Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/423e9c-4425-496e-b237-6b0ef9108688/1/18pU9OUJZfEjtQtM3d6KCEE-wf4.roa
File:                     18pU9OUJZfEjtQtM3d6KCEE-wf4.roa (raw, json)
Hash identifier:          g9Yx6RdVIwFFC/gP3XLwi8dipV0AyWlMkba67EAqwI4=
Subject key identifier:   D7:CA:54:F4:E5:09:65:F1:23:B5:0B:4C:DD:DE:8A:08:41:3E:C1:FE
Certificate issuer:       /CN=8b8d8598064db5a8edb3a6084064cd2a1ad8c6e3
Certificate serial:       019420685C794C89433D14DB7B9085847118
Authority key identifier: 8B:8D:85:98:06:4D:B5:A8:ED:B3:A6:08:40:64:CD:2A:1A:D8:C6:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i42FmAZNtajts6YIQGTNKhrYxuM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/423e9c-4425-496e-b237-6b0ef9108688/1/18pU9OUJZfEjtQtM3d6KCEE-wf4.roa
Signing time:             Wed 01 Jan 2025 05:48:17 +0000
ROA not before:           Wed 01 Jan 2025 05:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51801
IP address blocks:        2a13:4880::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/423e9c-4425-496e-b237-6b0ef9108688/1/i42FmAZNtajts6YIQGTNKhrYxuM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/423e9c-4425-496e-b237-6b0ef9108688/1/i42FmAZNtajts6YIQGTNKhrYxuM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i42FmAZNtajts6YIQGTNKhrYxuM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:5c:79:4c:89:43:3d:14:db:7b:90:85:84:71:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b8d8598064db5a8edb3a6084064cd2a1ad8c6e3
        Validity
            Not Before: Jan  1 05:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d7ca54f4e50965f123b50b4cddde8a08413ec1fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:e2:41:18:2a:46:67:01:9e:04:27:8b:45:f9:
                    b7:25:f6:07:f8:d4:bb:ac:18:ef:c0:86:66:bd:15:
                    98:7f:21:0f:ab:75:3a:29:f0:ad:95:b4:7f:2d:88:
                    5e:3d:c3:bb:b1:06:36:28:48:42:68:21:fb:2d:2b:
                    b6:81:45:84:0d:44:29:6a:eb:fb:d9:8c:09:12:ce:
                    2a:d6:87:af:0a:ab:ec:a9:39:27:67:37:5d:50:2d:
                    9a:ee:9c:51:3a:eb:3c:75:cd:f3:98:34:49:12:69:
                    10:ca:c9:0e:d9:94:08:f2:83:06:c9:eb:c0:c5:54:
                    4c:03:1f:8d:50:34:6a:ab:e9:9e:d5:86:a7:07:a9:
                    13:51:ea:f8:f3:21:86:89:2d:f2:a7:dd:59:b7:3a:
                    6b:09:db:20:e9:9f:f9:1b:30:39:16:87:02:7d:11:
                    67:07:48:c6:5a:61:a1:dc:2c:e9:dd:57:cb:9a:4e:
                    2d:6c:05:75:55:04:3b:78:52:c8:6a:21:10:31:4a:
                    dd:31:aa:5d:80:38:14:cc:1d:22:c7:67:c8:71:1f:
                    86:7f:38:2f:27:ed:54:8c:a6:f0:21:be:13:07:d9:
                    30:4e:e9:7e:33:67:c7:a7:0d:15:af:f4:a4:5e:97:
                    93:3e:3e:ea:d8:db:4b:02:67:8c:9c:a3:5f:40:14:
                    92:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:CA:54:F4:E5:09:65:F1:23:B5:0B:4C:DD:DE:8A:08:41:3E:C1:FE
            X509v3 Authority Key Identifier:
                keyid:8B:8D:85:98:06:4D:B5:A8:ED:B3:A6:08:40:64:CD:2A:1A:D8:C6:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i42FmAZNtajts6YIQGTNKhrYxuM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/423e9c-4425-496e-b237-6b0ef9108688/1/18pU9OUJZfEjtQtM3d6KCEE-wf4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/423e9c-4425-496e-b237-6b0ef9108688/1/i42FmAZNtajts6YIQGTNKhrYxuM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:4880::/29

    Signature Algorithm: sha256WithRSAEncryption
         10:be:fc:11:9f:f0:0c:8c:f1:ee:ae:15:c6:0f:95:e5:f8:67:
         28:61:6d:69:98:94:31:f5:26:81:ad:3a:64:70:13:2e:b1:b4:
         7f:8b:e8:91:b9:2d:95:69:f2:15:5a:20:22:94:38:b7:0f:21:
         b1:6d:72:65:c8:9b:84:bd:84:69:7d:02:a1:88:a8:7c:8f:1e:
         64:29:54:ae:ea:02:39:8f:fc:89:ef:5f:56:d9:00:9c:66:3d:
         c8:a2:2f:bd:bc:7d:45:ea:c5:4f:93:74:3d:f7:45:8f:c2:8b:
         1c:8c:0a:17:0a:28:16:79:d6:5b:ac:b4:be:ca:70:2e:5d:d6:
         e6:40:4c:f7:e6:82:71:3e:b9:ef:82:a4:c5:2c:06:bc:11:c1:
         a6:d2:4e:ea:cd:e3:d3:ac:b6:5d:0f:17:1f:57:a6:3a:85:13:
         ea:6f:d9:2a:50:63:a8:1e:c7:ab:c8:fe:14:52:d1:e5:2e:51:
         9d:58:fd:14:80:08:5e:94:56:19:a9:b6:04:20:23:cc:ac:a2:
         68:4d:8c:45:4c:a7:34:2c:26:35:6d:a8:00:9a:ef:3a:42:01:
         8c:49:f6:89:5c:22:ef:e8:2c:74:93:76:1b:b2:9c:69:4f:53:
         2b:04:7c:8e:a2:f8:3d:61:91:b4:b1:b0:36:81:ee:8a:a5:7e:
         4a:1f:8a:c2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQgaFx5TIlDPRTbe5CFhHEYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiOGQ4NTk4MDY0ZGI1YThlZGIzYTYwODQwNjRjZDJhMWFk
OGM2ZTMwHhcNMjUwMTAxMDU0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2NhNTRmNGU1MDk2NWYxMjNiNTBiNGNkZGRlOGEwODQxM2VjMWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1eJBGCpGZwGeBCeLRfm3JfYH+NS7
rBjvwIZmvRWYfyEPq3U6KfCtlbR/LYhePcO7sQY2KEhCaCH7LSu2gUWEDUQpauv7
2YwJEs4q1oevCqvsqTknZzddUC2a7pxROus8dc3zmDRJEmkQyskO2ZQI8oMGyevA
xVRMAx+NUDRqq+me1YanB6kTUer48yGGiS3yp91ZtzprCdsg6Z/5GzA5FocCfRFn
B0jGWmGh3Czp3VfLmk4tbAV1VQQ7eFLIaiEQMUrdMapdgDgUzB0ix2fIcR+Gfzgv
J+1UjKbwIb4TB9kwTul+M2fHpw0Vr/SkXpeTPj7q2NtLAmeMnKNfQBSSAQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNfKVPTlCWXxI7ULTN3eighBPsH+MB8GA1UdIwQY
MBaAFIuNhZgGTbWo7bOmCEBkzSoa2MbjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTQyRm1BWk50YWp0czZZSVFHVE5LaHJZeHVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MjNlOWMtNDQyNS00OTZlLWIyMzct
NmIwZWY5MTA4Njg4LzEvMThwVTlPVUpaZkVqdFF0TTNkNktDRUUtd2Y0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MjNlOWMtNDQyNS00OTZlLWIyMzctNmIwZWY5MTA4Njg4
LzEvaTQyRm1BWk50YWp0czZZSVFHVE5LaHJZeHVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhNIgDAN
BgkqhkiG9w0BAQsFAAOCAQEAEL78EZ/wDIzx7q4Vxg+V5fhnKGFtaZiUMfUmga06
ZHATLrG0f4vokbktlWnyFVogIpQ4tw8hsW1yZcibhL2EaX0CoYiofI8eZClUruoC
OY/8ie9fVtkAnGY9yKIvvbx9RerFT5N0PfdFj8KLHIwKFwooFnnWW6y0vspwLl3W
5kBM9+aCcT6574KkxSwGvBHBptJO6s3j06y2XQ8XH1emOoUT6m/ZKlBjqB7Hq8j+
FFLR5S5RnVj9FIAIXpRWGam2BCAjzKyiaE2MRUynNCwmNW2oAJrvOkIBjEn2iVwi
7+gsdJN2G7KcaU9TKwR8jqL4PWGRtLGwNoHuiqV+Sh+Kwg==
-----END CERTIFICATE-----