Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/1d3cdc-d04b-4adb-b069-2a351ab3b8f6/1/H0KwMbX473i3EyvOXh1BK6Zo4vA.roa
File:                     H0KwMbX473i3EyvOXh1BK6Zo4vA.roa (raw, json)
Hash identifier:          clMQLU7ZJpy8vg6s4Zah+c95OC+5f48ZB0kYTiUKiXg=
Subject key identifier:   1F:42:B0:31:B5:F8:EF:78:B7:13:2B:CE:5E:1D:41:2B:A6:68:E2:F0
Certificate issuer:       /CN=b504bcceb9c363f13e3adaa4c0fa52780f064684
Certificate serial:       018E33B024A36F6193A31BC406DCB7D35E84
Authority key identifier: B5:04:BC:CE:B9:C3:63:F1:3E:3A:DA:A4:C0:FA:52:78:0F:06:46:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tQS8zrnDY_E-OtqkwPpSeA8GRoQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/1d3cdc-d04b-4adb-b069-2a351ab3b8f6/1/H0KwMbX473i3EyvOXh1BK6Zo4vA.roa
Signing time:             Tue 12 Mar 2024 17:22:45 +0000
ROA not before:           Tue 12 Mar 2024 17:22:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213216
IP address blocks:        2a13:7fc0:4201::/48 maxlen: 48
                          2a13:7fc0:a42a::/48 maxlen: 64

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/1d3cdc-d04b-4adb-b069-2a351ab3b8f6/1/tQS8zrnDY_E-OtqkwPpSeA8GRoQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/1d3cdc-d04b-4adb-b069-2a351ab3b8f6/1/tQS8zrnDY_E-OtqkwPpSeA8GRoQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tQS8zrnDY_E-OtqkwPpSeA8GRoQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 17:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:33:b0:24:a3:6f:61:93:a3:1b:c4:06:dc:b7:d3:5e:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b504bcceb9c363f13e3adaa4c0fa52780f064684
        Validity
            Not Before: Mar 12 17:22:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f42b031b5f8ef78b7132bce5e1d412ba668e2f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:f3:9c:84:36:db:2c:72:5a:e3:49:c9:02:2f:
                    04:ee:ba:34:83:6c:56:e3:d2:2e:89:0b:0a:0b:8c:
                    5b:1b:82:5d:9f:0c:c4:31:73:fd:06:49:b0:ff:9a:
                    b6:40:81:7f:06:df:e8:3f:b3:bf:59:79:82:8c:66:
                    ee:a3:47:22:8f:f8:d6:df:c4:0a:65:2b:cb:b8:10:
                    ec:11:fa:87:66:76:e3:c9:9a:15:22:03:d7:ba:0c:
                    d7:b4:3b:91:c5:a5:9e:e8:10:bf:a9:ff:45:72:33:
                    89:c9:ed:b7:d2:f5:81:e8:b1:fb:9e:04:a3:4e:0c:
                    43:64:99:ee:49:e8:d3:75:1c:80:2b:a7:48:97:20:
                    80:1f:f2:07:65:13:ce:c4:ea:5d:ec:ba:5d:3e:11:
                    e0:ab:0b:72:e1:7c:3c:cf:7d:ce:56:f3:50:d5:0c:
                    7f:50:36:09:ee:0c:7d:63:ea:ce:ff:85:d8:01:d0:
                    dc:63:24:2b:a0:34:7a:4a:c2:30:28:5d:52:30:89:
                    b2:46:77:87:f3:95:2a:a2:25:0f:0f:ba:33:5c:39:
                    12:c7:ae:fb:b7:8e:bb:0e:cf:a3:bc:6b:5e:af:8a:
                    a6:7f:fb:08:00:34:d1:3c:1c:20:b0:3d:57:aa:0d:
                    8a:38:85:b7:b5:e5:88:5d:c2:bb:60:68:90:8f:7f:
                    0e:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:42:B0:31:B5:F8:EF:78:B7:13:2B:CE:5E:1D:41:2B:A6:68:E2:F0
            X509v3 Authority Key Identifier:
                keyid:B5:04:BC:CE:B9:C3:63:F1:3E:3A:DA:A4:C0:FA:52:78:0F:06:46:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tQS8zrnDY_E-OtqkwPpSeA8GRoQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/1d3cdc-d04b-4adb-b069-2a351ab3b8f6/1/H0KwMbX473i3EyvOXh1BK6Zo4vA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/1d3cdc-d04b-4adb-b069-2a351ab3b8f6/1/tQS8zrnDY_E-OtqkwPpSeA8GRoQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:7fc0:4201::/48
                  2a13:7fc0:a42a::/48

    Signature Algorithm: sha256WithRSAEncryption
         7a:c4:df:09:f7:ef:2a:07:1f:95:79:e9:9d:b9:0e:bd:d0:30:
         72:52:71:3a:1b:91:ac:f5:1f:41:f2:ad:9e:32:a6:f4:22:d7:
         0a:68:37:c0:76:fd:26:eb:ea:af:21:cc:24:75:57:1e:e4:98:
         a2:71:0f:d5:04:e2:e5:97:dd:a2:c2:1c:aa:38:ec:a9:57:a8:
         55:0d:0c:ee:39:43:f6:a8:87:97:24:cb:13:96:dd:ce:45:df:
         ec:03:b2:78:6d:cd:c6:fb:1c:d9:e9:b8:59:00:57:b2:c4:ea:
         69:90:6b:20:74:05:fb:d1:03:48:df:e8:e2:c4:e4:f4:f0:4b:
         7d:99:43:4d:76:b6:10:95:60:bd:4b:8b:6e:f2:0a:2c:21:62:
         a9:47:7c:f2:46:73:e4:93:3d:b6:b4:65:fd:1b:4e:ce:11:31:
         9c:71:a4:4e:11:01:c3:ef:99:e4:5d:cf:35:dd:42:68:c3:8c:
         75:d1:08:a5:89:4d:6f:ed:09:a6:10:f2:e7:c3:7e:a2:21:f4:
         48:c8:b7:5d:0f:cb:00:91:fb:be:02:7e:c5:00:0a:dd:0d:a0:
         a4:1f:fe:91:17:a0:28:b6:68:89:47:15:62:43:a4:68:9f:e7:
         92:7f:98:de:be:ea:28:2c:ac:09:79:63:82:60:92:13:48:36:
         4e:c2:63:af
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY4zsCSjb2GToxvEBty3016EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1MDRiY2NlYjljMzYzZjEzZTNhZGFhNGMwZmE1Mjc4MGYw
NjQ2ODQwHhcNMjQwMzEyMTcyMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjQyYjAzMWI1ZjhlZjc4YjcxMzJiY2U1ZTFkNDEyYmE2NjhlMmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/OchDbbLHJa40nJAi8E7ro0g2xW
49IuiQsKC4xbG4JdnwzEMXP9Bkmw/5q2QIF/Bt/oP7O/WXmCjGbuo0cij/jW38QK
ZSvLuBDsEfqHZnbjyZoVIgPXugzXtDuRxaWe6BC/qf9FcjOJye230vWB6LH7ngSj
TgxDZJnuSejTdRyAK6dIlyCAH/IHZRPOxOpd7LpdPhHgqwty4Xw8z33OVvNQ1Qx/
UDYJ7gx9Y+rO/4XYAdDcYyQroDR6SsIwKF1SMImyRneH85UqoiUPD7ozXDkSx677
t467Ds+jvGter4qmf/sIADTRPBwgsD1Xqg2KOIW3teWIXcK7YGiQj38OrwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFB9CsDG1+O94txMrzl4dQSumaOLwMB8GA1UdIwQY
MBaAFLUEvM65w2PxPjrapMD6UngPBkaEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFFTOHpybkRZX0UtT3Rxa3dQcFNlQThHUm9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS8xZDNjZGMtZDA0Yi00YWRiLWIwNjkt
MmEzNTFhYjNiOGY2LzEvSDBLd01iWDQ3M2kzRXl2T1hoMUJLNlpvNHZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS8xZDNjZGMtZDA0Yi00YWRiLWIwNjktMmEzNTFhYjNiOGY2
LzEvdFFTOHpybkRZX0UtT3Rxa3dQcFNlQThHUm9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhN/wEIB
AwcAKhN/wKQqMA0GCSqGSIb3DQEBCwUAA4IBAQB6xN8J9+8qBx+VeemduQ690DBy
UnE6G5Gs9R9B8q2eMqb0ItcKaDfAdv0m6+qvIcwkdVce5JiicQ/VBOLll92iwhyq
OOypV6hVDQzuOUP2qIeXJMsTlt3ORd/sA7J4bc3G+xzZ6bhZAFeyxOppkGsgdAX7
0QNI3+jixOT08Et9mUNNdrYQlWC9S4tu8gosIWKpR3zyRnPkkz22tGX9G07OETGc
caROEQHD75nkXc813UJow4x10QiliU1v7QmmEPLnw36iIfRIyLddD8sAkfu+An7F
AArdDaCkH/6RF6AotmiJRxViQ6Ron+eSf5jevuooLKwJeWOCYJITSDZOwmOv
-----END CERTIFICATE-----