Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/bf748d-c4ca-4fd1-a59d-4060f211f3c3/1/K0kDLSeTMooiIsssDwtZcRIbtCA.roa
File:                     K0kDLSeTMooiIsssDwtZcRIbtCA.roa (raw, json)
Hash identifier:          UcGTWNV3rEJYX+KMdCuugvcO3fkWPPzSl7MTd2aiK/M=
Subject key identifier:   2B:49:03:2D:27:93:32:8A:22:22:CB:2C:0F:0B:59:71:12:1B:B4:20
Certificate issuer:       /CN=b453a2b3fb83d86c7806cc0660d829119d9375b4
Certificate serial:       018F1A322CD9ED74F99BA1B080F05C25378E
Authority key identifier: B4:53:A2:B3:FB:83:D8:6C:78:06:CC:06:60:D8:29:11:9D:93:75:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tFOis_uD2Gx4BswGYNgpEZ2TdbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/bf748d-c4ca-4fd1-a59d-4060f211f3c3/1/K0kDLSeTMooiIsssDwtZcRIbtCA.roa
Signing time:             Fri 26 Apr 2024 11:37:26 +0000
ROA not before:           Fri 26 Apr 2024 11:37:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47540
IP address blocks:        2a13:cfc0::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/bf748d-c4ca-4fd1-a59d-4060f211f3c3/1/tFOis_uD2Gx4BswGYNgpEZ2TdbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/bf748d-c4ca-4fd1-a59d-4060f211f3c3/1/tFOis_uD2Gx4BswGYNgpEZ2TdbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tFOis_uD2Gx4BswGYNgpEZ2TdbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:1a:32:2c:d9:ed:74:f9:9b:a1:b0:80:f0:5c:25:37:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b453a2b3fb83d86c7806cc0660d829119d9375b4
        Validity
            Not Before: Apr 26 11:37:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b49032d2793328a2222cb2c0f0b5971121bb420
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:a1:d8:a7:d7:8b:ba:e5:bf:cd:b0:fa:16:2b:
                    d6:fc:f1:3f:95:68:9a:a7:b1:47:48:2f:72:1c:08:
                    94:fe:33:5e:7f:98:df:93:1b:d8:fa:08:b6:d6:eb:
                    40:92:4c:fe:0f:8b:47:4d:82:9d:cd:19:35:45:de:
                    cc:d2:a8:74:21:ee:e8:04:16:aa:c4:63:9f:cb:0f:
                    03:38:78:20:2e:95:54:47:92:f1:87:d5:ea:fe:e9:
                    d3:4c:7d:d5:d3:98:b4:8c:3a:bb:66:d0:16:69:a5:
                    98:eb:67:c4:ee:bf:cb:a7:cb:77:aa:ad:92:57:72:
                    0d:2c:5d:82:13:98:7b:ce:03:0e:6e:68:00:ac:aa:
                    5b:8e:e2:97:25:ba:5b:d2:c9:9a:33:bf:a9:2b:be:
                    41:90:d9:e2:af:96:07:c8:89:a7:ec:e8:a6:59:08:
                    25:bf:7c:da:5a:b0:c1:17:f0:d7:63:11:fb:69:f6:
                    66:81:15:56:1f:3e:d0:d1:68:03:e8:4d:9b:19:5a:
                    45:b2:6e:1f:e3:ba:2f:bd:bd:4d:5a:00:25:6c:70:
                    7a:de:92:67:3d:ac:63:fe:8d:7a:52:05:c2:9b:82:
                    8f:66:d1:5c:30:12:96:46:3a:50:84:8d:65:21:ae:
                    bf:61:75:e9:7b:8c:bd:ab:67:27:c4:ad:fe:72:f2:
                    41:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:49:03:2D:27:93:32:8A:22:22:CB:2C:0F:0B:59:71:12:1B:B4:20
            X509v3 Authority Key Identifier:
                keyid:B4:53:A2:B3:FB:83:D8:6C:78:06:CC:06:60:D8:29:11:9D:93:75:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tFOis_uD2Gx4BswGYNgpEZ2TdbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/bf748d-c4ca-4fd1-a59d-4060f211f3c3/1/K0kDLSeTMooiIsssDwtZcRIbtCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/bf748d-c4ca-4fd1-a59d-4060f211f3c3/1/tFOis_uD2Gx4BswGYNgpEZ2TdbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:cfc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6a:48:06:62:93:ae:ed:59:02:d0:50:d8:1a:35:70:2e:25:61:
         77:83:0f:af:44:99:4b:0f:34:fd:9a:09:f8:f8:39:e2:00:be:
         00:26:a8:61:eb:07:c6:2f:f7:fb:4e:c8:65:76:a7:5b:31:98:
         25:96:dc:0e:dd:a3:fd:74:56:02:ca:23:99:e1:be:05:6f:5c:
         ba:a6:0a:aa:21:b0:aa:81:7e:cb:cf:94:25:23:5d:65:77:8c:
         c8:dd:d8:4b:f1:f6:48:28:b6:c7:ed:8c:bc:f5:d7:eb:8c:e2:
         af:37:f4:b9:a9:23:82:d1:dd:7f:31:47:10:72:6c:75:66:f3:
         30:bc:88:ee:d5:19:f0:85:05:7b:5d:c2:b1:27:7a:3c:25:88:
         8f:c4:2b:b2:f8:0f:57:1b:0d:63:2d:a3:5f:ff:88:fc:83:a3:
         fc:3a:e1:db:d2:d6:32:fb:58:ca:c2:f1:a2:bb:fe:c3:f1:18:
         4b:71:a3:75:c3:08:0d:a8:f5:a2:cc:09:12:9c:03:d5:79:69:
         3b:1b:7d:d8:bb:5c:7e:88:28:69:a7:9a:b5:7b:49:15:f6:dc:
         76:03:50:7a:e8:cf:25:50:25:d3:27:d3:1b:87:53:70:52:4d:
         7f:01:49:bf:59:92:04:b3:f6:52:74:be:3e:c0:15:57:f6:f7:
         8f:bd:ce:4b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY8aMizZ7XT5m6GwgPBcJTeOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NTNhMmIzZmI4M2Q4NmM3ODA2Y2MwNjYwZDgyOTExOWQ5
Mzc1YjQwHhcNMjQwNDI2MTEzNzI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjQ5MDMyZDI3OTMzMjhhMjIyMmNiMmMwZjBiNTk3MTEyMWJiNDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqHYp9eLuuW/zbD6FivW/PE/lWia
p7FHSC9yHAiU/jNef5jfkxvY+gi21utAkkz+D4tHTYKdzRk1Rd7M0qh0Ie7oBBaq
xGOfyw8DOHggLpVUR5Lxh9Xq/unTTH3V05i0jDq7ZtAWaaWY62fE7r/Lp8t3qq2S
V3INLF2CE5h7zgMObmgArKpbjuKXJbpb0smaM7+pK75BkNnir5YHyImn7OimWQgl
v3zaWrDBF/DXYxH7afZmgRVWHz7Q0WgD6E2bGVpFsm4f47ovvb1NWgAlbHB63pJn
Paxj/o16UgXCm4KPZtFcMBKWRjpQhI1lIa6/YXXpe4y9q2cnxK3+cvJB8QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCtJAy0nkzKKIiLLLA8LWXESG7QgMB8GA1UdIwQY
MBaAFLRTorP7g9hseAbMBmDYKRGdk3W0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEZPaXNfdUQyR3g0QnN3R1lOZ3BFWjJUZGJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9iZjc0OGQtYzRjYS00ZmQxLWE1OWQt
NDA2MGYyMTFmM2MzLzEvSzBrRExTZVRNb29pSXNzc0R3dFpjUklidENBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9iZjc0OGQtYzRjYS00ZmQxLWE1OWQtNDA2MGYyMTFmM2Mz
LzEvdEZPaXNfdUQyR3g0QnN3R1lOZ3BFWjJUZGJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPPwDAN
BgkqhkiG9w0BAQsFAAOCAQEAakgGYpOu7VkC0FDYGjVwLiVhd4MPr0SZSw80/ZoJ
+Pg54gC+ACaoYesHxi/3+07IZXanWzGYJZbcDt2j/XRWAsojmeG+BW9cuqYKqiGw
qoF+y8+UJSNdZXeMyN3YS/H2SCi2x+2MvPXX64zirzf0uakjgtHdfzFHEHJsdWbz
MLyI7tUZ8IUFe13CsSd6PCWIj8QrsvgPVxsNYy2jX/+I/IOj/Drh29LWMvtYysLx
orv+w/EYS3GjdcMIDaj1oswJEpwD1XlpOxt92LtcfogoaaeatXtJFfbcdgNQeujP
JVAl0yfTG4dTcFJNfwFJv1mSBLP2UnS+PsAVV/b3j73OSw==
-----END CERTIFICATE-----