Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/eCMOh9OxQO1cAAGB2vDV1F1DF4Q.roa
File:                     eCMOh9OxQO1cAAGB2vDV1F1DF4Q.roa (raw, json)
Hash identifier:          Y9zB3mVHqd6b5Jt2U95rM8h0+wMhhqcVdSkQ+IJkmns=
Subject key identifier:   78:23:0E:87:D3:B1:40:ED:5C:00:01:81:DA:F0:D5:D4:5D:43:17:84
Certificate issuer:       /CN=fc3ab55d57509cbfae798bd71aaa23b3444d8e5a
Certificate serial:       018FA01A8202EF451B6ABC8FB30C8161392E
Authority key identifier: FC:3A:B5:5D:57:50:9C:BF:AE:79:8B:D7:1A:AA:23:B3:44:4D:8E:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_Dq1XVdQnL-ueYvXGqojs0RNjlo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/eCMOh9OxQO1cAAGB2vDV1F1DF4Q.roa
Signing time:             Wed 22 May 2024 11:40:42 +0000
ROA not before:           Wed 22 May 2024 11:40:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198231
IP address blocks:        2a13:9240::/29 maxlen: 32
                          2a13:92c0::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/_Dq1XVdQnL-ueYvXGqojs0RNjlo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/_Dq1XVdQnL-ueYvXGqojs0RNjlo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_Dq1XVdQnL-ueYvXGqojs0RNjlo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a0:1a:82:02:ef:45:1b:6a:bc:8f:b3:0c:81:61:39:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc3ab55d57509cbfae798bd71aaa23b3444d8e5a
        Validity
            Not Before: May 22 11:40:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=78230e87d3b140ed5c000181daf0d5d45d431784
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:09:82:0e:2c:63:a3:bf:23:4f:e8:5c:c9:77:
                    fb:6d:5e:e3:d3:b8:de:7d:00:1d:32:b3:c7:fe:01:
                    cf:9a:51:19:f9:45:e5:89:6b:49:7f:f1:d2:e5:69:
                    64:b9:00:41:6d:59:e9:6b:71:a3:df:ed:27:12:9a:
                    0d:15:7e:e0:88:79:50:73:0f:8f:95:79:dd:6d:94:
                    ac:26:f6:18:2e:cf:bd:5e:46:4c:b6:d4:7e:4b:a1:
                    81:f4:18:e5:72:7c:a1:08:b5:1c:b6:3f:6c:f6:ba:
                    5c:b6:ff:a1:40:c8:e8:84:2d:f3:07:cf:c1:a4:93:
                    a3:0a:6b:bf:03:09:12:2e:a4:c6:f3:12:5c:2e:31:
                    f8:5a:e7:f3:92:65:74:87:ba:49:c8:d1:47:41:81:
                    25:ce:02:ec:06:18:84:7a:17:04:9c:03:03:5e:27:
                    36:61:40:2c:8d:d8:cf:73:7c:50:c6:d6:87:7c:3f:
                    cb:07:d7:b1:5b:3b:94:99:bc:ca:d5:6a:5d:f2:02:
                    b5:a6:24:fb:bd:94:67:1f:47:9e:45:14:4d:c4:c9:
                    e9:24:06:46:76:4d:27:87:ee:ec:fb:44:07:1c:ff:
                    7e:da:44:7d:83:4e:70:80:1e:cf:ce:85:ff:c5:c8:
                    73:a0:96:c1:02:78:a4:9b:cf:69:15:01:47:5b:cf:
                    2b:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:23:0E:87:D3:B1:40:ED:5C:00:01:81:DA:F0:D5:D4:5D:43:17:84
            X509v3 Authority Key Identifier:
                keyid:FC:3A:B5:5D:57:50:9C:BF:AE:79:8B:D7:1A:AA:23:B3:44:4D:8E:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_Dq1XVdQnL-ueYvXGqojs0RNjlo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/eCMOh9OxQO1cAAGB2vDV1F1DF4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/729da9-eb03-451b-bfef-0c45218e7981/1/_Dq1XVdQnL-ueYvXGqojs0RNjlo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9240::/29
                  2a13:92c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7e:ba:e8:74:be:f3:b7:30:a2:2b:f8:93:61:df:16:fc:ea:75:
         6a:c9:ee:a4:83:fa:29:8b:89:49:31:8a:a7:f1:67:1f:ac:11:
         13:5f:f3:2a:a6:20:7f:dd:0c:80:dd:f9:f3:25:3f:84:d0:e0:
         fa:fb:41:bd:6c:1c:57:bc:88:ff:4d:ee:93:bc:4a:ac:b3:d6:
         51:cf:b1:38:41:c9:80:4b:44:1f:66:d0:b1:ac:e7:fd:ce:c5:
         4e:7a:71:65:ae:34:6f:03:2b:1e:65:2b:85:38:d8:7f:fa:cd:
         ef:c4:d0:ba:29:f8:e0:33:b7:36:39:c1:ba:a8:16:4f:a6:e9:
         98:ed:f7:e9:91:12:08:e6:5f:4e:ba:fc:e7:7d:3f:9f:84:2b:
         9f:15:3b:58:6c:55:25:6c:a9:bf:4c:d0:d3:7e:4e:c9:dd:af:
         06:aa:32:c0:34:27:ac:b3:f7:1a:4d:66:10:72:40:c8:8b:3b:
         3a:22:1a:ef:5b:5c:8a:20:12:79:a1:51:b3:a4:94:d1:e6:2d:
         c0:9e:88:60:3a:10:59:c9:1d:e9:c6:74:67:44:bd:1c:9b:24:
         36:3c:5c:83:f6:f3:71:f3:67:84:2e:da:d7:e6:df:ce:f7:89:
         ec:ee:dd:b7:3c:e1:20:06:a6:36:33:ef:04:64:44:ae:f2:5d:
         e8:3e:06:8f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY+gGoIC70UbaryPswyBYTkuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjM2FiNTVkNTc1MDljYmZhZTc5OGJkNzFhYWEyM2IzNDQ0
ZDhlNWEwHhcNMjQwNTIyMTE0MDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODIzMGU4N2QzYjE0MGVkNWMwMDAxODFkYWYwZDVkNDVkNDMxNzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQmCDixjo78jT+hcyXf7bV7j07je
fQAdMrPH/gHPmlEZ+UXliWtJf/HS5WlkuQBBbVnpa3Gj3+0nEpoNFX7giHlQcw+P
lXndbZSsJvYYLs+9XkZMttR+S6GB9BjlcnyhCLUctj9s9rpctv+hQMjohC3zB8/B
pJOjCmu/AwkSLqTG8xJcLjH4WufzkmV0h7pJyNFHQYElzgLsBhiEehcEnAMDXic2
YUAsjdjPc3xQxtaHfD/LB9exWzuUmbzK1Wpd8gK1piT7vZRnH0eeRRRNxMnpJAZG
dk0nh+7s+0QHHP9+2kR9g05wgB7PzoX/xchzoJbBAnikm89pFQFHW88rewIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHgjDofTsUDtXAABgdrw1dRdQxeEMB8GA1UdIwQY
MBaAFPw6tV1XUJy/rnmL1xqqI7NETY5aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0RxMVhWZFFuTC11ZVl2WEdxb2pzMFJOamxvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC83MjlkYTktZWIwMy00NTFiLWJmZWYt
MGM0NTIxOGU3OTgxLzEvZUNNT2g5T3hRTzFjQUFHQjJ2RFYxRjFERjRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC83MjlkYTktZWIwMy00NTFiLWJmZWYtMGM0NTIxOGU3OTgx
LzEvX0RxMVhWZFFuTC11ZVl2WEdxb2pzMFJOamxvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhOSQAMF
AyoTksAwDQYJKoZIhvcNAQELBQADggEBAH666HS+87cwoiv4k2HfFvzqdWrJ7qSD
+imLiUkxiqfxZx+sERNf8yqmIH/dDIDd+fMlP4TQ4Pr7Qb1sHFe8iP9N7pO8Sqyz
1lHPsThByYBLRB9m0LGs5/3OxU56cWWuNG8DKx5lK4U42H/6ze/E0Lop+OAztzY5
wbqoFk+m6Zjt9+mREgjmX066/Od9P5+EK58VO1hsVSVsqb9M0NN+TsndrwaqMsA0
J6yz9xpNZhByQMiLOzoiGu9bXIogEnmhUbOklNHmLcCeiGA6EFnJHenGdGdEvRyb
JDY8XIP283HzZ4Qu2tfm3873iezu3bc84SAGpjYz7wRkRK7yXeg+Bo8=
-----END CERTIFICATE-----