Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/a8e45b-17c6-436d-81a8-c5195162e3be/1/SRYlajHTvaxzm8gJ5aZ8pAr-Yus.roa
File:                     SRYlajHTvaxzm8gJ5aZ8pAr-Yus.roa (raw, json)
Hash identifier:          B8V8Sb+oStBI5CaegMe5fbp5xm4ydOzEYkZnBrYJPtY=
Subject key identifier:   49:16:25:6A:31:D3:BD:AC:73:9B:C8:09:E5:A6:7C:A4:0A:FE:62:EB
Certificate issuer:       /CN=baaa748ba14a76e5d8a6edacb5426082a56f5e3d
Certificate serial:       01909EE7DF3808296E93C0BCF35AF34E69BE
Authority key identifier: BA:AA:74:8B:A1:4A:76:E5:D8:A6:ED:AC:B5:42:60:82:A5:6F:5E:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uqp0i6FKduXYpu2stUJggqVvXj0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/a8e45b-17c6-436d-81a8-c5195162e3be/1/SRYlajHTvaxzm8gJ5aZ8pAr-Yus.roa
Signing time:             Wed 10 Jul 2024 23:08:34 +0000
ROA not before:           Wed 10 Jul 2024 23:08:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215282
IP address blocks:        2a13:ccc7::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/a8e45b-17c6-436d-81a8-c5195162e3be/1/uqp0i6FKduXYpu2stUJggqVvXj0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/a8e45b-17c6-436d-81a8-c5195162e3be/1/uqp0i6FKduXYpu2stUJggqVvXj0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uqp0i6FKduXYpu2stUJggqVvXj0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:9e:e7:df:38:08:29:6e:93:c0:bc:f3:5a:f3:4e:69:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=baaa748ba14a76e5d8a6edacb5426082a56f5e3d
        Validity
            Not Before: Jul 10 23:08:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4916256a31d3bdac739bc809e5a67ca40afe62eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ce:22:a3:ca:7a:45:8c:70:5f:39:05:09:6b:
                    52:a7:62:61:f1:d9:a5:50:06:d0:56:8c:80:7b:37:
                    a5:65:06:bf:51:09:6b:d2:2b:c5:32:de:78:57:6e:
                    e5:4f:00:d1:a3:54:98:d7:96:0c:37:9d:8d:28:9a:
                    8c:0e:c1:28:4c:11:e7:80:65:2e:d2:a1:55:3d:a5:
                    a5:48:c0:8c:ee:2e:b5:e7:97:5c:06:02:72:52:6d:
                    35:28:c1:f4:43:ec:f1:d0:4d:24:9c:46:02:1d:6f:
                    e3:d6:16:e7:bf:94:a1:5e:6e:22:5a:c6:4b:ff:fe:
                    00:04:50:66:46:63:40:59:ce:2d:c9:8b:c0:97:f7:
                    12:d1:85:ac:e7:6d:a7:30:82:8a:09:02:ed:0f:7d:
                    06:b5:4a:d4:41:d6:32:5b:2e:50:0a:c4:36:73:16:
                    0f:ed:7e:30:9b:d6:0c:67:2a:54:fd:50:1c:4e:cc:
                    94:aa:76:7f:ac:09:ec:bf:df:6d:d1:5e:af:a9:ab:
                    44:86:0c:8f:a7:84:8f:de:49:cc:98:a0:12:7b:39:
                    0e:be:d6:5d:e5:48:d1:07:9e:d2:18:48:7d:67:df:
                    cd:6e:be:f3:3d:56:38:5b:12:1a:bf:25:5c:31:f2:
                    c2:31:bc:34:aa:1e:1a:3c:e2:50:ae:69:48:18:3d:
                    9c:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:16:25:6A:31:D3:BD:AC:73:9B:C8:09:E5:A6:7C:A4:0A:FE:62:EB
            X509v3 Authority Key Identifier:
                keyid:BA:AA:74:8B:A1:4A:76:E5:D8:A6:ED:AC:B5:42:60:82:A5:6F:5E:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uqp0i6FKduXYpu2stUJggqVvXj0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/a8e45b-17c6-436d-81a8-c5195162e3be/1/SRYlajHTvaxzm8gJ5aZ8pAr-Yus.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/a8e45b-17c6-436d-81a8-c5195162e3be/1/uqp0i6FKduXYpu2stUJggqVvXj0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:ccc7::/32

    Signature Algorithm: sha256WithRSAEncryption
         53:57:27:1b:95:d0:26:95:10:7d:30:4a:ec:0d:15:3b:7d:58:
         3d:98:5b:4d:cb:fc:0b:b2:a6:6b:e6:45:28:09:16:82:f0:f8:
         2e:2d:c6:b7:7a:cd:8c:f3:14:6c:df:30:e1:68:7a:8d:6b:23:
         af:11:66:69:3e:21:a6:39:19:1f:ba:24:39:41:b8:c2:28:f0:
         57:c6:bd:cc:cb:00:0f:79:3d:5d:c7:fc:4f:26:fc:55:dd:4c:
         86:09:c0:69:30:e0:8f:68:b1:e6:17:f3:ac:e1:d4:7e:c4:8a:
         ba:1c:9c:21:d8:87:00:50:8d:a5:d2:b8:17:d7:5a:5e:10:56:
         bc:1e:0a:ab:21:64:a1:5b:52:ea:dc:36:d3:45:b1:c2:cd:6e:
         bc:e1:2f:71:f1:d0:6b:99:91:b8:0c:2b:7e:95:a6:a9:12:f2:
         63:9b:8d:3a:5b:4d:ef:33:9f:7a:e4:8c:c6:85:c0:99:ad:81:
         02:af:a8:08:70:fd:dd:35:99:72:07:f3:a6:fe:8e:8c:5b:d0:
         3b:9a:93:d7:09:2d:9b:12:f2:04:f6:69:2b:c1:92:4d:81:0d:
         81:01:4e:be:6c:05:ea:12:7e:92:f5:e7:fe:c3:6f:60:b9:9d:
         ee:ca:ad:98:56:bc:c6:ca:13:e1:36:b4:95:60:68:8e:15:40:
         0d:02:62:e8
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZCe5984CCluk8C881rzTmm+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhYWE3NDhiYTE0YTc2ZTVkOGE2ZWRhY2I1NDI2MDgyYTU2
ZjVlM2QwHhcNMjQwNzEwMjMwODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTE2MjU2YTMxZDNiZGFjNzM5YmM4MDllNWE2N2NhNDBhZmU2MmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvs4io8p6RYxwXzkFCWtSp2Jh8dml
UAbQVoyAezelZQa/UQlr0ivFMt54V27lTwDRo1SY15YMN52NKJqMDsEoTBHngGUu
0qFVPaWlSMCM7i6155dcBgJyUm01KMH0Q+zx0E0knEYCHW/j1hbnv5ShXm4iWsZL
//4ABFBmRmNAWc4tyYvAl/cS0YWs522nMIKKCQLtD30GtUrUQdYyWy5QCsQ2cxYP
7X4wm9YMZypU/VAcTsyUqnZ/rAnsv99t0V6vqatEhgyPp4SP3knMmKASezkOvtZd
5UjRB57SGEh9Z9/Nbr7zPVY4WxIavyVcMfLCMbw0qh4aPOJQrmlIGD2c0wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEkWJWox072sc5vICeWmfKQK/mLrMB8GA1UdIwQY
MBaAFLqqdIuhSnbl2KbtrLVCYIKlb149MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXFwMGk2RktkdVhZcHUyc3RVSmdncVZ2WGowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy9hOGU0NWItMTdjNi00MzZkLTgxYTgt
YzUxOTUxNjJlM2JlLzEvU1JZbGFqSFR2YXh6bThnSjVhWjhwQXItWXVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy9hOGU0NWItMTdjNi00MzZkLTgxYTgtYzUxOTUxNjJlM2Jl
LzEvdXFwMGk2RktkdVhZcHUyc3RVSmdncVZ2WGowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhPMxzAN
BgkqhkiG9w0BAQsFAAOCAQEAU1cnG5XQJpUQfTBK7A0VO31YPZhbTcv8C7Kma+ZF
KAkWgvD4Li3Gt3rNjPMUbN8w4Wh6jWsjrxFmaT4hpjkZH7okOUG4wijwV8a9zMsA
D3k9Xcf8Tyb8Vd1MhgnAaTDgj2ix5hfzrOHUfsSKuhycIdiHAFCNpdK4F9daXhBW
vB4KqyFkoVtS6tw200Wxws1uvOEvcfHQa5mRuAwrfpWmqRLyY5uNOltN7zOfeuSM
xoXAma2BAq+oCHD93TWZcgfzpv6OjFvQO5qT1wktmxLyBPZpK8GSTYENgQFOvmwF
6hJ+kvXn/sNvYLmd7sqtmFa8xsoT4Ta0lWBojhVADQJi6A==
-----END CERTIFICATE-----