Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/iIZPjq9KX-M9A1G_yXdSpvHnrHk.roa
File:                     iIZPjq9KX-M9A1G_yXdSpvHnrHk.roa (raw, json)
Hash identifier:          3Ei48Bb1RIBh832yVKG+Es4/TU85EbGNo1BHx/HU/eU=
Subject key identifier:   88:86:4F:8E:AF:4A:5F:E3:3D:03:51:BF:C9:77:52:A6:F1:E7:AC:79
Certificate issuer:       /CN=4be1bbbe540079d2b7f270b92ceaf3b2a816e8fa
Certificate serial:       018CC79538F1C5A33EA459EC5F9875838F4A
Authority key identifier: 4B:E1:BB:BE:54:00:79:D2:B7:F2:70:B9:2C:EA:F3:B2:A8:16:E8:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S-G7vlQAedK38nC5LOrzsqgW6Po.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/iIZPjq9KX-M9A1G_yXdSpvHnrHk.roa
Signing time:             Tue 02 Jan 2024 00:31:34 +0000
ROA not before:           Tue 02 Jan 2024 00:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204339
IP address blocks:        2a13:3307::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/S-G7vlQAedK38nC5LOrzsqgW6Po.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/S-G7vlQAedK38nC5LOrzsqgW6Po.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S-G7vlQAedK38nC5LOrzsqgW6Po.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 03:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:38:f1:c5:a3:3e:a4:59:ec:5f:98:75:83:8f:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4be1bbbe540079d2b7f270b92ceaf3b2a816e8fa
        Validity
            Not Before: Jan  2 00:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88864f8eaf4a5fe33d0351bfc97752a6f1e7ac79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:34:cc:ef:52:d8:0a:3f:fb:af:9d:be:7f:ad:
                    1a:ea:9b:e8:46:8b:0a:dc:6b:2e:49:0f:fc:40:66:
                    cb:d8:f7:81:42:ab:28:35:ca:8d:a6:c3:c9:b4:59:
                    d8:d3:09:60:e7:96:73:bb:cf:9b:ff:b1:69:53:e1:
                    2c:36:61:9a:a8:4f:45:46:35:ba:63:82:d6:c9:9f:
                    ad:ee:e4:69:c2:ce:70:b5:d2:0a:be:80:9d:e4:72:
                    d0:31:2d:ed:69:bf:2f:ce:85:8e:e7:c4:b4:a7:d4:
                    d5:0d:da:d6:31:d9:3d:99:f6:b6:0d:e4:cd:b2:16:
                    8f:19:b7:6a:b5:7d:35:3e:5f:66:e4:61:ed:34:d4:
                    7e:26:d4:43:4f:17:04:50:71:d5:c8:2f:b3:e5:5d:
                    f8:fb:f8:94:00:80:1c:16:71:de:f1:5d:58:68:08:
                    27:b7:b6:1b:fa:8b:f1:de:74:86:a0:2a:04:0d:32:
                    d1:d2:c5:76:87:f0:e5:8d:00:35:bb:b2:6e:0f:0e:
                    b3:ce:67:7c:29:d5:f2:fb:a4:3a:6f:05:39:4b:fb:
                    6d:1a:ef:2a:95:6d:e6:c5:28:06:bb:c4:2e:2e:17:
                    5a:dd:c5:af:99:a0:fc:f0:84:49:05:f5:cd:26:38:
                    53:1e:0c:7a:40:c6:bb:7b:3d:e8:0e:33:3b:5b:6d:
                    75:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:86:4F:8E:AF:4A:5F:E3:3D:03:51:BF:C9:77:52:A6:F1:E7:AC:79
            X509v3 Authority Key Identifier:
                keyid:4B:E1:BB:BE:54:00:79:D2:B7:F2:70:B9:2C:EA:F3:B2:A8:16:E8:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S-G7vlQAedK38nC5LOrzsqgW6Po.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/iIZPjq9KX-M9A1G_yXdSpvHnrHk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/S-G7vlQAedK38nC5LOrzsqgW6Po.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:3307::/32

    Signature Algorithm: sha256WithRSAEncryption
         7d:4f:94:b4:89:38:d5:ba:6e:f9:03:91:f5:68:e3:b2:80:af:
         1d:b2:28:ed:b8:57:71:90:84:cf:06:7e:22:58:36:4b:50:34:
         7c:31:0d:0e:48:b9:14:1b:d1:eb:db:02:3d:a7:c3:ac:78:f9:
         72:c2:10:3b:ad:f2:10:b7:c2:e7:0a:e2:0f:09:d3:63:13:ba:
         f2:8a:9f:d7:a5:1d:8d:7b:bb:48:7a:ca:18:4d:67:c0:3b:40:
         8c:bf:f0:66:30:54:a4:92:b7:00:1c:6c:08:fb:0e:99:83:8a:
         ec:b8:aa:ef:94:05:e1:28:88:d2:d5:3f:29:c1:b6:c1:1a:ef:
         66:f5:0e:cd:31:96:5f:f8:bf:d9:a6:af:4a:21:e1:2c:6d:33:
         d0:40:d2:8a:4e:9d:db:fb:ba:26:11:c4:65:64:7f:71:64:b2:
         d8:3b:b2:9c:00:17:e6:3b:79:d0:73:65:ef:df:b0:b3:4f:fd:
         53:ab:80:8b:f0:b7:1f:86:a7:96:bf:35:9b:27:35:48:43:5a:
         a2:f0:63:2a:ed:0e:9d:38:57:1e:c5:e5:00:a6:50:d8:ce:52:
         67:0c:c1:42:2c:39:5b:cc:bb:43:39:d1:7c:f8:86:3c:97:29:
         14:c7:11:06:5b:21:87:aa:4a:c4:45:5d:ed:d1:b7:be:35:41:
         6c:3e:c0:34
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHlTjxxaM+pFnsX5h1g49KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZTFiYmJlNTQwMDc5ZDJiN2YyNzBiOTJjZWFmM2IyYTgx
NmU4ZmEwHhcNMjQwMTAyMDAzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODg2NGY4ZWFmNGE1ZmUzM2QwMzUxYmZjOTc3NTJhNmYxZTdhYzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozTM71LYCj/7r52+f60a6pvoRosK
3GsuSQ/8QGbL2PeBQqsoNcqNpsPJtFnY0wlg55Zzu8+b/7FpU+EsNmGaqE9FRjW6
Y4LWyZ+t7uRpws5wtdIKvoCd5HLQMS3tab8vzoWO58S0p9TVDdrWMdk9mfa2DeTN
shaPGbdqtX01Pl9m5GHtNNR+JtRDTxcEUHHVyC+z5V34+/iUAIAcFnHe8V1YaAgn
t7Yb+ovx3nSGoCoEDTLR0sV2h/DljQA1u7JuDw6zzmd8KdXy+6Q6bwU5S/ttGu8q
lW3mxSgGu8QuLhda3cWvmaD88IRJBfXNJjhTHgx6QMa7ez3oDjM7W211GQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIiGT46vSl/jPQNRv8l3Uqbx56x5MB8GA1UdIwQY
MBaAFEvhu75UAHnSt/JwuSzq87KoFuj6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUy1HN3ZsUUFlZEszOG5DNUxPcnpzcWdXNlBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My83YzdiZjYtMmJkZi00YzdkLTlhZWMt
MWVmMWNlZTY2MWNhLzEvaUlaUGpxOUtYLU05QTFHX3lYZFNwdkhuckhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My83YzdiZjYtMmJkZi00YzdkLTlhZWMtMWVmMWNlZTY2MWNh
LzEvUy1HN3ZsUUFlZEszOG5DNUxPcnpzcWdXNlBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhMzBzAN
BgkqhkiG9w0BAQsFAAOCAQEAfU+UtIk41bpu+QOR9WjjsoCvHbIo7bhXcZCEzwZ+
Ilg2S1A0fDENDki5FBvR69sCPafDrHj5csIQO63yELfC5wriDwnTYxO68oqf16Ud
jXu7SHrKGE1nwDtAjL/wZjBUpJK3ABxsCPsOmYOK7Liq75QF4SiI0tU/KcG2wRrv
ZvUOzTGWX/i/2aavSiHhLG0z0EDSik6d2/u6JhHEZWR/cWSy2DuynAAX5jt50HNl
79+ws0/9U6uAi/C3H4anlr81myc1SENaovBjKu0OnThXHsXlAKZQ2M5SZwzBQiw5
W8y7QznRfPiGPJcpFMcRBlshh6pKxEVd7dG3vjVBbD7ANA==
-----END CERTIFICATE-----