Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/qs0_oMEavQwIlh4wuTf3JWRP3mA.roa
File:                     qs0_oMEavQwIlh4wuTf3JWRP3mA.roa (raw, json)
Hash identifier:          mJISk7OCquufdm+G1TBwxkLq1s9LE40PEcpeqoAJcPE=
Subject key identifier:   AA:CD:3F:A0:C1:1A:BD:0C:08:96:1E:30:B9:37:F7:25:64:4F:DE:60
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       018CC94DCD95008D483E8A9CF35ADB4944E3
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/qs0_oMEavQwIlh4wuTf3JWRP3mA.roa
Signing time:             Tue 02 Jan 2024 08:32:48 +0000
ROA not before:           Tue 02 Jan 2024 08:32:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198376
IP address blocks:        2a13:a5c6:6000::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:cd:95:00:8d:48:3e:8a:9c:f3:5a:db:49:44:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jan  2 08:32:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aacd3fa0c11abd0c08961e30b937f725644fde60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:4b:d9:ed:81:da:1f:60:07:3a:c5:e4:4e:92:
                    f3:28:40:36:02:52:d9:c6:d6:5c:35:69:0d:86:8c:
                    87:f5:5f:ea:de:aa:41:63:78:95:9d:21:13:31:78:
                    97:62:d4:c8:ee:7d:2b:2f:69:68:f6:29:9f:84:f0:
                    0f:af:c9:90:87:17:67:a6:7a:df:d7:e6:1d:85:fb:
                    60:58:3e:f7:54:51:b9:ea:c3:f5:9c:6b:00:0c:aa:
                    a4:f8:e8:49:33:64:1e:11:53:8b:0b:6f:e4:4b:d0:
                    81:61:70:f8:c6:4a:a1:36:7c:b5:bf:03:04:14:4b:
                    5b:0e:94:fb:36:7c:35:a0:8a:20:5e:ef:07:d0:26:
                    c2:24:c8:80:39:f3:f4:c7:87:15:b1:75:e1:2c:6c:
                    4f:63:a8:d0:35:b5:65:37:e0:41:0d:ee:86:aa:fd:
                    88:b1:06:71:c5:9b:88:a5:19:56:d9:a4:ec:54:a8:
                    75:91:fd:9e:e7:0b:c4:3b:c9:01:ef:08:e8:6e:f7:
                    95:d2:cf:f7:70:56:7a:28:d0:53:2e:27:07:97:53:
                    3d:e7:4d:5d:94:c7:5b:35:ae:73:e3:d2:4d:5d:dd:
                    bc:4c:c9:23:12:83:91:cd:88:49:65:61:03:7f:9c:
                    c2:f4:62:70:8d:a6:96:16:e3:16:aa:f3:41:a3:e1:
                    72:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:CD:3F:A0:C1:1A:BD:0C:08:96:1E:30:B9:37:F7:25:64:4F:DE:60
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/qs0_oMEavQwIlh4wuTf3JWRP3mA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c6:6000::/36

    Signature Algorithm: sha256WithRSAEncryption
         87:0a:7f:67:9d:a0:8d:9f:44:d6:91:f0:53:03:76:4c:94:dc:
         89:10:73:01:48:1c:e9:46:1c:0f:5f:2f:7a:e4:26:b8:0b:c2:
         c9:90:4b:d9:bf:4a:2e:d0:9b:0e:42:d6:47:3a:bf:6d:bf:be:
         06:a3:3b:76:eb:23:dd:43:ee:f6:ef:52:9b:0b:e8:53:5b:25:
         12:ff:b7:1f:06:cd:ad:5d:9f:dc:c8:0b:05:78:96:41:9c:1f:
         62:e5:bb:0a:2b:cb:a7:08:20:e8:65:55:13:72:b4:77:fd:64:
         d6:dd:4e:89:8c:a1:24:bd:46:7c:1e:c9:87:70:0f:1d:07:f5:
         f3:1d:50:2b:c4:ea:aa:8f:43:51:c6:f7:ab:3c:b1:92:51:6a:
         58:a9:6e:74:f1:a2:81:54:77:67:77:8e:7f:0f:d9:c8:70:88:
         b1:5a:3a:09:9a:a1:06:f1:b9:e6:ea:9b:d4:ff:18:de:74:28:
         39:14:42:02:5d:1b:7c:c2:f4:80:d6:df:5e:89:a3:86:14:8e:
         da:44:cc:f8:87:73:2c:8b:4c:0b:9e:5f:34:90:f5:c6:9d:c2:
         e3:66:7c:3f:95:be:09:fa:81:fa:f9:d1:cb:9e:f7:a3:ec:c0:
         1a:10:33:2f:cf:7e:be:df:62:a5:d6:7d:a5:c5:a6:d5:cf:99:
         94:64:79:34
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTc2VAI1IPoqc81rbSUTjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjQwMTAyMDgzMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWNkM2ZhMGMxMWFiZDBjMDg5NjFlMzBiOTM3ZjcyNTY0NGZkZTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgEvZ7YHaH2AHOsXkTpLzKEA2AlLZ
xtZcNWkNhoyH9V/q3qpBY3iVnSETMXiXYtTI7n0rL2lo9imfhPAPr8mQhxdnpnrf
1+YdhftgWD73VFG56sP1nGsADKqk+OhJM2QeEVOLC2/kS9CBYXD4xkqhNny1vwME
FEtbDpT7Nnw1oIogXu8H0CbCJMiAOfP0x4cVsXXhLGxPY6jQNbVlN+BBDe6Gqv2I
sQZxxZuIpRlW2aTsVKh1kf2e5wvEO8kB7wjobveV0s/3cFZ6KNBTLicHl1M9501d
lMdbNa5z49JNXd28TMkjEoORzYhJZWEDf5zC9GJwjaaWFuMWqvNBo+Fy8wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKrNP6DBGr0MCJYeMLk39yVkT95gMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvcXMwX29NRWF2UXdJbGg0d3VUZjNKV1JQM21BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhOlxmAw
DQYJKoZIhvcNAQELBQADggEBAIcKf2edoI2fRNaR8FMDdkyU3IkQcwFIHOlGHA9f
L3rkJrgLwsmQS9m/Si7Qmw5C1kc6v22/vgajO3brI91D7vbvUpsL6FNbJRL/tx8G
za1dn9zICwV4lkGcH2Lluwory6cIIOhlVRNytHf9ZNbdTomMoSS9RnweyYdwDx0H
9fMdUCvE6qqPQ1HG96s8sZJRalipbnTxooFUd2d3jn8P2chwiLFaOgmaoQbxuebq
m9T/GN50KDkUQgJdG3zC9IDW316Jo4YUjtpEzPiHcyyLTAueXzSQ9cadwuNmfD+V
vgn6gfr50cue96PswBoQMy/Pfr7fYqXWfaXFptXPmZRkeTQ=
-----END CERTIFICATE-----