Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/9a36cc-6dca-4a2a-bf6f-d47bd7d0192f/1/emdeEvtf-dPYqJDFZvDtkBBeEnI.roa
File:                     emdeEvtf-dPYqJDFZvDtkBBeEnI.roa (raw, json)
Hash identifier:          2z0ROEh1DbKK1Sw2prjIQXkxHvunoh5z/S/Lboz+VV4=
Subject key identifier:   7A:67:5E:12:FB:5F:F9:D3:D8:A8:90:C5:66:F0:ED:90:10:5E:12:72
Certificate issuer:       /CN=319eddb366919ed75f4660cfb0e0b6e5fc401613
Certificate serial:       018CC94E2F564612F69C7B53A8A10559A885
Authority key identifier: 31:9E:DD:B3:66:91:9E:D7:5F:46:60:CF:B0:E0:B6:E5:FC:40:16:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MZ7ds2aRntdfRmDPsOC25fxAFhM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/9a36cc-6dca-4a2a-bf6f-d47bd7d0192f/1/emdeEvtf-dPYqJDFZvDtkBBeEnI.roa
Signing time:             Tue 02 Jan 2024 08:33:13 +0000
ROA not before:           Tue 02 Jan 2024 08:33:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205771
IP address blocks:        2a13:740::/32 maxlen: 32
                          2a13:741::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/9a36cc-6dca-4a2a-bf6f-d47bd7d0192f/1/MZ7ds2aRntdfRmDPsOC25fxAFhM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/9a36cc-6dca-4a2a-bf6f-d47bd7d0192f/1/MZ7ds2aRntdfRmDPsOC25fxAFhM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MZ7ds2aRntdfRmDPsOC25fxAFhM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:2f:56:46:12:f6:9c:7b:53:a8:a1:05:59:a8:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=319eddb366919ed75f4660cfb0e0b6e5fc401613
        Validity
            Not Before: Jan  2 08:33:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a675e12fb5ff9d3d8a890c566f0ed90105e1272
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:db:25:ae:fc:7d:6c:df:a1:2f:71:be:d0:fd:
                    92:6f:c1:74:d6:47:ae:32:7d:69:8b:d1:d0:f5:7d:
                    8f:f8:7f:00:e9:7f:08:e3:d8:15:a0:1e:4c:6a:ff:
                    b4:69:2f:01:ab:4e:3f:d9:61:66:c6:f6:71:72:7d:
                    fc:a9:51:bb:c8:00:4a:bf:73:3c:3c:86:ce:f5:ba:
                    e4:d3:ca:af:46:31:bb:b0:7d:75:12:f4:98:df:26:
                    0c:cf:a9:ce:d3:3e:9f:bb:f0:12:f3:b5:ae:94:31:
                    05:79:83:7e:1e:a2:0a:8a:3c:2b:c8:b1:47:e8:a3:
                    79:ba:92:10:1c:cb:3a:e1:57:b8:c6:19:02:63:1e:
                    4d:e6:d5:d3:35:ae:f4:ff:09:bd:28:13:19:9e:a1:
                    8d:31:47:17:29:3b:1a:ca:4f:2c:21:6a:dc:64:98:
                    b5:42:9f:7f:dd:38:3a:da:24:c1:cf:d4:ee:c0:a9:
                    16:3b:5f:43:73:c9:97:96:3c:81:83:01:02:e7:04:
                    28:f6:78:6c:40:c7:66:8f:b3:aa:68:71:b2:7e:5d:
                    c4:a8:31:9d:fb:76:75:51:93:f1:ba:01:b1:e3:e8:
                    1a:98:ac:0a:74:0c:5c:b8:4f:ca:32:83:82:36:bd:
                    0c:04:bd:81:b8:62:f9:f4:53:07:db:0c:ba:2d:fd:
                    cb:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:67:5E:12:FB:5F:F9:D3:D8:A8:90:C5:66:F0:ED:90:10:5E:12:72
            X509v3 Authority Key Identifier:
                keyid:31:9E:DD:B3:66:91:9E:D7:5F:46:60:CF:B0:E0:B6:E5:FC:40:16:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MZ7ds2aRntdfRmDPsOC25fxAFhM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/9a36cc-6dca-4a2a-bf6f-d47bd7d0192f/1/emdeEvtf-dPYqJDFZvDtkBBeEnI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/9a36cc-6dca-4a2a-bf6f-d47bd7d0192f/1/MZ7ds2aRntdfRmDPsOC25fxAFhM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:740::/31

    Signature Algorithm: sha256WithRSAEncryption
         42:c5:4c:c0:a1:2e:66:5c:ec:27:77:ee:87:74:15:cb:7b:57:
         9c:d1:ac:99:ca:4e:c1:10:bd:c5:7b:61:47:bc:af:48:43:76:
         f0:f9:86:4f:03:90:cb:8c:dd:ad:b8:c7:6f:d7:7e:19:d2:87:
         85:98:5d:7d:8b:07:6c:c4:c3:84:c6:0e:60:74:eb:6a:c0:dc:
         0f:f4:9e:72:60:ec:66:22:46:27:aa:32:ca:53:0b:3e:1f:ee:
         ed:2a:72:f6:11:6e:47:b3:50:a5:05:c9:36:6f:fd:03:2f:4f:
         93:a0:57:d9:56:23:79:04:8e:42:8d:1d:78:59:03:36:ed:d3:
         86:36:28:01:ea:4d:cd:c5:d1:bb:cc:3e:23:92:d7:e1:51:80:
         23:d2:fb:8c:20:56:a5:c6:7e:d5:b0:12:d5:4e:f6:c3:0e:b3:
         05:bd:62:97:50:0b:e8:18:5e:1c:30:55:03:d6:e5:16:05:3f:
         b5:d4:60:c0:5c:f4:c5:2f:41:e6:a2:0c:72:91:7c:fa:be:44:
         a7:bb:56:7f:74:26:72:d6:f4:45:34:2a:d9:7f:57:03:85:92:
         ca:f4:d1:b2:04:c6:5d:8d:e7:5b:9c:64:98:c0:69:b9:f3:40:
         89:89:05:de:ec:40:87:de:0f:c6:c9:8d:9e:11:ea:58:fd:fb:
         12:b3:98:09
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJTi9WRhL2nHtTqKEFWaiFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxOWVkZGIzNjY5MTllZDc1ZjQ2NjBjZmIwZTBiNmU1ZmM0
MDE2MTMwHhcNMjQwMTAyMDgzMzEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTY3NWUxMmZiNWZmOWQzZDhhODkwYzU2NmYwZWQ5MDEwNWUxMjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9slrvx9bN+hL3G+0P2Sb8F01keu
Mn1pi9HQ9X2P+H8A6X8I49gVoB5Mav+0aS8Bq04/2WFmxvZxcn38qVG7yABKv3M8
PIbO9brk08qvRjG7sH11EvSY3yYMz6nO0z6fu/AS87WulDEFeYN+HqIKijwryLFH
6KN5upIQHMs64Ve4xhkCYx5N5tXTNa70/wm9KBMZnqGNMUcXKTsayk8sIWrcZJi1
Qp9/3Tg62iTBz9TuwKkWO19Dc8mXljyBgwEC5wQo9nhsQMdmj7OqaHGyfl3EqDGd
+3Z1UZPxugGx4+gamKwKdAxcuE/KMoOCNr0MBL2BuGL59FMH2wy6Lf3LywIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHpnXhL7X/nT2KiQxWbw7ZAQXhJyMB8GA1UdIwQY
MBaAFDGe3bNmkZ7XX0Zgz7DgtuX8QBYTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVo3ZHMyYVJudGRmUm1EUHNPQzI1ZnhBRmhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS85YTM2Y2MtNmRjYS00YTJhLWJmNmYt
ZDQ3YmQ3ZDAxOTJmLzEvZW1kZUV2dGYtZFBZcUpERlp2RHRrQkJlRW5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS85YTM2Y2MtNmRjYS00YTJhLWJmNmYtZDQ3YmQ3ZDAxOTJm
LzEvTVo3ZHMyYVJudGRmUm1EUHNPQzI1ZnhBRmhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBKhMHQDAN
BgkqhkiG9w0BAQsFAAOCAQEAQsVMwKEuZlzsJ3fuh3QVy3tXnNGsmcpOwRC9xXth
R7yvSEN28PmGTwOQy4zdrbjHb9d+GdKHhZhdfYsHbMTDhMYOYHTrasDcD/SecmDs
ZiJGJ6oyylMLPh/u7Spy9hFuR7NQpQXJNm/9Ay9Pk6BX2VYjeQSOQo0deFkDNu3T
hjYoAepNzcXRu8w+I5LX4VGAI9L7jCBWpcZ+1bAS1U72ww6zBb1il1AL6BheHDBV
A9blFgU/tdRgwFz0xS9B5qIMcpF8+r5Ep7tWf3Qmctb0RTQq2X9XA4WSyvTRsgTG
XY3nW5xkmMBpufNAiYkF3uxAh94PxsmNnhHqWP37ErOYCQ==
-----END CERTIFICATE-----