Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/yC-t8qZKhj-xv3_ouiVT4nktvgs.roa
File:                     yC-t8qZKhj-xv3_ouiVT4nktvgs.roa (raw, json)
Hash identifier:          Cf3wgl+AOw7hFzW5fKovPYpvzKsMdmISPwYILq3XhO0=
Subject key identifier:   C8:2F:AD:F2:A6:4A:86:3F:B1:BF:7F:E8:BA:25:53:E2:79:2D:BE:0B
Certificate issuer:       /CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
Certificate serial:       018CC94DD30AE85445A2E21B147A9EE7318B
Authority key identifier: FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/yC-t8qZKhj-xv3_ouiVT4nktvgs.roa
Signing time:             Tue 02 Jan 2024 08:32:49 +0000
ROA not before:           Tue 02 Jan 2024 08:32:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216422
IP address blocks:        2a13:a5c7:1300::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:d3:0a:e8:54:45:a2:e2:1b:14:7a:9e:e7:31:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fdd6ee010b990a33735756b4fe2f3d3c2671dd9d
        Validity
            Not Before: Jan  2 08:32:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c82fadf2a64a863fb1bf7fe8ba2553e2792dbe0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:5e:39:8a:85:1d:43:fc:ac:c5:a3:c1:bd:29:
                    67:62:4c:8d:53:b1:f2:b1:3d:ef:e5:df:97:ea:fa:
                    81:2a:b3:40:ac:93:42:c8:94:7d:e6:25:10:3a:d7:
                    01:35:12:cd:37:bb:0f:8f:25:51:db:a0:a3:fa:00:
                    2f:6f:bf:38:90:44:6d:46:92:64:87:05:09:3e:da:
                    de:63:7c:78:ad:40:ef:d9:56:61:ac:0d:96:e8:4c:
                    1a:7b:81:54:17:b5:ca:bf:7d:f0:28:18:02:28:78:
                    08:aa:d1:45:f6:2c:56:d6:fa:81:ed:d7:c5:24:11:
                    6d:5b:35:11:e6:2f:71:86:ef:3c:86:c9:bf:d0:72:
                    c4:9c:8b:c6:a0:e3:48:80:b7:ac:04:73:11:99:ff:
                    a2:fe:e9:c0:5f:ac:e3:3b:47:32:cd:06:47:9b:f1:
                    7d:52:1b:d0:12:da:21:61:af:32:4c:97:93:2b:eb:
                    af:73:28:03:36:3e:f7:ee:cf:4c:80:8e:32:71:4a:
                    7c:c7:15:41:bc:01:25:7e:6c:a6:5c:d1:47:be:be:
                    49:c8:40:46:c7:12:4b:f8:e2:d7:08:a1:8f:0e:3d:
                    83:c5:86:69:0b:3a:d8:67:57:f1:4a:62:bc:ad:8d:
                    cb:fd:22:cf:2f:bf:b7:34:8f:0d:17:35:2b:1e:7c:
                    90:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:2F:AD:F2:A6:4A:86:3F:B1:BF:7F:E8:BA:25:53:E2:79:2D:BE:0B
            X509v3 Authority Key Identifier:
                keyid:FD:D6:EE:01:0B:99:0A:33:73:57:56:B4:FE:2F:3D:3C:26:71:DD:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_dbuAQuZCjNzV1a0_i89PCZx3Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/yC-t8qZKhj-xv3_ouiVT4nktvgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/2d1a35-ff8a-46b4-8c47-63c721cf1f56/1/_dbuAQuZCjNzV1a0_i89PCZx3Z0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a5c7:1300::/40

    Signature Algorithm: sha256WithRSAEncryption
         ae:c4:60:19:c2:90:bb:93:50:18:40:01:35:b0:de:9f:87:9e:
         20:e1:a8:18:2d:a4:14:af:a9:3e:e9:9a:fc:a2:92:75:a7:58:
         6c:6e:97:80:61:30:a0:3d:ea:ec:0e:29:9c:a7:a7:54:3b:2b:
         6f:7a:ff:88:b1:0c:05:a7:8d:99:07:ff:8d:ba:02:a2:cd:e2:
         fe:7c:2f:68:87:d5:80:7e:25:ff:67:08:33:88:4b:d1:7c:09:
         8e:08:a5:07:82:0f:4c:bd:ff:9c:b2:47:68:f7:49:5e:6d:19:
         d1:2a:dc:62:36:a2:d5:b8:f4:f8:a4:c6:4d:37:5d:21:ab:cd:
         98:5c:38:7f:6b:96:d3:48:ca:b4:db:06:23:91:18:b7:9a:2c:
         22:c1:5e:73:d5:01:5e:68:47:4c:26:9b:c6:a1:5b:1b:7a:8e:
         c1:d4:71:15:fd:9e:0c:f7:93:f2:42:56:cf:cb:98:26:43:88:
         b7:f4:29:be:96:0f:4d:c8:dc:10:cf:d0:fc:8d:01:ae:e2:80:
         c6:65:79:d3:8f:1c:95:01:12:68:14:5a:4d:bf:bc:35:ab:a1:
         c2:4b:b8:c1:ab:2b:8e:0f:b2:22:e2:33:57:89:f1:9c:ad:28:
         a5:f3:fa:1b:16:94:6a:03:61:84:b2:00:cf:8a:99:cb:bc:c8:
         dc:66:4e:e4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzJTdMK6FRFouIbFHqe5zGLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkZDZlZTAxMGI5OTBhMzM3MzU3NTZiNGZlMmYzZDNjMjY3
MWRkOWQwHhcNMjQwMTAyMDgzMjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODJmYWRmMmE2NGE4NjNmYjFiZjdmZThiYTI1NTNlMjc5MmRiZTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi145ioUdQ/ysxaPBvSlnYkyNU7Hy
sT3v5d+X6vqBKrNArJNCyJR95iUQOtcBNRLNN7sPjyVR26Cj+gAvb784kERtRpJk
hwUJPtreY3x4rUDv2VZhrA2W6Ewae4FUF7XKv33wKBgCKHgIqtFF9ixW1vqB7dfF
JBFtWzUR5i9xhu88hsm/0HLEnIvGoONIgLesBHMRmf+i/unAX6zjO0cyzQZHm/F9
UhvQEtohYa8yTJeTK+uvcygDNj737s9MgI4ycUp8xxVBvAElfmymXNFHvr5JyEBG
xxJL+OLXCKGPDj2DxYZpCzrYZ1fxSmK8rY3L/SLPL7+3NI8NFzUrHnyQnwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMgvrfKmSoY/sb9/6LolU+J5Lb4LMB8GA1UdIwQY
MBaAFP3W7gELmQozc1dWtP4vPTwmcd2dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDct
NjNjNzIxY2YxZjU2LzEveUMtdDhxWktoai14djNfb3VpVlQ0bmt0dmdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS8yZDFhMzUtZmY4YS00NmI0LThjNDctNjNjNzIxY2YxZjU2
LzEvX2RidUFRdVpDak56VjFhMF9pODlQQ1p4M1owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhOlxxMw
DQYJKoZIhvcNAQELBQADggEBAK7EYBnCkLuTUBhAATWw3p+HniDhqBgtpBSvqT7p
mvyiknWnWGxul4BhMKA96uwOKZynp1Q7K296/4ixDAWnjZkH/426AqLN4v58L2iH
1YB+Jf9nCDOIS9F8CY4IpQeCD0y9/5yyR2j3SV5tGdEq3GI2otW49Pikxk03XSGr
zZhcOH9rltNIyrTbBiORGLeaLCLBXnPVAV5oR0wmm8ahWxt6jsHUcRX9ngz3k/JC
Vs/LmCZDiLf0Kb6WD03I3BDP0PyNAa7igMZledOPHJUBEmgUWk2/vDWrocJLuMGr
K44PsiLiM1eJ8ZytKKXz+hsWlGoDYYSyAM+Kmcu8yNxmTuQ=
-----END CERTIFICATE-----