Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/79b597-6b0c-4d03-bf40-31247f3a4539/1/OXc9-GPICPHYkiZ6YfUEUoh8Gyc.roa
File:                     OXc9-GPICPHYkiZ6YfUEUoh8Gyc.roa (raw, json)
Hash identifier:          4Q20yAW3aQwpp0sKebBvUHq7SxkLy6HIgWH86XdJlgg=
Subject key identifier:   39:77:3D:F8:63:C8:08:F1:D8:92:26:7A:61:F5:04:52:88:7C:1B:27
Certificate issuer:       /CN=9051ebf8c28f817b7f148bfc95cc2b5b4cb30089
Certificate serial:       018CC6B921B6702BC2B3E2A3D898B55A94B1
Authority key identifier: 90:51:EB:F8:C2:8F:81:7B:7F:14:8B:FC:95:CC:2B:5B:4C:B3:00:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kFHr-MKPgXt_FIv8lcwrW0yzAIk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/79b597-6b0c-4d03-bf40-31247f3a4539/1/OXc9-GPICPHYkiZ6YfUEUoh8Gyc.roa
Signing time:             Mon 01 Jan 2024 20:31:10 +0000
ROA not before:           Mon 01 Jan 2024 20:31:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     53358
IP address blocks:        2a13:5884::/30 maxlen: 30
                          2a13:5880::/30 maxlen: 30

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/79b597-6b0c-4d03-bf40-31247f3a4539/1/kFHr-MKPgXt_FIv8lcwrW0yzAIk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/79b597-6b0c-4d03-bf40-31247f3a4539/1/kFHr-MKPgXt_FIv8lcwrW0yzAIk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kFHr-MKPgXt_FIv8lcwrW0yzAIk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:21:b6:70:2b:c2:b3:e2:a3:d8:98:b5:5a:94:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9051ebf8c28f817b7f148bfc95cc2b5b4cb30089
        Validity
            Not Before: Jan  1 20:31:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=39773df863c808f1d892267a61f50452887c1b27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:69:99:14:b3:b9:ac:4a:13:ae:26:ec:87:3e:
                    10:58:5c:56:6c:61:de:a0:34:78:5c:23:d3:5a:59:
                    ad:bc:89:a8:2e:93:34:4f:84:7e:56:1a:0a:43:54:
                    64:ba:33:3f:cf:14:9d:95:a2:0d:fd:8e:51:47:12:
                    ef:2d:46:a8:dc:94:1e:26:92:5c:22:5d:44:d1:d0:
                    59:6e:1e:78:ca:fd:96:95:ba:97:64:32:f8:1a:c9:
                    5f:25:b3:8c:7a:f9:5f:e9:c2:0d:ab:3d:f0:37:48:
                    86:45:6b:82:ec:61:25:5a:69:48:05:52:86:df:fc:
                    a3:e9:a0:89:e2:dd:ee:e9:59:11:65:03:e6:95:c3:
                    ed:c3:48:c3:47:24:c2:4f:3d:56:55:87:f4:e8:a6:
                    9a:49:f4:a3:e4:9e:13:ea:51:45:06:15:33:eb:49:
                    4b:01:be:19:94:2a:58:39:aa:12:a3:50:a6:ca:e8:
                    4e:5f:a4:25:69:be:6c:0c:a9:7c:be:b4:58:2e:16:
                    47:27:8d:2a:f9:55:5e:93:cf:cd:cf:9b:02:53:5e:
                    ce:92:e2:59:be:4f:cc:88:1e:96:15:e0:d3:db:79:
                    2a:9c:e2:45:2a:94:0a:d7:e0:8c:f4:d1:cf:63:ad:
                    28:fd:99:0e:21:fa:4e:e6:da:4c:6a:62:6b:b4:a4:
                    6b:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:77:3D:F8:63:C8:08:F1:D8:92:26:7A:61:F5:04:52:88:7C:1B:27
            X509v3 Authority Key Identifier:
                keyid:90:51:EB:F8:C2:8F:81:7B:7F:14:8B:FC:95:CC:2B:5B:4C:B3:00:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kFHr-MKPgXt_FIv8lcwrW0yzAIk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/79b597-6b0c-4d03-bf40-31247f3a4539/1/OXc9-GPICPHYkiZ6YfUEUoh8Gyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/79b597-6b0c-4d03-bf40-31247f3a4539/1/kFHr-MKPgXt_FIv8lcwrW0yzAIk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:5880::/29

    Signature Algorithm: sha256WithRSAEncryption
         33:e5:76:4d:71:ec:21:d9:fd:cc:7a:5a:c8:8b:be:24:86:b0:
         14:84:3c:80:94:98:d1:af:06:b4:46:fe:b2:29:b6:a0:2b:7b:
         e7:af:37:61:48:e3:4a:c7:c7:ef:5d:08:f8:3c:35:c8:57:bc:
         ba:f4:41:7a:f6:4c:02:47:d3:7f:cb:79:9c:ef:f8:e4:b8:2e:
         5a:32:4c:05:7b:db:5f:44:59:e5:3a:43:b2:59:9f:49:eb:79:
         bf:ed:26:5e:27:b1:a3:40:ef:e5:ff:cf:fb:86:b4:60:cb:d3:
         7b:5b:b2:36:a6:c0:f3:6b:0f:0c:e5:b5:09:a6:32:72:d1:4d:
         9e:d9:d4:8a:81:81:f3:3f:2c:b0:2e:56:65:24:d1:bf:06:e7:
         45:60:c0:61:1a:ad:23:e6:1c:aa:6c:2f:e1:81:cd:0e:5a:4f:
         a8:21:66:09:5c:0e:8c:cd:a3:fd:7a:ee:5e:52:d7:47:f0:82:
         87:68:4c:59:7a:3e:32:37:1a:4a:7b:89:1d:6f:d1:51:54:42:
         93:a4:0b:7c:8d:50:f8:23:4b:ba:45:d3:75:72:c6:ed:1b:16:
         ea:6d:cb:48:45:7a:d5:e4:a4:f4:1a:71:a1:fe:10:e7:c4:b5:
         11:84:de:f4:eb:e8:21:52:29:bc:eb:9b:32:b0:03:2c:f4:85:
         5a:a9:d6:aa
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzGuSG2cCvCs+Kj2Ji1WpSxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwNTFlYmY4YzI4ZjgxN2I3ZjE0OGJmYzk1Y2MyYjViNGNi
MzAwODkwHhcNMjQwMTAxMjAzMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTc3M2RmODYzYzgwOGYxZDg5MjI2N2E2MWY1MDQ1Mjg4N2MxYjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg2mZFLO5rEoTribshz4QWFxWbGHe
oDR4XCPTWlmtvImoLpM0T4R+VhoKQ1RkujM/zxSdlaIN/Y5RRxLvLUao3JQeJpJc
Il1E0dBZbh54yv2WlbqXZDL4GslfJbOMevlf6cINqz3wN0iGRWuC7GElWmlIBVKG
3/yj6aCJ4t3u6VkRZQPmlcPtw0jDRyTCTz1WVYf06KaaSfSj5J4T6lFFBhUz60lL
Ab4ZlCpYOaoSo1CmyuhOX6Qlab5sDKl8vrRYLhZHJ40q+VVek8/Nz5sCU17OkuJZ
vk/MiB6WFeDT23kqnOJFKpQK1+CM9NHPY60o/ZkOIfpO5tpMamJrtKRrZwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDl3PfhjyAjx2JImemH1BFKIfBsnMB8GA1UdIwQY
MBaAFJBR6/jCj4F7fxSL/JXMK1tMswCJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0ZIci1NS1BnWHRfRkl2OGxjd3JXMHl6QUlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My83OWI1OTctNmIwYy00ZDAzLWJmNDAt
MzEyNDdmM2E0NTM5LzEvT1hjOS1HUElDUEhZa2laNllmVUVVb2g4R3ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My83OWI1OTctNmIwYy00ZDAzLWJmNDAtMzEyNDdmM2E0NTM5
LzEva0ZIci1NS1BnWHRfRkl2OGxjd3JXMHl6QUlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhNYgDAN
BgkqhkiG9w0BAQsFAAOCAQEAM+V2TXHsIdn9zHpayIu+JIawFIQ8gJSY0a8GtEb+
sim2oCt75683YUjjSsfH710I+Dw1yFe8uvRBevZMAkfTf8t5nO/45LguWjJMBXvb
X0RZ5TpDslmfSet5v+0mXiexo0Dv5f/P+4a0YMvTe1uyNqbA82sPDOW1CaYyctFN
ntnUioGB8z8ssC5WZSTRvwbnRWDAYRqtI+Ycqmwv4YHNDlpPqCFmCVwOjM2j/Xru
XlLXR/CCh2hMWXo+MjcaSnuJHW/RUVRCk6QLfI1Q+CNLukXTdXLG7RsW6m3LSEV6
1eSk9Bpxof4Q58S1EYTe9OvoIVIpvOubMrADLPSFWqnWqg==
-----END CERTIFICATE-----