Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/7a11b5-a405-41cb-81cb-f6bccf1e531f/1/8OelRsniWUa4q2dQVNy5q4QTFiA.roa
File:                     8OelRsniWUa4q2dQVNy5q4QTFiA.roa (raw, json)
Hash identifier:          lm1c/2sQppLOKhumB7rmxa0Yml9y0ELJcsV2W8odepE=
Subject key identifier:   F0:E7:A5:46:C9:E2:59:46:B8:AB:67:50:54:DC:B9:AB:84:13:16:20
Certificate issuer:       /CN=d914da56e1a934649da02964ac12eba34c5cb84f
Certificate serial:       01930CEF05E24C1A5E75FCD9CBEAB01B17D2
Authority key identifier: D9:14:DA:56:E1:A9:34:64:9D:A0:29:64:AC:12:EB:A3:4C:5C:B8:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2RTaVuGpNGSdoClkrBLro0xcuE8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/7a11b5-a405-41cb-81cb-f6bccf1e531f/1/8OelRsniWUa4q2dQVNy5q4QTFiA.roa
Signing time:             Fri 08 Nov 2024 18:00:11 +0000
ROA not before:           Fri 08 Nov 2024 18:00:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214019
IP address blocks:        2a13:e3c3::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/7a11b5-a405-41cb-81cb-f6bccf1e531f/1/2RTaVuGpNGSdoClkrBLro0xcuE8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/7a11b5-a405-41cb-81cb-f6bccf1e531f/1/2RTaVuGpNGSdoClkrBLro0xcuE8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2RTaVuGpNGSdoClkrBLro0xcuE8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:02:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:0c:ef:05:e2:4c:1a:5e:75:fc:d9:cb:ea:b0:1b:17:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d914da56e1a934649da02964ac12eba34c5cb84f
        Validity
            Not Before: Nov  8 18:00:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f0e7a546c9e25946b8ab675054dcb9ab84131620
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:9d:7f:8a:f4:5e:d4:73:ed:d0:c6:22:3b:61:
                    16:96:68:70:05:c9:81:b2:46:01:19:ef:70:da:28:
                    10:25:6f:99:d0:18:87:66:d9:e7:37:60:df:42:7f:
                    fb:5a:68:85:f3:47:0d:20:40:02:80:48:a2:b8:99:
                    40:92:44:92:d7:98:2e:3b:fa:64:93:8a:7b:f4:a7:
                    9d:f4:35:b1:48:7a:81:76:5b:56:e3:02:73:45:7d:
                    6d:93:f9:58:20:d8:b2:29:8e:f8:98:de:20:13:66:
                    4e:c2:df:00:b7:da:d2:fb:6a:e4:2a:62:a4:ac:f7:
                    bb:d8:40:b6:d6:18:f0:42:a1:91:95:21:42:6e:41:
                    2b:ac:03:93:c7:9f:b9:2a:c7:d7:f3:23:ad:e2:9a:
                    aa:7a:d9:a8:bc:74:67:d4:b8:d4:5d:fe:48:26:82:
                    64:8a:76:87:69:3c:21:b9:e9:2b:e8:f7:07:5e:d4:
                    ee:27:84:56:45:ab:66:6f:cb:ca:dc:b7:eb:79:33:
                    17:db:17:8f:74:dd:8a:ef:1f:35:8b:66:74:91:7b:
                    83:f8:ea:f9:13:d7:50:87:be:01:93:c8:fd:3f:cd:
                    e6:15:81:91:9a:0b:5f:84:c1:bf:2d:53:97:a4:c2:
                    e6:c0:d5:c3:36:1a:02:01:6e:6b:14:19:72:54:b5:
                    f8:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:E7:A5:46:C9:E2:59:46:B8:AB:67:50:54:DC:B9:AB:84:13:16:20
            X509v3 Authority Key Identifier:
                keyid:D9:14:DA:56:E1:A9:34:64:9D:A0:29:64:AC:12:EB:A3:4C:5C:B8:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2RTaVuGpNGSdoClkrBLro0xcuE8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/7a11b5-a405-41cb-81cb-f6bccf1e531f/1/8OelRsniWUa4q2dQVNy5q4QTFiA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/7a11b5-a405-41cb-81cb-f6bccf1e531f/1/2RTaVuGpNGSdoClkrBLro0xcuE8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:e3c3::/32

    Signature Algorithm: sha256WithRSAEncryption
         d5:fc:34:35:35:cc:e6:3d:7a:fd:7e:41:c9:98:de:a1:a7:c0:
         a6:56:84:9c:6e:13:3a:cf:bb:17:60:29:28:27:94:0f:63:33:
         5d:3c:5f:e8:3a:24:a0:a5:e0:bd:db:f0:0c:f4:61:2f:4e:43:
         df:5d:55:d0:9f:26:1b:51:09:f8:cd:b7:48:68:82:5f:63:09:
         4c:6c:db:ba:4c:df:0c:e7:98:8d:c2:96:8c:a3:1d:90:85:97:
         b9:3d:67:11:d6:a5:c0:12:3a:36:68:cf:c2:3d:9e:93:cb:31:
         63:50:9e:15:4d:9f:81:94:df:c3:69:7d:65:e0:39:9c:01:7c:
         ae:b9:65:90:5e:a4:a7:51:93:db:13:42:3f:79:cd:e2:67:1c:
         09:ca:d3:1f:58:bf:13:fa:48:9d:f7:96:a2:40:ef:29:0a:44:
         64:2f:0e:bc:69:7c:73:8a:b2:9d:a7:e9:32:7e:0a:22:b1:f7:
         4c:99:30:64:41:33:f1:6a:f9:d0:78:fb:ab:5e:20:ec:ea:ab:
         8f:da:a1:e1:c5:65:51:46:e4:b2:70:cc:53:bd:2f:69:f3:60:
         a9:b9:20:1e:33:76:75:88:88:08:2a:ca:48:be:53:7d:a5:e1:
         23:d6:fc:ef:12:56:40:c0:02:b7:84:c8:59:92:f6:d8:50:b6:
         95:b0:13:88
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZMM7wXiTBpedfzZy+qwGxfSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5MTRkYTU2ZTFhOTM0NjQ5ZGEwMjk2NGFjMTJlYmEzNGM1
Y2I4NGYwHhcNMjQxMTA4MTgwMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMGU3YTU0NmM5ZTI1OTQ2YjhhYjY3NTA1NGRjYjlhYjg0MTMxNjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2J1/ivRe1HPt0MYiO2EWlmhwBcmB
skYBGe9w2igQJW+Z0BiHZtnnN2DfQn/7WmiF80cNIEACgEiiuJlAkkSS15guO/pk
k4p79Ked9DWxSHqBdltW4wJzRX1tk/lYINiyKY74mN4gE2ZOwt8At9rS+2rkKmKk
rPe72EC21hjwQqGRlSFCbkErrAOTx5+5KsfX8yOt4pqqetmovHRn1LjUXf5IJoJk
inaHaTwhuekr6PcHXtTuJ4RWRatmb8vK3LfreTMX2xePdN2K7x81i2Z0kXuD+Or5
E9dQh74Bk8j9P83mFYGRmgtfhMG/LVOXpMLmwNXDNhoCAW5rFBlyVLX4bQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPDnpUbJ4llGuKtnUFTcuauEExYgMB8GA1UdIwQY
MBaAFNkU2lbhqTRknaApZKwS66NMXLhPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlJUYVZ1R3BOR1Nkb0Nsa3JCTHJvMHhjdUU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS83YTExYjUtYTQwNS00MWNiLTgxY2It
ZjZiY2NmMWU1MzFmLzEvOE9lbFJzbmlXVWE0cTJkUVZOeTVxNFFURmlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS83YTExYjUtYTQwNS00MWNiLTgxY2ItZjZiY2NmMWU1MzFm
LzEvMlJUYVZ1R3BOR1Nkb0Nsa3JCTHJvMHhjdUU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhPjwzAN
BgkqhkiG9w0BAQsFAAOCAQEA1fw0NTXM5j16/X5ByZjeoafAplaEnG4TOs+7F2Ap
KCeUD2MzXTxf6DokoKXgvdvwDPRhL05D311V0J8mG1EJ+M23SGiCX2MJTGzbukzf
DOeYjcKWjKMdkIWXuT1nEdalwBI6NmjPwj2ek8sxY1CeFU2fgZTfw2l9ZeA5nAF8
rrllkF6kp1GT2xNCP3nN4mccCcrTH1i/E/pInfeWokDvKQpEZC8OvGl8c4qynafp
Mn4KIrH3TJkwZEEz8Wr50Hj7q14g7Oqrj9qh4cVlUUbksnDMU70vafNgqbkgHjN2
dYiICCrKSL5TfaXhI9b87xJWQMACt4TIWZL22FC2lbATiA==
-----END CERTIFICATE-----