Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/l_PoOXMK2S_xlBDJFcCZU5JZSqM.roa
File:                     l_PoOXMK2S_xlBDJFcCZU5JZSqM.roa (raw, json)
Hash identifier:          nU5NLNQR8KUD3uCMiOKYb0TUFVHhYaH3xHbbsg8PEoo=
Subject key identifier:   97:F3:E8:39:73:0A:D9:2F:F1:94:10:C9:15:C0:99:53:92:59:4A:A3
Certificate issuer:       /CN=ea2d102b6112b0d9a8b8eebac4b97c819f97c606
Certificate serial:       018CC86EEE4AC08AC8B1D33EE290450B4238
Authority key identifier: EA:2D:10:2B:61:12:B0:D9:A8:B8:EE:BA:C4:B9:7C:81:9F:97:C6:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6i0QK2ESsNmouO66xLl8gZ-XxgY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/l_PoOXMK2S_xlBDJFcCZU5JZSqM.roa
Signing time:             Tue 02 Jan 2024 04:29:22 +0000
ROA not before:           Tue 02 Jan 2024 04:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     18178
IP address blocks:        2a13:2200::/47 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/6i0QK2ESsNmouO66xLl8gZ-XxgY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/6i0QK2ESsNmouO66xLl8gZ-XxgY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6i0QK2ESsNmouO66xLl8gZ-XxgY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 22:02:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:ee:4a:c0:8a:c8:b1:d3:3e:e2:90:45:0b:42:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea2d102b6112b0d9a8b8eebac4b97c819f97c606
        Validity
            Not Before: Jan  2 04:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97f3e839730ad92ff19410c915c0995392594aa3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:2a:d3:75:2f:05:4e:35:70:11:8a:50:3b:16:
                    33:5d:d1:04:b2:e3:ce:91:b6:c6:34:65:97:3a:a8:
                    cd:7e:22:37:c7:00:45:14:ed:ba:ff:14:0c:bc:ec:
                    0f:6b:ef:a6:37:7f:35:2f:4d:9e:e7:2c:55:43:d3:
                    22:d3:3d:70:1a:a1:35:bd:e7:bd:c7:ae:47:20:39:
                    5e:cc:b4:1c:80:84:ba:5e:5c:e4:05:1e:cc:d0:33:
                    19:80:c2:bd:36:c9:66:d8:2a:d4:a7:b1:5b:65:ad:
                    66:2c:49:d6:cd:21:c2:ea:52:5d:04:ba:a2:63:27:
                    5f:60:f7:67:1b:ff:56:73:86:34:b2:ca:86:38:e8:
                    c3:6a:dc:66:64:3c:f8:50:14:cc:aa:c0:c5:7b:3f:
                    25:51:e8:97:e8:53:31:ca:e6:09:89:1e:30:c8:59:
                    28:c5:45:e5:60:13:3c:ee:45:19:c7:bd:05:b8:d9:
                    9c:0f:b7:11:36:93:53:8f:7e:c0:3a:a1:9f:fe:f4:
                    b5:bd:d5:40:26:ca:6f:e7:6d:38:62:1f:a8:3a:fb:
                    13:4a:e7:14:8c:06:b5:38:eb:4a:2a:6c:11:a2:db:
                    27:df:7b:29:a0:9b:70:9e:1e:dc:f0:7f:61:00:a5:
                    b5:64:7b:da:55:db:f7:3f:d9:77:26:7c:84:e7:14:
                    38:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:F3:E8:39:73:0A:D9:2F:F1:94:10:C9:15:C0:99:53:92:59:4A:A3
            X509v3 Authority Key Identifier:
                keyid:EA:2D:10:2B:61:12:B0:D9:A8:B8:EE:BA:C4:B9:7C:81:9F:97:C6:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6i0QK2ESsNmouO66xLl8gZ-XxgY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/l_PoOXMK2S_xlBDJFcCZU5JZSqM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/4cdefa-5ee2-4719-a7e1-b829cc401031/1/6i0QK2ESsNmouO66xLl8gZ-XxgY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:2200::/47

    Signature Algorithm: sha256WithRSAEncryption
         01:0c:07:00:d2:44:90:1d:b5:75:d0:c2:65:d1:ff:28:54:a1:
         4b:ef:16:85:35:40:95:d8:bc:b0:18:e7:2d:ae:e2:3d:1e:8f:
         8d:1d:9f:ab:df:8e:ae:27:9c:c8:a5:b9:52:0d:a2:8f:1d:77:
         f4:ae:9d:66:e7:92:18:9c:49:d7:29:f3:35:1e:c6:c0:0a:7b:
         54:17:cf:56:7f:0b:7c:50:8b:d7:50:77:74:35:42:a5:a8:11:
         8f:2b:3d:85:8b:d8:ef:1b:f3:3a:b0:e2:ae:1b:75:2d:bd:43:
         46:9b:2f:9f:65:aa:ce:64:23:9c:94:8c:b1:0c:04:2c:a1:ac:
         ac:41:7a:56:90:3b:19:5c:64:db:79:c5:fc:a0:bf:4e:46:9b:
         8a:02:c6:20:7f:12:34:11:bf:c5:9d:20:43:ab:7f:c7:01:7d:
         1b:78:90:8f:a9:0a:d3:9a:bf:5f:04:48:a7:73:08:fb:79:82:
         be:e5:7e:e4:94:fd:6a:9c:1b:2a:90:79:87:32:29:da:fd:98:
         a3:70:e3:c4:18:88:88:50:7a:43:fd:c8:52:f6:15:99:ab:9c:
         55:25:52:9e:1d:1e:d1:fc:2c:2b:de:ac:4b:b1:65:82:d9:1c:
         71:f9:66:00:74:ea:73:24:e2:24:f9:8e:5b:b6:ac:f0:e6:4e:
         8f:17:80:39
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIbu5KwIrIsdM+4pBFC0I4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhMmQxMDJiNjExMmIwZDlhOGI4ZWViYWM0Yjk3YzgxOWY5
N2M2MDYwHhcNMjQwMTAyMDQyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5N2YzZTgzOTczMGFkOTJmZjE5NDEwYzkxNWMwOTk1MzkyNTk0YWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApirTdS8FTjVwEYpQOxYzXdEEsuPO
kbbGNGWXOqjNfiI3xwBFFO26/xQMvOwPa++mN381L02e5yxVQ9Mi0z1wGqE1vee9
x65HIDlezLQcgIS6XlzkBR7M0DMZgMK9Nslm2CrUp7FbZa1mLEnWzSHC6lJdBLqi
YydfYPdnG/9Wc4Y0ssqGOOjDatxmZDz4UBTMqsDFez8lUeiX6FMxyuYJiR4wyFko
xUXlYBM87kUZx70FuNmcD7cRNpNTj37AOqGf/vS1vdVAJspv5204Yh+oOvsTSucU
jAa1OOtKKmwRotsn33spoJtwnh7c8H9hAKW1ZHvaVdv3P9l3JnyE5xQ4mwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJfz6DlzCtkv8ZQQyRXAmVOSWUqjMB8GA1UdIwQY
MBaAFOotECthErDZqLjuusS5fIGfl8YGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmkwUUsyRVNzTm1vdU82NnhMbDhnWi1YeGdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80Y2RlZmEtNWVlMi00NzE5LWE3ZTEt
YjgyOWNjNDAxMDMxLzEvbF9Qb09YTUsyU194bEJESkZjQ1pVNUpaU3FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80Y2RlZmEtNWVlMi00NzE5LWE3ZTEtYjgyOWNjNDAxMDMx
LzEvNmkwUUsyRVNzTm1vdU82NnhMbDhnWi1YeGdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKhMiAAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQABDAcA0kSQHbV10MJl0f8oVKFL7xaFNUCV2Lyw
GOctruI9Ho+NHZ+r346uJ5zIpblSDaKPHXf0rp1m55IYnEnXKfM1HsbACntUF89W
fwt8UIvXUHd0NUKlqBGPKz2Fi9jvG/M6sOKuG3UtvUNGmy+fZarOZCOclIyxDAQs
oaysQXpWkDsZXGTbecX8oL9ORpuKAsYgfxI0Eb/FnSBDq3/HAX0beJCPqQrTmr9f
BEincwj7eYK+5X7klP1qnBsqkHmHMina/ZijcOPEGIiIUHpD/chS9hWZq5xVJVKe
HR7R/Cwr3qxLsWWC2Rxx+WYAdOpzJOIk+Y5btqzw5k6PF4A5
-----END CERTIFICATE-----