Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/8f2ad8-6a48-423c-be41-138a7117de36/1/yTQcNvt29EEBK8wzO244GuYtg_4.roa
File:                     yTQcNvt29EEBK8wzO244GuYtg_4.roa (raw, json)
Hash identifier:          opojTvpCvHGSRJJilkuj0ADM9wJOX/ZR6+iAP3baoMs=
Subject key identifier:   C9:34:1C:36:FB:76:F4:41:01:2B:CC:33:3B:6E:38:1A:E6:2D:83:FE
Certificate issuer:       /CN=8ef8c471e83b14fc6c6cc7cfc96c1ac3e3087eae
Certificate serial:       018FF6D1FC8A3E76376A8F720D62AC5AF58D
Authority key identifier: 8E:F8:C4:71:E8:3B:14:FC:6C:6C:C7:CF:C9:6C:1A:C3:E3:08:7E:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jvjEceg7FPxsbMfPyWwaw-MIfq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/8f2ad8-6a48-423c-be41-138a7117de36/1/yTQcNvt29EEBK8wzO244GuYtg_4.roa
Signing time:             Sat 08 Jun 2024 07:48:27 +0000
ROA not before:           Sat 08 Jun 2024 07:48:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202391
IP address blocks:        2a13:f1c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/8f2ad8-6a48-423c-be41-138a7117de36/1/jvjEceg7FPxsbMfPyWwaw-MIfq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/8f2ad8-6a48-423c-be41-138a7117de36/1/jvjEceg7FPxsbMfPyWwaw-MIfq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jvjEceg7FPxsbMfPyWwaw-MIfq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:f6:d1:fc:8a:3e:76:37:6a:8f:72:0d:62:ac:5a:f5:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ef8c471e83b14fc6c6cc7cfc96c1ac3e3087eae
        Validity
            Not Before: Jun  8 07:48:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9341c36fb76f441012bcc333b6e381ae62d83fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:76:48:6a:ab:9b:8d:43:c5:b2:a6:a9:72:a8:
                    f0:bd:77:0f:24:c2:5d:b0:8d:f9:29:f9:36:e9:d8:
                    66:c5:73:82:7a:03:7d:e1:e8:92:4e:86:22:04:5b:
                    f8:3e:a4:b9:51:05:fe:65:a3:e3:7d:61:91:5f:89:
                    5d:b7:a7:f0:db:c2:6a:79:18:4c:58:f2:8c:01:18:
                    51:d0:86:fa:24:a1:3f:df:c1:b8:c2:89:7d:dc:65:
                    0c:6a:79:91:9f:41:83:8a:e5:82:34:28:7b:18:d1:
                    5b:e8:c7:a4:a4:ae:4f:c5:e7:d1:9b:ab:d0:90:d8:
                    ad:46:5e:cc:7e:80:b0:56:76:85:a5:65:76:45:2b:
                    9f:77:51:39:63:dc:47:bf:c7:8f:e4:6e:36:7c:68:
                    d3:6c:3e:73:af:d9:71:2d:4c:f3:32:16:c4:c3:b7:
                    14:a4:76:ab:bd:4c:74:4d:0d:1a:d4:6a:3f:e4:e4:
                    7e:e9:d1:ae:ed:8e:aa:de:8d:9c:60:6f:c3:2c:10:
                    0d:89:66:cf:b3:35:99:8d:b2:05:75:61:5c:5d:c5:
                    72:e0:de:84:e3:e4:4b:c6:32:80:b6:e0:a3:ca:d6:
                    2f:88:6d:e1:89:d8:ed:3c:bb:38:5b:3f:df:b5:b1:
                    9a:46:f3:69:8d:d6:ba:ed:f2:e2:e4:1f:d5:e1:a3:
                    27:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:34:1C:36:FB:76:F4:41:01:2B:CC:33:3B:6E:38:1A:E6:2D:83:FE
            X509v3 Authority Key Identifier:
                keyid:8E:F8:C4:71:E8:3B:14:FC:6C:6C:C7:CF:C9:6C:1A:C3:E3:08:7E:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jvjEceg7FPxsbMfPyWwaw-MIfq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/8f2ad8-6a48-423c-be41-138a7117de36/1/yTQcNvt29EEBK8wzO244GuYtg_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/8f2ad8-6a48-423c-be41-138a7117de36/1/jvjEceg7FPxsbMfPyWwaw-MIfq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:f1c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         94:8e:be:16:17:5a:c5:bf:be:03:b8:6c:fa:1a:f5:50:fb:35:
         4e:3a:e3:74:45:33:29:2b:b0:ba:b9:ea:7b:f8:94:70:3c:1c:
         32:68:53:a8:7b:29:a1:f8:e4:2c:4e:a1:90:45:24:57:78:79:
         a1:b5:ad:74:45:bd:90:bc:4c:96:ac:72:d8:f0:43:e6:20:58:
         b6:60:4c:ff:46:16:33:cd:5e:66:18:9f:0d:e6:6c:e0:3b:42:
         fe:92:cf:41:5c:15:29:94:5f:b8:82:93:ea:56:89:4d:c7:70:
         cf:80:c7:9f:a8:e6:cb:bf:81:cf:ba:00:2c:f3:37:05:6b:f5:
         d7:c2:23:99:43:0e:73:79:ec:9e:fa:de:12:63:4a:41:4d:a8:
         42:f4:07:62:d4:4d:e0:5b:4e:ff:db:89:52:c1:88:c2:83:06:
         06:b8:aa:e7:9b:c4:45:96:de:fa:31:41:95:cf:4d:fd:0f:3f:
         20:cc:0d:2f:16:17:a5:00:64:f8:36:16:33:50:33:c6:a3:05:
         b4:9f:bc:77:9d:00:58:cc:55:91:38:c3:d2:f7:3a:e8:0b:84:
         23:3e:45:2e:9b:2f:f3:07:16:05:f2:a2:7d:24:ab:dd:fe:43:
         57:55:61:93:c2:30:3e:f9:1b:53:2f:e1:55:42:48:74:01:05:
         37:ff:2c:30
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY/20fyKPnY3ao9yDWKsWvWNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlZjhjNDcxZTgzYjE0ZmM2YzZjYzdjZmM5NmMxYWMzZTMw
ODdlYWUwHhcNMjQwNjA4MDc0ODI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTM0MWMzNmZiNzZmNDQxMDEyYmNjMzMzYjZlMzgxYWU2MmQ4M2ZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqHZIaqubjUPFsqapcqjwvXcPJMJd
sI35Kfk26dhmxXOCegN94eiSToYiBFv4PqS5UQX+ZaPjfWGRX4ldt6fw28JqeRhM
WPKMARhR0Ib6JKE/38G4wol93GUManmRn0GDiuWCNCh7GNFb6MekpK5PxefRm6vQ
kNitRl7MfoCwVnaFpWV2RSufd1E5Y9xHv8eP5G42fGjTbD5zr9lxLUzzMhbEw7cU
pHarvUx0TQ0a1Go/5OR+6dGu7Y6q3o2cYG/DLBANiWbPszWZjbIFdWFcXcVy4N6E
4+RLxjKAtuCjytYviG3hidjtPLs4Wz/ftbGaRvNpjda67fLi5B/V4aMnrQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMk0HDb7dvRBASvMMztuOBrmLYP+MB8GA1UdIwQY
MBaAFI74xHHoOxT8bGzHz8lsGsPjCH6uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanZqRWNlZzdGUHhzYk1mUHlXd2F3LU1JZnE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS84ZjJhZDgtNmE0OC00MjNjLWJlNDEt
MTM4YTcxMTdkZTM2LzEveVRRY052dDI5RUVCSzh3ek8yNDRHdVl0Z180LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS84ZjJhZDgtNmE0OC00MjNjLWJlNDEtMTM4YTcxMTdkZTM2
LzEvanZqRWNlZzdGUHhzYk1mUHlXd2F3LU1JZnE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPxwDAN
BgkqhkiG9w0BAQsFAAOCAQEAlI6+Fhdaxb++A7hs+hr1UPs1TjrjdEUzKSuwurnq
e/iUcDwcMmhTqHspofjkLE6hkEUkV3h5obWtdEW9kLxMlqxy2PBD5iBYtmBM/0YW
M81eZhifDeZs4DtC/pLPQVwVKZRfuIKT6laJTcdwz4DHn6jmy7+Bz7oALPM3BWv1
18IjmUMOc3nsnvreEmNKQU2oQvQHYtRN4FtO/9uJUsGIwoMGBriq55vERZbe+jFB
lc9N/Q8/IMwNLxYXpQBk+DYWM1AzxqMFtJ+8d50AWMxVkTjD0vc66AuEIz5FLpsv
8wcWBfKifSSr3f5DV1Vhk8IwPvkbUy/hVUJIdAEFN/8sMA==
-----END CERTIFICATE-----