Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/a9bd50-b4a4-4063-8436-4e2a8f84aeed/1/CY9pxQP29DJmFDZcd4KmLPjqxdY.roa
File:                     CY9pxQP29DJmFDZcd4KmLPjqxdY.roa (raw, json)
Hash identifier:          WhKTVhwXKp44nRtN57rhFQOTpocBZFovfMSF6/2r9ZQ=
Subject key identifier:   09:8F:69:C5:03:F6:F4:32:66:14:36:5C:77:82:A6:2C:F8:EA:C5:D6
Certificate issuer:       /CN=ec79a7b54c8c94d06ca2f685971a2449fb8fcece
Certificate serial:       018CC4246C55669D2D75B3C6BA7A718A5A67
Authority key identifier: EC:79:A7:B5:4C:8C:94:D0:6C:A2:F6:85:97:1A:24:49:FB:8F:CE:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7HmntUyMlNBsovaFlxokSfuPzs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/a9bd50-b4a4-4063-8436-4e2a8f84aeed/1/CY9pxQP29DJmFDZcd4KmLPjqxdY.roa
Signing time:             Mon 01 Jan 2024 08:29:30 +0000
ROA not before:           Mon 01 Jan 2024 08:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57338
IP address blocks:        2a13:9644:20::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/a9bd50-b4a4-4063-8436-4e2a8f84aeed/1/7HmntUyMlNBsovaFlxokSfuPzs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/a9bd50-b4a4-4063-8436-4e2a8f84aeed/1/7HmntUyMlNBsovaFlxokSfuPzs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7HmntUyMlNBsovaFlxokSfuPzs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 30 Jun 2024 01:07:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:6c:55:66:9d:2d:75:b3:c6:ba:7a:71:8a:5a:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec79a7b54c8c94d06ca2f685971a2449fb8fcece
        Validity
            Not Before: Jan  1 08:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=098f69c503f6f4326614365c7782a62cf8eac5d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:6f:63:ae:d6:d6:c7:bb:e1:31:8e:55:f0:ff:
                    c3:17:d3:fc:b9:3a:43:3d:5d:83:cb:90:0d:19:ac:
                    cf:1e:9e:82:1f:2b:3c:7c:88:f5:62:9b:e6:32:02:
                    9a:76:f6:8d:b1:9e:03:8a:65:9a:cd:b0:37:7e:64:
                    37:5f:0a:37:98:51:e7:c3:99:21:77:d8:14:bd:48:
                    e0:28:f0:61:77:1e:08:66:56:44:53:7f:d8:b0:aa:
                    a9:62:ea:ef:d1:d3:1d:f9:4b:35:66:0a:7f:c0:6e:
                    05:5a:cc:94:a2:89:50:25:17:9c:4f:65:03:e1:c3:
                    52:3f:f5:38:01:56:43:58:7a:9e:b3:66:53:ef:fd:
                    96:70:18:e2:c2:f3:45:67:f9:53:d7:01:f7:5b:41:
                    d9:bd:b2:2e:73:aa:f0:8b:33:d0:bf:cf:c6:5a:48:
                    b8:fb:f5:c7:d2:18:56:da:ac:24:e7:10:cc:ba:6f:
                    2b:a3:5d:53:ab:84:0d:4c:4a:0d:b0:f9:00:dc:24:
                    2b:32:f6:5f:d8:77:27:b1:36:39:5d:fe:3e:66:b2:
                    41:cb:f3:2c:8c:77:5f:8c:f2:c7:9e:8b:f1:e5:b4:
                    aa:ab:9b:a5:d2:34:ec:1f:fc:fc:b5:9c:f0:1f:ba:
                    93:50:0c:d0:4a:aa:d2:4c:0a:ea:2c:46:dd:21:37:
                    79:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:8F:69:C5:03:F6:F4:32:66:14:36:5C:77:82:A6:2C:F8:EA:C5:D6
            X509v3 Authority Key Identifier:
                keyid:EC:79:A7:B5:4C:8C:94:D0:6C:A2:F6:85:97:1A:24:49:FB:8F:CE:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7HmntUyMlNBsovaFlxokSfuPzs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/a9bd50-b4a4-4063-8436-4e2a8f84aeed/1/CY9pxQP29DJmFDZcd4KmLPjqxdY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/a9bd50-b4a4-4063-8436-4e2a8f84aeed/1/7HmntUyMlNBsovaFlxokSfuPzs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9644:20::/48

    Signature Algorithm: sha256WithRSAEncryption
         62:fd:2a:d3:92:6e:7a:77:f8:fe:52:b1:e5:a5:99:fb:ee:6c:
         22:4e:e1:70:a3:cc:81:bf:34:20:2d:4e:3e:e0:e0:cb:7d:e7:
         38:e6:34:05:f6:c4:41:52:9f:8c:17:f9:97:b4:de:db:35:b0:
         d1:c2:00:43:cd:36:7e:33:74:6e:ab:00:9d:a5:c1:f1:b4:39:
         45:f7:94:84:12:01:7c:f8:e1:ab:f6:75:37:96:18:ba:3f:bd:
         f3:3c:96:46:c2:67:09:da:3d:cf:30:f5:fe:38:5b:89:95:8b:
         23:ed:06:3c:ff:d2:40:f3:9b:ef:b5:d0:c1:28:b8:4d:30:e1:
         70:61:4d:13:28:89:64:c2:01:45:ef:39:b5:1b:7e:6d:73:68:
         3e:ff:bb:d2:fe:96:f5:95:e2:16:29:ac:ea:9a:7c:22:03:7b:
         28:1e:09:c2:8b:29:6c:78:b8:02:20:83:fb:8f:12:56:e7:4a:
         9d:09:cd:1b:38:6f:ef:36:fd:d7:06:84:5e:f1:1e:09:1d:40:
         44:94:e0:31:52:23:2d:68:f3:6f:c7:9f:4c:1b:9a:8b:0c:6d:
         00:9f:2c:35:c2:fb:92:23:79:15:eb:dd:f3:36:88:60:3b:28:
         77:9f:0e:f6:bf:f9:24:e1:fc:a4:32:d5:92:fd:67:f4:6a:f9:
         05:6b:a8:89
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzEJGxVZp0tdbPGunpxilpnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjNzlhN2I1NGM4Yzk0ZDA2Y2EyZjY4NTk3MWEyNDQ5ZmI4
ZmNlY2UwHhcNMjQwMTAxMDgyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOThmNjljNTAzZjZmNDMyNjYxNDM2NWM3NzgyYTYyY2Y4ZWFjNWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjG9jrtbWx7vhMY5V8P/DF9P8uTpD
PV2Dy5ANGazPHp6CHys8fIj1YpvmMgKadvaNsZ4DimWazbA3fmQ3Xwo3mFHnw5kh
d9gUvUjgKPBhdx4IZlZEU3/YsKqpYurv0dMd+Us1Zgp/wG4FWsyUoolQJRecT2UD
4cNSP/U4AVZDWHqes2ZT7/2WcBjiwvNFZ/lT1wH3W0HZvbIuc6rwizPQv8/GWki4
+/XH0hhW2qwk5xDMum8ro11Tq4QNTEoNsPkA3CQrMvZf2HcnsTY5Xf4+ZrJBy/Ms
jHdfjPLHnovx5bSqq5ul0jTsH/z8tZzwH7qTUAzQSqrSTArqLEbdITd51wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAmPacUD9vQyZhQ2XHeCpiz46sXWMB8GA1UdIwQY
MBaAFOx5p7VMjJTQbKL2hZcaJEn7j87OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0htbnRVeU1sTkJzb3ZhRmx4b2tTZnVQenM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9hOWJkNTAtYjRhNC00MDYzLTg0MzYt
NGUyYThmODRhZWVkLzEvQ1k5cHhRUDI5REptRkRaY2Q0S21MUGpxeGRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9hOWJkNTAtYjRhNC00MDYzLTg0MzYtNGUyYThmODRhZWVk
LzEvN0htbnRVeU1sTkJzb3ZhRmx4b2tTZnVQenM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOWRAAg
MA0GCSqGSIb3DQEBCwUAA4IBAQBi/SrTkm56d/j+UrHlpZn77mwiTuFwo8yBvzQg
LU4+4ODLfec45jQF9sRBUp+MF/mXtN7bNbDRwgBDzTZ+M3RuqwCdpcHxtDlF95SE
EgF8+OGr9nU3lhi6P73zPJZGwmcJ2j3PMPX+OFuJlYsj7QY8/9JA85vvtdDBKLhN
MOFwYU0TKIlkwgFF7zm1G35tc2g+/7vS/pb1leIWKazqmnwiA3soHgnCiylseLgC
IIP7jxJW50qdCc0bOG/vNv3XBoRe8R4JHUBElOAxUiMtaPNvx59MG5qLDG0Anyw1
wvuSI3kV693zNohgOyh3nw72v/kk4fykMtWS/Wf0avkFa6iJ
-----END CERTIFICATE-----