Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/7f1971-3962-497b-b9f0-a2f4c950e04b/1/k_JvCYzkACIgYbiu1vlEv4IKLMo.roa
File:                     k_JvCYzkACIgYbiu1vlEv4IKLMo.roa (raw, json)
Hash identifier:          D9MbLrINnICIGaKkEqghGJJ4WVv/Ufu90QZ7rfRFAq8=
Subject key identifier:   93:F2:6F:09:8C:E4:00:22:20:61:B8:AE:D6:F9:44:BF:82:0A:2C:CA
Certificate issuer:       /CN=1f8505e3c1c03ece4860e4eb47cef1dfc910666f
Certificate serial:       018DC64FE1E247E2E914F848067D9F3A12DA
Authority key identifier: 1F:85:05:E3:C1:C0:3E:CE:48:60:E4:EB:47:CE:F1:DF:C9:10:66:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H4UF48HAPs5IYOTrR87x38kQZm8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/7f1971-3962-497b-b9f0-a2f4c950e04b/1/k_JvCYzkACIgYbiu1vlEv4IKLMo.roa
Signing time:             Tue 20 Feb 2024 11:39:00 +0000
ROA not before:           Tue 20 Feb 2024 11:39:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199631
IP address blocks:        2a13:ab00::/29 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/7f1971-3962-497b-b9f0-a2f4c950e04b/1/H4UF48HAPs5IYOTrR87x38kQZm8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/7f1971-3962-497b-b9f0-a2f4c950e04b/1/H4UF48HAPs5IYOTrR87x38kQZm8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H4UF48HAPs5IYOTrR87x38kQZm8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c6:4f:e1:e2:47:e2:e9:14:f8:48:06:7d:9f:3a:12:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1f8505e3c1c03ece4860e4eb47cef1dfc910666f
        Validity
            Not Before: Feb 20 11:39:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=93f26f098ce400222061b8aed6f944bf820a2cca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:bb:de:d5:fe:e1:02:a8:02:1d:8c:8e:b4:e8:
                    53:4e:4c:4a:44:38:54:d8:8e:95:f6:d1:e1:85:f9:
                    b0:1e:05:e7:5e:5e:1f:88:cf:0e:df:4c:63:a5:90:
                    90:57:cd:79:2b:3f:d7:fb:f8:46:77:e0:f1:a2:03:
                    38:6e:43:d1:4a:c8:1a:c0:0c:35:ea:3b:09:a1:64:
                    d7:1f:75:2d:b1:38:ef:15:09:ca:25:cb:c3:3e:9e:
                    d6:82:3c:38:fb:ec:92:1d:98:fa:27:15:62:96:c9:
                    71:7f:02:5c:c5:15:73:77:b8:ee:c3:30:7f:0d:44:
                    b4:17:00:c1:fa:24:10:3c:70:5a:8a:6b:e1:d9:ab:
                    a3:24:72:dc:db:39:75:5d:9e:39:e6:b8:f1:1b:5c:
                    c3:f3:76:ec:24:88:a4:21:00:7c:1b:93:9f:dd:52:
                    f1:60:e2:4d:97:17:ae:1b:93:b7:46:7e:64:50:dc:
                    01:ea:eb:ca:19:25:47:0a:62:20:66:26:ed:04:a4:
                    5a:d5:60:69:1a:f6:0f:40:61:22:f4:7f:9d:29:0a:
                    93:94:93:3c:39:a6:72:d6:cb:00:a7:43:53:b6:b4:
                    01:25:78:36:1d:3d:94:b8:7c:d0:ec:28:53:3f:b6:
                    5c:75:a2:42:da:c5:c2:c1:dd:5a:f3:ca:9f:4e:a3:
                    23:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:F2:6F:09:8C:E4:00:22:20:61:B8:AE:D6:F9:44:BF:82:0A:2C:CA
            X509v3 Authority Key Identifier:
                keyid:1F:85:05:E3:C1:C0:3E:CE:48:60:E4:EB:47:CE:F1:DF:C9:10:66:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H4UF48HAPs5IYOTrR87x38kQZm8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/7f1971-3962-497b-b9f0-a2f4c950e04b/1/k_JvCYzkACIgYbiu1vlEv4IKLMo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/7f1971-3962-497b-b9f0-a2f4c950e04b/1/H4UF48HAPs5IYOTrR87x38kQZm8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:ab00::/29

    Signature Algorithm: sha256WithRSAEncryption
         1e:b6:e3:cd:ad:66:45:3a:76:10:14:58:7d:5a:82:1a:1a:fd:
         92:3a:71:c2:c2:6b:66:b1:28:d2:57:70:76:fb:04:b4:7e:7c:
         ee:53:69:5c:24:26:ee:08:4d:3c:44:cc:cd:2f:1d:f7:94:9a:
         8f:c9:dd:3f:f1:84:74:63:c1:b6:de:db:37:77:8e:4a:18:36:
         b3:16:cb:7c:b9:1e:59:01:b0:c9:98:71:78:d5:15:9f:b8:39:
         4d:b9:e0:ae:01:dd:28:61:9f:d5:0c:e8:5e:68:62:3b:f4:8d:
         6b:df:97:4f:f3:ac:cd:59:29:1d:4e:34:e6:7e:20:93:79:e5:
         4f:6c:f7:7f:62:cd:29:3b:e0:f8:aa:15:35:5f:78:29:75:89:
         ce:ed:9e:ef:6d:52:63:9a:e6:83:df:cb:83:8a:1b:c5:33:da:
         e8:22:ce:be:48:3c:79:79:84:67:78:e7:f8:17:34:79:2a:a1:
         ac:3d:49:d0:58:53:a2:72:d4:6f:5b:6c:67:3e:74:6e:e4:8a:
         83:f4:8a:f3:27:9d:ab:75:21:3a:aa:6b:cd:bd:1a:24:56:ae:
         f5:43:da:35:97:31:53:96:ad:c1:10:42:65:b1:13:6e:94:7a:
         ea:bb:8a:83:c1:e6:ff:39:14:a4:9f:b4:76:c6:49:6a:fe:a8:
         9f:7c:97:59
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY3GT+HiR+LpFPhIBn2fOhLaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmODUwNWUzYzFjMDNlY2U0ODYwZTRlYjQ3Y2VmMWRmYzkx
MDY2NmYwHhcNMjQwMjIwMTEzOTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2YyNmYwOThjZTQwMDIyMjA2MWI4YWVkNmY5NDRiZjgyMGEyY2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjrve1f7hAqgCHYyOtOhTTkxKRDhU
2I6V9tHhhfmwHgXnXl4fiM8O30xjpZCQV815Kz/X+/hGd+DxogM4bkPRSsgawAw1
6jsJoWTXH3UtsTjvFQnKJcvDPp7Wgjw4++ySHZj6JxVilslxfwJcxRVzd7juwzB/
DUS0FwDB+iQQPHBaimvh2aujJHLc2zl1XZ455rjxG1zD83bsJIikIQB8G5Of3VLx
YOJNlxeuG5O3Rn5kUNwB6uvKGSVHCmIgZibtBKRa1WBpGvYPQGEi9H+dKQqTlJM8
OaZy1ssAp0NTtrQBJXg2HT2UuHzQ7ChTP7ZcdaJC2sXCwd1a88qfTqMjGwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJPybwmM5AAiIGG4rtb5RL+CCizKMB8GA1UdIwQY
MBaAFB+FBePBwD7OSGDk60fO8d/JEGZvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDRVRjQ4SEFQczVJWU9UclI4N3gzOGtRWm04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ZjE5NzEtMzk2Mi00OTdiLWI5ZjAt
YTJmNGM5NTBlMDRiLzEva19KdkNZemtBQ0lnWWJpdTF2bEV2NElLTE1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ZjE5NzEtMzk2Mi00OTdiLWI5ZjAtYTJmNGM5NTBlMDRi
LzEvSDRVRjQ4SEFQczVJWU9UclI4N3gzOGtRWm04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhOrADAN
BgkqhkiG9w0BAQsFAAOCAQEAHrbjza1mRTp2EBRYfVqCGhr9kjpxwsJrZrEo0ldw
dvsEtH587lNpXCQm7ghNPETMzS8d95Saj8ndP/GEdGPBtt7bN3eOShg2sxbLfLke
WQGwyZhxeNUVn7g5TbngrgHdKGGf1QzoXmhiO/SNa9+XT/OszVkpHU405n4gk3nl
T2z3f2LNKTvg+KoVNV94KXWJzu2e721SY5rmg9/Lg4obxTPa6CLOvkg8eXmEZ3jn
+Bc0eSqhrD1J0FhTonLUb1tsZz50buSKg/SK8yedq3UhOqprzb0aJFau9UPaNZcx
U5atwRBCZbETbpR66ruKg8Hm/zkUpJ+0dsZJav6on3yXWQ==
-----END CERTIFICATE-----