Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/jzSE1k031R0Q9NCtKXFOhVYIqsI.roa
File:                     jzSE1k031R0Q9NCtKXFOhVYIqsI.roa (raw, json)
Hash identifier:          KJxb7efKj3pcD7kheoDQOyc/PA4Y5A0IiS2LoWrnX1o=
Subject key identifier:   8F:34:84:D6:4D:37:D5:1D:10:F4:D0:AD:29:71:4E:85:56:08:AA:C2
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       01903B0706152D598A41299FEA80D610B833
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/jzSE1k031R0Q9NCtKXFOhVYIqsI.roa
Signing time:             Fri 21 Jun 2024 13:40:34 +0000
ROA not before:           Fri 21 Jun 2024 13:40:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214674
IP address blocks:        2a13:a5c7:2200::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:3b:07:06:15:2d:59:8a:41:29:9f:ea:80:d6:10:b8:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jun 21 13:40:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f3484d64d37d51d10f4d0ad29714e855608aac2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ba:2b:84:86:fc:6c:a5:02:96:2f:a9:54:43:
                    e9:ad:70:c5:0d:85:82:14:69:9d:65:1c:0e:e2:e6:
                    cf:59:b2:20:36:bf:1c:2f:4b:85:e0:d4:cd:fd:38:
                    a3:00:f5:2a:82:ec:8d:e4:6d:2d:8e:94:46:6a:eb:
                    e5:59:98:ea:58:e1:89:7d:35:d6:2c:f6:52:66:3c:
                    6f:76:17:8e:fb:94:48:2e:17:b0:2c:f8:1d:8d:53:
                    83:cf:17:b2:10:06:4d:67:11:62:98:b7:03:df:d8:
                    da:5e:b3:eb:d8:c1:e3:5d:b5:05:89:7c:f2:96:be:
                    78:75:82:e6:7b:d6:8c:e4:ee:6c:30:b9:f4:78:5c:
                    f0:2c:9b:6c:1e:54:7c:2d:f8:a2:a7:bb:76:59:59:
                    52:18:d5:83:fb:02:c1:95:3c:7c:99:97:7c:20:88:
                    5a:95:b0:fe:45:9a:1b:5c:85:9f:13:1e:2d:59:db:
                    f1:a5:7f:30:9a:6e:f9:da:b1:e5:13:73:d8:9b:79:
                    4b:da:06:66:65:71:19:8e:ca:e8:2f:af:c5:bc:7e:
                    2a:84:55:16:9f:ef:f5:0d:73:47:79:fa:4f:c3:6d:
                    c9:a2:6c:a1:0b:cd:4f:c3:32:57:82:4f:53:9c:6e:
                    23:90:ec:c4:25:34:9c:f6:49:cc:ad:90:2d:c4:4b:
                    28:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:34:84:D6:4D:37:D5:1D:10:F4:D0:AD:29:71:4E:85:56:08:AA:C2
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/jzSE1k031R0Q9NCtKXFOhVYIqsI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c7:2200::/40

    Signature Algorithm: sha256WithRSAEncryption
         28:c5:b5:1e:7b:6e:74:c0:e5:36:0d:38:fe:5e:ca:ab:fa:40:
         85:56:a9:52:14:1f:ac:5a:89:85:fa:4f:53:f6:78:d3:f9:b2:
         85:df:d5:cc:d7:be:1b:2e:11:87:22:68:23:e1:60:23:38:bb:
         1b:33:1b:a1:08:4c:46:f6:b2:2a:b0:7c:9e:50:da:da:79:51:
         ec:63:da:a8:5f:f2:52:81:99:9b:61:b2:ce:d5:ba:8c:6b:56:
         9d:68:9f:a7:33:94:85:d0:c2:2a:20:2b:8d:cd:8c:8d:d3:69:
         39:b0:b7:e9:8c:99:ec:33:ee:e0:9f:6c:15:bd:95:d3:2e:de:
         1a:a5:1b:3c:65:ee:24:5b:2d:cd:7b:98:1e:b4:79:a3:db:c5:
         ee:72:2a:1b:6a:8f:67:69:b8:94:95:19:b8:06:bd:94:0c:44:
         12:7f:1e:b7:a8:5f:1f:6b:05:83:dd:45:50:a2:29:5a:b1:24:
         15:0d:cd:8f:a7:f0:41:4d:2f:e5:e0:bf:19:8a:29:7b:ac:ea:
         1b:b6:c8:c9:8d:64:13:1d:f0:ca:82:b4:89:a2:c4:36:27:9d:
         1d:7b:17:8e:13:e2:5c:c4:51:bc:d1:c5:ef:a8:ec:d8:0d:98:
         46:2f:7f:7f:6a:2d:81:4f:20:7a:96:91:93:75:52:7b:2e:b3:
         89:1c:d2:87
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZA7BwYVLVmKQSmf6oDWELgzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjQwNjIxMTM0MDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjM0ODRkNjRkMzdkNTFkMTBmNGQwYWQyOTcxNGU4NTU2MDhhYWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoLorhIb8bKUCli+pVEPprXDFDYWC
FGmdZRwO4ubPWbIgNr8cL0uF4NTN/TijAPUqguyN5G0tjpRGauvlWZjqWOGJfTXW
LPZSZjxvdheO+5RILhewLPgdjVODzxeyEAZNZxFimLcD39jaXrPr2MHjXbUFiXzy
lr54dYLme9aM5O5sMLn0eFzwLJtsHlR8Lfiip7t2WVlSGNWD+wLBlTx8mZd8IIha
lbD+RZobXIWfEx4tWdvxpX8wmm752rHlE3PYm3lL2gZmZXEZjsroL6/FvH4qhFUW
n+/1DXNHefpPw23JomyhC81PwzJXgk9TnG4jkOzEJTSc9knMrZAtxEsoDQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFI80hNZNN9UdEPTQrSlxToVWCKrCMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvanpTRTFrMDMxUjBROU5DdEtYRk9oVllJcXNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhOlxyIw
DQYJKoZIhvcNAQELBQADggEBACjFtR57bnTA5TYNOP5eyqv6QIVWqVIUH6xaiYX6
T1P2eNP5soXf1czXvhsuEYciaCPhYCM4uxszG6EITEb2siqwfJ5Q2tp5Uexj2qhf
8lKBmZthss7VuoxrVp1on6czlIXQwiogK43NjI3TaTmwt+mMmewz7uCfbBW9ldMu
3hqlGzxl7iRbLc17mB60eaPbxe5yKhtqj2dpuJSVGbgGvZQMRBJ/HreoXx9rBYPd
RVCiKVqxJBUNzY+n8EFNL+XgvxmKKXus6hu2yMmNZBMd8MqCtImixDYnnR17F44T
4lzEUbzRxe+o7NgNmEYvf39qLYFPIHqWkZN1Unsus4kc0oc=
-----END CERTIFICATE-----