Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fc0ed1-5666-4bb7-bb7c-7b627582fd2d/1/hi_IrmTQFxOV1zM1MOB99U_EijA.roa
File:                     hi_IrmTQFxOV1zM1MOB99U_EijA.roa (raw, json)
Hash identifier:          PR9qToW+vsddrF4iEx2riOs5GTs75XwFFFuBz9w0aUg=
Subject key identifier:   86:2F:C8:AE:64:D0:17:13:95:D7:33:35:30:E0:7D:F5:4F:C4:8A:30
Certificate issuer:       /CN=3b61c8b61ff4ab975a2f6c67d0bce6379362e2fe
Certificate serial:       018CCA2B0FBCF4BB1E45CB43650D6D298D7A
Authority key identifier: 3B:61:C8:B6:1F:F4:AB:97:5A:2F:6C:67:D0:BC:E6:37:93:62:E2:FE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O2HIth_0q5daL2xn0LzmN5Ni4v4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fc0ed1-5666-4bb7-bb7c-7b627582fd2d/1/hi_IrmTQFxOV1zM1MOB99U_EijA.roa
Signing time:             Tue 02 Jan 2024 12:34:28 +0000
ROA not before:           Tue 02 Jan 2024 12:34:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199637
IP address blocks:        2a13:e480::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fc0ed1-5666-4bb7-bb7c-7b627582fd2d/1/O2HIth_0q5daL2xn0LzmN5Ni4v4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fc0ed1-5666-4bb7-bb7c-7b627582fd2d/1/O2HIth_0q5daL2xn0LzmN5Ni4v4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O2HIth_0q5daL2xn0LzmN5Ni4v4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:0f:bc:f4:bb:1e:45:cb:43:65:0d:6d:29:8d:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b61c8b61ff4ab975a2f6c67d0bce6379362e2fe
        Validity
            Not Before: Jan  2 12:34:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=862fc8ae64d0171395d7333530e07df54fc48a30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:36:23:8d:56:09:9e:c8:84:b8:f9:ac:3b:d8:
                    70:62:09:82:13:f4:87:69:a0:7c:6c:e1:11:8c:01:
                    45:90:4c:4e:74:0b:ac:72:50:e2:17:08:18:52:c7:
                    c7:4c:12:2d:d0:1e:b0:32:c9:e8:cf:2d:66:86:4a:
                    89:3b:f7:40:c2:f1:bd:20:6d:37:b4:07:73:4d:fb:
                    67:ac:ca:83:c7:23:58:46:06:29:ba:b5:bc:cb:e9:
                    25:78:98:66:7a:23:84:f2:d7:7c:42:2a:99:84:18:
                    60:a1:63:00:e6:82:fe:f0:90:68:d6:9b:67:0f:cb:
                    86:a6:6a:46:a6:98:af:51:f9:2c:22:2e:51:07:28:
                    63:83:23:40:83:7a:e9:f7:68:89:db:1d:02:f3:7d:
                    c1:ec:a4:20:f6:e1:05:97:ba:6f:91:7c:7c:12:7f:
                    5c:49:15:b9:6d:92:5e:9b:4d:52:05:b4:e7:67:5b:
                    d8:96:18:4a:b0:f1:bb:e5:b8:25:3b:98:25:4c:34:
                    bc:4f:6c:ed:10:2a:a0:99:25:b8:d0:45:02:0a:6d:
                    5f:1c:f0:51:99:4c:6b:76:d3:c1:22:ac:ae:aa:58:
                    c4:37:98:be:b2:0f:30:44:4b:7e:df:f3:e4:48:a2:
                    64:94:04:66:70:b6:29:22:4a:3c:e0:8e:ba:88:f6:
                    91:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:2F:C8:AE:64:D0:17:13:95:D7:33:35:30:E0:7D:F5:4F:C4:8A:30
            X509v3 Authority Key Identifier:
                keyid:3B:61:C8:B6:1F:F4:AB:97:5A:2F:6C:67:D0:BC:E6:37:93:62:E2:FE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O2HIth_0q5daL2xn0LzmN5Ni4v4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fc0ed1-5666-4bb7-bb7c-7b627582fd2d/1/hi_IrmTQFxOV1zM1MOB99U_EijA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fc0ed1-5666-4bb7-bb7c-7b627582fd2d/1/O2HIth_0q5daL2xn0LzmN5Ni4v4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:e480::/29

    Signature Algorithm: sha256WithRSAEncryption
         10:92:9f:a4:73:62:ef:c2:6c:4c:18:8a:db:11:b6:92:06:65:
         57:33:cc:f9:60:8a:c4:39:e0:7f:c1:a5:1e:51:5a:30:bf:d6:
         a9:31:e7:85:0b:0c:a9:35:18:45:58:6d:43:76:70:16:a0:b2:
         36:8c:a5:ea:c4:4f:84:f3:a9:69:6f:5a:4a:d5:a7:d8:fb:81:
         94:7a:04:85:29:81:22:57:57:93:90:f7:8f:3f:88:2c:13:bb:
         b5:ac:a8:9f:c5:da:e8:92:b7:a9:28:93:68:f0:c9:bc:48:1e:
         0f:44:56:88:31:27:d2:a3:c6:15:80:b7:9c:04:49:68:3e:90:
         dc:0d:af:6c:7b:28:f4:d0:f8:83:06:ff:b4:16:ee:01:0f:2e:
         53:98:b4:62:16:d5:dc:de:a5:1a:43:c5:1d:9a:19:44:2b:3e:
         af:6c:60:f0:47:f9:50:32:bc:30:24:e0:2e:7f:38:ca:97:4e:
         5d:8f:24:1b:25:d5:6a:73:43:30:6a:86:3c:d8:97:6a:85:60:
         65:fd:5a:89:e2:f3:20:ad:94:1c:a4:0e:68:37:ef:5a:b7:46:
         18:bf:14:cf:b0:d2:1b:0c:4f:91:af:25:91:d5:90:1d:52:1f:
         4f:a8:1a:0b:82:1a:cf:20:c8:1c:d0:c4:91:81:52:3e:6d:72:
         ee:cf:86:11
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzKKw+89LseRctDZQ1tKY16MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiNjFjOGI2MWZmNGFiOTc1YTJmNmM2N2QwYmNlNjM3OTM2
MmUyZmUwHhcNMjQwMTAyMTIzNDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjJmYzhhZTY0ZDAxNzEzOTVkNzMzMzUzMGUwN2RmNTRmYzQ4YTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1DYjjVYJnsiEuPmsO9hwYgmCE/SH
aaB8bOERjAFFkExOdAusclDiFwgYUsfHTBIt0B6wMsnozy1mhkqJO/dAwvG9IG03
tAdzTftnrMqDxyNYRgYpurW8y+kleJhmeiOE8td8QiqZhBhgoWMA5oL+8JBo1ptn
D8uGpmpGppivUfksIi5RByhjgyNAg3rp92iJ2x0C833B7KQg9uEFl7pvkXx8En9c
SRW5bZJem01SBbTnZ1vYlhhKsPG75bglO5glTDS8T2ztECqgmSW40EUCCm1fHPBR
mUxrdtPBIqyuqljEN5i+sg8wREt+3/PkSKJklARmcLYpIko84I66iPaR0QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIYvyK5k0BcTldczNTDgffVPxIowMB8GA1UdIwQY
MBaAFDthyLYf9KuXWi9sZ9C85jeTYuL+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzJISXRoXzBxNWRhTDJ4bjBMem1ONU5pNHY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mYzBlZDEtNTY2Ni00YmI3LWJiN2Mt
N2I2Mjc1ODJmZDJkLzEvaGlfSXJtVFFGeE9WMXpNMU1PQjk5VV9FaWpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mYzBlZDEtNTY2Ni00YmI3LWJiN2MtN2I2Mjc1ODJmZDJk
LzEvTzJISXRoXzBxNWRhTDJ4bjBMem1ONU5pNHY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPkgDAN
BgkqhkiG9w0BAQsFAAOCAQEAEJKfpHNi78JsTBiK2xG2kgZlVzPM+WCKxDngf8Gl
HlFaML/WqTHnhQsMqTUYRVhtQ3ZwFqCyNoyl6sRPhPOpaW9aStWn2PuBlHoEhSmB
IldXk5D3jz+ILBO7tayon8Xa6JK3qSiTaPDJvEgeD0RWiDEn0qPGFYC3nARJaD6Q
3A2vbHso9ND4gwb/tBbuAQ8uU5i0YhbV3N6lGkPFHZoZRCs+r2xg8Ef5UDK8MCTg
Ln84ypdOXY8kGyXVanNDMGqGPNiXaoVgZf1aieLzIK2UHKQOaDfvWrdGGL8Uz7DS
GwxPka8lkdWQHVIfT6gaC4IazyDIHNDEkYFSPm1y7s+GEQ==
-----END CERTIFICATE-----