Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/mgXh6oo3-jycI50T2meKbkRzugc.roa
File:                     mgXh6oo3-jycI50T2meKbkRzugc.roa (raw, json)
Hash identifier:          MKkO3c5ZeGxjCOOCiznfqNnPGpBLDERqdCmMSSCUPtc=
Subject key identifier:   9A:05:E1:EA:8A:37:FA:3C:9C:23:9D:13:DA:67:8A:6E:44:73:BA:07
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       018CC94DCEC11451827577F788B3F8E39533
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/mgXh6oo3-jycI50T2meKbkRzugc.roa
Signing time:             Tue 02 Jan 2024 08:32:48 +0000
ROA not before:           Tue 02 Jan 2024 08:32:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200105
IP address blocks:        2a13:a5c5::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 16:11:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:ce:c1:14:51:82:75:77:f7:88:b3:f8:e3:95:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jan  2 08:32:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9a05e1ea8a37fa3c9c239d13da678a6e4473ba07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ee:25:ca:9b:2b:14:de:4d:55:ea:0f:5a:b4:
                    4e:fe:ae:f5:36:3a:70:96:29:e5:b0:6c:54:f6:d1:
                    01:31:e8:e2:43:9b:c3:36:2b:18:4b:26:d9:e9:60:
                    24:06:99:4e:89:27:20:86:0a:be:f7:0f:77:8e:f8:
                    b2:99:da:f3:ea:43:c5:66:0c:d3:a5:e7:b2:a9:3e:
                    ac:1e:9f:07:7b:33:c4:a4:e1:1a:21:7c:ac:58:2e:
                    e2:2b:a4:e9:60:5d:0b:96:35:40:1a:14:67:c9:44:
                    66:92:f9:0a:a1:17:77:fa:c3:bb:5b:38:3c:27:34:
                    6b:5b:f9:1f:d3:cd:6e:06:1a:76:4c:03:12:8b:e9:
                    ec:e8:f3:9c:74:95:de:d7:23:de:a7:6d:49:74:9f:
                    d0:22:df:7e:8b:74:08:a0:52:8f:cc:a1:0b:14:f9:
                    13:d7:a5:97:a3:1d:98:62:ae:67:a4:c2:fa:df:0f:
                    c2:7a:57:64:fb:55:7f:05:af:02:53:01:72:1b:a5:
                    33:fe:8f:c8:ff:59:e2:48:02:26:48:b5:8f:cf:3c:
                    15:d2:a3:d7:b7:57:33:3b:21:fc:63:18:cb:05:e7:
                    81:a3:41:30:57:70:28:e9:db:d3:f6:e6:c7:a3:6a:
                    8d:e7:4c:62:14:a6:b2:42:71:c0:52:d5:8b:55:01:
                    87:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:05:E1:EA:8A:37:FA:3C:9C:23:9D:13:DA:67:8A:6E:44:73:BA:07
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/mgXh6oo3-jycI50T2meKbkRzugc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c5::/32

    Signature Algorithm: sha256WithRSAEncryption
         2e:d6:17:f6:6c:cd:d4:0c:5d:df:0b:3d:65:ec:43:e0:68:54:
         f5:a6:ec:a0:3f:8e:db:ef:a2:24:5d:25:5c:a3:a6:3d:6b:a1:
         86:72:12:62:4d:c8:27:29:f3:32:47:fe:25:3b:1b:4e:37:7f:
         3d:8e:1e:01:df:1e:f2:2c:61:79:64:7f:d3:f5:07:de:6a:ca:
         3d:46:e7:94:75:86:43:37:cb:5c:de:ee:07:65:85:71:b4:3c:
         7a:22:5c:4e:ed:1f:cf:7c:a3:d5:74:12:88:ca:14:95:47:83:
         21:44:23:e2:b7:a3:c0:df:7a:c8:fa:91:96:fd:95:a4:f0:4a:
         90:d7:14:70:77:c2:97:91:3d:3b:ae:22:0d:2e:e1:80:47:c3:
         e9:1d:ba:8b:fd:63:d9:79:33:6c:88:0a:a1:aa:1f:ff:19:5a:
         0b:98:eb:c2:f8:93:8f:2d:74:8e:bc:8a:2b:79:5c:77:d2:cf:
         81:cf:6e:02:0c:99:a4:23:e9:87:74:f8:29:22:ca:a8:25:03:
         e0:04:3a:34:44:89:c7:27:b2:36:82:0b:82:4e:bd:0a:dd:cc:
         cb:54:7c:f5:31:2c:91:a0:e6:43:80:f4:d0:1c:3b:0f:43:09:
         1b:a1:16:04:91:e0:2b:8d:f2:39:95:67:cf:cc:6f:97:b4:a0:
         75:ac:f3:02
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJTc7BFFGCdXf3iLP445UzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjQwMTAyMDgzMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTA1ZTFlYThhMzdmYTNjOWMyMzlkMTNkYTY3OGE2ZTQ0NzNiYTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApu4lypsrFN5NVeoPWrRO/q71Njpw
linlsGxU9tEBMejiQ5vDNisYSybZ6WAkBplOiScghgq+9w93jviymdrz6kPFZgzT
peeyqT6sHp8HezPEpOEaIXysWC7iK6TpYF0LljVAGhRnyURmkvkKoRd3+sO7Wzg8
JzRrW/kf081uBhp2TAMSi+ns6POcdJXe1yPep21JdJ/QIt9+i3QIoFKPzKELFPkT
16WXox2YYq5npML63w/Celdk+1V/Ba8CUwFyG6Uz/o/I/1niSAImSLWPzzwV0qPX
t1czOyH8YxjLBeeBo0EwV3Ao6dvT9ubHo2qN50xiFKayQnHAUtWLVQGHuQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJoF4eqKN/o8nCOdE9pnim5Ec7oHMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvbWdYaDZvbzMtanljSTUwVDJtZUtia1J6dWdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhOlxTAN
BgkqhkiG9w0BAQsFAAOCAQEALtYX9mzN1Axd3ws9ZexD4GhU9absoD+O2++iJF0l
XKOmPWuhhnISYk3IJynzMkf+JTsbTjd/PY4eAd8e8ixheWR/0/UH3mrKPUbnlHWG
QzfLXN7uB2WFcbQ8eiJcTu0fz3yj1XQSiMoUlUeDIUQj4rejwN96yPqRlv2VpPBK
kNcUcHfCl5E9O64iDS7hgEfD6R26i/1j2XkzbIgKoaof/xlaC5jrwviTjy10jryK
K3lcd9LPgc9uAgyZpCPph3T4KSLKqCUD4AQ6NESJxyeyNoILgk69Ct3My1R89TEs
kaDmQ4D00Bw7D0MJG6EWBJHgK43yOZVnz8xvl7SgdazzAg==
-----END CERTIFICATE-----