Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/11e050-c5d5-4a9d-b498-83c168b2c071/1/166TaqyruMCrPbt_oF-uNwj91ck.roa
File:                     166TaqyruMCrPbt_oF-uNwj91ck.roa (raw, json)
Hash identifier:          purlTaY+FzJPFZdaU6EjXfCHqt+gEkF+0MWYcxaCp3c=
Subject key identifier:   D7:AE:93:6A:AC:AB:B8:C0:AB:3D:BB:7F:A0:5F:AE:37:08:FD:D5:C9
Certificate issuer:       /CN=041c46fe63d6f8641df608cd21abda3ebc1ae4c7
Certificate serial:       018E8A253B182CB104FA74643FE9F60112F0
Authority key identifier: 04:1C:46:FE:63:D6:F8:64:1D:F6:08:CD:21:AB:DA:3E:BC:1A:E4:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BBxG_mPW-GQd9gjNIavaPrwa5Mc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/11e050-c5d5-4a9d-b498-83c168b2c071/1/166TaqyruMCrPbt_oF-uNwj91ck.roa
Signing time:             Fri 29 Mar 2024 12:17:59 +0000
ROA not before:           Fri 29 Mar 2024 12:17:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57043
IP address blocks:        2a13:c380::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/11e050-c5d5-4a9d-b498-83c168b2c071/1/BBxG_mPW-GQd9gjNIavaPrwa5Mc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/11e050-c5d5-4a9d-b498-83c168b2c071/1/BBxG_mPW-GQd9gjNIavaPrwa5Mc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BBxG_mPW-GQd9gjNIavaPrwa5Mc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 16:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:8a:25:3b:18:2c:b1:04:fa:74:64:3f:e9:f6:01:12:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=041c46fe63d6f8641df608cd21abda3ebc1ae4c7
        Validity
            Not Before: Mar 29 12:17:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d7ae936aacabb8c0ab3dbb7fa05fae3708fdd5c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:09:60:93:f7:19:40:dd:01:3a:da:b2:be:ef:
                    c0:70:09:2a:62:47:c6:e4:b9:9a:4f:6c:3b:10:15:
                    6a:83:04:2e:d8:9c:61:9e:de:c5:91:85:78:65:d8:
                    ad:77:4b:06:6b:91:03:20:1d:e0:e0:97:44:3a:63:
                    20:5c:7a:92:e5:d5:f6:0d:94:2c:c8:e5:81:33:70:
                    0e:0a:ff:a9:23:6c:05:4e:b2:32:00:21:da:94:e0:
                    d3:e4:36:1d:cd:05:dc:b0:40:46:54:00:18:95:a6:
                    44:74:23:43:43:98:74:7c:71:02:46:8b:12:12:96:
                    f1:4e:f1:1b:11:5a:d7:18:41:41:33:91:14:1c:60:
                    f3:ab:a9:eb:cb:40:b2:f8:2c:74:db:06:c4:b0:dc:
                    25:2b:9e:2f:4d:ae:ee:83:21:26:2d:ba:05:13:8b:
                    81:c6:f6:3c:d7:0d:e6:da:6e:0f:fc:52:4d:e3:32:
                    d3:92:94:a1:9c:1d:dc:e7:44:ac:f5:34:c1:2d:c9:
                    37:61:e6:77:eb:7f:e3:2e:cb:c4:a5:c9:85:0d:43:
                    5c:e9:99:04:71:f2:c7:8c:45:74:95:a8:d0:d2:c2:
                    a0:d8:9a:34:f9:a5:a3:c5:77:f7:c5:e5:a9:bf:56:
                    40:3c:31:ff:e0:03:52:e3:a5:d7:24:b1:02:7a:74:
                    e4:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:AE:93:6A:AC:AB:B8:C0:AB:3D:BB:7F:A0:5F:AE:37:08:FD:D5:C9
            X509v3 Authority Key Identifier:
                keyid:04:1C:46:FE:63:D6:F8:64:1D:F6:08:CD:21:AB:DA:3E:BC:1A:E4:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BBxG_mPW-GQd9gjNIavaPrwa5Mc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/11e050-c5d5-4a9d-b498-83c168b2c071/1/166TaqyruMCrPbt_oF-uNwj91ck.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/11e050-c5d5-4a9d-b498-83c168b2c071/1/BBxG_mPW-GQd9gjNIavaPrwa5Mc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:c380::/32

    Signature Algorithm: sha256WithRSAEncryption
         28:3a:81:e8:bf:a7:1d:80:01:ec:aa:90:99:16:73:2f:b5:88:
         4d:e0:2e:8e:df:b2:b7:a6:d6:f6:71:81:97:67:59:25:bc:36:
         60:e0:f5:2b:e0:76:10:cd:b5:8e:ee:30:38:76:ec:35:f3:a2:
         35:94:43:c1:0c:af:f9:d1:61:9f:2b:40:62:dc:bc:75:18:cc:
         0c:a6:0b:59:19:66:64:55:e8:8f:dc:fd:f7:9f:0a:99:69:3a:
         e4:9a:3f:34:f4:8a:51:69:c8:60:1c:ac:3a:f7:50:08:89:23:
         ea:3e:7d:c3:d7:e1:cc:0a:88:22:37:f9:1f:cb:3c:09:d5:db:
         92:cf:b0:a6:f0:68:5f:79:6b:b1:a4:66:9a:2d:92:e5:2a:df:
         62:41:07:a1:3a:e9:0a:22:37:ff:87:95:a6:f8:c2:a2:ff:fe:
         f5:7e:a7:82:a8:73:5c:b7:5a:86:a6:ef:fb:d1:da:93:aa:4f:
         aa:a6:74:38:0b:49:74:c3:56:35:87:43:a9:2a:48:b2:65:9f:
         61:f0:78:48:52:8b:79:da:1d:f7:0d:ef:53:ce:47:a4:59:b7:
         d0:d3:90:d5:63:73:3d:20:33:cf:89:08:a9:cd:26:70:1b:fe:
         82:a3:fd:3e:87:2d:e2:04:69:5e:2c:3e:4e:94:6f:b1:a5:43:
         3f:23:14:8d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY6KJTsYLLEE+nRkP+n2ARLwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0MWM0NmZlNjNkNmY4NjQxZGY2MDhjZDIxYWJkYTNlYmMx
YWU0YzcwHhcNMjQwMzI5MTIxNzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2FlOTM2YWFjYWJiOGMwYWIzZGJiN2ZhMDVmYWUzNzA4ZmRkNWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAswlgk/cZQN0BOtqyvu/AcAkqYkfG
5LmaT2w7EBVqgwQu2Jxhnt7FkYV4Zditd0sGa5EDIB3g4JdEOmMgXHqS5dX2DZQs
yOWBM3AOCv+pI2wFTrIyACHalODT5DYdzQXcsEBGVAAYlaZEdCNDQ5h0fHECRosS
EpbxTvEbEVrXGEFBM5EUHGDzq6nry0Cy+Cx02wbEsNwlK54vTa7ugyEmLboFE4uB
xvY81w3m2m4P/FJN4zLTkpShnB3c50Ss9TTBLck3YeZ363/jLsvEpcmFDUNc6ZkE
cfLHjEV0lajQ0sKg2Jo0+aWjxXf3xeWpv1ZAPDH/4ANS46XXJLECenTkEQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNeuk2qsq7jAqz27f6BfrjcI/dXJMB8GA1UdIwQY
MBaAFAQcRv5j1vhkHfYIzSGr2j68GuTHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkJ4R19tUFctR1FkOWdqTklhdmFQcndhNU1jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni8xMWUwNTAtYzVkNS00YTlkLWI0OTgt
ODNjMTY4YjJjMDcxLzEvMTY2VGFxeXJ1TUNyUGJ0X29GLXVOd2o5MWNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni8xMWUwNTAtYzVkNS00YTlkLWI0OTgtODNjMTY4YjJjMDcx
LzEvQkJ4R19tUFctR1FkOWdqTklhdmFQcndhNU1jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhPDgDAN
BgkqhkiG9w0BAQsFAAOCAQEAKDqB6L+nHYAB7KqQmRZzL7WITeAujt+yt6bW9nGB
l2dZJbw2YOD1K+B2EM21ju4wOHbsNfOiNZRDwQyv+dFhnytAYty8dRjMDKYLWRlm
ZFXoj9z9958KmWk65Jo/NPSKUWnIYBysOvdQCIkj6j59w9fhzAqIIjf5H8s8CdXb
ks+wpvBoX3lrsaRmmi2S5SrfYkEHoTrpCiI3/4eVpvjCov/+9X6ngqhzXLdahqbv
+9Hak6pPqqZ0OAtJdMNWNYdDqSpIsmWfYfB4SFKLedod9w3vU85HpFm30NOQ1WNz
PSAzz4kIqc0mcBv+gqP9Poct4gRpXiw+TpRvsaVDPyMUjQ==
-----END CERTIFICATE-----