Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/2b980a-1eb6-4808-8afa-3a5e18d00ddc/1/X8tgWYP5L9ZNuo60-ifVGDkJZBc.roa
File:                     X8tgWYP5L9ZNuo60-ifVGDkJZBc.roa (raw, json)
Hash identifier:          C970jpgZ+2cLWfLnnbx0w4ysLhHphHYlyLnafNz5f7k=
Subject key identifier:   5F:CB:60:59:83:F9:2F:D6:4D:BA:8E:B4:FA:27:D5:18:39:09:64:17
Certificate issuer:       /CN=9568c6005b2840ab7bf8a3ad72a1751d0db29b9c
Certificate serial:       01917A4AB7117A5D0E7661CA430EFB0B5DAA
Authority key identifier: 95:68:C6:00:5B:28:40:AB:7B:F8:A3:AD:72:A1:75:1D:0D:B2:9B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lWjGAFsoQKt7-KOtcqF1HQ2ym5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/2b980a-1eb6-4808-8afa-3a5e18d00ddc/1/X8tgWYP5L9ZNuo60-ifVGDkJZBc.roa
Signing time:             Thu 22 Aug 2024 13:33:22 +0000
ROA not before:           Thu 22 Aug 2024 13:33:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210820
IP address blocks:        2a13:ef80::/48 maxlen: 48
                          2a13:ef80:2::/48 maxlen: 48
                          2a13:ef80:3::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/2b980a-1eb6-4808-8afa-3a5e18d00ddc/1/lWjGAFsoQKt7-KOtcqF1HQ2ym5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/2b980a-1eb6-4808-8afa-3a5e18d00ddc/1/lWjGAFsoQKt7-KOtcqF1HQ2ym5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lWjGAFsoQKt7-KOtcqF1HQ2ym5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:7a:4a:b7:11:7a:5d:0e:76:61:ca:43:0e:fb:0b:5d:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9568c6005b2840ab7bf8a3ad72a1751d0db29b9c
        Validity
            Not Before: Aug 22 13:33:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5fcb605983f92fd64dba8eb4fa27d51839096417
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:35:44:1a:2b:1b:ad:69:19:22:dd:06:2e:a9:
                    91:df:90:be:2e:81:d6:34:9a:2e:73:08:e9:d0:10:
                    4d:ec:86:88:07:70:b2:fe:26:87:99:b0:71:6f:26:
                    79:89:ab:2f:7b:ee:1e:57:b2:08:49:e2:db:30:b2:
                    37:e4:aa:77:18:33:3c:dc:77:c3:e8:1c:af:6d:96:
                    46:7a:55:14:a7:27:4e:15:f1:34:fd:ec:70:89:aa:
                    e6:01:fa:a5:c4:40:39:ab:16:8c:dc:39:32:fe:0a:
                    a4:10:5b:17:c3:0d:ef:d2:0e:5f:0e:98:ba:08:df:
                    9f:e5:fa:6e:fa:47:65:e0:06:e2:ec:10:6c:87:8a:
                    84:98:fe:09:23:0e:8a:ce:ca:ef:36:0e:99:9d:eb:
                    b3:b4:f6:7e:dc:d0:a1:24:f7:99:a4:75:20:ab:02:
                    0f:36:40:c1:f7:b8:c0:08:af:0a:82:4d:69:44:84:
                    f2:62:37:db:ce:69:32:75:34:9f:e7:9e:23:72:f8:
                    a6:3b:e3:2c:34:d8:98:4d:bd:86:fb:b9:d9:5f:92:
                    5f:d8:99:5a:1d:e9:dd:7d:39:f5:b1:f9:ef:e2:42:
                    19:f7:dc:a8:db:80:f6:8e:64:cb:71:21:84:ed:36:
                    4e:56:9f:fa:b2:99:11:0f:1d:0c:bb:ea:b3:d1:67:
                    95:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:CB:60:59:83:F9:2F:D6:4D:BA:8E:B4:FA:27:D5:18:39:09:64:17
            X509v3 Authority Key Identifier:
                keyid:95:68:C6:00:5B:28:40:AB:7B:F8:A3:AD:72:A1:75:1D:0D:B2:9B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lWjGAFsoQKt7-KOtcqF1HQ2ym5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/2b980a-1eb6-4808-8afa-3a5e18d00ddc/1/X8tgWYP5L9ZNuo60-ifVGDkJZBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/2b980a-1eb6-4808-8afa-3a5e18d00ddc/1/lWjGAFsoQKt7-KOtcqF1HQ2ym5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:ef80::/48
                  2a13:ef80:2::/47

    Signature Algorithm: sha256WithRSAEncryption
         05:b9:37:21:2f:92:25:85:36:c9:a4:f1:45:70:7b:55:1c:16:
         ee:64:8a:4e:36:e4:60:19:85:aa:cc:95:62:eb:ff:92:a4:6a:
         df:73:2b:85:b9:9d:c0:d5:bd:dc:4c:9f:f4:ba:eb:5b:a2:86:
         84:ea:21:fe:2d:5b:da:3c:97:32:fe:6e:c9:c8:63:ce:4e:35:
         72:7e:96:f8:d7:94:25:a1:93:ac:39:4b:13:18:ca:39:88:e0:
         e9:67:67:52:3e:ad:96:39:ec:4e:e7:9c:27:6e:0d:81:2c:80:
         d5:78:60:b1:13:e7:af:6d:4e:f4:bb:45:49:4e:e9:67:e1:6e:
         a6:a7:e0:32:69:95:1e:15:b4:1e:4b:5c:d2:86:76:29:9b:af:
         1a:2b:a5:4c:09:bc:30:1b:b8:b6:77:0a:cd:c9:44:4f:61:d3:
         20:a2:b7:63:c5:0b:62:c3:cd:34:36:1c:ec:0e:1b:43:d9:7c:
         c7:a2:69:84:53:da:f6:df:7d:8c:75:36:bd:0c:9a:f0:29:81:
         3e:6f:88:53:8f:70:49:36:62:79:1f:51:e3:04:c4:30:18:52:
         9c:ae:84:75:20:71:e5:06:53:31:36:9c:3c:01:3d:56:e3:e2:
         e3:ec:1b:88:09:07:e1:85:df:e6:08:59:ff:bb:5b:9f:39:3a:
         fe:57:47:63
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZF6SrcRel0OdmHKQw77C12qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1NjhjNjAwNWIyODQwYWI3YmY4YTNhZDcyYTE3NTFkMGRi
MjliOWMwHhcNMjQwODIyMTMzMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmNiNjA1OTgzZjkyZmQ2NGRiYThlYjRmYTI3ZDUxODM5MDk2NDE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzDVEGisbrWkZIt0GLqmR35C+LoHW
NJoucwjp0BBN7IaIB3Cy/iaHmbBxbyZ5iasve+4eV7IISeLbMLI35Kp3GDM83HfD
6ByvbZZGelUUpydOFfE0/exwiarmAfqlxEA5qxaM3Dky/gqkEFsXww3v0g5fDpi6
CN+f5fpu+kdl4Abi7BBsh4qEmP4JIw6KzsrvNg6ZneuztPZ+3NChJPeZpHUgqwIP
NkDB97jACK8Kgk1pRITyYjfbzmkydTSf554jcvimO+MsNNiYTb2G+7nZX5Jf2Jla
HendfTn1sfnv4kIZ99yo24D2jmTLcSGE7TZOVp/6spkRDx0Mu+qz0WeVnwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFF/LYFmD+S/WTbqOtPon1Rg5CWQXMB8GA1UdIwQY
MBaAFJVoxgBbKECre/ijrXKhdR0NspucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFdqR0FGc29RS3Q3LUtPdGNxRjFIUTJ5bTV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8yYjk4MGEtMWViNi00ODA4LThhZmEt
M2E1ZTE4ZDAwZGRjLzEvWDh0Z1dZUDVMOVpOdW82MC1pZlZHRGtKWkJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8yYjk4MGEtMWViNi00ODA4LThhZmEtM2E1ZTE4ZDAwZGRj
LzEvbFdqR0FGc29RS3Q3LUtPdGNxRjFIUTJ5bTV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhPvgAAA
AwcBKhPvgAACMA0GCSqGSIb3DQEBCwUAA4IBAQAFuTchL5IlhTbJpPFFcHtVHBbu
ZIpONuRgGYWqzJVi6/+SpGrfcyuFuZ3A1b3cTJ/0uutbooaE6iH+LVvaPJcy/m7J
yGPOTjVyfpb415QloZOsOUsTGMo5iODpZ2dSPq2WOexO55wnbg2BLIDVeGCxE+ev
bU70u0VJTuln4W6mp+AyaZUeFbQeS1zShnYpm68aK6VMCbwwG7i2dwrNyURPYdMg
ordjxQtiw800NhzsDhtD2XzHommEU9r2332MdTa9DJrwKYE+b4hTj3BJNmJ5H1Hj
BMQwGFKcroR1IHHlBlMxNpw8AT1W4+Lj7BuICQfhhd/mCFn/u1ufOTr+V0dj
-----END CERTIFICATE-----