Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/KD08b2FsuPNMGYAybOnJNi4KKuM.roa
File:                     KD08b2FsuPNMGYAybOnJNi4KKuM.roa (raw, json)
Hash identifier:          6x867BtyzUuJc0crr2giqmrHS4al1tz7XIIit1kk5C0=
Subject key identifier:   28:3D:3C:6F:61:6C:B8:F3:4C:19:80:32:6C:E9:C9:36:2E:0A:2A:E3
Certificate issuer:       /CN=8817aafec61c3a6b024b6a9f54ffb764ca3df922
Certificate serial:       018CC80302642B9DE974B62E3495D872D096
Authority key identifier: 88:17:AA:FE:C6:1C:3A:6B:02:4B:6A:9F:54:FF:B7:64:CA:3D:F9:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/KD08b2FsuPNMGYAybOnJNi4KKuM.roa
Signing time:             Tue 02 Jan 2024 02:31:29 +0000
ROA not before:           Tue 02 Jan 2024 02:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        2a13:27c0:10::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:03:02:64:2b:9d:e9:74:b6:2e:34:95:d8:72:d0:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8817aafec61c3a6b024b6a9f54ffb764ca3df922
        Validity
            Not Before: Jan  2 02:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=283d3c6f616cb8f34c1980326ce9c9362e0a2ae3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:62:43:b7:3f:eb:c6:c0:05:78:f9:16:1d:55:
                    5d:dc:30:8c:13:db:cf:8f:4a:24:bf:8d:c9:5d:ed:
                    e2:e5:af:79:11:45:c6:ad:0c:c7:0d:49:66:ed:f9:
                    e4:82:0b:64:f4:73:69:92:59:72:7f:d4:a3:fe:73:
                    da:38:37:a8:80:ae:7c:a9:d5:1b:a9:b3:37:0a:74:
                    cf:2b:22:32:2d:f4:49:22:c1:67:c3:95:34:74:4b:
                    fb:6c:15:a8:8a:20:e7:41:dc:64:86:9e:9f:94:f4:
                    2f:e3:c7:67:f6:ca:68:21:a5:d8:3e:10:5b:c9:68:
                    b2:e4:d8:13:b3:f2:63:01:f0:38:4c:61:5b:08:88:
                    47:96:14:9f:e4:9a:45:c4:b8:1a:e6:73:2b:45:44:
                    a2:1d:b0:7a:4b:93:c9:c7:2d:ac:31:1a:79:c9:1f:
                    57:e7:f0:ff:b7:c0:f3:e6:4b:84:97:27:47:e8:58:
                    2a:85:f5:83:9c:8a:ac:07:a9:5e:fe:42:7c:97:ab:
                    e2:17:b5:f4:83:f8:e3:6b:f2:9e:01:4f:c5:09:dc:
                    92:fa:00:50:01:eb:e6:06:48:d1:ab:aa:58:1a:fe:
                    51:f6:07:ec:23:bc:51:d6:6d:0b:c1:4c:91:27:61:
                    24:91:8c:c5:60:e7:c8:a1:83:6f:b9:1e:d2:d6:aa:
                    e4:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:3D:3C:6F:61:6C:B8:F3:4C:19:80:32:6C:E9:C9:36:2E:0A:2A:E3
            X509v3 Authority Key Identifier:
                keyid:88:17:AA:FE:C6:1C:3A:6B:02:4B:6A:9F:54:FF:B7:64:CA:3D:F9:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/KD08b2FsuPNMGYAybOnJNi4KKuM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/fe2d72-c2dd-46c1-9429-e66369649411/1/iBeq_sYcOmsCS2qfVP-3ZMo9-SI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:27c0:10::/44

    Signature Algorithm: sha256WithRSAEncryption
         c4:0d:e1:1e:80:98:cc:de:f3:c2:f6:14:de:59:89:34:3f:ea:
         c8:da:9d:19:2c:bd:d0:db:16:bb:22:5e:c1:86:f0:c4:a7:f2:
         72:eb:42:fe:aa:ee:23:98:a1:22:81:79:41:81:09:d3:59:41:
         2b:3f:52:a7:71:fe:66:1d:13:19:e8:e9:77:2b:83:91:03:d9:
         41:fa:3f:dd:b1:04:cf:5a:f0:4d:c8:bb:40:cc:e8:9f:69:d1:
         d6:57:26:2a:5f:86:8b:7f:ce:26:1c:37:53:ac:0b:56:b3:cd:
         d2:63:01:07:c2:f9:a2:94:0f:b7:ae:4d:38:b8:18:8b:af:61:
         19:d8:94:4d:b6:80:9f:9e:d1:55:38:8a:82:be:30:93:ad:e1:
         da:1a:6c:42:b1:33:ab:38:ba:c9:f1:82:72:d3:e7:a2:a3:07:
         c3:c8:ac:b7:13:0b:02:99:3e:42:27:3b:5e:d2:d2:6a:86:6e:
         3a:a9:34:be:a0:56:0a:86:9c:54:89:e9:b4:64:bf:1c:17:79:
         02:03:f9:b8:d3:06:16:25:8d:2e:3a:4b:1b:2d:22:c1:a8:43:
         51:77:d9:ef:65:40:39:85:a9:ec:fa:9e:95:5e:11:4e:b6:55:
         80:d2:c3:b4:35:5f:98:a7:a6:ea:bb:9d:95:7b:e9:50:3c:2a:
         a2:c3:08:11
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzIAwJkK53pdLYuNJXYctCWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4MTdhYWZlYzYxYzNhNmIwMjRiNmE5ZjU0ZmZiNzY0Y2Ez
ZGY5MjIwHhcNMjQwMTAyMDIzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODNkM2M2ZjYxNmNiOGYzNGMxOTgwMzI2Y2U5YzkzNjJlMGEyYWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlmJDtz/rxsAFePkWHVVd3DCME9vP
j0okv43JXe3i5a95EUXGrQzHDUlm7fnkggtk9HNpkllyf9Sj/nPaODeogK58qdUb
qbM3CnTPKyIyLfRJIsFnw5U0dEv7bBWoiiDnQdxkhp6flPQv48dn9spoIaXYPhBb
yWiy5NgTs/JjAfA4TGFbCIhHlhSf5JpFxLga5nMrRUSiHbB6S5PJxy2sMRp5yR9X
5/D/t8Dz5kuElydH6FgqhfWDnIqsB6le/kJ8l6viF7X0g/jja/KeAU/FCdyS+gBQ
AevmBkjRq6pYGv5R9gfsI7xR1m0LwUyRJ2EkkYzFYOfIoYNvuR7S1qrknQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCg9PG9hbLjzTBmAMmzpyTYuCirjMB8GA1UdIwQY
MBaAFIgXqv7GHDprAktqn1T/t2TKPfkiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUJlcV9zWWNPbXNDUzJxZlZQLTNaTW85LVNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My9mZTJkNzItYzJkZC00NmMxLTk0Mjkt
ZTY2MzY5NjQ5NDExLzEvS0QwOGIyRnN1UE5NR1lBeWJPbkpOaTRLS3VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My9mZTJkNzItYzJkZC00NmMxLTk0MjktZTY2MzY5NjQ5NDEx
LzEvaUJlcV9zWWNPbXNDUzJxZlZQLTNaTW85LVNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhMnwAAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQDEDeEegJjM3vPC9hTeWYk0P+rI2p0ZLL3Q2xa7
Il7BhvDEp/Jy60L+qu4jmKEigXlBgQnTWUErP1Kncf5mHRMZ6Ol3K4ORA9lB+j/d
sQTPWvBNyLtAzOifadHWVyYqX4aLf84mHDdTrAtWs83SYwEHwvmilA+3rk04uBiL
r2EZ2JRNtoCfntFVOIqCvjCTreHaGmxCsTOrOLrJ8YJy0+eiowfDyKy3EwsCmT5C
Jzte0tJqhm46qTS+oFYKhpxUiem0ZL8cF3kCA/m40wYWJY0uOksbLSLBqENRd9nv
ZUA5hans+p6VXhFOtlWA0sO0NV+Yp6bqu52Ve+lQPCqiwwgR
-----END CERTIFICATE-----