Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/DSBIgen22uQ1PpMOXkWnac4FsTk.roa
File:                     DSBIgen22uQ1PpMOXkWnac4FsTk.roa (raw, json)
Hash identifier:          SbumEdKt+j9WlbSBEc7DSMdycytbbvDydmsqG7jKiaY=
Subject key identifier:   0D:20:48:81:E9:F6:DA:E4:35:3E:93:0E:5E:45:A7:69:CE:05:B1:39
Certificate issuer:       /CN=a124ccdd70f3ec762cbd65e04dd6f76be236a8a7
Certificate serial:       018DA7F0A2D0BFE643F25EF1718C4F7EC180
Authority key identifier: A1:24:CC:DD:70:F3:EC:76:2C:BD:65:E0:4D:D6:F7:6B:E2:36:A8:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oSTM3XDz7HYsvWXgTdb3a-I2qKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/DSBIgen22uQ1PpMOXkWnac4FsTk.roa
Signing time:             Wed 14 Feb 2024 14:06:21 +0000
ROA not before:           Wed 14 Feb 2024 14:06:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215502
IP address blocks:        2a13:aac4:f000::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/oSTM3XDz7HYsvWXgTdb3a-I2qKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/oSTM3XDz7HYsvWXgTdb3a-I2qKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oSTM3XDz7HYsvWXgTdb3a-I2qKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a7:f0:a2:d0:bf:e6:43:f2:5e:f1:71:8c:4f:7e:c1:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a124ccdd70f3ec762cbd65e04dd6f76be236a8a7
        Validity
            Not Before: Feb 14 14:06:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0d204881e9f6dae4353e930e5e45a769ce05b139
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:09:d3:dc:21:83:41:a5:82:8a:18:b3:9c:9b:
                    99:de:e5:72:1b:37:91:45:76:b6:6a:af:1e:38:6b:
                    fb:b0:7c:4f:73:fb:76:b0:89:85:44:bd:e8:fb:c9:
                    80:16:43:dc:da:4c:c8:3e:a0:86:5d:19:52:d3:36:
                    4c:f7:de:3e:ff:f2:d3:c2:8e:93:2f:2e:c3:b7:d4:
                    d3:f2:c1:05:ed:96:5b:90:a2:65:94:ea:3f:83:de:
                    4e:21:79:65:dc:fc:59:e1:d4:da:3b:95:79:4d:19:
                    fa:a7:06:20:ba:a5:0b:8b:4d:f0:66:33:c3:e3:a4:
                    85:cd:08:ee:88:56:cb:4e:73:d0:e6:ce:3f:96:49:
                    fc:2d:03:71:4f:f1:3d:8b:4e:6a:c3:37:05:ce:75:
                    ca:d4:43:18:62:3a:d3:9e:d1:0c:22:bc:8d:ef:60:
                    5e:ad:7e:cb:f6:09:45:f9:cd:fb:ce:b9:51:b7:e5:
                    8f:89:d8:bf:de:b7:46:b8:9a:d7:7c:bf:c9:23:13:
                    73:d2:a4:41:c0:8a:f7:e9:2e:c2:ed:26:72:37:23:
                    03:9f:34:0f:db:54:63:c0:5a:65:c9:99:ab:f9:8a:
                    a7:36:bf:1c:df:40:dd:9f:05:5c:66:31:4b:8e:b2:
                    35:a5:64:1f:bc:f0:85:26:0c:88:a6:1a:c2:1c:7c:
                    5d:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:20:48:81:E9:F6:DA:E4:35:3E:93:0E:5E:45:A7:69:CE:05:B1:39
            X509v3 Authority Key Identifier:
                keyid:A1:24:CC:DD:70:F3:EC:76:2C:BD:65:E0:4D:D6:F7:6B:E2:36:A8:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oSTM3XDz7HYsvWXgTdb3a-I2qKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/DSBIgen22uQ1PpMOXkWnac4FsTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/oSTM3XDz7HYsvWXgTdb3a-I2qKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:aac4:f000::/44

    Signature Algorithm: sha256WithRSAEncryption
         93:76:8f:23:b6:fc:53:32:6f:03:5d:ad:ef:e6:cb:c3:96:4a:
         10:a6:5b:b0:74:cc:dd:2e:2b:6c:7b:0e:21:57:fe:b3:a1:2f:
         8a:2f:a0:51:60:f9:67:3b:e1:e1:f9:bb:eb:d5:43:0f:fe:fa:
         92:bf:93:bd:c0:8c:a1:d5:b9:3d:89:a8:08:1c:53:9f:7d:db:
         2d:d6:e3:e0:3f:72:1e:33:07:90:ca:44:e8:81:f9:c4:8a:2c:
         e8:ab:ee:0d:ca:be:aa:bb:ed:67:ea:1a:f7:d3:d8:d5:16:16:
         5a:a2:bb:bd:2a:7a:c2:3f:3a:60:e1:92:d7:24:97:13:c4:b4:
         58:66:be:93:a6:7c:9f:0a:f6:ed:ea:fb:38:98:db:3c:c5:bb:
         0f:2c:6a:f4:1f:12:4e:72:3c:92:7b:44:a2:3f:d7:b2:7b:13:
         b0:0c:12:84:11:c1:19:a5:95:d7:e1:e6:f7:45:8d:81:dc:8e:
         fc:d8:fc:e1:47:36:de:3e:42:42:50:45:f3:18:65:27:29:86:
         48:c9:fb:a5:ce:be:ff:1d:88:a8:71:8c:ff:6c:fb:ad:e4:89:
         5a:6c:e8:df:3a:ad:fb:8e:20:ea:33:7d:88:50:24:be:fa:2f:
         47:d8:f0:c9:3a:7c:4c:28:6e:f0:26:6a:3b:8f:32:85:30:31:
         74:56:84:e9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2n8KLQv+ZD8l7xcYxPfsGAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExMjRjY2RkNzBmM2VjNzYyY2JkNjVlMDRkZDZmNzZiZTIz
NmE4YTcwHhcNMjQwMjE0MTQwNjIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDIwNDg4MWU5ZjZkYWU0MzUzZTkzMGU1ZTQ1YTc2OWNlMDViMTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAggnT3CGDQaWCihiznJuZ3uVyGzeR
RXa2aq8eOGv7sHxPc/t2sImFRL3o+8mAFkPc2kzIPqCGXRlS0zZM994+//LTwo6T
Ly7Dt9TT8sEF7ZZbkKJllOo/g95OIXll3PxZ4dTaO5V5TRn6pwYguqULi03wZjPD
46SFzQjuiFbLTnPQ5s4/lkn8LQNxT/E9i05qwzcFznXK1EMYYjrTntEMIryN72Be
rX7L9glF+c37zrlRt+WPidi/3rdGuJrXfL/JIxNz0qRBwIr36S7C7SZyNyMDnzQP
21RjwFplyZmr+YqnNr8c30DdnwVcZjFLjrI1pWQfvPCFJgyIphrCHHxdHQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA0gSIHp9trkNT6TDl5Fp2nOBbE5MB8GA1UdIwQY
MBaAFKEkzN1w8+x2LL1l4E3W92viNqinMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1NUTTNYRHo3SFlzdldYZ1RkYjNhLUkycUtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9iNjk0YjgtODIxMS00YzA2LTljODEt
N2IzNTM5N2FmMmY3LzEvRFNCSWdlbjIydVExUHBNT1hrV25hYzRGc1RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9iNjk0YjgtODIxMS00YzA2LTljODEtN2IzNTM5N2FmMmY3
LzEvb1NUTTNYRHo3SFlzdldYZ1RkYjNhLUkycUtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhOqxPAA
MA0GCSqGSIb3DQEBCwUAA4IBAQCTdo8jtvxTMm8DXa3v5svDlkoQpluwdMzdLits
ew4hV/6zoS+KL6BRYPlnO+Hh+bvr1UMP/vqSv5O9wIyh1bk9iagIHFOffdst1uPg
P3IeMweQykTogfnEiizoq+4Nyr6qu+1n6hr309jVFhZaoru9KnrCPzpg4ZLXJJcT
xLRYZr6TpnyfCvbt6vs4mNs8xbsPLGr0HxJOcjySe0SiP9eyexOwDBKEEcEZpZXX
4eb3RY2B3I782PzhRzbePkJCUEXzGGUnKYZIyfulzr7/HYiocYz/bPut5IlabOjf
Oq37jiDqM32IUCS++i9H2PDJOnxMKG7wJmo7jzKFMDF0VoTp
-----END CERTIFICATE-----