Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/kGRFtWRwBN0-PjA7eZ9jWoEVt9A.roa
File:                     kGRFtWRwBN0-PjA7eZ9jWoEVt9A.roa (raw, json)
Hash identifier:          YvVRodqwzzerphRLdamiQtmecCmKtq70pf4+hZ29o04=
Subject key identifier:   90:64:45:B5:64:70:04:DD:3E:3E:30:3B:79:9F:63:5A:81:15:B7:D0
Certificate issuer:       /CN=4be1bbbe540079d2b7f270b92ceaf3b2a816e8fa
Certificate serial:       018CC7953763A64B5E1B2FED455F915E3DEE
Authority key identifier: 4B:E1:BB:BE:54:00:79:D2:B7:F2:70:B9:2C:EA:F3:B2:A8:16:E8:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S-G7vlQAedK38nC5LOrzsqgW6Po.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/kGRFtWRwBN0-PjA7eZ9jWoEVt9A.roa
Signing time:             Tue 02 Jan 2024 00:31:34 +0000
ROA not before:           Tue 02 Jan 2024 00:31:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12608
IP address blocks:        2a13:3305::/32 maxlen: 32
                          2a13:3304::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/S-G7vlQAedK38nC5LOrzsqgW6Po.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/S-G7vlQAedK38nC5LOrzsqgW6Po.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S-G7vlQAedK38nC5LOrzsqgW6Po.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:37:63:a6:4b:5e:1b:2f:ed:45:5f:91:5e:3d:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4be1bbbe540079d2b7f270b92ceaf3b2a816e8fa
        Validity
            Not Before: Jan  2 00:31:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=906445b5647004dd3e3e303b799f635a8115b7d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:fe:84:22:7b:60:38:d9:9e:4c:bc:aa:a4:b3:
                    a7:67:51:c4:a1:8c:0e:fc:2b:8b:0f:a8:8a:89:06:
                    c8:a4:1c:ee:9e:15:27:f0:1f:73:19:4b:c3:62:df:
                    02:72:ac:91:dc:35:1d:9c:e0:ee:a8:52:05:e9:1d:
                    7d:64:98:13:fe:3c:da:55:e8:7a:6b:e5:1b:02:9c:
                    41:1e:ff:94:31:e9:12:91:2c:d8:b7:08:21:2a:06:
                    ce:a9:cd:0d:8a:e4:05:0c:78:eb:02:aa:58:5a:98:
                    43:f0:38:30:8e:47:04:74:2c:8a:1a:92:6f:b8:0d:
                    52:4e:69:70:53:de:35:31:28:0f:08:e4:0f:03:7c:
                    d9:e8:9b:0e:68:e6:7e:04:4d:9d:7a:3b:07:23:89:
                    10:43:ab:00:ea:dd:be:77:fb:73:1c:49:2e:72:12:
                    fe:38:c0:f7:24:e1:8a:33:ce:70:3f:c5:eb:24:f1:
                    1d:5a:1f:8a:13:ab:63:ca:b0:5b:7a:d7:cc:ed:12:
                    29:51:f4:26:f8:0a:3d:f2:e9:21:fc:1a:36:d4:d1:
                    8a:e9:03:63:ac:d1:76:67:ae:85:a8:b6:dd:40:ca:
                    43:1b:ee:dd:7b:82:13:a7:ff:6f:d3:ed:46:e9:d7:
                    7c:1c:67:d3:02:ac:ea:d1:ac:f6:1e:1f:da:11:17:
                    8f:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:64:45:B5:64:70:04:DD:3E:3E:30:3B:79:9F:63:5A:81:15:B7:D0
            X509v3 Authority Key Identifier:
                keyid:4B:E1:BB:BE:54:00:79:D2:B7:F2:70:B9:2C:EA:F3:B2:A8:16:E8:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S-G7vlQAedK38nC5LOrzsqgW6Po.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/kGRFtWRwBN0-PjA7eZ9jWoEVt9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/7c7bf6-2bdf-4c7d-9aec-1ef1cee661ca/1/S-G7vlQAedK38nC5LOrzsqgW6Po.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:3304::/31

    Signature Algorithm: sha256WithRSAEncryption
         48:44:57:5f:d0:30:f7:78:88:f0:0a:86:59:db:ed:cb:58:4b:
         6b:d5:e3:bf:fd:86:e2:f2:42:5c:25:fb:84:06:67:78:86:77:
         04:68:f2:12:98:a7:dc:c7:f4:56:5f:3f:2c:e6:07:15:2f:7d:
         f4:69:36:aa:bd:58:29:cc:e0:ae:b9:de:23:46:bd:35:8e:b6:
         65:61:28:4c:ad:3d:4d:fa:7d:ad:3f:eb:f8:e7:69:88:e2:f8:
         f2:f4:d9:18:8d:e9:dd:43:df:91:bc:8e:7b:0f:83:19:01:98:
         c9:12:b8:37:40:fc:6c:2c:f0:bd:b1:33:57:a9:54:95:c6:21:
         8f:e6:8a:74:33:e5:fc:8d:d1:01:be:10:18:57:bd:98:5a:10:
         9c:c0:d2:3e:e8:89:50:ce:cf:48:4b:5d:e6:7a:dc:40:83:e9:
         4d:c8:ad:ae:80:2f:5a:48:f6:60:58:88:44:80:3b:a6:ec:ae:
         96:a1:f8:54:b1:bc:a8:a0:83:8c:2b:e6:23:23:48:a2:d1:01:
         15:42:4d:74:90:2a:ba:0d:9b:d3:61:6c:b1:3b:75:10:96:41:
         c9:72:b9:24:19:52:ff:7d:e5:39:08:97:8f:5f:06:54:5c:9b:
         9d:00:33:f8:55:c1:16:3c:41:bf:54:cc:45:f4:87:cf:d2:90:
         c3:bf:25:21
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHlTdjpkteGy/tRV+RXj3uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZTFiYmJlNTQwMDc5ZDJiN2YyNzBiOTJjZWFmM2IyYTgx
NmU4ZmEwHhcNMjQwMTAyMDAzMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDY0NDViNTY0NzAwNGRkM2UzZTMwM2I3OTlmNjM1YTgxMTViN2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoP6EIntgONmeTLyqpLOnZ1HEoYwO
/CuLD6iKiQbIpBzunhUn8B9zGUvDYt8CcqyR3DUdnODuqFIF6R19ZJgT/jzaVeh6
a+UbApxBHv+UMekSkSzYtwghKgbOqc0NiuQFDHjrAqpYWphD8DgwjkcEdCyKGpJv
uA1STmlwU941MSgPCOQPA3zZ6JsOaOZ+BE2dejsHI4kQQ6sA6t2+d/tzHEkuchL+
OMD3JOGKM85wP8XrJPEdWh+KE6tjyrBbetfM7RIpUfQm+Ao98ukh/Bo21NGK6QNj
rNF2Z66FqLbdQMpDG+7de4ITp/9v0+1G6dd8HGfTAqzq0az2Hh/aERePBQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJBkRbVkcATdPj4wO3mfY1qBFbfQMB8GA1UdIwQY
MBaAFEvhu75UAHnSt/JwuSzq87KoFuj6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUy1HN3ZsUUFlZEszOG5DNUxPcnpzcWdXNlBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My83YzdiZjYtMmJkZi00YzdkLTlhZWMt
MWVmMWNlZTY2MWNhLzEva0dSRnRXUndCTjAtUGpBN2VaOWpXb0VWdDlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My83YzdiZjYtMmJkZi00YzdkLTlhZWMtMWVmMWNlZTY2MWNh
LzEvUy1HN3ZsUUFlZEszOG5DNUxPcnpzcWdXNlBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBKhMzBDAN
BgkqhkiG9w0BAQsFAAOCAQEASERXX9Aw93iI8AqGWdvty1hLa9Xjv/2G4vJCXCX7
hAZneIZ3BGjyEpin3Mf0Vl8/LOYHFS999Gk2qr1YKczgrrneI0a9NY62ZWEoTK09
Tfp9rT/r+OdpiOL48vTZGI3p3UPfkbyOew+DGQGYyRK4N0D8bCzwvbEzV6lUlcYh
j+aKdDPl/I3RAb4QGFe9mFoQnMDSPuiJUM7PSEtd5nrcQIPpTcitroAvWkj2YFiI
RIA7puyulqH4VLG8qKCDjCvmIyNIotEBFUJNdJAqug2b02FssTt1EJZByXK5JBlS
/33lOQiXj18GVFybnQAz+FXBFjxBv1TMRfSHz9KQw78lIQ==
-----END CERTIFICATE-----