Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/3fdf85-565e-4f46-bc08-b3d10ed23fc0/1/ivMHVxPPruswvq1RIxWjZt_9WWM.roa
File:                     ivMHVxPPruswvq1RIxWjZt_9WWM.roa (raw, json)
Hash identifier:          0+iEuoS1EDKFzWR3l7BtVYwCYcTDqaBeUdW8vQGf2Z0=
Subject key identifier:   8A:F3:07:57:13:CF:AE:EB:30:BE:AD:51:23:15:A3:66:DF:FD:59:63
Certificate issuer:       /CN=79ab3bbb1677b2eb04d577cdae30d9570b8dde2e
Certificate serial:       0190A0F64D07F876F3B4399733D90AB81509
Authority key identifier: 79:AB:3B:BB:16:77:B2:EB:04:D5:77:CD:AE:30:D9:57:0B:8D:DE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eas7uxZ3susE1XfNrjDZVwuN3i4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/3fdf85-565e-4f46-bc08-b3d10ed23fc0/1/ivMHVxPPruswvq1RIxWjZt_9WWM.roa
Signing time:             Thu 11 Jul 2024 08:43:34 +0000
ROA not before:           Thu 11 Jul 2024 08:43:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53356
IP address blocks:        2a13:e240::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/3fdf85-565e-4f46-bc08-b3d10ed23fc0/1/eas7uxZ3susE1XfNrjDZVwuN3i4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/3fdf85-565e-4f46-bc08-b3d10ed23fc0/1/eas7uxZ3susE1XfNrjDZVwuN3i4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eas7uxZ3susE1XfNrjDZVwuN3i4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:a0:f6:4d:07:f8:76:f3:b4:39:97:33:d9:0a:b8:15:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79ab3bbb1677b2eb04d577cdae30d9570b8dde2e
        Validity
            Not Before: Jul 11 08:43:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8af3075713cfaeeb30bead512315a366dffd5963
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:3a:3a:18:38:68:d7:d6:75:6e:71:6a:32:0d:
                    d3:17:2f:bb:92:f5:56:39:e1:16:31:54:9b:75:a2:
                    3d:c4:ef:3d:18:14:ea:d6:41:c5:d5:6a:c0:b4:73:
                    29:54:0a:9b:e2:c0:fb:c8:25:00:97:bb:3f:ac:47:
                    70:3d:a1:9d:28:dd:57:59:65:c5:46:c8:6a:9e:d0:
                    8e:8c:76:cb:08:1a:3b:37:7f:0c:1b:50:6e:ba:f6:
                    8d:f5:f7:c2:2d:73:4b:bf:de:18:cc:93:90:12:e3:
                    b9:b2:eb:04:6a:e1:59:ae:56:54:a5:9d:ea:54:30:
                    d9:9b:1d:b8:83:82:6d:7e:87:cc:10:94:95:86:79:
                    a7:ae:60:8c:3b:97:b1:42:d9:b2:e8:77:7c:20:f9:
                    8c:fd:b3:92:1a:e6:a8:5b:99:1c:28:7e:00:4f:b7:
                    96:ed:a1:ec:f9:04:c8:0d:5b:f3:d2:c9:c9:f2:33:
                    6e:cf:0b:8d:3b:e9:4b:cb:ab:fb:f9:3f:5e:ef:50:
                    22:3b:5b:f9:c3:42:ea:57:81:d0:bb:e2:34:4d:77:
                    05:9e:31:2d:2b:fd:b7:39:b1:76:0c:a3:15:57:db:
                    a3:fe:61:06:8d:8f:8f:e6:bd:03:6f:87:68:10:14:
                    2a:43:0f:96:aa:22:1c:c2:c6:89:99:67:ea:19:f8:
                    6d:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:F3:07:57:13:CF:AE:EB:30:BE:AD:51:23:15:A3:66:DF:FD:59:63
            X509v3 Authority Key Identifier:
                keyid:79:AB:3B:BB:16:77:B2:EB:04:D5:77:CD:AE:30:D9:57:0B:8D:DE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eas7uxZ3susE1XfNrjDZVwuN3i4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/3fdf85-565e-4f46-bc08-b3d10ed23fc0/1/ivMHVxPPruswvq1RIxWjZt_9WWM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/3fdf85-565e-4f46-bc08-b3d10ed23fc0/1/eas7uxZ3susE1XfNrjDZVwuN3i4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:e240::/29

    Signature Algorithm: sha256WithRSAEncryption
         41:69:a6:0b:8e:6c:99:1e:83:da:67:e1:10:23:dd:c1:ee:02:
         5b:db:4e:ac:48:97:77:8f:8f:1b:a5:d0:0c:d5:44:14:24:d5:
         32:c9:0b:b7:54:4c:af:3a:11:85:80:fa:4f:2b:f8:ce:a2:60:
         73:40:0f:ec:1e:5d:07:01:b2:81:e3:e1:2d:34:84:3f:f1:10:
         55:95:5f:5c:bf:8e:90:2e:30:d1:79:81:ae:d9:9d:a4:63:54:
         da:ee:aa:1c:cc:8d:9d:4d:fa:2d:dc:83:6b:06:2c:c8:30:77:
         b0:9e:06:9b:6e:43:e3:a4:31:db:9a:7c:c6:13:82:94:1d:d8:
         f2:2a:a8:96:f1:6c:07:93:f2:69:20:b4:83:04:34:23:87:42:
         22:de:01:9d:9d:28:79:2d:b1:f4:4c:01:c6:ce:a1:38:5e:75:
         10:29:4c:a9:f5:60:8e:5e:7f:10:d6:a0:a4:ea:89:5d:7d:08:
         41:b2:05:ad:9c:9f:02:91:7b:bb:86:e7:38:50:e9:30:fc:4f:
         38:b6:f5:4a:b2:3d:42:8a:b0:25:56:a6:72:cd:62:49:80:5c:
         68:36:69:b0:e1:4e:3c:58:c9:ac:52:1f:37:15:30:08:f8:25:
         e7:b0:dc:e3:16:cc:64:db:c2:83:7a:75:24:e7:04:2c:51:0a:
         d2:74:77:94
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZCg9k0H+HbztDmXM9kKuBUJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5YWIzYmJiMTY3N2IyZWIwNGQ1NzdjZGFlMzBkOTU3MGI4
ZGRlMmUwHhcNMjQwNzExMDg0MzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWYzMDc1NzEzY2ZhZWViMzBiZWFkNTEyMzE1YTM2NmRmZmQ1OTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjo6GDho19Z1bnFqMg3TFy+7kvVW
OeEWMVSbdaI9xO89GBTq1kHF1WrAtHMpVAqb4sD7yCUAl7s/rEdwPaGdKN1XWWXF
RshqntCOjHbLCBo7N38MG1BuuvaN9ffCLXNLv94YzJOQEuO5susEauFZrlZUpZ3q
VDDZmx24g4JtfofMEJSVhnmnrmCMO5exQtmy6Hd8IPmM/bOSGuaoW5kcKH4AT7eW
7aHs+QTIDVvz0snJ8jNuzwuNO+lLy6v7+T9e71AiO1v5w0LqV4HQu+I0TXcFnjEt
K/23ObF2DKMVV9uj/mEGjY+P5r0Db4doEBQqQw+WqiIcwsaJmWfqGfhtOQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIrzB1cTz67rML6tUSMVo2bf/VljMB8GA1UdIwQY
MBaAFHmrO7sWd7LrBNV3za4w2VcLjd4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWFzN3V4WjNzdXNFMVhmTnJqRFpWd3VOM2k0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8zZmRmODUtNTY1ZS00ZjQ2LWJjMDgt
YjNkMTBlZDIzZmMwLzEvaXZNSFZ4UFBydXN3dnExUkl4V2padF85V1dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8zZmRmODUtNTY1ZS00ZjQ2LWJjMDgtYjNkMTBlZDIzZmMw
LzEvZWFzN3V4WjNzdXNFMVhmTnJqRFpWd3VOM2k0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPiQDAN
BgkqhkiG9w0BAQsFAAOCAQEAQWmmC45smR6D2mfhECPdwe4CW9tOrEiXd4+PG6XQ
DNVEFCTVMskLt1RMrzoRhYD6Tyv4zqJgc0AP7B5dBwGygePhLTSEP/EQVZVfXL+O
kC4w0XmBrtmdpGNU2u6qHMyNnU36LdyDawYsyDB3sJ4Gm25D46Qx25p8xhOClB3Y
8iqolvFsB5PyaSC0gwQ0I4dCIt4BnZ0oeS2x9EwBxs6hOF51EClMqfVgjl5/ENag
pOqJXX0IQbIFrZyfApF7u4bnOFDpMPxPOLb1SrI9QoqwJVamcs1iSYBcaDZpsOFO
PFjJrFIfNxUwCPgl57Dc4xbMZNvCg3p1JOcELFEK0nR3lA==
-----END CERTIFICATE-----