Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/22df61-b609-4986-99e3-926c4a326e08/1/AJZdCl2YEluoX0gOqcMqJJjjcIY.roa
File:                     AJZdCl2YEluoX0gOqcMqJJjjcIY.roa (raw, json)
Hash identifier:          Dxrs15Prt53izmHkWP3F+3AvI2H5s7ZLu4k4flNlwYM=
Subject key identifier:   00:96:5D:0A:5D:98:12:5B:A8:5F:48:0E:A9:C3:2A:24:98:E3:70:86
Certificate issuer:       /CN=aeb0b777f5377bb1c50653884b03e27dcdee828e
Certificate serial:       018E14E4C6FF7BC627AF0399FC0F65AC1F7A
Authority key identifier: AE:B0:B7:77:F5:37:7B:B1:C5:06:53:88:4B:03:E2:7D:CD:EE:82:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rrC3d_U3e7HFBlOISwPifc3ugo4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/22df61-b609-4986-99e3-926c4a326e08/1/AJZdCl2YEluoX0gOqcMqJJjjcIY.roa
Signing time:             Wed 06 Mar 2024 17:52:01 +0000
ROA not before:           Wed 06 Mar 2024 17:52:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        2a13:a380:300::/48 maxlen: 48
                          2a13:a380:301::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/22df61-b609-4986-99e3-926c4a326e08/1/rrC3d_U3e7HFBlOISwPifc3ugo4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/22df61-b609-4986-99e3-926c4a326e08/1/rrC3d_U3e7HFBlOISwPifc3ugo4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rrC3d_U3e7HFBlOISwPifc3ugo4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:14:e4:c6:ff:7b:c6:27:af:03:99:fc:0f:65:ac:1f:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aeb0b777f5377bb1c50653884b03e27dcdee828e
        Validity
            Not Before: Mar  6 17:52:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=00965d0a5d98125ba85f480ea9c32a2498e37086
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:a5:ed:56:73:02:af:e8:15:69:91:3b:6a:50:
                    16:32:79:50:c4:db:8c:7f:ab:45:59:9f:f2:7d:d0:
                    b4:f7:e4:ba:fd:47:c9:2b:80:30:fe:99:a8:5b:28:
                    33:dd:4f:01:8e:1b:17:24:46:39:35:99:df:3e:8c:
                    e2:8c:64:a9:d2:db:d2:2b:f7:10:14:83:6b:82:d6:
                    a4:8c:95:d7:02:c2:dc:08:82:ac:cc:06:9c:9a:30:
                    6d:16:6a:30:56:7f:13:3a:8b:69:66:cc:59:cf:44:
                    a5:ef:e0:39:0e:0d:9b:90:ef:9c:08:d1:44:62:56:
                    c4:9e:dd:6d:fe:eb:eb:ff:de:51:c1:0e:35:39:6f:
                    63:24:fb:ef:eb:f5:98:10:4c:28:1b:44:31:31:06:
                    21:1f:1c:6d:91:e9:56:ad:25:fe:8e:36:b3:cb:1a:
                    de:62:d5:8c:ee:9f:e9:cb:0a:46:c3:9c:07:38:38:
                    86:86:79:27:bd:67:5b:dd:19:4e:10:4f:6a:e8:ca:
                    ba:79:f7:34:e9:7b:03:db:fd:dc:5e:a6:ff:a1:d5:
                    78:6e:fb:c4:1e:c1:8d:c5:38:6f:28:38:af:9f:0a:
                    53:ce:6c:62:ba:29:9e:6e:1c:92:67:9c:1e:c4:cb:
                    e6:3d:2d:d6:26:7d:97:29:e8:c6:e5:98:1c:e4:0a:
                    c0:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:96:5D:0A:5D:98:12:5B:A8:5F:48:0E:A9:C3:2A:24:98:E3:70:86
            X509v3 Authority Key Identifier:
                keyid:AE:B0:B7:77:F5:37:7B:B1:C5:06:53:88:4B:03:E2:7D:CD:EE:82:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rrC3d_U3e7HFBlOISwPifc3ugo4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/22df61-b609-4986-99e3-926c4a326e08/1/AJZdCl2YEluoX0gOqcMqJJjjcIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/22df61-b609-4986-99e3-926c4a326e08/1/rrC3d_U3e7HFBlOISwPifc3ugo4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:a380:300::/47

    Signature Algorithm: sha256WithRSAEncryption
         5a:d3:ac:0f:8b:14:f7:cc:ba:4b:48:a1:64:be:ff:b3:ae:a4:
         c0:23:34:68:4e:c6:b6:11:87:df:85:7d:c5:54:38:5b:a7:a9:
         1d:73:dd:1c:b0:f1:c5:67:cb:a8:cf:9f:94:e9:67:71:e1:44:
         e4:dd:16:91:98:cd:e1:cc:65:5d:04:64:1c:d3:a2:2b:e2:88:
         0e:bc:dd:6e:35:f5:86:48:21:18:c9:a7:1e:d1:bd:1f:75:2b:
         70:72:3d:4d:eb:5c:9a:fc:7f:52:eb:d3:90:52:57:a8:50:e9:
         d0:da:87:38:e5:1b:5e:fa:aa:45:e1:61:fe:bd:16:25:4b:c6:
         79:60:1d:05:6d:28:82:27:08:01:37:cc:7f:5f:b5:7f:ac:ee:
         c3:d1:d9:de:ad:95:35:2f:87:0e:65:1e:5d:0b:5a:24:f8:d5:
         43:72:c7:fb:87:34:61:71:ff:e1:09:0e:ca:c5:83:da:79:12:
         8c:b1:66:f0:8d:c3:33:34:db:95:20:ad:3f:95:ea:3f:83:6e:
         62:0f:06:71:82:57:e8:92:73:ec:23:d3:88:d0:0d:8d:7e:dd:
         dc:2e:53:34:15:9c:4f:73:be:db:b0:21:04:11:43:72:d5:04:
         07:25:79:cb:3d:21:42:cf:be:e5:a7:5d:3f:de:db:8b:b4:31:
         ce:8e:93:c3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY4U5Mb/e8YnrwOZ/A9lrB96MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlYjBiNzc3ZjUzNzdiYjFjNTA2NTM4ODRiMDNlMjdkY2Rl
ZTgyOGUwHhcNMjQwMzA2MTc1MjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDk2NWQwYTVkOTgxMjViYTg1ZjQ4MGVhOWMzMmEyNDk4ZTM3MDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk6XtVnMCr+gVaZE7alAWMnlQxNuM
f6tFWZ/yfdC09+S6/UfJK4Aw/pmoWygz3U8BjhsXJEY5NZnfPozijGSp0tvSK/cQ
FINrgtakjJXXAsLcCIKszAacmjBtFmowVn8TOotpZsxZz0Sl7+A5Dg2bkO+cCNFE
YlbEnt1t/uvr/95RwQ41OW9jJPvv6/WYEEwoG0QxMQYhHxxtkelWrSX+jjazyxre
YtWM7p/pywpGw5wHODiGhnknvWdb3RlOEE9q6Mq6efc06XsD2/3cXqb/odV4bvvE
HsGNxThvKDivnwpTzmxiuimebhySZ5wexMvmPS3WJn2XKejG5Zgc5ArA+QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFACWXQpdmBJbqF9IDqnDKiSY43CGMB8GA1UdIwQY
MBaAFK6wt3f1N3uxxQZTiEsD4n3N7oKOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcnJDM2RfVTNlN0hGQmxPSVN3UGlmYzN1Z280LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi8yMmRmNjEtYjYwOS00OTg2LTk5ZTMt
OTI2YzRhMzI2ZTA4LzEvQUpaZENsMllFbHVvWDBnT3FjTXFKSmpqY0lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi8yMmRmNjEtYjYwOS00OTg2LTk5ZTMtOTI2YzRhMzI2ZTA4
LzEvcnJDM2RfVTNlN0hGQmxPSVN3UGlmYzN1Z280LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKhOjgAMA
MA0GCSqGSIb3DQEBCwUAA4IBAQBa06wPixT3zLpLSKFkvv+zrqTAIzRoTsa2EYff
hX3FVDhbp6kdc90csPHFZ8uoz5+U6Wdx4UTk3RaRmM3hzGVdBGQc06Ir4ogOvN1u
NfWGSCEYyace0b0fdStwcj1N61ya/H9S69OQUleoUOnQ2oc45Rte+qpF4WH+vRYl
S8Z5YB0FbSiCJwgBN8x/X7V/rO7D0dnerZU1L4cOZR5dC1ok+NVDcsf7hzRhcf/h
CQ7KxYPaeRKMsWbwjcMzNNuVIK0/leo/g25iDwZxglfoknPsI9OI0A2Nft3cLlM0
FZxPc77bsCEEEUNy1QQHJXnLPSFCz77lp10/3tuLtDHOjpPD
-----END CERTIFICATE-----