Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/oFCt0y-rBTuWQ29KQZIwXCdigx0.roa
File:                     oFCt0y-rBTuWQ29KQZIwXCdigx0.roa (raw, json)
Hash identifier:          ORZEjLFO0bR3G+KvRzXLiPllNiXg/e9NclPmkO03YJY=
Subject key identifier:   A0:50:AD:D3:2F:AB:05:3B:96:43:6F:4A:41:92:30:5C:27:62:83:1D
Certificate issuer:       /CN=a124ccdd70f3ec762cbd65e04dd6f76be236a8a7
Certificate serial:       018E04D4F34F2B44825456F018203CA0E6DD
Authority key identifier: A1:24:CC:DD:70:F3:EC:76:2C:BD:65:E0:4D:D6:F7:6B:E2:36:A8:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oSTM3XDz7HYsvWXgTdb3a-I2qKc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/oFCt0y-rBTuWQ29KQZIwXCdigx0.roa
Signing time:             Sun 03 Mar 2024 15:00:48 +0000
ROA not before:           Sun 03 Mar 2024 15:00:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60539
IP address blocks:        2a13:aac7::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/oSTM3XDz7HYsvWXgTdb3a-I2qKc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/oSTM3XDz7HYsvWXgTdb3a-I2qKc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oSTM3XDz7HYsvWXgTdb3a-I2qKc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 04:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:04:d4:f3:4f:2b:44:82:54:56:f0:18:20:3c:a0:e6:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a124ccdd70f3ec762cbd65e04dd6f76be236a8a7
        Validity
            Not Before: Mar  3 15:00:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a050add32fab053b96436f4a4192305c2762831d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:19:1c:40:ae:c3:27:5a:84:67:e3:72:93:8c:
                    a1:f5:a1:32:2a:f2:79:82:bf:91:b9:cc:4d:42:8b:
                    8d:ab:ec:19:3f:de:78:40:3f:2c:a6:10:de:f7:ec:
                    a3:4c:c5:0f:d6:9b:7a:86:20:01:e3:05:69:5d:50:
                    fe:66:b9:37:f4:5a:d9:c1:cd:fe:26:b2:ec:a4:95:
                    97:93:53:6c:33:1a:cf:8b:41:07:06:a1:4a:64:97:
                    4f:0c:72:71:84:7d:3a:45:f4:80:8d:13:c0:7d:30:
                    39:e4:f4:81:2a:f8:c6:41:e7:47:de:05:f4:fd:59:
                    98:0e:ea:76:ad:d4:99:c6:1c:32:81:f8:84:4d:d0:
                    cc:62:68:dd:25:36:41:08:87:6d:d0:e1:53:97:b5:
                    9b:04:fb:22:ae:93:70:5e:15:a1:69:9c:d6:53:5a:
                    e9:41:fd:5a:31:6e:2b:d8:72:5d:69:a6:63:33:42:
                    d4:cc:bc:d7:d2:cb:ae:76:02:c3:7e:5c:f4:15:fc:
                    38:f0:6f:e9:47:d9:98:1b:37:3e:0f:32:46:c3:73:
                    50:87:63:a6:81:be:75:6e:af:d4:7e:fc:d4:37:d2:
                    de:15:e2:00:06:e2:1e:90:58:5a:31:5f:8d:20:89:
                    03:1f:fc:6a:51:7f:75:03:5d:2a:fb:25:ad:36:a4:
                    52:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:50:AD:D3:2F:AB:05:3B:96:43:6F:4A:41:92:30:5C:27:62:83:1D
            X509v3 Authority Key Identifier:
                keyid:A1:24:CC:DD:70:F3:EC:76:2C:BD:65:E0:4D:D6:F7:6B:E2:36:A8:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oSTM3XDz7HYsvWXgTdb3a-I2qKc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/oFCt0y-rBTuWQ29KQZIwXCdigx0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/b694b8-8211-4c06-9c81-7b35397af2f7/1/oSTM3XDz7HYsvWXgTdb3a-I2qKc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:aac7::/32

    Signature Algorithm: sha256WithRSAEncryption
         5b:86:59:cd:f3:0e:46:97:e2:58:5b:28:4b:46:be:24:87:53:
         de:0c:a1:bb:a7:53:f0:b1:24:7c:fb:36:1c:ba:13:0c:f7:03:
         6f:d0:b9:81:ce:db:f3:f9:75:68:0f:f8:46:74:69:b3:39:de:
         12:51:27:23:66:d5:3a:ff:6e:da:8d:a1:ab:e7:e1:1f:37:8b:
         0b:b4:61:81:d6:f9:7d:7a:88:7b:a3:c9:97:15:b2:90:b0:6f:
         1d:66:97:c7:f3:2d:8e:0e:6a:6a:59:52:a3:cf:4e:11:40:2c:
         32:70:b7:aa:03:08:48:cb:3c:a9:93:cf:95:31:02:7c:0c:68:
         4c:cb:aa:e3:ca:75:96:a8:16:ad:40:60:fd:00:03:5f:09:62:
         df:d4:00:20:50:2f:e4:4b:6a:02:bc:73:8b:41:a5:dc:3c:44:
         4a:ff:e3:50:26:8e:28:59:7e:84:42:cc:9a:92:4b:09:ba:f1:
         3c:70:59:ba:7e:23:2a:3d:e5:dd:a5:c5:89:15:60:47:6e:a5:
         47:63:98:d4:99:d5:21:e0:cf:5a:9e:0a:52:83:38:29:a9:9b:
         e0:0d:1e:78:bf:5f:da:0a:c2:50:53:27:c3:c2:80:ad:32:1f:
         f6:0a:85:a0:55:bd:e7:96:e2:a3:c2:7e:79:ba:f1:bb:0d:75:
         5a:b2:1a:64
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY4E1PNPK0SCVFbwGCA8oObdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExMjRjY2RkNzBmM2VjNzYyY2JkNjVlMDRkZDZmNzZiZTIz
NmE4YTcwHhcNMjQwMzAzMTUwMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDUwYWRkMzJmYWIwNTNiOTY0MzZmNGE0MTkyMzA1YzI3NjI4MzFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnhkcQK7DJ1qEZ+Nyk4yh9aEyKvJ5
gr+RucxNQouNq+wZP954QD8sphDe9+yjTMUP1pt6hiAB4wVpXVD+Zrk39FrZwc3+
JrLspJWXk1NsMxrPi0EHBqFKZJdPDHJxhH06RfSAjRPAfTA55PSBKvjGQedH3gX0
/VmYDup2rdSZxhwygfiETdDMYmjdJTZBCIdt0OFTl7WbBPsirpNwXhWhaZzWU1rp
Qf1aMW4r2HJdaaZjM0LUzLzX0suudgLDflz0Ffw48G/pR9mYGzc+DzJGw3NQh2Om
gb51bq/UfvzUN9LeFeIABuIekFhaMV+NIIkDH/xqUX91A10q+yWtNqRSVQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKBQrdMvqwU7lkNvSkGSMFwnYoMdMB8GA1UdIwQY
MBaAFKEkzN1w8+x2LL1l4E3W92viNqinMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1NUTTNYRHo3SFlzdldYZ1RkYjNhLUkycUtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9iNjk0YjgtODIxMS00YzA2LTljODEt
N2IzNTM5N2FmMmY3LzEvb0ZDdDB5LXJCVHVXUTI5S1FaSXdYQ2RpZ3gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9iNjk0YjgtODIxMS00YzA2LTljODEtN2IzNTM5N2FmMmY3
LzEvb1NUTTNYRHo3SFlzdldYZ1RkYjNhLUkycUtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhOqxzAN
BgkqhkiG9w0BAQsFAAOCAQEAW4ZZzfMORpfiWFsoS0a+JIdT3gyhu6dT8LEkfPs2
HLoTDPcDb9C5gc7b8/l1aA/4RnRpszneElEnI2bVOv9u2o2hq+fhHzeLC7Rhgdb5
fXqIe6PJlxWykLBvHWaXx/Mtjg5qallSo89OEUAsMnC3qgMISMs8qZPPlTECfAxo
TMuq48p1lqgWrUBg/QADXwli39QAIFAv5EtqArxzi0Gl3DxESv/jUCaOKFl+hELM
mpJLCbrxPHBZun4jKj3l3aXFiRVgR26lR2OY1JnVIeDPWp4KUoM4Kamb4A0eeL9f
2grCUFMnw8KArTIf9gqFoFW955bio8J+ebrxuw11WrIaZA==
-----END CERTIFICATE-----