ptQ+50xWrrkm0kSZ7V0xnVGkxCxK
QhqOzL++FnHQ9JKA/cUIKadLPghOZuuNzSAftZg5ikZ4heQ=
-----END CERTIFICATE-----