Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/7a11b5-a405-41cb-81cb-f6bccf1e531f/1/81RowbbGhAH0ExWdR2kJlYIfwGo.roa
File:                     81RowbbGhAH0ExWdR2kJlYIfwGo.roa (raw, json)
Hash identifier:          U9dTmFDCy/CbsyETpHvLeo3WxH/wEv8I5+o2CDXGiiQ=
Subject key identifier:   F3:54:68:C1:B6:C6:84:01:F4:13:15:9D:47:69:09:95:82:1F:C0:6A
Certificate issuer:       /CN=d914da56e1a934649da02964ac12eba34c5cb84f
Certificate serial:       0191DDDF0F40448D06B5F5CF87F4DF0F6616
Authority key identifier: D9:14:DA:56:E1:A9:34:64:9D:A0:29:64:AC:12:EB:A3:4C:5C:B8:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2RTaVuGpNGSdoClkrBLro0xcuE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/7a11b5-a405-41cb-81cb-f6bccf1e531f/1/81RowbbGhAH0ExWdR2kJlYIfwGo.roa
Signing time:             Tue 10 Sep 2024 21:37:48 +0000
ROA not before:           Tue 10 Sep 2024 21:37:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197477
IP address blocks:        2a13:e3c0::/32 maxlen: 32
                          2a13:e3c1::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/7a11b5-a405-41cb-81cb-f6bccf1e531f/1/2RTaVuGpNGSdoClkrBLro0xcuE8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/7a11b5-a405-41cb-81cb-f6bccf1e531f/1/2RTaVuGpNGSdoClkrBLro0xcuE8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2RTaVuGpNGSdoClkrBLro0xcuE8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 22:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:dd:df:0f:40:44:8d:06:b5:f5:cf:87:f4:df:0f:66:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d914da56e1a934649da02964ac12eba34c5cb84f
        Validity
            Not Before: Sep 10 21:37:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f35468c1b6c68401f413159d47690995821fc06a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:99:34:59:22:b3:cf:36:7d:5e:0e:b6:71:44:
                    ad:52:aa:75:69:91:e3:7a:3f:dc:da:2b:34:9c:aa:
                    b4:40:ec:92:f2:a3:20:8a:7d:d2:50:cf:58:4c:91:
                    f2:22:bf:8d:22:76:ad:70:20:3e:84:72:63:6f:f3:
                    0c:60:59:ce:86:b2:f5:5b:11:f5:02:b7:7a:87:8e:
                    c6:3e:be:b6:8d:81:f9:80:68:dd:42:e2:a0:6e:b3:
                    57:26:c7:4e:af:6a:e6:ac:54:56:b6:0a:c4:a3:2b:
                    fd:40:77:88:72:70:20:99:db:60:52:80:ca:ff:18:
                    d1:1c:f8:ab:61:4b:a0:d5:75:4f:99:1c:f9:80:36:
                    f4:35:02:9b:5b:ea:2c:8a:24:2a:b1:29:fd:b0:6a:
                    a1:59:46:e3:85:be:b1:df:3c:6e:4b:0d:c6:70:f9:
                    3e:27:e1:d6:8e:cf:8c:3d:8b:b8:ca:5e:38:04:2a:
                    5d:3e:7a:7b:2e:d2:2d:49:e1:d1:90:df:e2:aa:f9:
                    82:10:e7:ec:1a:f9:0f:22:f5:7a:f4:76:fe:62:51:
                    f7:90:2c:17:1d:f1:66:b4:33:5d:8f:5f:b9:9a:bc:
                    17:4d:cf:98:87:d3:49:73:34:10:16:f1:72:cd:d9:
                    1e:96:06:9d:0d:4c:61:93:ff:c6:73:66:f5:0e:67:
                    56:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:54:68:C1:B6:C6:84:01:F4:13:15:9D:47:69:09:95:82:1F:C0:6A
            X509v3 Authority Key Identifier:
                keyid:D9:14:DA:56:E1:A9:34:64:9D:A0:29:64:AC:12:EB:A3:4C:5C:B8:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2RTaVuGpNGSdoClkrBLro0xcuE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/7a11b5-a405-41cb-81cb-f6bccf1e531f/1/81RowbbGhAH0ExWdR2kJlYIfwGo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/7a11b5-a405-41cb-81cb-f6bccf1e531f/1/2RTaVuGpNGSdoClkrBLro0xcuE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:e3c0::/31

    Signature Algorithm: sha256WithRSAEncryption
         13:e0:22:a6:c7:53:e8:32:fd:a9:7c:5c:45:db:32:f2:13:cb:
         6a:59:bd:7c:95:1a:67:b9:12:a8:ab:8e:78:e6:1d:23:36:58:
         2b:99:f8:e3:54:f4:f3:34:b4:3a:e5:53:8b:62:9f:e2:e6:aa:
         4f:b5:9e:66:ee:8b:2f:16:15:88:fa:2a:1d:50:c7:19:97:c0:
         c0:f8:cb:e8:67:9a:51:8e:0b:90:36:f3:05:de:c4:10:b1:d1:
         c9:60:5e:90:90:9d:2c:55:b9:24:d8:05:1a:aa:95:e5:ad:95:
         5f:a1:8f:dd:8f:d9:7f:7b:d7:88:d5:90:03:65:5a:c0:53:b4:
         52:eb:16:e4:79:da:19:13:38:b7:cd:fe:4a:d3:e2:54:4d:3e:
         c8:db:84:83:9b:67:b0:fa:02:a5:6c:d5:10:81:38:a0:9c:6c:
         08:63:e4:79:e5:93:6a:02:91:fa:99:64:22:cd:05:66:a8:5e:
         ef:bb:74:eb:d7:c7:78:fb:21:54:62:1f:b3:c3:12:ad:1b:3e:
         e8:55:77:96:74:85:9a:78:03:95:c2:79:71:90:8e:e7:52:f4:
         4d:b5:21:10:25:c1:26:48:d6:b8:83:29:72:82:03:49:3f:0e:
         06:59:84:44:49:26:09:a3:af:7d:64:83:4b:28:80:01:b9:7a:
         07:45:a8:04
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZHd3w9ARI0GtfXPh/TfD2YWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5MTRkYTU2ZTFhOTM0NjQ5ZGEwMjk2NGFjMTJlYmEzNGM1
Y2I4NGYwHhcNMjQwOTEwMjEzNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzU0NjhjMWI2YzY4NDAxZjQxMzE1OWQ0NzY5MDk5NTgyMWZjMDZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAppk0WSKzzzZ9Xg62cUStUqp1aZHj
ej/c2is0nKq0QOyS8qMgin3SUM9YTJHyIr+NInatcCA+hHJjb/MMYFnOhrL1WxH1
Ard6h47GPr62jYH5gGjdQuKgbrNXJsdOr2rmrFRWtgrEoyv9QHeIcnAgmdtgUoDK
/xjRHPirYUug1XVPmRz5gDb0NQKbW+osiiQqsSn9sGqhWUbjhb6x3zxuSw3GcPk+
J+HWjs+MPYu4yl44BCpdPnp7LtItSeHRkN/iqvmCEOfsGvkPIvV69Hb+YlH3kCwX
HfFmtDNdj1+5mrwXTc+Yh9NJczQQFvFyzdkelgadDUxhk//Gc2b1DmdWcwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPNUaMG2xoQB9BMVnUdpCZWCH8BqMB8GA1UdIwQY
MBaAFNkU2lbhqTRknaApZKwS66NMXLhPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlJUYVZ1R3BOR1Nkb0Nsa3JCTHJvMHhjdUU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS83YTExYjUtYTQwNS00MWNiLTgxY2It
ZjZiY2NmMWU1MzFmLzEvODFSb3diYkdoQUgwRXhXZFIya0psWUlmd0dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS83YTExYjUtYTQwNS00MWNiLTgxY2ItZjZiY2NmMWU1MzFm
LzEvMlJUYVZ1R3BOR1Nkb0Nsa3JCTHJvMHhjdUU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBKhPjwDAN
BgkqhkiG9w0BAQsFAAOCAQEAE+AipsdT6DL9qXxcRdsy8hPLalm9fJUaZ7kSqKuO
eOYdIzZYK5n441T08zS0OuVTi2Kf4uaqT7WeZu6LLxYViPoqHVDHGZfAwPjL6Gea
UY4LkDbzBd7EELHRyWBekJCdLFW5JNgFGqqV5a2VX6GP3Y/Zf3vXiNWQA2VawFO0
UusW5HnaGRM4t83+StPiVE0+yNuEg5tnsPoCpWzVEIE4oJxsCGPkeeWTagKR+plk
Is0FZqhe77t069fHePshVGIfs8MSrRs+6FV3lnSFmngDlcJ5cZCO51L0TbUhECXB
JkjWuIMpcoIDST8OBlmEREkmCaOvfWSDSyiAAbl6B0WoBA==
-----END CERTIFICATE-----