Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/sXm6n5cG2GpUgnCv7iglwqrARhc.roa
File:                     sXm6n5cG2GpUgnCv7iglwqrARhc.roa (raw, json)
Hash identifier:          vQbP8YE1dpQ7W1/cTqm+PL5klLr3jQnNaVxFO9BZNvk=
Subject key identifier:   B1:79:BA:9F:97:06:D8:6A:54:82:70:AF:EE:28:25:C2:AA:C0:46:17
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       018CC94DCBDF4FD768D8B1A9A3EC99E1EF00
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/sXm6n5cG2GpUgnCv7iglwqrARhc.roa
Signing time:             Tue 02 Jan 2024 08:32:47 +0000
ROA not before:           Tue 02 Jan 2024 08:32:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47778
IP address blocks:        2a13:a5c7:1000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:cb:df:4f:d7:68:d8:b1:a9:a3:ec:99:e1:ef:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jan  2 08:32:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b179ba9f9706d86a548270afee2825c2aac04617
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:56:d4:95:f3:7a:88:47:55:2e:67:db:72:95:
                    67:be:fc:c4:53:be:84:33:d8:af:e3:35:4b:1b:17:
                    dc:08:27:e6:db:8f:af:90:00:61:e3:bb:35:78:c1:
                    e8:e7:09:e9:56:05:fa:84:7a:f3:91:1a:17:02:a0:
                    02:a9:ad:03:bf:27:b6:95:5a:e8:23:2c:42:3d:62:
                    9e:bc:fc:e2:62:7f:b4:f2:c2:8a:e6:68:67:92:30:
                    0c:c5:1d:5f:61:5c:ed:83:0c:c2:67:9f:4a:56:0e:
                    59:8d:d8:11:84:48:51:79:74:f5:98:40:f8:08:3f:
                    f9:98:b3:da:60:4d:ee:41:09:0a:00:e3:fb:9b:84:
                    70:c9:b8:e4:24:89:b6:e8:9c:24:f4:41:0d:b6:0f:
                    82:dc:8b:78:c0:6c:45:fa:54:21:70:36:0d:f6:84:
                    5f:4c:5f:51:2e:e2:59:55:d1:82:46:cf:3b:65:9c:
                    15:6a:3b:c3:fb:cf:20:89:ec:38:60:34:4e:5f:35:
                    03:bb:53:d1:8d:c9:9d:6a:63:af:2f:b4:9b:08:33:
                    c6:55:9d:24:22:c5:7d:e9:ac:be:41:58:b3:08:ed:
                    ee:b5:ea:d0:32:57:e3:60:d4:cf:de:10:e4:71:25:
                    01:a2:ea:1e:cc:1f:01:f3:f9:fa:a8:4d:2c:07:83:
                    5c:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:79:BA:9F:97:06:D8:6A:54:82:70:AF:EE:28:25:C2:AA:C0:46:17
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/sXm6n5cG2GpUgnCv7iglwqrARhc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c7:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         0f:e4:04:01:8e:bc:bf:bc:3c:1f:df:79:30:58:e1:7c:59:0e:
         3c:e8:90:ea:76:b3:7f:ff:14:f9:fc:c6:30:1e:c7:80:41:b7:
         38:6c:4b:e3:76:29:ab:c3:67:34:33:65:1f:f9:fb:ac:30:f2:
         d5:21:5a:f9:9e:b8:70:e7:49:5c:59:38:cb:c2:00:23:77:68:
         02:c1:67:d5:50:77:f6:ed:55:27:30:e9:c5:84:0e:ac:f4:b6:
         b1:88:8a:34:1d:7b:7c:9d:97:7d:f2:29:18:21:78:70:bf:e7:
         68:97:e9:bf:25:26:f1:35:11:89:e4:30:0f:78:fd:05:7f:14:
         62:79:4f:f9:f2:1f:3e:9e:5d:3f:9e:28:00:3c:27:43:57:41:
         0e:32:fd:df:46:d1:71:f5:92:19:ff:32:0b:3f:c9:67:00:a1:
         6d:16:b3:27:68:c1:58:a4:a5:c3:d1:03:cb:92:cb:af:63:89:
         36:90:ca:8d:37:94:b7:68:10:af:bf:54:95:65:36:80:44:74:
         c5:41:fe:f3:8e:55:44:9d:f4:84:20:e0:16:5b:2d:28:85:b5:
         ee:01:1b:a9:7a:6e:6c:1c:67:11:6f:ff:dd:63:40:11:bc:98:
         a1:9c:08:86:82:8b:cc:be:97:b9:43:58:5b:74:47:bc:f0:2b:
         5d:0e:5e:ec
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTcvfT9do2LGpo+yZ4e8AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjQwMTAyMDgzMjQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTc5YmE5Zjk3MDZkODZhNTQ4MjcwYWZlZTI4MjVjMmFhYzA0NjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAklbUlfN6iEdVLmfbcpVnvvzEU76E
M9iv4zVLGxfcCCfm24+vkABh47s1eMHo5wnpVgX6hHrzkRoXAqACqa0Dvye2lVro
IyxCPWKevPziYn+08sKK5mhnkjAMxR1fYVztgwzCZ59KVg5ZjdgRhEhReXT1mED4
CD/5mLPaYE3uQQkKAOP7m4RwybjkJIm26Jwk9EENtg+C3It4wGxF+lQhcDYN9oRf
TF9RLuJZVdGCRs87ZZwVajvD+88giew4YDROXzUDu1PRjcmdamOvL7SbCDPGVZ0k
IsV96ay+QVizCO3uterQMlfjYNTP3hDkcSUBouoezB8B8/n6qE0sB4Nc8wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLF5up+XBthqVIJwr+4oJcKqwEYXMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEvc1htNm41Y0cyR3BVZ25DdjdpZ2x3cXJBUmhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhOlxxAw
DQYJKoZIhvcNAQELBQADggEBAA/kBAGOvL+8PB/feTBY4XxZDjzokOp2s3//FPn8
xjAex4BBtzhsS+N2KavDZzQzZR/5+6ww8tUhWvmeuHDnSVxZOMvCACN3aALBZ9VQ
d/btVScw6cWEDqz0trGIijQde3ydl33yKRgheHC/52iX6b8lJvE1EYnkMA94/QV/
FGJ5T/nyHz6eXT+eKAA8J0NXQQ4y/d9G0XH1khn/Mgs/yWcAoW0WsydowVikpcPR
A8uSy69jiTaQyo03lLdoEK+/VJVlNoBEdMVB/vOOVUSd9IQg4BZbLSiFte4BG6l6
bmwcZxFv/91jQBG8mKGcCIaCi8y+l7lDWFt0R7zwK10OXuw=
-----END CERTIFICATE-----