Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/8pubFp4Yl2U1zDEE3YBGAC2Fzj0.roa
File:                     8pubFp4Yl2U1zDEE3YBGAC2Fzj0.roa (raw, json)
Hash identifier:          vjDuhIaHnkRGjcWdRU0oe+rFl1B6BZlo+t+8EtbLGRQ=
Subject key identifier:   F2:9B:9B:16:9E:18:97:65:35:CC:31:04:DD:80:46:00:2D:85:CE:3D
Certificate issuer:       /CN=8817aafec61c3a6b024b6a9f54ffb764ca3df922
Certificate serial:       018CC80302ACDB9041D431088C3BA0BE97D7
Authority key identifier: 88:17:AA:FE:C6:1C:3A:6B:02:4B:6A:9F:54:FF:B7:64:CA:3D:F9:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/8pubFp4Yl2U1zDEE3YBGAC2Fzj0.roa
Signing time:             Tue 02 Jan 2024 02:31:29 +0000
ROA not before:           Tue 02 Jan 2024 02:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        2a13:27c0:10::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:03:02:ac:db:90:41:d4:31:08:8c:3b:a0:be:97:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8817aafec61c3a6b024b6a9f54ffb764ca3df922
        Validity
            Not Before: Jan  2 02:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f29b9b169e18976535cc3104dd8046002d85ce3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:67:09:11:52:27:b9:ce:1f:07:fd:93:06:ec:
                    64:bf:b3:b2:ef:60:3f:29:0b:47:d5:f8:3c:f0:38:
                    36:cf:cc:4e:ad:c0:f2:8c:db:b0:5a:40:3e:5a:3b:
                    dc:65:63:c0:39:bb:e2:d6:76:a3:c1:d2:2b:24:b5:
                    ff:77:20:42:b5:4d:eb:b1:b4:9f:1e:e0:26:1c:fd:
                    dd:b5:5b:a3:e6:7b:a9:3a:6d:ee:44:54:d2:5f:b1:
                    9e:11:65:fa:f0:44:7e:dc:4f:b8:da:7e:fd:a6:5c:
                    b7:db:58:94:47:e9:48:af:51:8c:11:7e:50:62:c0:
                    aa:6a:6c:b3:a5:08:78:41:d6:d6:a3:16:96:84:f6:
                    ba:21:c0:50:93:15:85:3f:d7:f9:31:f7:ed:5f:bd:
                    06:f6:27:fd:36:a3:75:28:1c:76:91:76:85:60:56:
                    29:ec:35:2b:65:88:81:35:75:86:21:de:17:34:20:
                    43:a0:0b:b5:b1:17:0f:d8:c2:cd:f1:c8:12:af:f9:
                    3e:40:b4:21:da:be:e2:2b:8c:b3:41:63:7f:42:8a:
                    dc:b1:cc:5c:cb:4a:88:a3:44:a4:d7:4e:a0:4e:2a:
                    a9:3b:e8:00:db:0e:2f:bc:9e:23:56:b4:d1:cd:56:
                    4c:4d:e4:a0:19:76:60:6f:a7:26:87:27:22:12:5c:
                    5e:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:9B:9B:16:9E:18:97:65:35:CC:31:04:DD:80:46:00:2D:85:CE:3D
            X509v3 Authority Key Identifier:
                keyid:88:17:AA:FE:C6:1C:3A:6B:02:4B:6A:9F:54:FF:B7:64:CA:3D:F9:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/8pubFp4Yl2U1zDEE3YBGAC2Fzj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:27c0:10::/44

    Signature Algorithm: sha256WithRSAEncryption
         6c:1e:86:c0:7a:ef:31:23:ff:20:9c:4c:44:e9:00:aa:c3:e0:
         5e:b6:14:82:9d:75:82:78:76:d7:4b:24:5f:94:46:5c:1c:a9:
         5e:99:6e:25:a0:cb:de:e9:b6:c2:a1:3d:6d:74:ca:b4:88:12:
         67:75:c7:fd:32:cb:d5:82:ff:1b:5e:8b:00:4d:d6:28:8f:71:
         4f:bc:83:be:76:48:76:f6:25:e3:33:34:14:af:84:e7:7e:7b:
         b7:bd:c3:dd:06:66:f3:ad:22:19:6d:20:51:ab:4c:b8:b1:a2:
         78:42:5e:f9:5a:44:2c:1d:89:24:c0:38:18:97:95:7b:1e:23:
         35:b0:3a:48:9d:82:60:0b:14:33:1f:04:8d:12:e3:53:f0:57:
         fd:c6:71:28:f2:2c:dd:d3:7d:33:6c:e2:4f:2a:cb:9a:04:bf:
         36:7d:97:06:49:dd:1f:64:24:fe:ff:c1:b3:d9:43:fb:0c:09:
         91:50:80:dd:b2:78:da:76:de:56:8e:7d:b0:93:e3:d8:83:3d:
         56:50:d7:9a:3a:dd:fc:2a:98:09:6d:2e:46:fc:72:b8:0a:3f:
         a3:19:68:bf:bb:4c:5f:5d:0c:28:a9:23:b6:8e:2a:5d:6d:7c:
         f2:9c:8b:98:d5:84:98:23:b3:02:01:aa:cc:57:03:8e:4f:68:
         e5:47:d6:77
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAwKs25BB1DEIjDugvpfXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4MTdhYWZlYzYxYzNhNmIwMjRiNmE5ZjU0ZmZiNzY0Y2Ez
ZGY5MjIwHhcNMjQwMTAyMDIzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjliOWIxNjllMTg5NzY1MzVjYzMxMDRkZDgwNDYwMDJkODVjZTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiGcJEVInuc4fB/2TBuxkv7Oy72A/
KQtH1fg88Dg2z8xOrcDyjNuwWkA+WjvcZWPAObvi1najwdIrJLX/dyBCtU3rsbSf
HuAmHP3dtVuj5nupOm3uRFTSX7GeEWX68ER+3E+42n79ply321iUR+lIr1GMEX5Q
YsCqamyzpQh4QdbWoxaWhPa6IcBQkxWFP9f5MfftX70G9if9NqN1KBx2kXaFYFYp
7DUrZYiBNXWGId4XNCBDoAu1sRcP2MLN8cgSr/k+QLQh2r7iK4yzQWN/Qorcscxc
y0qIo0Sk106gTiqpO+gA2w4vvJ4jVrTRzVZMTeSgGXZgb6cmhyciElxerQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPKbmxaeGJdlNcwxBN2ARgAthc49MB8GA1UdIwQY
MBaAFIgXqv7GHDprAktqn1T/t2TKPfkiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUJlcV9zWWNPbXNDUzJxZlZQLTNaTW85LVNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My9mZTJkNzItYzJkZC00NmMxLTk0Mjkt
ZTY2MzY5NjQ5NDExLzEvOHB1YkZwNFlsMlUxekRFRTNZQkdBQzJGemowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My9mZTJkNzItYzJkZC00NmMxLTk0MjktZTY2MzY5NjQ5NDEx
LzEvaUJlcV9zWWNPbXNDUzJxZlZQLTNaTW85LVNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhMnwAAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBsHobAeu8xI/8gnExE6QCqw+BethSCnXWCeHbX
SyRflEZcHKlemW4loMve6bbCoT1tdMq0iBJndcf9MsvVgv8bXosATdYoj3FPvIO+
dkh29iXjMzQUr4Tnfnu3vcPdBmbzrSIZbSBRq0y4saJ4Ql75WkQsHYkkwDgYl5V7
HiM1sDpInYJgCxQzHwSNEuNT8Ff9xnEo8izd030zbOJPKsuaBL82fZcGSd0fZCT+
/8Gz2UP7DAmRUIDdsnjadt5Wjn2wk+PYgz1WUNeaOt38KpgJbS5G/HK4Cj+jGWi/
u0xfXQwoqSO2jipdbXzynIuY1YSYI7MCAarMVwOOT2jlR9Z3
-----END CERTIFICATE-----