Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/cfed0d-0fb0-4598-b365-65096dbcac30/1/sU01qWt28hAz_qgW-HjVZRaA3uQ.roa
File:                     sU01qWt28hAz_qgW-HjVZRaA3uQ.roa (raw, json)
Hash identifier:          B+5K+gy9Zm7LD+sZEXQdr/SPEgQC+jEhrwGKkMlT+Mo=
Subject key identifier:   B1:4D:35:A9:6B:76:F2:10:33:FE:A8:16:F8:78:D5:65:16:80:DE:E4
Certificate issuer:       /CN=a32b618b508ec1365372c2aa675f3601293cc624
Certificate serial:       018CC4934D4D296BB127DA10B78ED6B0E656
Authority key identifier: A3:2B:61:8B:50:8E:C1:36:53:72:C2:AA:67:5F:36:01:29:3C:C6:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oythi1COwTZTcsKqZ182ASk8xiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/cfed0d-0fb0-4598-b365-65096dbcac30/1/sU01qWt28hAz_qgW-HjVZRaA3uQ.roa
Signing time:             Mon 01 Jan 2024 10:30:37 +0000
ROA not before:           Mon 01 Jan 2024 10:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58192
IP address blocks:        2a13:6340::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/cfed0d-0fb0-4598-b365-65096dbcac30/1/oythi1COwTZTcsKqZ182ASk8xiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/cfed0d-0fb0-4598-b365-65096dbcac30/1/oythi1COwTZTcsKqZ182ASk8xiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oythi1COwTZTcsKqZ182ASk8xiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:4d:4d:29:6b:b1:27:da:10:b7:8e:d6:b0:e6:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a32b618b508ec1365372c2aa675f3601293cc624
        Validity
            Not Before: Jan  1 10:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b14d35a96b76f21033fea816f878d5651680dee4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:56:1c:35:9e:a8:65:7e:06:21:3a:4f:e9:e1:
                    34:49:e9:0a:53:b3:74:ae:da:a5:b5:0c:f9:ed:a0:
                    b4:94:64:1f:2e:35:03:24:33:0f:c2:3d:b3:96:b8:
                    2b:e0:cc:69:50:18:22:d9:81:d2:ab:1e:68:dc:40:
                    bc:76:f1:c7:79:b2:47:2e:3d:19:a3:51:59:ba:ee:
                    b8:f2:61:21:5f:c4:b9:bb:b9:53:35:7b:d9:1e:a1:
                    ae:d2:ee:12:27:9d:0b:6a:a2:d5:fd:b8:a8:22:38:
                    62:c0:d0:8c:b8:76:6c:78:a7:86:46:6f:18:65:c0:
                    13:1c:a1:15:7c:c5:fc:55:dc:30:23:22:db:d4:ce:
                    10:ba:ea:95:16:8d:58:04:01:bf:c3:1a:86:86:64:
                    a2:59:6b:da:52:57:cd:60:33:b9:73:2e:4a:d7:b4:
                    af:c9:94:d0:62:2d:a1:9b:44:9b:a1:bc:f4:7f:34:
                    de:c9:a7:9c:dc:f9:80:3c:46:e7:81:60:72:d3:89:
                    f8:b4:6b:a8:ae:58:ae:98:93:f2:b3:69:fc:be:9d:
                    d7:2e:8e:9d:a2:40:f4:0a:14:72:7e:b9:02:95:65:
                    47:32:a0:fc:23:d6:96:e4:d2:15:93:93:9d:96:6c:
                    5d:cd:7b:7b:16:53:d1:06:13:47:69:0d:cb:7f:ae:
                    1c:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:4D:35:A9:6B:76:F2:10:33:FE:A8:16:F8:78:D5:65:16:80:DE:E4
            X509v3 Authority Key Identifier:
                keyid:A3:2B:61:8B:50:8E:C1:36:53:72:C2:AA:67:5F:36:01:29:3C:C6:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oythi1COwTZTcsKqZ182ASk8xiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cfed0d-0fb0-4598-b365-65096dbcac30/1/sU01qWt28hAz_qgW-HjVZRaA3uQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cfed0d-0fb0-4598-b365-65096dbcac30/1/oythi1COwTZTcsKqZ182ASk8xiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:6340::/29

    Signature Algorithm: sha256WithRSAEncryption
         74:25:45:e0:d5:71:ef:ab:d8:6f:d1:5e:69:a3:17:32:96:90:
         8e:2a:f7:0b:e9:7f:2d:ba:38:a2:e3:fc:c7:49:2e:8b:17:06:
         2a:a5:ab:7e:e1:85:f2:47:ba:de:c7:dc:cf:21:81:cb:2c:b0:
         8e:2a:24:a2:e7:2c:53:f4:4c:f2:9a:98:a9:d0:e0:d7:bf:ad:
         19:c5:2c:80:21:f5:4f:6f:d3:07:e7:bd:45:d6:99:6c:9b:be:
         67:d8:06:94:55:4b:a0:7a:0d:4b:b0:a9:6a:ec:14:c8:5e:42:
         24:96:24:a4:3f:2d:69:1f:d7:69:c4:e8:ed:22:af:43:03:e4:
         e0:22:c3:07:e0:5a:0b:c3:2f:f2:52:e7:17:a3:20:38:54:c1:
         a7:a1:e9:99:fc:8c:0f:ec:ea:e0:ec:4a:3d:85:06:80:98:58:
         2b:ea:50:18:54:90:56:ec:76:24:42:72:a7:84:77:89:70:95:
         14:2b:0f:4b:7f:3b:3a:48:35:2f:69:8c:68:76:e0:06:e3:45:
         70:3f:0f:1e:5b:a5:9e:5a:94:89:9c:d3:fb:44:61:0b:11:f8:
         4e:60:a3:7c:34:ad:39:04:33:94:28:41:b2:93:ab:94:3d:61:
         21:78:7d:82:37:8a:f6:84:2e:47:f1:eb:64:62:66:79:ab:d0:
         e3:37:28:ad
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEk01NKWuxJ9oQt47WsOZWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzMmI2MThiNTA4ZWMxMzY1MzcyYzJhYTY3NWYzNjAxMjkz
Y2M2MjQwHhcNMjQwMTAxMTAzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTRkMzVhOTZiNzZmMjEwMzNmZWE4MTZmODc4ZDU2NTE2ODBkZWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFYcNZ6oZX4GITpP6eE0SekKU7N0
rtqltQz57aC0lGQfLjUDJDMPwj2zlrgr4MxpUBgi2YHSqx5o3EC8dvHHebJHLj0Z
o1FZuu648mEhX8S5u7lTNXvZHqGu0u4SJ50LaqLV/bioIjhiwNCMuHZseKeGRm8Y
ZcATHKEVfMX8VdwwIyLb1M4QuuqVFo1YBAG/wxqGhmSiWWvaUlfNYDO5cy5K17Sv
yZTQYi2hm0Sbobz0fzTeyaec3PmAPEbngWBy04n4tGuorliumJPys2n8vp3XLo6d
okD0ChRyfrkClWVHMqD8I9aW5NIVk5OdlmxdzXt7FlPRBhNHaQ3Lf64c/wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLFNNalrdvIQM/6oFvh41WUWgN7kMB8GA1UdIwQY
MBaAFKMrYYtQjsE2U3LCqmdfNgEpPMYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3l0aGkxQ093VFpUY3NLcVoxODJBU2s4eGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9jZmVkMGQtMGZiMC00NTk4LWIzNjUt
NjUwOTZkYmNhYzMwLzEvc1UwMXFXdDI4aEF6X3FnVy1IalZaUmFBM3VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9jZmVkMGQtMGZiMC00NTk4LWIzNjUtNjUwOTZkYmNhYzMw
LzEvb3l0aGkxQ093VFpUY3NLcVoxODJBU2s4eGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhNjQDAN
BgkqhkiG9w0BAQsFAAOCAQEAdCVF4NVx76vYb9FeaaMXMpaQjir3C+l/Lbo4ouP8
x0kuixcGKqWrfuGF8ke63sfczyGByyywjiokoucsU/RM8pqYqdDg17+tGcUsgCH1
T2/TB+e9RdaZbJu+Z9gGlFVLoHoNS7CpauwUyF5CJJYkpD8taR/XacTo7SKvQwPk
4CLDB+BaC8Mv8lLnF6MgOFTBp6HpmfyMD+zq4OxKPYUGgJhYK+pQGFSQVux2JEJy
p4R3iXCVFCsPS387Okg1L2mMaHbgBuNFcD8PHlulnlqUiZzT+0RhCxH4TmCjfDSt
OQQzlChBspOrlD1hIXh9gjeK9oQuR/HrZGJmeavQ4zcorQ==
-----END CERTIFICATE-----