Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/a0fae1-40ee-4191-b2d4-eaa090514b52/1/RDars2a4jFjowl5EqwW1ugr_uAg.roa
File:                     RDars2a4jFjowl5EqwW1ugr_uAg.roa (raw, json)
Hash identifier:          ZiFY14W+6RNn1Nce29J58CwoxftsQmRdrOmaBqu8D8Y=
Subject key identifier:   44:36:AB:B3:66:B8:8C:58:E8:C2:5E:44:AB:05:B5:BA:0A:FF:B8:08
Certificate issuer:       /CN=382e533033b3ce95e4972bf2382ddac293c2dc01
Certificate serial:       018CC4246229D4EAC43319128D4B7845E06F
Authority key identifier: 38:2E:53:30:33:B3:CE:95:E4:97:2B:F2:38:2D:DA:C2:93:C2:DC:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OC5TMDOzzpXklyvyOC3awpPC3AE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/a0fae1-40ee-4191-b2d4-eaa090514b52/1/RDars2a4jFjowl5EqwW1ugr_uAg.roa
Signing time:             Mon 01 Jan 2024 08:29:27 +0000
ROA not before:           Mon 01 Jan 2024 08:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201148
IP address blocks:        2a13:3f40::/29 maxlen: 29
                          2a13:3f40:1000::/48 maxlen: 48
                          2a13:3f40:1001::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/a0fae1-40ee-4191-b2d4-eaa090514b52/1/OC5TMDOzzpXklyvyOC3awpPC3AE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/a0fae1-40ee-4191-b2d4-eaa090514b52/1/OC5TMDOzzpXklyvyOC3awpPC3AE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OC5TMDOzzpXklyvyOC3awpPC3AE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:62:29:d4:ea:c4:33:19:12:8d:4b:78:45:e0:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=382e533033b3ce95e4972bf2382ddac293c2dc01
        Validity
            Not Before: Jan  1 08:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4436abb366b88c58e8c25e44ab05b5ba0affb808
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:e2:87:c2:79:69:02:44:d2:fb:59:f5:5f:ff:
                    a8:0b:83:41:00:f3:73:32:b4:71:c3:95:a5:2c:09:
                    5c:40:75:17:3f:e3:93:9d:d2:38:2a:32:23:aa:fa:
                    5e:fc:7a:9d:e8:64:3d:ac:7b:0d:a7:f9:46:b2:8d:
                    7b:3f:96:b3:4e:f9:5a:4d:42:87:db:64:54:2b:28:
                    1d:10:94:1d:3c:0d:7c:50:e8:e9:3f:f2:64:21:31:
                    ca:5f:32:38:08:27:7e:f3:57:69:12:26:f3:0d:fc:
                    ff:33:cb:b4:46:ee:28:ae:84:a3:5d:38:98:51:69:
                    d6:82:98:cb:97:48:69:e1:b6:58:fc:bd:cc:e7:6a:
                    3c:6e:8e:2e:7c:6c:30:51:ab:38:32:20:ce:9c:78:
                    4d:d6:46:88:ae:57:ac:fe:f1:73:c2:cc:c6:e0:00:
                    2b:20:07:10:c8:1e:f5:eb:8e:98:31:49:d8:d1:f0:
                    5b:a9:87:6e:dd:85:81:e1:c0:4c:d9:b2:4f:c8:3f:
                    30:61:83:69:de:4a:e3:87:39:7a:1c:27:76:38:74:
                    72:82:6a:01:69:63:ad:d8:ea:f0:9b:7a:94:98:f0:
                    2d:df:d8:b0:e6:3b:14:b6:38:d2:84:f7:25:bc:f9:
                    f6:1a:01:11:4e:33:93:64:3e:bb:53:4c:e4:ea:1e:
                    06:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:36:AB:B3:66:B8:8C:58:E8:C2:5E:44:AB:05:B5:BA:0A:FF:B8:08
            X509v3 Authority Key Identifier:
                keyid:38:2E:53:30:33:B3:CE:95:E4:97:2B:F2:38:2D:DA:C2:93:C2:DC:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OC5TMDOzzpXklyvyOC3awpPC3AE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/a0fae1-40ee-4191-b2d4-eaa090514b52/1/RDars2a4jFjowl5EqwW1ugr_uAg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/a0fae1-40ee-4191-b2d4-eaa090514b52/1/OC5TMDOzzpXklyvyOC3awpPC3AE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:3f40::/29

    Signature Algorithm: sha256WithRSAEncryption
         b2:cc:52:66:75:96:9a:80:4f:be:b4:41:8b:ba:ca:88:fa:93:
         08:11:07:ac:6d:c5:5c:29:39:74:57:9e:7c:a2:05:27:43:dd:
         08:6e:f4:80:0e:eb:a6:f9:f3:5b:f2:a6:a5:df:c9:e3:91:9a:
         5f:08:7c:b4:c5:3b:4c:da:91:dc:f5:73:f6:57:93:92:08:c4:
         05:30:2e:96:cf:58:ad:f8:2a:db:56:ba:74:73:8e:01:3e:b0:
         58:bd:72:6a:15:9e:5e:7e:31:56:67:72:9b:e3:91:09:ed:e2:
         e2:8b:a1:a0:cf:47:11:51:6f:b0:b6:af:03:f7:91:68:8c:80:
         04:30:90:42:da:ee:d9:93:e2:fd:f4:37:73:e3:a3:a7:44:51:
         69:eb:00:f4:0f:44:4b:70:5c:a7:90:ec:bf:26:51:d8:95:c8:
         ac:92:ce:c4:81:6e:bb:89:b1:b7:c7:6a:94:a6:b3:63:31:1f:
         41:1c:d3:65:84:42:60:07:a6:d0:af:1a:d3:68:4d:f2:c4:21:
         5d:f9:47:2b:f1:b0:f8:7c:f6:dc:a9:b7:90:b2:3e:9c:ea:22:
         87:62:0e:7f:a0:a6:12:c8:ed:bf:28:81:4d:99:59:96:f5:c7:
         95:30:42:53:35:6e:ff:81:81:a3:6a:1d:b4:db:cd:3e:cd:8a:
         16:11:ca:e2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEJGIp1OrEMxkSjUt4ReBvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4MmU1MzMwMzNiM2NlOTVlNDk3MmJmMjM4MmRkYWMyOTNj
MmRjMDEwHhcNMjQwMTAxMDgyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDM2YWJiMzY2Yjg4YzU4ZThjMjVlNDRhYjA1YjViYTBhZmZiODA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiuKHwnlpAkTS+1n1X/+oC4NBAPNz
MrRxw5WlLAlcQHUXP+OTndI4KjIjqvpe/Hqd6GQ9rHsNp/lGso17P5azTvlaTUKH
22RUKygdEJQdPA18UOjpP/JkITHKXzI4CCd+81dpEibzDfz/M8u0Ru4oroSjXTiY
UWnWgpjLl0hp4bZY/L3M52o8bo4ufGwwUas4MiDOnHhN1kaIrles/vFzwszG4AAr
IAcQyB71646YMUnY0fBbqYdu3YWB4cBM2bJPyD8wYYNp3krjhzl6HCd2OHRygmoB
aWOt2Orwm3qUmPAt39iw5jsUtjjShPclvPn2GgERTjOTZD67U0zk6h4GfQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEQ2q7NmuIxY6MJeRKsFtboK/7gIMB8GA1UdIwQY
MBaAFDguUzAzs86V5Jcr8jgt2sKTwtwBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0M1VE1ET3p6cFhrbHl2eU9DM2F3cFBDM0FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9hMGZhZTEtNDBlZS00MTkxLWIyZDQt
ZWFhMDkwNTE0YjUyLzEvUkRhcnMyYTRqRmpvd2w1RXF3VzF1Z3JfdUFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9hMGZhZTEtNDBlZS00MTkxLWIyZDQtZWFhMDkwNTE0YjUy
LzEvT0M1VE1ET3p6cFhrbHl2eU9DM2F3cFBDM0FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhM/QDAN
BgkqhkiG9w0BAQsFAAOCAQEAssxSZnWWmoBPvrRBi7rKiPqTCBEHrG3FXCk5dFee
fKIFJ0PdCG70gA7rpvnzW/Kmpd/J45GaXwh8tMU7TNqR3PVz9leTkgjEBTAuls9Y
rfgq21a6dHOOAT6wWL1yahWeXn4xVmdym+ORCe3i4ouhoM9HEVFvsLavA/eRaIyA
BDCQQtru2ZPi/fQ3c+Ojp0RRaesA9A9ES3Bcp5DsvyZR2JXIrJLOxIFuu4mxt8dq
lKazYzEfQRzTZYRCYAem0K8a02hN8sQhXflHK/Gw+Hz23Km3kLI+nOoih2IOf6Cm
EsjtvyiBTZlZlvXHlTBCUzVu/4GBo2odtNvNPs2KFhHK4g==
-----END CERTIFICATE-----